Try our new research platform with insights from 80,000+ expert users

Microsoft Defender for Endpoint vs NetWitness NDR comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Customer Service

Sentiment score
7.3
Microsoft Defender for Endpoint support varies in responsiveness and effectiveness, with premium plans offering quicker service and better solutions.
Sentiment score
8.0
NetWitness NDR's customer service is generally efficient and highly regarded, though some users report occasional slow response times.
 

Room For Improvement

Sentiment score
5.0
Microsoft Defender for Endpoint faces UI complexity, sluggish updates, high resources, poor integration, and slow support affecting efficiency.
Sentiment score
4.6
NetWitness NDR requires improvements in UI, scalability, detectability, integration, session times, pricing, training, and features, making it complex and slow.
 

Scalability Issues

Sentiment score
8.1
Microsoft Defender for Endpoint offers scalable cloud-based security, though some users desire improved dashboard and management features.
Sentiment score
6.7
NetWitness NDR is scalable for large enterprises, though some users report issues with scalability and agent migration.
 

Setup Cost

Sentiment score
7.0
Enterprise users find Microsoft Defender's pricing varies, with cost-effectiveness in bundles but sometimes higher costs for specific features.
No sentiment score available
 

Stability Issues

Sentiment score
8.1
Microsoft Defender for Endpoint is stable, resource-efficient, reliable, though occasional bugs and configuration challenges exist, especially on non-Windows systems.
Sentiment score
7.9
NetWitness NDR is generally reliable, providing real-time data and stability, though minor technical issues are occasionally reported.
 

Valuable Features

Sentiment score
8.1
Microsoft Defender for Endpoint excels in integration, threat detection, user-friendly design, and automation, enhancing security and efficiency.
Sentiment score
7.8
NetWitness NDR offers high detection rates, real-time malware response, third-party integration, and a user-friendly, interoperable interface with advanced analytics.
 

Categories and Ranking

Microsoft Defender for Endp...
Ranking in Endpoint Protection Platform (EPP)
1st
Ranking in Endpoint Detection and Response (EDR)
2nd
Average Rating
8.0
Reviews Sentiment
7.3
Number of Reviews
186
Ranking in other categories
Advanced Threat Protection (ATP) (2nd), Anti-Malware Tools (1st), Microsoft Security Suite (6th)
NetWitness NDR
Ranking in Endpoint Protection Platform (EPP)
59th
Ranking in Endpoint Detection and Response (EDR)
59th
Average Rating
8.0
Reviews Sentiment
6.5
Number of Reviews
15
Ranking in other categories
Threat Intelligence Platforms (33rd), Security Orchestration Automation and Response (SOAR) (27th), Network Detection and Response (NDR) (18th), Extended Detection and Response (XDR) (34th)
 

Mindshare comparison

As of November 2024, in the Endpoint Protection Platform (EPP) category, the mindshare of Microsoft Defender for Endpoint is 11.7%, down from 16.1% compared to the previous year. The mindshare of NetWitness NDR is 0.2%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP)
 

Featured Reviews

Sudhen Swami - PeerSpot reviewer
Easy to update with good protection and a useful cloud portal
We've mainly used it for endpoints. However, we've also used it for DLP as well. We're also in the process of implementing it for cloud and identity as well. However, it's very good for endpoints, and that's our main focus. The malware protection is good. The visibility it provides is very useful. We can combine visibility with wider security features and alerts around malware, misconfiguration, or any other kinds of threats. The cloud portal is quite good. From there, we are able to see alerts and have colleagues review issues and monitor to see if any patterns arise. It's serving us quite well overall. It allows us to look at other items, like application and browser control. It helps us prioritize threats. We have a process in place now where we can review issues and remediate them effectively. We have been able to integrate a variety of Microsoft security products together. We use Azure AD, for example, and we've begun to implement DLP, among other items. We're looking at labeling and tagging and will expand into that soon. Defender has more stringent system requirements than, for example, Check Point. So when we implemented the Check Point Endpoint agent, that solution didn't mind what version of Windows you were using. When we moved to Defender, Defender had certain system prerequisites that had to be met. So we had to make sure that we're on a minimum version of Windows when we're utilizing Office, and Office has to be a particular version as well. It has more stringent system requirements that have to be met before you can implement it. It works natively together with other Microsoft solutions. Once you get more and more of those different components across the environment, then you start to get better visibility. So, rather than having lots of different solutions, you have fewer solutions and a single vendor solution. That way, you start getting into a position where you get better visibility and integration as well. The standardization is good. It's important. It's helping me with monitoring and learning. Updates and upgrades are quite smooth and seamless. Defender helps us automate routine tasks. Quite a lot of Microsoft is straightforward for us now. Previously, we didn't have enough resources and were unable to look at the alerts. Having this in place makes things a lot more straightforward for us. We have both the technology and the people in place now, alongside the process. We do see the benefits in that, and that's why we're continuing our adoption across the estate in terms of client and server as well. It's helping us avoid looking at multiple dashboards and centralized monitoring. We're not fully there yet. We're getting there. While we haven't witnessed time saving yet, once it's fully deployed, it will. By then, we'll have standardized processes across a single solution. We have saved money, however, as we continue to reduce non-Mircosft systems. Since we won't be using various competing technologies, we can save on licensing costs. We've likely so far saved 15%. While it's hard to estimate exactly how much, the solution has helped us decrease time to detection and time to respond.
SupravatMaji - PeerSpot reviewer
Beneficial single unified dashboard, good native application integration, and high availability
My advice to those wanting to implement RSA NetWitness Network is they have to first do a little due diligence, such as the exact requirement based on their needs. That will give them a direction for their investment because otherwise, the bill of material or bill of quantity (BOQ) may be higher side. It is important to do good due intelligence on the environment, see the exact requirement, and then go ahead with the solution. The solution is perfectly stable. I rate RSA NetWitness Network a nine out of ten.
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
816,192 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
26%
Computer Software Company
12%
Government
7%
Financial Services Firm
7%
Financial Services Firm
17%
Computer Software Company
16%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
Which offers better endpoint security - Symantec or Microsoft Defender?
We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution. Microsoft Defender for Endpoint is a cloud-delivered endpoint security s...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...
Ask a question
Earn 20 points
 

Also Known As

Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
RSA ECAT, NetWitness Network
 

Learn More

Video not available
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Petrofrac, Metro CSG, Christus Health
ADP, Ameritas, Partners Healthcare
Find out what your peers are saying about Microsoft Defender for Endpoint vs. NetWitness NDR and other solutions. Updated: November 2024.
816,192 professionals have used our research since 2012.