Try our new research platform with insights from 80,000+ expert users

NetWitness NDR vs Tines comparison

NetWitness and Tines are both solutions in the Security Orchestration Automation and Response (SOAR) category. NetWitness is ranked #25, while Tines is ranked #11 with an average rating of 9.0. NetWitness holds a 1.2% mindshare in SOAR, compared to Tines’s 6.2% mindshare. Additionally, 87% of NetWitness users are willing to recommend the solution, compared to 100% of Tines users who would recommend it.
Sponsored
Torq
Read 1 Torq review
  • 1,707 Views
  • 1,656 Comparison Views
100% willing to recommend
NetWitness NDR
Read 15 NetWitness NDR reviews
  • 2,568 Views
  • 308 Comparison Views
87% willing to recommend
Tines
Read 4 Tines reviews
  • 2,613 Views
  • 2,064 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 9, 2024

NetWitness NDR and Tines are leading products in network detection and response and automation respectively. Tines is preferred due to higher user satisfaction with its feature adaptability and user-friendly deployment, despite NetWitness NDR's strong threat detection.

Features: NetWitness NDR offers advanced threat detection, detailed analytics, and seamless integration with existing security setups. Tines provides customizable workflows, efficient automation capabilities, and streamlined incident management.

Room for Improvement: NetWitness NDR has a steep learning curve, needs better documentation, and enhanced user support. Tines can improve its integration with certain third-party tools, refine its user interface, and expand its automation templates.

Ease of Deployment and Customer Service: NetWitness NDR's deployment process is complex and often requires extensive support. Tines has an intuitive deployment process with quick setup and responsive customer support.

Pricing and ROI: NetWitness NDR has higher initial setup costs but offers strong ROI through robust security features. Tines has a flexible pricing model, providing value through automation efficiencies and reduced manual effort.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed NetWitness NDR vs. Tines Report (Updated: December 2025).
Buyer's Guide
NetWitness NDR vs. Tines
December 2025
Download the complete report
Helped 879,853 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Torq
Sponsored
Ranking in Security Orchestration Automation and Response (SOAR)
8th
Average Rating
8.0
Reviews Sentiment
2.2
Number of Reviews
1
Ranking in other categories
AI-SOC (13th), AI-Powered Security Automation (2nd)
NetWitness NDR
Ranking in Security Orchestration Automation and Response (SOAR)
25th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
15
Ranking in other categories
Endpoint Protection Platform (EPP) (55th), Threat Intelligence Platforms (TIP) (40th), Endpoint Detection and Response (EDR) (57th), Network Detection and Response (NDR) (19th), Extended Detection and Response (XDR) (37th)
Tines
Ranking in Security Orchestration Automation and Response (SOAR)
11th
Average Rating
9.0
Reviews Sentiment
7.6
Number of Reviews
4
Ranking in other categories
Threat Intelligence Platforms (TIP) (18th), AI-Powered Security Automation (1st), AI IT Support (24th)
 

Mindshare comparison

As of January 2026, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Torq is 4.9%, up from 4.5% compared to the previous year. The mindshare of NetWitness NDR is 1.2%, up from 0.4% compared to the previous year. The mindshare of Tines is 6.2%, up from 5.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR) Market Share Distribution
ProductMarket Share (%)
Torq4.9%
Tines6.2%
NetWitness NDR1.2%
Other87.7%
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

