NetWitness NDR vs Trellix Network Detection and Response comparison

NetWitness and Trellix are both solutions in the Network Detection and Response (NDR) category. NetWitness is ranked #20, while Trellix is ranked #12 with an average rating of 7.6. NetWitness holds a 2.0% mindshare in NDaR, compared to Trellix’s 2.1% mindshare. Additionally, 87% of NetWitness users are willing to recommend the solution, compared to 97% of Trellix users who would recommend it.

NetWitness NDR

Read 15 NetWitness NDR reviews

589 Views
458 Comparison Views

87% willing to recommend

Trellix Network Detection a...

Read 39 Trellix Network Detection and Response reviews

525 Views
342 Comparison Views

97% willing to recommend

NetWitness NDR

Trellix Network Detection a...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Nov 6, 2024

Trellix Network Detection and Response and NetWitness NDR compete in the cybersecurity detection and response category. Trellix seems to have the upper hand due to its deep analysis and real-time response capabilities, while NetWitness is recognized for its broader visibility and ease of integration.

Features: Trellix Network Detection and Response offers comprehensive detection capabilities, zero-day vulnerability protection, and advanced sandboxing, integrating seamlessly with various security solutions for a unified approach. NetWitness NDR provides strong interoperability and visualization features, enabling easy network-to-endpoint pivoting and seamless platform integration.

Room for Improvement: Trellix could enhance cloud integration and VM customization alongside better network visibility and coordination with third-party solutions. NetWitness NDR needs improvement in threat detection, scalability, dashboard updates, and fraud detection features, along with better ServiceNow integration and licensing management.

Ease of Deployment and Customer Service: Trellix offers multiple deployment options, including on-premises and hybrid cloud, coupled with responsive customer service and solid technical support. NetWitness supports predominantly on-premises environments with good technical support but requires service responsiveness improvements.

Pricing and ROI: Trellix Network Detection and Response is viewed as a premium solution with high initial costs, but its threat prevention effectiveness and ROI justify the price. NetWitness NDR offers flexible pricing and licensing options suitable for various organization sizes, providing good value despite being seen as costly.

To learn more, read our detailed NetWitness NDR vs. Trellix Network Detection and Response Report (Updated: April 2025).

Buyer's Guide

NetWitness NDR vs. Trellix Network Detection and Response

April 2025

Download the complete report

Helped 849,600 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

ROI

Sentiment score

8.0

Implementing NetWitness NDR enhances security, improves network visibility, reduces costs, and boosts efficiency and productivity for businesses.

Sentiment score

8.5

Trellix Network Detection and Response exceeded expectations by improving threat prevention and detection, boosting productivity and reducing response times.

No quotes available

For more quotes and insights, download the NetWitness NDR report

No quotes available

For more quotes and insights, download the Trellix Network Detection and Response report

Customer Service

Sentiment score

7.3

NetWitness NDR's customer service is generally efficient and highly regarded, though some users report occasional slow response times.

Sentiment score

6.8

Trellix's support is praised for responsiveness, but improvements in expertise and incident response promptness are suggested by some.

No quotes available

For more quotes and insights, download the NetWitness NDR report

Technical support needs improvement as sometimes engineers are not available promptly, especially during high-severity incidents.

Abdullah Al Hadi

Information Security Engineer at Nhq Distribution Ltd

For more quotes and insights, download the Trellix Network Detection and Response report

Scalability Issues

Sentiment score

7.0

NetWitness NDR is scalable for large enterprises, though some users report issues with scalability and agent migration.

Sentiment score

7.8

Trellix Network Detection and Response scales effectively in various industries, performing well in large enterprises without latency issues.

No quotes available

For more quotes and insights, download the NetWitness NDR report

No quotes available

For more quotes and insights, download the Trellix Network Detection and Response report

Stability Issues

Sentiment score

7.7

NetWitness NDR is generally reliable, providing real-time data and stability, though minor technical issues are occasionally reported.

