Arista NDR vs NetWitness XDR comparison

Arista NDR
Read 14 Arista NDR reviews
  • 1,818 Views
  • 1,105 Comparison Views
100% willing to recommend
NetWitness XDR
Read 15 NetWitness XDR reviews
  • 675 Views
  • 476 Comparison Views
87% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Arista NDR and NetWitness XDR based on real PeerSpot user reviews.

Find out in this report how the two Network Detection and Response (NDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Arista NDR vs. NetWitness XDR Report (Updated: May 2024).
Buyer's Guide
Arista NDR vs. NetWitness XDR
May 2024
Download the complete report
Helped 787,779 peers since 2012
 

Categories and Ranking

Arista NDR
Ranking in Network Detection and Response (NDR)
8th
Average Rating
9.0
Number of Reviews
14
Ranking in other categories
Network Traffic Analysis (NTA) (8th)
NetWitness XDR
Ranking in Network Detection and Response (NDR)
9th
Average Rating
8.0
Number of Reviews
15
Ranking in other categories
Endpoint Protection Platform (EPP) (42nd), Threat Intelligence Platforms (13th), Endpoint Detection and Response (EDR) (37th), Security Orchestration Automation and Response (SOAR) (15th), Extended Detection and Response (XDR) (17th)
 

Mindshare comparison

As of June 2024, in the Network Detection and Response (NDR) category, the mindshare of Arista NDR is 5.6%, up from 4.6% compared to the previous year. The mindshare of NetWitness XDR is 1.5%, down from 1.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Network Detection and Response (NDR)
Unique Categories:
Network Traffic Analysis (NTA)
6.5%
Endpoint Protection Platform (EPP)
0.2%
Threat Intelligence Platforms
0.3%
 

Featured Reviews

JG
Feb 10, 2021
Gives us network layer visibility into things that may not be covered by other monitoring tools, such as shadow IT
One concern I do have with Awake is that, ideally, it should be able identify high-risk users and devices and entities. However, we don't have confidence in their entity resolution, and we've provided this feedback to Awake. My understanding is that this is where some of the AI/ML is, and it hasn't been reliable in correctly identifying which device an activity is associated with. We have also encountered issues where it has merged two devices into one entity profile when they shouldn't be merged. The entity resolution is the weakest point of Awake so far. Even without that it's useful because with the MNDR team, they'll at least do some of that work for us and then we can follow up on certain things. But that is something that we would want to see improved. Because we have the MNDR team, in some ways we don't work as hands-on with the interface itself as we did before. But another thing that would be helpful would be easier ways to integrate it with other systems. The integrations seem to exist, but they're a little weak in terms of how easy they are to set up, or what kind of information can be pulled in. That's something they've said that they're working on, as part of their roadmap, but that is something that I would like to see improved.
Read full review
HS
Aug 11, 2022
Advanced threat detection undermined by issues with blocking
I primarily use NetWitness Endpoint to detect anomalies like the presence of web shields that are not detected by traditional antivirus solutions. I also use it for digital forensics and containment NetWitness Endpoint has enabled us to detect attacks that bypass the first stage of cybersecurity,…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Other solutions will say, "Hey, this device is doing something weird." But they don't aggregate that data point with other data points. With Awake you have what's called a "fact pattern." For example, if there's a smart toaster on the third floor that is beaconing out to an IP address in North Korea, sure that's bizarre. But if that toaster was made in North Korea it's not bizarre. Taking those two data points together, and automating something using machine-learning is something that no other solution is doing right now."
"This solution’s encrypted traffic analysis helps us stay in compliance with government regulations. It is all about understanding data exfiltration, what is ingressing and egressing in our network. One common attack vector is exfiltrating data using encryption. My capabilities to see potential data exfiltration over encrypted traffic is second to none now."
"The query language that they have is quite valuable, especially because the sensor itself is storing some network activity and we're able to query that. That has been useful in a pinch because we don't necessarily use it just for threat hunting, but we also use it for debugging network issues. We can use it to ask questions and get answers about our network. For example: Which users and devices are using the VPN for RDP access? We can write a query pretty quickly and get an answer for that."
"It gives us something that is almost like an auditing tool for all of our network controls, to see how they are performing. This is related to compliance so that we can see how we are doing with what we have already implemented. There are things that we implemented, but we really didn't know if they were working or not. We have that visibility now."
"The most valuable portion is that they offer a threat-hunting service. Using their platform, and all of the data that they're collecting, they actually help us be proactive by having really expert folks that have insight, not just into our accounts, but into other accounts as well. They can be proactive and say, 'Well, we saw this incident at some other customer. We ran that same kind of analysis for you and we didn't see that type of activity in your network.'"
"When I create a workbench query in Awake to do threat hunting, it's much easier to query. You get a dictionary popup immediately when you try to type a new query. It says, "You want to search for a device?" Then you type in "D-E," and it gives you a list of commands, like device, data set behavior, etc. That gives you the ability to build your own query."
"Arista NDR's scalability is very good, making it easy to add more hardware components. You can order additional hardware and integrate it by stacking it with the existing setup. This feature cannot be seen in other NDR tools."
"The interface itself is clean and easy to use, yet customizable. I like that I can create my own dashboards fairly easily so that I can see what is important to me. Also, the query language is pretty easy to use. I haven't needed to use it a ton, but as I need to go in and do different queries based on their requests, it has been fairly simple to use."
More Arista NDR pros
"The log correlation is good."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"This solution allows us to locate the malware in real-time."
"Ability to isolate the machine when there are malicious files."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"It is stable. We have been using it for some time, without any issues."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
More NetWitness XDR pros
 