reviewer2767650 - PeerSpot reviewer
reviewer2767650
Senior Consultant at a university with 10,001+ employees
Have found automation to save analyst time but miss more accurate data classification
From our research and testing with the tool, we determined there need to be modifications and changes to train the LLM on the back end. It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet. It was unable to do that sort of classification. We concluded this tool would be more suitable for initial ticket management rather than security automation. Regarding data handling, I would give preference to Torq. For case management, Cortex and its dashboards prove more useful. Cortex and Palo's solutions do not have as much capability as Torq provides with the same tools. However, Torq's dashboards could be improved, especially on the case management side.
Read full review
reviewer1799727 - PeerSpot reviewer
reviewer1799727
Manager, IT Security Operations at a non-profit with 11-50 employees
Reliable and good support but can be expensive
I have no real complaints about the solution. Threat detection could be better. They need to enhance their threat intelligence feeds. We would like to have more IOCs or more trade intelligence to not only rely on the intelligence of the engineer in charge but to have some threat intelligence and some seeds of IOCs and to have the host have some artificial intelligence to reduce the number of false positives. I don't see this solution being very scalable. The solution is pricey.
Read full review
VikramSingh8 - PeerSpot reviewer
VikramSingh8
Security Delivery Manager at Accenture
Automation simplifies workflows with no code and excellent support
Reporting and dashboards could be more advanced for deeper analysis. Tines has its own dashboard, which displays information like how many stories have been created and how many automations have taken place. However, the reporting and dashboard are not advanced; they are quite basic, with fewer customizable options. The look and feel of the dashboard could be enhanced. Another area for improvement is in terms of documentation, as every tool and company has its own knowledge base.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"As an analyst, it has demonstrated potential to reduce workforce requirements and time needed for related activities."
"Ability to isolate the machine when there are malicious files."
"It is stable. We have been using it for some time, without any issues."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"This solution allows us to locate the malware in real-time."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"The stability of the RSA NetWitness Endpoint is very good."
More NetWitness NDR pros
"The best thing is that it's no code, so it doesn't require coding knowledge."
"One of the most valuable features is that it’s a low-code solution."
"The tool was vendor-neutral."
"The best advantage is the no-code automation, excellent customer support services, and ease of integration with other tools."
 

Cons

"It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"The initial setup requires a high level of skill."
"Threat detection could be better."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
More NetWitness NDR cons
"They started implementing some AI, and their AI is isolated."
"Reporting and dashboards could be more advanced for deeper analysis."
"Maybe Tines can add more features and demonstrations, like videos on how to use the features within the tool."
"Tines was a little bit more expensive than Torq."
 

Pricing and Cost Advice

Information not available
"It is highly scalable. It can be bought based on your requirements."
"It is an expensive product."
"The cost depends on the number of endpoints that you want to monitor, but it is not expensive."
"They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."
"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."
"We are on a three-year contract to use RSA NetWitness Network."
"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."
"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."
More NetWitness NDR pricing and cost advice
Information not available
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
See recommendations
879,853 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Computer Software Company
9%
Manufacturing Company
7%
Healthcare Company
6%
Financial Services Firm
10%
Computer Software Company
10%
Manufacturing Company
9%
Performing Arts
7%
Financial Services Firm
14%
Computer Software Company
9%
Manufacturing Company
8%
Healthcare Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise2
Large Enterprise5
No data available
 

Questions from the Community

What needs improvement with Torq?
From our research and testing with the tool, we determined there need to be modifications and changes to train the LL...
See all answers
What is your primary use case for Torq?
I used Torq for conducting one of the proof of evaluations for a vendor we are connected with. I am currently working...
See all answers
What advice do you have for others considering Torq?
One of our members uses AWS, and we receive their feed. This involves triaging AWS-related logs. While I do not have ...
See all answers
Ask a question
Earn 20 points
What needs improvement with Tines?
Reporting and dashboards could be more advanced for deeper analysis. Tines has its own dashboard, which displays info...
See all answers
What is your primary use case for Tines?
I am Vikram Singh, I work for top service based multinational brand and I am responsible for delivering Tines service...
See all answers
What advice do you have for others considering Tines?
When you start working with Tines, ensure you pursue the Tines certifications. They offer these free certifications w...
See all answers
 

Comparisons

Splunk SOAR vs Torq Logo
Splunk SOAR vs Torq
Compared 14% of the time
Blink Ops vs Torq Logo
Blink Ops vs Torq
Compared 13% of the time
Palo Alto Networks Cortex XSOAR vs Torq Logo
Palo Alto Networks Cortex XSOAR vs Torq
Compared 10% of the time
Swimlane vs Torq Logo
Swimlane vs Torq
Compared 7% of the time
Fortinet FortiSOAR vs Torq Logo
Fortinet FortiSOAR vs Torq
Compared 3% of the time
More Torq Competitors
Darktrace vs NetWitness NDR Logo
Darktrace vs NetWitness NDR
Compared 9% of the time
ExtraHop Reveal(x) vs NetWitness NDR Logo
ExtraHop Reveal(x) vs NetWitness NDR
Compared 5% of the time
Wazuh vs NetWitness NDR Logo
Wazuh vs NetWitness NDR
Compared 5% of the time
Trellix Endpoint Security Platform vs NetWitness NDR Logo
Trellix Endpoint Security Platform vs NetWitness NDR
Compared 5% of the time
ServiceNow Security Operations vs NetWitness NDR Logo
ServiceNow Security Operations vs NetWitness NDR
Compared 4% of the time
More NetWitness NDR Competitors
Splunk SOAR vs Tines Logo
Splunk SOAR vs Tines
Compared 12% of the time
Palo Alto Networks Cortex XSOAR vs Tines Logo
Palo Alto Networks Cortex XSOAR vs Tines
Compared 11% of the time
Blink Ops vs Tines Logo
Blink Ops vs Tines
Compared 10% of the time
Swimlane vs Tines Logo
Swimlane vs Tines
Compared 8% of the time
Elastic Security vs Tines Logo
Elastic Security vs Tines
Compared 1% of the time
More Tines Competitors
 

