Try our new research platform with insights from 80,000+ expert users

Microsoft Defender for Endpoint vs NetWitness NDR comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 9, 2024
 

Categories and Ranking

Microsoft Defender for Endp...
Ranking in Endpoint Protection Platform (EPP)
1st
Ranking in Endpoint Detection and Response (EDR)
2nd
Average Rating
8.0
Reviews Sentiment
7.3
Number of Reviews
186
Ranking in other categories
Advanced Threat Protection (ATP) (2nd), Anti-Malware Tools (1st), Microsoft Security Suite (6th)
NetWitness NDR
Ranking in Endpoint Protection Platform (EPP)
59th
Ranking in Endpoint Detection and Response (EDR)
59th
Average Rating
8.0
Number of Reviews
15
Ranking in other categories
Threat Intelligence Platforms (33rd), Security Orchestration Automation and Response (SOAR) (27th), Network Detection and Response (NDR) (18th), Extended Detection and Response (XDR) (34th)
 

Mindshare comparison

As of November 2024, in the Endpoint Protection Platform (EPP) category, the mindshare of Microsoft Defender for Endpoint is 11.7%, down from 16.1% compared to the previous year. The mindshare of NetWitness NDR is 0.2%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP)
 

Featured Reviews

Sudhen Swami - PeerSpot reviewer
Jun 26, 2024
Easy to update with good protection and a useful cloud portal
We've mainly used it for endpoints. However, we've also used it for DLP as well. We're also in the process of implementing it for cloud and identity as well. However, it's very good for endpoints, and that's our main focus. The malware protection is good. The visibility it provides is very useful. We can combine visibility with wider security features and alerts around malware, misconfiguration, or any other kinds of threats. The cloud portal is quite good. From there, we are able to see alerts and have colleagues review issues and monitor to see if any patterns arise. It's serving us quite well overall. It allows us to look at other items, like application and browser control. It helps us prioritize threats. We have a process in place now where we can review issues and remediate them effectively. We have been able to integrate a variety of Microsoft security products together. We use Azure AD, for example, and we've begun to implement DLP, among other items. We're looking at labeling and tagging and will expand into that soon. Defender has more stringent system requirements than, for example, Check Point. So when we implemented the Check Point Endpoint agent, that solution didn't mind what version of Windows you were using. When we moved to Defender, Defender had certain system prerequisites that had to be met. So we had to make sure that we're on a minimum version of Windows when we're utilizing Office, and Office has to be a particular version as well. It has more stringent system requirements that have to be met before you can implement it. It works natively together with other Microsoft solutions. Once you get more and more of those different components across the environment, then you start to get better visibility. So, rather than having lots of different solutions, you have fewer solutions and a single vendor solution. That way, you start getting into a position where you get better visibility and integration as well. The standardization is good. It's important. It's helping me with monitoring and learning. Updates and upgrades are quite smooth and seamless. Defender helps us automate routine tasks. Quite a lot of Microsoft is straightforward for us now. Previously, we didn't have enough resources and were unable to look at the alerts. Having this in place makes things a lot more straightforward for us. We have both the technology and the people in place now, alongside the process. We do see the benefits in that, and that's why we're continuing our adoption across the estate in terms of client and server as well. It's helping us avoid looking at multiple dashboards and centralized monitoring. We're not fully there yet. We're getting there. While we haven't witnessed time saving yet, once it's fully deployed, it will. By then, we'll have standardized processes across a single solution. We have saved money, however, as we continue to reduce non-Mircosft systems. Since we won't be using various competing technologies, we can save on licensing costs. We've likely so far saved 15%. While it's hard to estimate exactly how much, the solution has helped us decrease time to detection and time to respond.
SupravatMaji - PeerSpot reviewer
Jun 23, 2022
Beneficial single unified dashboard, good native application integration, and high availability
The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good RSA NetWitness Network could improve on integration with non-native application…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The investigation aspect is the most useful. It's user friendly and has a good user interface."
"The stability keeps getting better and better."
"I enjoy using the live response feature, which allows me to remotely access different endpoints and investigate malicious files, such as malware that people may have downloaded, and other related issues."
"DFE organizational security posture has been a positive experience. We're a Microsoft house. It works. Once it's deployed and once it's configured, it works and our clients tend to be happy with it. I haven't really experienced anyone who has been so unsatisfied with the platform that they wanted to go a couple of different directions, that has never happened to me."
"The most valuable aspect lies in its automation capabilities, particularly within security automation."
"Microsoft Defender for Endpoint is scalable. Currently, we have 600,000 users in our organization."
"Microsoft Defender for Endpoint is quite good. We haven't really experienced any issues with it."
"Microsoft Defender for Endpoint comes pre-installed in Microsoft Windows."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"The log correlation is good."
"The interface of this solution is very flexible and easy to use."
"It is stable. We have been using it for some time, without any issues."
"Ability to isolate the machine when there are malicious files."
"Technical support is knowledgeable."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
 

