NetWitness NDR vs Trellix Active Response comparison

NetWitness and Trellix are both solutions in the Endpoint Detection and Response (EDR) category. NetWitness is ranked #63, while Trellix is ranked #50 with an average rating of 8.0. NetWitness holds a 0.4% mindshare in EDR, compared to Trellix’s 0.2% mindshare. Additionally, 87% of NetWitness users are willing to recommend the solution, compared to 33% of Trellix users who would recommend it.

NetWitness NDR

Read 15 NetWitness NDR reviews

644 Views
502 Comparison Views

87% willing to recommend

Trellix Active Response

Read 4 Trellix Active Response reviews

365 Views
252 Comparison Views

33% willing to recommend

NetWitness NDR

Trellix Active Response

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 9, 2024

NetWitness NDR and Trellix Active Response are two competing products in the network detection and response market. While NetWitness NDR is praised for its robust analytics, Trellix Active Response stands out for its comprehensive automated response capabilities, making it a preferred choice for users prioritizing rapid threat mitigation.

Features: NetWitness NDR is valued for its advanced threat detection through deep packet inspection, enriched metadata analytics, and robust forensic capabilities. Trellix Active Response is highly regarded for its automated incident response capabilities, extensive integration with other security tools, and customizable response workflows.

Room for Improvement: Users point out that NetWitness NDR could improve by simplifying its configuration processes, enhancing its integration with third-party tools, and speeding up its incident response time. Trellix Active Response users suggest improvements in the product’s scalability, more frequent updates to its threat intelligence database, and a better user interface.

Ease of Deployment and Customer Service: NetWitness NDR is described as having a fairly complex deployment process but receives positive feedback for its customer service. Trellix Active Response offers a more streamlined deployment but has mixed reviews concerning customer support responsiveness.

Pricing and ROI: NetWitness NDR carries a higher initial setup cost but delivers a strong ROI due to its advanced analytics. Trellix Active Response users find the pricing competitive and appreciate the cost-effectiveness brought by its automation features.

To learn more, read our detailed NetWitness NDR vs. Trellix Active Response Report (Updated: April 2025).

Buyer's Guide

NetWitness NDR vs. Trellix Active Response

April 2025

Download the complete report

Helped 848,476 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

ROI

Sentiment score

8.0

Implementing NetWitness NDR enhances security, improves network visibility, reduces costs, and boosts efficiency and productivity for businesses.

Sentiment score

6.5

Trellix Active Response improved threat detection, reduced incident response times, increased efficiency, and enhanced productivity with an intuitive interface.

No quotes available

For more quotes and insights, download the NetWitness NDR report

While we haven't yet quantified the financial benefits, we recognize that there has been a return on investment, particularly with operational efficiencies provided by the alerts.

Ezzard De Lange

Senior Manager Operational Technology and Cyber Security at Eskom Ltd

For more quotes and insights, download the Trellix Active Response report

Customer Service

Sentiment score

7.3

NetWitness NDR's customer service is generally efficient and highly regarded, though some users report occasional slow response times.

Sentiment score

8.5

Trellix Active Response's technical support is praised, though customer interactions have decreased and users see room for improvement.

No quotes available

For more quotes and insights, download the NetWitness NDR report

No quotes available

For more quotes and insights, download the Trellix Active Response report

Scalability Issues

Sentiment score

7.0

NetWitness NDR is scalable for large enterprises, though some users report issues with scalability and agent migration.

Sentiment score

7.2

Trellix Active Response is scalable, integrates easily, handles large data seamlessly, and maintains performance and security with minimal latency.

No quotes available

For more quotes and insights, download the NetWitness NDR report

The scalability of Active Response is satisfactory.

Ezzard De Lange

Senior Manager Operational Technology and Cyber Security at Eskom Ltd

For more quotes and insights, download the Trellix Active Response report

Stability Issues

Sentiment score

7.7

NetWitness NDR is generally reliable, providing real-time data and stability, though minor technical issues are occasionally reported.

Sentiment score

8.3

Trellix Active Response is praised for reliability, efficient data handling, quick threat detection, adaptability, and stability with minimal downtime.

No quotes available

For more quotes and insights, download the NetWitness NDR report

No quotes available

For more quotes and insights, download the Trellix Active Response report

Room For Improvement

NetWitness NDR requires improvements in UI, scalability, detectability, integration, session times, pricing, training, and features, making it complex and slow.

Trellix Active Response requires enhanced resource management, advanced features like AI, better support, and optimization for improved performance.

No quotes available

For more quotes and insights, download the NetWitness NDR report

We would like Trellix to optimize the technology for these systems similarly to how it is deployed for normal endpoints.

Ezzard De Lange

Senior Manager Operational Technology and Cyber Security at Eskom Ltd

For more quotes and insights, download the Trellix Active Response report

Valuable Features

NetWitness NDR offers high detection rates, real-time malware response, third-party integration, and a user-friendly, interoperable interface with advanced analytics.

