Try our new research platform with insights from 80,000+ expert users

Microsoft Defender for Endpoint vs NetWitness NDR comparison

Microsoft and NetWitness are both solutions in the Endpoint Protection Platform (EPP) category. Microsoft is ranked #1 with an average rating of 8.4, while NetWitness is ranked #53 with an average rating of 7.5. Microsoft holds a 12.7% mindshare in EPP, compared to NetWitness’s 0.2% mindshare. Additionally, 94% of Microsoft users are willing to recommend the solution, compared to 87% of NetWitness users who would recommend it.
Microsoft Defender for Endp...
Read 184 Microsoft Defender for Endpoint reviews
  • 49,972 Views
  • 39,407 Comparison Views
94% willing to recommend
NetWitness NDR
Read 15 NetWitness NDR reviews
  • 768 Views
  • 561 Comparison Views
87% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 9, 2024

NetWitness NDR and Microsoft Defender for Endpoint are top contenders in the network detection and response and endpoint protection markets, respectively. Microsoft Defender for Endpoint appears to have the upper hand due to its comprehensive integration and easier deployment.

Features: NetWitness NDR offers deep packet inspection, advanced threat analytics, and network traffic analysis. Microsoft Defender for Endpoint provides integration across the Microsoft ecosystem, automated threat response, and cloud-based operations.

Room for Improvement: NetWitness NDR needs to enhance alerting capabilities, provide more intuitive configuration options, and improve usability. Microsoft Defender for Endpoint requires better reporting features, minor automation improvements, and enhanced reporting tools.

Ease of Deployment and Customer Service: NetWitness NDR has a complex deployment process requiring more technical expertise. Microsoft Defender for Endpoint offers smoother setup and better documentation. Both provide solid customer service, but Microsoft's support is more accessible and responsive.

Pricing and ROI: NetWitness NDR involves higher initial setup costs but delivers strong long-term ROI due to its threat detection capabilities. Microsoft Defender for Endpoint offers competitive pricing aligned with features and quicker ROI, making it suitable for budget-conscious organizations. Investment in Microsoft Defender for Endpoint is justified based on overall security and integration benefits.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Microsoft Defender for Endpoint vs. NetWitness NDR Report (Updated: August 2024).
Buyer's Guide
Microsoft Defender for Endpoint vs. NetWitness NDR
August 2024
Download the complete report
Helped 801,634 peers since 2012
 

Categories and Ranking

Microsoft Defender for Endp...
Ranking in Endpoint Protection Platform (EPP)
1st
Ranking in Endpoint Detection and Response (EDR)
2nd
Average Rating
8.0
Number of Reviews
184
Ranking in other categories
Advanced Threat Protection (ATP) (2nd), Anti-Malware Tools (1st), Microsoft Security Suite (6th)
NetWitness NDR
Ranking in Endpoint Protection Platform (EPP)
53rd
Ranking in Endpoint Detection and Response (EDR)
50th
Average Rating
8.0
Number of Reviews
15
Ranking in other categories
Threat Intelligence Platforms (24th), Security Orchestration Automation and Response (SOAR) (22nd), Network Detection and Response (NDR) (15th), Extended Detection and Response (XDR) (28th)
 

Mindshare comparison

As of September 2024, in the Endpoint Protection Platform (EPP) category, the mindshare of Microsoft Defender for Endpoint is 12.7%, down from 16.1% compared to the previous year. The mindshare of NetWitness NDR is 0.2%, down from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP)
 