Sentiment score

7.7

Trellix Network Detection and Response is stable and reliable, with consistent performance and high user satisfaction despite occasional minor issues.

No quotes available

For more quotes and insights, download the NetWitness NDR report

No quotes available

For more quotes and insights, download the Trellix Network Detection and Response report

Room For Improvement

NetWitness NDR requires improvements in UI, scalability, detectability, integration, session times, pricing, training, and features, making it complex and slow.

Trellix Network Detection needs improved customization, integration, AI capabilities, support services, and a more user-friendly interface at reduced pricing.

No quotes available

For more quotes and insights, download the NetWitness NDR report

There should be improvements in AI intelligence, faster decision-making, and a more responsive technical support team.

Abdullah Al Hadi

Information Security Engineer at Nhq Distribution Ltd

For more quotes and insights, download the Trellix Network Detection and Response report

Setup Cost

Trellix Network Detection is costly but effective, with yearly licensing, discounts, and competitive pricing against some competitors like Palo Alto.

No quotes available

For more quotes and insights, download the NetWitness NDR report

No quotes available

For more quotes and insights, download the Trellix Network Detection and Response report

Valuable Features

NetWitness NDR offers high detection rates, real-time malware response, third-party integration, and a user-friendly, interoperable interface with advanced analytics.

Trellix excels in threat protection with AI-driven analysis, automation, and enhanced visibility, benefiting security operations and incident management.

No quotes available

For more quotes and insights, download the NetWitness NDR report

Trellix NDR provides an essential defense by automatically responding to network incidents that firewalls may not catch.

Abdullah Al Hadi

Information Security Engineer at Nhq Distribution Ltd

For more quotes and insights, download the Trellix Network Detection and Response report

Categories and Ranking

NetWitness NDR

Ranking in Network Detection and Response (NDR)

20th

Average Rating

8.0

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Endpoint Protection Platform (EPP) (59th), Threat Intelligence Platforms (35th), Endpoint Detection and Response (EDR) (63rd), Security Orchestration Automation and Response (SOAR) (24th), Extended Detection and Response (XDR) (36th)

Trellix Network Detection a...

Ranking in Network Detection and Response (NDR)

12th

Average Rating

8.4

Reviews Sentiment

7.3

Number of Reviews

Ranking in other categories

Advanced Threat Protection (ATP) (14th)

Mindshare comparison

As of April 2025, in the Network Detection and Response (NDR) category, the mindshare of NetWitness NDR is 2.0%, up from 2.0% compared to the previous year. The mindshare of Trellix Network Detection and Response is 2.1%, up from 0.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Network Detection and Response (NDR)

Featured Reviews

SupravatMaji

Associate Vice President - IT Security at Inspira Enterprise

Beneficial single unified dashboard, good native application integration, and high availability

My advice to those wanting to implement RSA NetWitness Network is they have to first do a little due diligence, such as the exact requirement based on their needs. That will give them a direction for their investment because otherwise, the bill of material or bill of quantity (BOQ) may be higher side. It is important to do good due intelligence on the environment, see the exact requirement, and then go ahead with the solution. The solution is perfectly stable. I rate RSA NetWitness Network a nine out of ten.

Read full review

BiswabhanuPanda

Senior technical consultant at Hitachi Systems Micro Clinic

Offers in-depth investigation capabilities, integrates well and smoothly transitioned from a lower-capacity appliance to a higher one