Product Reports

Buyer's Guide
Security Orchestration Automation and Response (SOAR)
December 2025
Torq reportDownload Torq product report
Buyer's Guide
NetWitness NDR
December 2025
NetWitness NDR reportDownload NetWitness NDR product report
Buyer's Guide
Security Orchestration Automation and Response (SOAR)
December 2025
Tines reportDownload Tines product report
 

Also Known As

No data available
RSA ECAT, NetWitness Network
No data available
 

Overview

Torq provides advanced automation capabilities, enabling organizations to streamline operations and enhance efficiency. It's designed to address complex workflows, reducing manual efforts and improving productivity.

Leveraging automation, Torq assists companies in managing intricate processes with agility and precision, making it indispensable for those seeking to optimize their workflows. Its robust platform integrates smoothly into current infrastructures, minimizing disruptions while enhancing operational capacities.

What are Torq's standout features?

  • Automation Workflows: Streamlines repetitive tasks to enhance efficiency.
  • Seamless Integration: Connects with existing systems effortlessly.
  • Scalability: Adapts to growing business demands efficiently.

What benefits should you look for in reviews?

  • Productivity Gains: Significant improvement in task completion rates.
  • Cost Reduction: Decreases manual labor costs through automation.
  • Enhanced Collaboration: Facilitates better communication among teams.

Torq's capabilities are especially beneficial in industries like finance and healthcare where intricate workflows and compliance requirements are common. Automation in these sectors supports better data management and regulatory adherence, providing a decisive edge in operational efficiency.

Torq

Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness NDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

NetWitness

Tines offers no-code and low-code automation for users to automate tasks without coding expertise, integrating seamlessly with APIs to enhance incident management and security operations.

Known for a vendor-neutral approach, Tines provides detailed documentation and live chat support, allowing for effective integration with other tools, scheduling capabilities, and streamlined processes that save time and effort. Users find it intuitive for efficient task handling, making manual intervention unnecessary. Challenges include the need for more comprehensive documentation and instructional videos, as well as improvements in AI integration and reporting aesthetics. Pricing is also noted as higher compared to alternatives.

What are the most important features of Tines?
  • No-code and low-code automation: Enables task automation without coding knowledge.
  • API integration: Facilitates enhanced automation for security operations.
  • Vendor-neutral approach: Promotes unbiased integration across various tools.
  • Detailed documentation: Provides users with comprehensive guides and support.
  • Scheduling capabilities: Allows users to automate workflows efficiently.
What benefits and ROI can users expect from Tines?
  • Time savings: Automates tasks to reduce manual processes.
  • Improved efficiency: Streamlines security operations, enhancing productivity.
  • Comprehensive task handling: Offers intuitive tools for managing complex tasks easily.

Tines primarily serves organizations in the security sector, automating security operations such as alert detection and managed detection and response. It's utilized extensively in security operation centers for tasks like phishing email processing, ticket creation, IOC investigations, and ticket assignments within enterprise security frameworks, with multiple teams delivering Tines services to enhance task handling efficiency.

Tines
 

Sample Customers

Information Not Available
ADP, Ameritas, Partners Healthcare
Information Not Available
Buyer's Guide
NetWitness NDR vs. Tines
December 2025
Free Report: NetWitness NDR vs. Tines
Find out what your peers are saying about NetWitness NDR vs. Tines and other solutions. Updated: December 2025.
DOWNLOAD NOW
879,853 professionals have used our research since 2012.
See our NetWitness NDR vs. Tines report.

We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.