Cons

"I enjoy the query language, but it could be a bit more user-friendly, especially for new users who come across it... They should push it more into a natural language style as opposed to a query language."
"Awake Security needs to move to a 24/7 support model in the MNDR space. Once they do that, it will make them even better."
"While the appliance is very good, and I think they're working on it, it would probably help if they integrated the management team cases into the appliance so that everything we are working on with them would be accessible on our platform, on the dashboard, on the portal. Right now, Awake is just an additional team that uses the appliance that we use and then we communicate with them directly. Communication isn't through the portal."
"The one thing that the Awake platform lacks is the ability to automate the ingestion of IOCs rather than having to import CSV files or JSON files manually."
"One thing I would like to see is a little bit more education or experience on AWS cloud for their managed services team. We've explained how we have the information set up, that the traffic coming in goes to the AWS load balancer and then gets sent on to our internal servers... but when I get notices they always tell me this traffic is coming from the IPs belonging to the load balancers, not the source IPs. So a little bit more education for their team about how AWS manages the traffic might help out."
"I would like to see a bit more in terms of encrypted traffic. With the advent of programs that live off the land, a smart attacker is going to leverage encryption to execute their operation. So I would like to see improvements there, where possible. Currently, we're not going to be decrypting encrypted traffic. What other approaches could be used?"
"Be prepared to update your SOPs to have your analysts work in another tool separately. There are some limitations in the integrations right now. One of the things that I want from a security standpoint is integration with multiple tools so I don't need to have my analysts logging into each individual tool."
"They've been focused on really developing their data science, their ability to detect, but over time, they need to be able to tie into other systems because other systems might detect something that they don't."
More Arista NDR cons
"The threat intelligence could improve in RSA NetWitness Endpoint."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"RSA NetWitness Network could improve on integration with non-native application integration."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"The solution lacks a reporting engine."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
More NetWitness XDR cons
 