Trellix Active Response is praised for robust threat detection, real-time incident response, easy integration, and comprehensive reporting features.

No quotes available

For more quotes and insights, download the NetWitness NDR report

They notify us immediately of any vulnerabilities on the endpoints, allowing us to deploy a response quickly.

Ezzard De Lange

Senior Manager Operational Technology and Cyber Security at Eskom Ltd

For more quotes and insights, download the Trellix Active Response report

Categories and Ranking

NetWitness NDR

Ranking in Endpoint Detection and Response (EDR)

63rd

Average Rating

8.0

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Endpoint Protection Platform (EPP) (59th), Threat Intelligence Platforms (35th), Security Orchestration Automation and Response (SOAR) (24th), Network Detection and Response (NDR) (20th), Extended Detection and Response (XDR) (36th)

Trellix Active Response

Ranking in Endpoint Detection and Response (EDR)

50th

Average Rating

6.8

Reviews Sentiment

7.6

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of April 2025, in the Endpoint Detection and Response (EDR) category, the mindshare of NetWitness NDR is 0.4%, up from 0.3% compared to the previous year. The mindshare of Trellix Active Response is 0.2%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Endpoint Detection and Response (EDR)

Featured Reviews

SupravatMaji

Associate Vice President - IT Security at Inspira Enterprise

Beneficial single unified dashboard, good native application integration, and high availability

My advice to those wanting to implement RSA NetWitness Network is they have to first do a little due diligence, such as the exact requirement based on their needs. That will give them a direction for their investment because otherwise, the bill of material or bill of quantity (BOQ) may be higher side. It is important to do good due intelligence on the environment, see the exact requirement, and then go ahead with the solution. The solution is perfectly stable. I rate RSA NetWitness Network a nine out of ten.

Read full review

Ezzard De Lange

Senior Manager Operational Technology and Cyber Security at Eskom Ltd

Operational efficiencies increase with immediate threat alerts for endpoints

We use Trellix Active Response primarily for our endpoints, including desktop computers. It monitors all the tools that our users use for their day-to-day work The alerts provided by Trellix Active Response are its most valuable feature. They notify us immediately of any vulnerabilities on the…

Read full review

See which vendors are best for you

Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.

See recommendations

848,476 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

18%

Financial Services Firm

17%

Manufacturing Company

Government

17%

Financial Services Firm

14%

Comms Service Provider

11%

University

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

Ask a question

Earn 20 points

What is your experience regarding pricing and costs for McAfee Active Response?

Based on our evaluations, Trellix Active Response's pricing was the most feasible from a cost perspective. I rate the pricing between a six and an eight. It is justified.

See all answers

What needs improvement with McAfee Active Response?

The only area for improvement is regarding operational technology devices, specifically the engineering automation systems. We would like Trellix to optimize the technology for these systems simila...

See all answers

What is your primary use case for McAfee Active Response?

We use Trellix Active Response primarily for our endpoints, including desktop computers. It monitors all the tools that our users use for their day-to-day work.

See all answers

Comparisons

Darktrace vs NetWitness NDR

Compared 15% of the time

Fidelis Elevate vs NetWitness NDR

Compared 11% of the time

Vectra AI vs NetWitness NDR

Compared 9% of the time

Cortex XDR by Palo Alto Networks vs NetWitness NDR

Compared 8% of the time

Corelight vs NetWitness NDR

Compared 7% of the time

More NetWitness NDR Competitors

Trellix Endpoint Security (ENS) vs Trellix Active Response

Compared 59% of the time

Trellix Endpoint Detection and Response (EDR) vs Trellix Active Response

Compared 41% of the time

More Trellix Active Response Competitors

Product Reports

Buyer's Guide

NetWitness NDR

April 2025

Download NetWitness NDR product report

Buyer's Guide

Endpoint Detection and Response (EDR)

January 2025

Download Trellix Active Response product report

Also Known As

RSA ECAT, NetWitness Network

McAfee Active Response

Overview

Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness NDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

NetWitness

Continuous Visibility into Your Endpoints:
Capture and monitor events, files, host flows, process objects, context, and system state changes that may be indicators of attack or dormant attack components.

Identify and Remediate Breaches Faster:
Access tools you need to quickly correct security issues. Send intelligence to analytics, operations, and forensic teams.

Target Critical Threats:
Get preconfigured and customizable actions when triggered, so you can target and eliminate threats.

Trellix

Sample Customers

ADP, Ameritas, Partners Healthcare

Liquor Control Board of Ontario

Buyer's Guide

NetWitness NDR vs. Trellix Active Response

April 2025

Free Report: NetWitness NDR vs. Trellix Active Response

Find out what your peers are saying about NetWitness NDR vs. Trellix Active Response and other solutions. Updated: April 2025.

DOWNLOAD NOW

848,476 professionals have used our research since 2012.

See our NetWitness NDR vs. Trellix Active Response report.

See our list of best Endpoint Detection and Response (EDR) vendors.

We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.