We performed a comparison between NetWitness XDR and Vectra AI based on real PeerSpot user reviews.
Find out in this report how the two Network Detection and Response (NDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"This solution allows us to locate the malware in real-time."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"Technical support is knowledgeable."
"The interface of this solution is very flexible and easy to use."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"The log correlation is good."
"The UI is easy to use and when we send detection to everybody, they easily understand what we are asking at the time."
"The core product provides excellent visibility, but my favorite feature is Vectra Recall."
"It's important for us that the user interface is easy to understand and that is the biggest benefit we see from Vectra AI."
"One of the key advantages for us is we define a 24/7 service around it. We use far more of Vectra alerts than we do with our SIEM product because we understand that when we get an alert from Vectra we actually need to do something about it."
"It gives you access, with Recall, to instant visibility into your network through something like a SIEM solution. For us, being able to correlate all of this network data without having to manage it, has provided immediate value. It gives us the ability to really work on the stuff where I and my team have expertise, instead of having to manage a SIEM solution..."
"One of the most valuable features is all the correlation that it does using AI and machine learning. An example would be alerting on a host and then alerting on other things, like abnormal behavior, that it has noticed coming from the same host. It's valuable because we're a very lean team."
"Scalability wise, we have many sensors, and Vectra AI seems to handle them all very well."
"It has helped us to organize our security. We get a better overview on what is happening on the network, which has helped us get quicker responses to users. If we see malicious activity, then we can quickly take action on it. Previously, we weren't getting an overview as fast as we are now, so we can now provide a quicker response."
"The solution lacks a reporting engine."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"Threat detection could be better."
"RSA NetWitness Network could improve on integration with non-native application integration."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"The initial setup requires a high level of skill."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"We are using SMB 3.0, which is an encrypted protocol. When we get some alerts or something, we cannot go deep into the protocol to see what's wrong because it's encrypted. We need to decrypt the protocol in another way, which is quite difficult. We might go back to SMB 2.0 just for this reason, but that's not a good solution."
"I would like more integrations with IOCs and threats currently on the Internet. I would also like to know which threats are based on zero-day attacks, current botnets, etc. Therefore, I would like more information on external threats."
"It does a little bit of packet capture on alert so you can look at the packet capture activity going on, but it doesn't collect a whole lot of data. Sometimes it's only one or two frames, sometimes it does collect more. That's why they have the addition of their Recall platform, because that really does help expand the capability."
"They use a proprietary logging format that is probably 90% similar to Bro Logs. Their biggest area of improvement is finishing out the remaining 10%. That 10% might not be beneficial to their ML engine, but that's fine. The industry standard is Zeek Logs or Bro Logs, or Bro or Zeek, depending on how old you are. While they have 90% of those fields, they're still missing some fields. In very rare instances, some community rules do not have the fields that they need, and we had to modify community rules for our logs. So, their biggest area of improvement would be to just finish their matching of the Zeek standard."
"We would like to see more information with the syslogs. The syslogs that they send to our SIEM are a bit short compared to what you can see. It would be helpful if they send us more data that we can incorporate into our SIEM, then can correlate with other events."
"You are always limited with visibility on the host due to the fact that it is a network based tool. It gives you visibility on certain elements of the attack path, but it doesn't necessarily give you visibility on everything. Specifically, the initial intrusion side of things that doesn't necessarily see the initial compromise. It doesn't see stuff that goes on the host, such as where scripts are run. Even though you are seeing traffic, it doesn't necessarily see the malicious payload. Therefore, it's very difficult for it to identify these type of host-driven complex attacks."
"ExtraHop has better features that seem more advantageous when compared to Vectra."
"We had another product with Vectra AI and used the MDR solution as an add-on. Initially, it wasn't fully appropriately configured, so we didn't get the expected results. Even once configured correctly, we weren't fully satisfied with its response. The issue was both with their service response and the product's capabilities."
NetWitness XDR is ranked 9th in Network Detection and Response (NDR) with 15 reviews while Vectra AI is ranked 2nd in Network Detection and Response (NDR) with 42 reviews. NetWitness XDR is rated 8.0, while Vectra AI is rated 8.6. The top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". On the other hand, the top reviewer of Vectra AI writes "Integrates well with other security solutions and provides good technical support". NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Microsoft Defender for Endpoint, whereas Vectra AI is most compared with Darktrace, ExtraHop Reveal(x), Cisco Secure Network Analytics, Arista NDR and Corelight. See our NetWitness XDR vs. Vectra AI report.
See our list of best Network Detection and Response (NDR) vendors.
We monitor all Network Detection and Response (NDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.