Featured Reviews

Doug Kinzinger - PeerSpot reviewer
Nov 28, 2023
Has good reporting and logging features
Defender should be more accessible for small and medium-sized businesses. You have some organizations that maybe have a hundred employees, and they're focused on making their widgets. That's their nine-to-five every day. They're not thinking about that security side, but maybe they're already invested in 365 or the Azure ecosystem and having Defender as an add-on makes sense from a price perspective. It's easy to deploy, but it could be easier for some of those smaller businesses to onboard endpoints. The onboarding and deployment could be more user-friendly, and there is room to grow in some of the reports. I don't want them to be oversimplified or overly complex, but there is room for improvement in the reporting it can do. It's relatively minor.
Read full review
SupravatMaji - PeerSpot reviewer
Jun 23, 2022
Beneficial single unified dashboard, good native application integration, and high availability
The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good RSA NetWitness Network could improve on integration with non-native application…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"For threat-hunting, I'll put some threats in a test scenario. I've downloaded known viruses that are out in the public for testing. They're not really a virus but they've got a signature. Defender for Endpoint will automatically find those, quarantine them for me, and alert me to what it did. It gives me "automated eyes.""
"The most important and the most relevant features of Defender for Endpoint are the malware and ransomware protection."
"We have just started to implement it. It is useful for protection from malware and ransomware."
"Endpoint's most valuable feature is deep analysis."
"One of the features which differentiates it from other EDR providers is the Automated Investigation and Response, which reduces the workload of SOC analysts or engineers. They don't have to manually investigate each and every alert on the endpoint, since it does so automatically. And you can automate the investigation part."
"We can run the virus scan across our entire environment."
"It is easy to use because it is already pre-installed in Windows 10. We don't have to do anything to configure it. You can also configure the firewall by using a group policy so that it can be easily adopted in an environment."
"Technical support is good."
More Microsoft Defender for Endpoint pros
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"Ability to isolate the machine when there are malicious files."
"It is stable. We have been using it for some time, without any issues."
"The log correlation is good."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"Technical support is knowledgeable."
"The stability of the RSA NetWitness Endpoint is very good."
More NetWitness NDR pros
 

Cons

"I had some cases a while back and told an agent my issue. When I called the next day, I had to explain everything again to a different person, so I found it annoying to repeat myself all over."
"The scalability could be improved - I would rate it between a seven and an eight."
"The time to generate certain alerts on our dashboard can take between 45 minutes to an hour, and I am unsure of the factors that influence this duration."
"The application control feature requires improvement."
"If they integrate with the EDR then it will benefit this solution."
"Microsoft Defender for Endpoint can use more advertising to promote their features."
"Integration with third-party vendors could be better. It would be better if it integrates with other protection solutions or other products outside of Microsoft. Nowadays, anti-virus protection doesn't really have to be planned as overall protection for your environment in terms of security. There are really different avenues that bad actors can take to wreak havoc on your machine."
"I would like Microsoft to have some kind of direct integration for USB controls. They have GPO and other controls to control the access of the USB drives on devices, but if there is something that can be directly implemented into the portal, it would be good. There should be a way to control via a cloud portal or something like that in a dynamic way. USB control for data exfiltration would be a good feature to implement. Currently, there are ways to do it, but it involves too many different things. You have to implement it via GPOs and other stuff, and then you move or copy those big files via Defender ATP. If there is a simple way of implementing those features, it would be great."
More Microsoft Defender for Endpoint cons
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"Threat detection could be better."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
More NetWitness NDR cons
 

Pricing and Cost Advice

"Microsoft Defender for Endpoint comes with Windows 10, and it's free. But for you to be able to manage it in the cloud and use the console, you need to have either an Office 365 E5 subscription or a Microsoft M365 subscription. You need to buy an extra license."
"Currently, for us, Windows Defender is free with the purchase of Windows Server. Pricing is an important point for us when we are looking at the competitors of this solution. If we choose to go with another vendor, we will have to pay some license fees."
"You do not need to pay any additional costs for antivirus and anti-malware solutions for endpoint protection."
"Microsoft Defender for Endpoint is cost-effective because there's one unified license, and with this unified license, you get the capabilities for your cloud applications, servers, and endpoints as well. Therefore, it saves us a lot of money because the cost with other solutions is for just one piece of OS or maybe an urban environment. The licensing process is not complex as well."
"The solution is free."
"I'm not too familiar with costs as I'm an architect, though I know about online pricing, as I help two teams with online purchasing and procurement. Nowadays, everyone has an enterprise agreement, such as an E3 license, which we provide to our customers."
"There is no licensing fee."
"I got it with the Microsoft Windows license."
More Microsoft Defender for Endpoint pricing and cost advice
"They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."
"It is highly scalable. It can be bought based on your requirements."
"It is an expensive product."
"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."
"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."
"The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."
"We are on a three-year contract to use RSA NetWitness Network."
"The cost depends on the number of endpoints that you want to monitor, but it is not expensive."
More NetWitness NDR pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
See recommendations
801,634 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
25%
Computer Software Company
12%
Government
8%
Financial Services Firm
7%
Financial Services Firm
16%
Computer Software Company
14%
Government
9%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
See all answers
Which offers better endpoint security - Symantec or Microsoft Defender?
We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution. Microsoft Defender for Endpoint is a cloud-delivered endpoint security s...
See all answers
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...
See all answers
What do you like most about NetWitness XDR?
Technical support is knowledgeable.
See all answers
What is your experience regarding pricing and costs for NetWitness XDR?
The solution is expensive. I'd rate it at a one or two out of five. They need to adjust it to keep up with the competition. I cannot speak to the exact pricing of the product.
See all answers
What needs improvement with NetWitness XDR?
I have no real complaints about the solution. Threat detection could be better. They need to enhance their threat intelligence feeds. We would like to have more IOCs or more trade intelligence to n...
See all answers
 