Cons

"Microsoft support could be more knowledgeable."
"Reporting could be improved. I would like to see how many security incidents occurred in the last six months, how many devices were highly exposed to security risks, and how many devices were actually compromised."
"It needs to improve the cybersecurity for lateral movements. For example, when a hacker tries to enter a machine, they try to get the password by doing a lateral movement."
"The central console needs improvement. Both McAfee and Symantec antivirus have dashboards. These integrate with a server and work on my antivirus or some other product. However, with Microsoft Defender, you use Microsoft Group Policy Object. Defender does not provide a central console. Therefore, if you implement Defender, then maybe use another tool for the central view."
"In the next release, I would like to see better management reporting."
"The anti-ransomware features need to be improved upon."
"More integration with different platforms is an area for improvement for this product, and should be included in its next release."
"Its price could be better."
"Threat detection could be better."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"RSA NetWitness Network could improve on integration with non-native application integration."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"The initial setup requires a high level of skill."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
 

Pricing and Cost Advice

"Its price is fair. It has approximately the same price as the other products such as Kaspersky. It is much cheaper than Malwarebytes."
"The licensing fee is a function of your Office 365 license. The feature set you get is a function of the license as well. There is probably an E2 version, an E3 version, and an E5 version. There are several versions, and not all features are the same. So, you might want to check what features you're expecting because you might get shocked. If you only have an E3 license, the capability isn't the same."
"Licenses depend upon what you are looking for and what kind of security do you want to implement. There are costs in addition to the standard licensing fees. When we used to buy Symantec, we used to spend on 100 licenses. We used to spend approximately $2,700 for those many licenses, and they came in packs. To add one more license, I had to buy a pack with a minimum of 10 licenses. I had to spend on nine extra licenses because I can't get a single license, whereas when we go for Microsoft, we can get as many licenses as we want. If I have 100 users today, and tomorrow, I have 90 users, I can release my 10 licenses next month. With any other software vendor, you buy licenses for one year, and you have to stick with that. If today you have 100 licenses, and tomorrow, you have 50, you have already paid for one year's license. You can't go back and tell them that I don't require these 50 licenses because I have lost my 50 users, but with Microsoft Defender, licensing is on a monthly basis. It gives you both options. You can go yearly and save on it, or you can go monthly. You will, again, save on it. It is very fair everywhere."
"The solutions price could be cheaper."
"The price is higher than others because it is doing more than what the others are doing."
"If we are acquiring everything in a single place, the front end becomes cost-effective."
"It is built into Windows 10. If our clients are using Microsoft Defender, the cost goes away for them."
"Microsoft Defender for Endpoint is cost-effective because there's one unified license, and with this unified license, you get the capabilities for your cloud applications, servers, and endpoints as well. Therefore, it saves us a lot of money because the cost with other solutions is for just one piece of OS or maybe an urban environment. The licensing process is not complex as well."
"I do not have any opinion on the pricing or licensing of the product."
"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."
"It is highly scalable. It can be bought based on your requirements."
"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."
"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."
"They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."
"The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."
"We are on a three-year contract to use RSA NetWitness Network."
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
26%
Computer Software Company
12%
Government
7%
Financial Services Firm
7%
Financial Services Firm
16%
Computer Software Company
16%
Government
8%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
Which offers better endpoint security - Symantec or Microsoft Defender?
We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution. Microsoft Defender for Endpoint is a cloud-delivered endpoint security s...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...
Ask a question
Earn 20 points
 

Also Known As

Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
RSA ECAT, NetWitness Network
 

Learn More

Video not available
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Petrofrac, Metro CSG, Christus Health
ADP, Ameritas, Partners Healthcare
Find out what your peers are saying about Microsoft Defender for Endpoint vs. NetWitness NDR and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.