We performed a comparison between Elastic Security and NetWitness XDR based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"Microsoft Defender's most critical component is its CASB solution. It has many built-in policies that can improve your organization's cloud security posture. It's effective regardless of where your users are, which is critical because most users are working from home. It's cloud-based, so nothing is on-premise."
"I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"Having a single pane of glass for all Microsoft security services makes everything much easier. A security analyst can go to a single portal and see everything in one view. The integration of everything into one portal is a huge benefit."
"The integration with other Microsoft solutions is the most valuable feature."
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"The summarization of emails is a valuable feature."
"It has great stability."
"The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology."
"It is scalable."
"The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
"Elastic Security is very easy to adapt."
"ELK is open-source, and it will give you the framework you need to build everything from scratch."
"ELK documentation is very good, so never needed to contact technical support."
"The stability of the solution is good."
"The most valuable feature for me is Discover."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"This solution allows us to locate the malware in real-time."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"It is stable. We have been using it for some time, without any issues."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"The log correlation is good."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"The tool gives inconsistent answers and crashes a lot."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"There could be a way to proactively monitor unusual activity ."
"The management features could be improved, particularly in terms of better integration with Intune, Microsoft's cloud-based management solution."
"One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty."
"Email notification should be done the same way as Logentries does it."
"The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated."
"Technical support could respond faster."
"The interface could be more user friendly because it is sometimes hard to deal with."
"Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution."
"They don't provide user authentication and authorisation features (Shield) as a part of their open-source version."
"Improvements in Elastic Security could include refining and normalizing queries to make them more user-friendly, enhancing the user experience with better documentation, and addressing any latency issues."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"The initial setup requires a high level of skill."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"Threat detection could be better."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"RSA NetWitness Network could improve on integration with non-native application integration."
Elastic Security is ranked 7th in Extended Detection and Response (XDR) with 59 reviews while NetWitness XDR is ranked 17th in Extended Detection and Response (XDR) with 15 reviews. Elastic Security is rated 7.6, while NetWitness XDR is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Vectra AI. See our Elastic Security vs. NetWitness XDR report.
See our list of best Extended Detection and Response (XDR) vendors, best Endpoint Detection and Response (EDR) vendors, and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