The in-depth investigation capabilities are a major advantage. When the system flags something as malicious, it provides a packet capture of that activity within the environment. That helps my team quickly identify additional context that most other tools wouldn't offer – like source IP or base64 encoded data. We can also see DNS requests and other details that aren't readily available in solutions like Check Point or others that we've tried. The detection itself is solid, and their sandboxing is powerful. There's a learning curve – you need a strong grasp of OS-level changes, process forking, registry changes, and the potential impact of those. But with that knowledge, the level of information Trellix provides is far greater than what we've seen elsewhere. The real-time response capability of Trellix has been quite effective, although it's not very fast. The key is this solution's concept of 'preference zero.' They don't immediately act on a zero-day. For example, the solution has seen a piece of malware for the first time. It'll let it in, then do sandboxing. Maybe after four or five minutes, it identifies that specific file's DNX Secure Store as malicious. At that point, they update the static analysis engine, and it gets detected if anything else tries to download the same file. There is that initial 'preference zero' concept, like with Panda. You may not hold traffic in the network. That's standard in the industry; we don't do much about it. To address that, we also have endpoint solutions. We use SentinelOne in our environment, which helps us identify threats like Western Bureaus and others.

Read full review

See which vendors are best for you

Use our free recommendation engine to learn which Network Detection and Response (NDR) solutions are best for your needs.

See recommendations

849,600 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

16%

Government

Manufacturing Company

Financial Services Firm

16%

Comms Service Provider

11%

Computer Software Company

10%

Manufacturing Company

10%

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Ask a question

Earn 20 points

What do you like most about FireEye Network Security?

We wanted to cross-reference that activity with the network traffic just to be sure there was no lateral movement. With Trellix, we easily confirmed that there was no lateral network involvement an...

See all answers

What is your experience regarding pricing and costs for FireEye Network Security?

While I do not handle pricing directly, it is known that there is a variety of customers with different licensing needs, which depends on the organization's size and policy.

See all answers

What needs improvement with FireEye Network Security?

The Trellix solution could be improved by enhancing the Central Management Console for faster visibility, which would help in network detection response. Networking often involves complexity that c...

See all answers

Comparisons

Darktrace vs NetWitness NDR

Compared 15% of the time

Fidelis Elevate vs NetWitness NDR

Compared 11% of the time

Vectra AI vs NetWitness NDR

Compared 9% of the time

Cortex XDR by Palo Alto Networks vs NetWitness NDR

Compared 9% of the time

Corelight vs NetWitness NDR

Compared 7% of the time

More NetWitness NDR Competitors

Palo Alto Networks WildFire vs Trellix Network Detection and Response

Compared 16% of the time

Fortinet FortiSandbox vs Trellix Network Detection and Response

Compared 15% of the time

Darktrace vs Trellix Network Detection and Response

Compared 8% of the time

Vectra AI vs Trellix Network Detection and Response

Compared 7% of the time

Trend Micro Deep Discovery vs Trellix Network Detection and Response

Compared 7% of the time

More Trellix Network Detection and Response Competitors

Product Reports

Buyer's Guide

NetWitness NDR

April 2025

Download NetWitness NDR product report

Buyer's Guide

Trellix Network Detection and Response

April 2025

Trellix Network Detection and Response report

Download Trellix Network Detection and Response product report

Also Known As

RSA ECAT, NetWitness Network

FireEye Network Security, FireEye

Overview

Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness NDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

NetWitness

Detect the undetectable and stop evasive attacks. Trellix Network Detection and Response (NDR) helps your team focus on real attacks, contain intrusions with speed and intelligence, and eliminate your cybersecurity weak points.

Trellix

Sample Customers

ADP, Ameritas, Partners Healthcare

FFRDC, Finansbank, Japan Advanced Institute of Science and Technology, Investis, Kelsey-Seybold Clinic, Bank of Thailand, City of Miramar, Citizens National Bank, D-Wave Systems

Buyer's Guide

NetWitness NDR vs. Trellix Network Detection and Response

April 2025

Free Report: NetWitness NDR vs. Trellix Network Detection and Response

Find out what your peers are saying about NetWitness NDR vs. Trellix Network Detection and Response and other solutions. Updated: April 2025.

DOWNLOAD NOW

849,600 professionals have used our research since 2012.

See our NetWitness NDR vs. Trellix Network Detection and Response report.

See our list of best Network Detection and Response (NDR) vendors.

We monitor all Network Detection and Response (NDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.