Comparisons

CrowdStrike Falcon vs Microsoft Defender for Endpoint Logo
CrowdStrike Falcon vs Microsoft Defender for Endpoint
Compared 6% of the time
Symantec Endpoint Security vs Microsoft Defender for Endpoint Logo
Symantec Endpoint Security vs Microsoft Defender for Endpoint
Compared 6% of the time
Cortex XDR by Palo Alto Networks vs Microsoft Defender for Endpoint Logo
Cortex XDR by Palo Alto Networks vs Microsoft Defender for Endpoint
Compared 5% of the time
Trellix Endpoint Security vs Microsoft Defender for Endpoint Logo
Trellix Endpoint Security vs Microsoft Defender for Endpoint
Compared 5% of the time
Intercept X Endpoint vs Microsoft Defender for Endpoint Logo
Intercept X Endpoint vs Microsoft Defender for Endpoint
Compared 4% of the time
More Microsoft Defender for Endpoint Competitors
Darktrace vs NetWitness NDR Logo
Darktrace vs NetWitness NDR
Compared 13% of the time
Vectra AI vs NetWitness NDR Logo
Vectra AI vs NetWitness NDR
Compared 11% of the time
CrowdStrike Falcon vs NetWitness NDR Logo
CrowdStrike Falcon vs NetWitness NDR
Compared 10% of the time
ExtraHop Reveal(x) vs NetWitness NDR Logo
ExtraHop Reveal(x) vs NetWitness NDR
Compared 9% of the time
Group-IB Threat Intelligence vs NetWitness NDR Logo
Group-IB Threat Intelligence vs NetWitness NDR
Compared 6% of the time
More NetWitness NDR Competitors
 

Product Reports

Buyer's Guide
Microsoft Defender for Endpoint
August 2024
Microsoft Defender for Endpoint reportDownload Microsoft Defender for Endpoint product report
Buyer's Guide
NetWitness NDR
August 2024
NetWitness NDR reportDownload NetWitness NDR product report
 

Also Known As

Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
RSA ECAT, NetWitness Network
 

Learn More

Microsoft
Video not available
NetWitness
 

Interactive Demo

Microsoft
Demo not available
NetWitness
 

Overview

Microsoft Defender for Endpoint is a comprehensive security solution that provides advanced threat protection for organizations. It offers real-time protection against various types of cyber threats, including malware, viruses, ransomware, and phishing attacks.

With its powerful machine-learning capabilities, it can detect and block sophisticated attacks before they can cause any harm. The solution also includes endpoint detection and response (EDR) capabilities, allowing organizations to quickly investigate and respond to security incidents. It provides detailed insights into the attack timeline, enabling security teams to understand the scope and impact of an incident.

Microsoft Defender for Endpoint also offers proactive threat hunting, allowing organizations to proactively search for and identify potential threats within their network. It integrates seamlessly with other Microsoft security solutions, such as Microsoft Defender XDR, to provide a unified and holistic security approach. With its centralized management console, organizations can easily deploy, configure, and monitor the security solution across their entire network.

Microsoft Defender for Endpoint is a robust and scalable security solution that helps organizations protect their endpoints and data from evolving cyber threats.

Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness NDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

 

Sample Customers

Petrofrac, Metro CSG, Christus Health
ADP, Ameritas, Partners Healthcare
Buyer's Guide
Microsoft Defender for Endpoint vs. NetWitness NDR
August 2024
Free Report: Microsoft Defender for Endpoint vs. NetWitness NDR
Find out what your peers are saying about Microsoft Defender for Endpoint vs. NetWitness NDR and other solutions. Updated: August 2024.
DOWNLOAD NOW
801,634 professionals have used our research since 2012.
See our Microsoft Defender for Endpoint vs. NetWitness NDR report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.

We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.