We performed a comparison between CrowdStrike Falcon and NetWitness XDR based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: CrowdStrike Falcon stands out for its minimal impact on system performance, optimal resource utilization, and precise detection of threats. CrowdStrike Falcon could benefit from adding a sandbox feature and more detailed firewall management options. NetWitness XDR is commended for its prompt threat response, seamless integration capabilities, and user behavior analytics. Users say NetWitness XDR could improve its threat intelligence and investigation. Some suggested updates to its reporting engine.
Service and Support: CrowdStrike Falcon's customer service is considered prompt and helpful. NetWitness XDR provides effective 24/7 technical support. While some were satisfied with the response times, others experienced delays of up to 48 hours.
Ease of Deployment: CrowdStrike Falcon's setup is considered to be simple and efficient, with deployment times ranging from a few days to a month. While there may be some challenges during installation, they are generally manageable. Some users found the initial setup of NetWitness uncomplicated, but others faced challenges.
Pricing: Some users find CrowdStrike Falcon costly and think the price should be lowered to make it more competitive. The total cost of NetWitness XDR depends on the environment and the number of endpoints. Larger users can receive discounts, but users say the solution might be too pricey for smaller companies. NetWitness XDR provides various licenses, including some that feature premium support.
ROI: CrowdStrike Falcon offers cost savings by decreasing the required number of engineers and eliminating the need for onsite servers. NetWitness XDR has demonstrated positive outcomes by improving threat detection capabilities and facilitating digital forensics.
Comparison Results: CrowdStrike Falcon is favored over NetWitness XDR. Users like Falcon's lightweight design, machine learning capabilities, UBA features, and reliable cyberattack detection. The solution also earned praise for its integration with other systems and accurate threat detection. NetWitness XDR users mentioned difficulties with the initial setup and slow performance. CrowdStrike Falcon is considered reasonably priced, while NetWitness XDR is seen as expensive.
"Email protection is the most valuable feature of Microsoft Defender XDR."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"The solution is well integrated with applications. It is easy to maintain and administer."
"The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"The product integrates security into one tool instead of having third-party security tools."
"There is also one dashboard that shows us the status of many controls at once and the details I can get... It gives a great overview of many areas, such as files, emails, chats, and links. Even with the apps, it gives you a great overview. In one place you can see where you should look into things more deeply..."
"Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"CrowdStrike Falcon has done an excellent job at detecting breaches. It has allowed us to stay in business and keep our systems up."
"Everything we've done with CrowdStrike is due to Arctic Wolf. We don't even need to get alerts from CrowdStrike anymore. It'll send those to Arctic Wolf, and then Arctic Wolf analyzes those and let us know if there's a major issue."
"Their endpoint is pretty flawless. There is no lag on the machines at all. Even though I have a good overview of all the machines, that's pretty much the most valuable feature of CrowdStrike Falcon."
"Falcon's best feature is its detection and blocking of threats."
"It has an extremely low footprint, so it has got minimum impact on the user end points in terms of CPU and memory usage."
"I like the detection rates of mobile threats."
"There are two things which customers really like about CrowdStrike. If they buy managed services from CrowdStrike, it offers them detection of security issues in one minute. If you buy their professional services, they offer insurance where you can claim up to $5 million if there's a breach. This is a huge upsell for customers."
"The feature I like the most is the solution's detection."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"Ability to isolate the machine when there are malicious files."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"At times, there may be delays in the execution of certain actions and their effects."
"Customers say they want absolutely seamless integration between other Microsoft solutions and Defender XDR, including the ability to change device settings within the Defender portal. They need to contact the IT team responsible for the device management tools to change some settings. They would prefer that those changes be initiated directly from the Defender portal or applied from Intune without involving the IT operations team."
"We sometimes get false positives."
"Technical support could be better than what is currently offered."
"We encounter occasional issues, such as when disabling network access for a host that uses CrowdStrike."
"On the firewall management side, there should be more granularity. There should also be more granularity for device control. Everything else is brilliant."
"I would like to see the machine learning feature enhanced."
"The malware analysis could be improved, as that's what we use the solution for the most and that change would make it a better EDR tool."
"CrowdStrike Falcon could improve the logs by making them free to the API."
"If CrowdStrike can further expand its support for XDR compatibility, that would give it an edge over all the other competing new products."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"Threat detection could be better."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
CrowdStrike Falcon is ranked 1st in Extended Detection and Response (XDR) with 107 reviews while NetWitness XDR is ranked 17th in Extended Detection and Response (XDR) with 15 reviews. CrowdStrike Falcon is rated 8.8, while NetWitness XDR is rated 8.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and SentinelOne Singularity Complete, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), SentinelOne Singularity Complete, Microsoft Defender for Endpoint and Vectra AI. See our CrowdStrike Falcon vs. NetWitness XDR report.
See our list of best Extended Detection and Response (XDR) vendors, best Endpoint Protection Platform (EPP) vendors, and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.