Pricing and Cost Advice

"The pricing seems pretty reasonable for what we get out of it. We also found it to be more competitive than some other vendors that we've looked at."
"Because I represent a hedge fund, I have some leverage. I told them that they had to meet my conditions if they wanted me as a client. It was the same way with Awake. They wanted an initial four-year agreement. Initially, we signed on for a one-year contract, but they wanted the four-year deal when it came time for the renewal. I told them that I was not doing that. I said that they either had to do it on my terms, or I'd go somewhere else."
"We switched to Awake Security because they were able to offer a model that was significantly less expensive and the value that we get out of it is higher."
"The solution is very good and the pricing is also better than others..."
"Awake's pricing was very competitive. It's not a cheap option though. It's an investment to utilize it, but it's one that we decided was worth the cost, with the managed services. At our scale, it was a much better option to utilize their software and their managed services to handle this, rather than hiring another person to be an analyst. It was quite cost-effective for us."
"Awake Security was the least expensive among their competitors. Everyone was within $15,000 of each other. The other solutions were not providing the MNDR service, which is standard with Awake Security's pricing/licensing model."
"The solution has saved thousands of dollars within the first day. Our ROI has to be in the tens of thousands of dollars since October last year."
"They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."
"It is an expensive product."
"We are on a three-year contract to use RSA NetWitness Network."
"The cost depends on the number of endpoints that you want to monitor, but it is not expensive."
"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."
"I do not have any opinion on the pricing or licensing of the product."
"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."
"It is highly scalable. It can be bought based on your requirements."
More NetWitness XDR pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Network Detection and Response (NDR) solutions are best for your needs.
See recommendations
787,779 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
12%
Manufacturing Company
8%
Educational Organization
7%
Computer Software Company
15%
Financial Services Firm
15%
Government
8%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Arista NDR?
Arista NDR's scalability is very good, making it easy to add more hardware components. You can order additional hardware and integrate it by stacking it with the existing setup. This feature cannot...
See all answers
What is your experience regarding pricing and costs for Arista NDR?
The tool's pricing is expensive but it is competitive.
See all answers
What needs improvement with Arista NDR?
Arista NDR needs to open legal offices to be closer to customers and partners. It needs more visibility in the NDR market in the Middle East. While they are doing well, they lack sufficient enginee...
See all answers
What do you like most about NetWitness XDR?
Technical support is knowledgeable.
See all answers
What is your experience regarding pricing and costs for NetWitness XDR?
The solution is expensive. I'd rate it at a one or two out of five. They need to adjust it to keep up with the competition. I cannot speak to the exact pricing of the product.
See all answers
What needs improvement with NetWitness XDR?
I have no real complaints about the solution. Threat detection could be better. They need to enhance their threat intelligence feeds. We would like to have more IOCs or more trade intelligence to n...
See all answers
 

Comparisons

Vectra AI vs Arista NDR Logo
Vectra AI vs Arista NDR
Compared 17% of the time
Palo Alto Networks Advanced Threat Prevention vs Arista NDR Logo
Palo Alto Networks Advanced Threat Prevention vs Arista NDR
Compared 16% of the time
Trend Micro Deep Discovery vs Arista NDR Logo
Trend Micro Deep Discovery vs Arista NDR
Compared 15% of the time
Cisco Secure Network Analytics vs Arista NDR Logo
Cisco Secure Network Analytics vs Arista NDR
Compared 13% of the time
Bitdefender GravityZone Ultra Plus vs Arista NDR Logo
Bitdefender GravityZone Ultra Plus vs Arista NDR
Compared 2% of the time
More Arista NDR Competitors
Darktrace vs NetWitness XDR Logo
Darktrace vs NetWitness XDR
Compared 14% of the time
ExtraHop Reveal(x) vs NetWitness XDR Logo
ExtraHop Reveal(x) vs NetWitness XDR
Compared 11% of the time
SentinelOne Singularity Complete vs NetWitness XDR Logo
SentinelOne Singularity Complete vs NetWitness XDR
Compared 8% of the time
CrowdStrike Falcon vs NetWitness XDR Logo
CrowdStrike Falcon vs NetWitness XDR
Compared 8% of the time
Fidelis Elevate vs NetWitness XDR Logo
Fidelis Elevate vs NetWitness XDR
Compared 5% of the time
More NetWitness XDR Competitors
 

Product Reports

Buyer's Guide
Arista NDR
June 2024
Arista NDR reportDownload Arista NDR product report
Buyer's Guide
NetWitness XDR
June 2024
NetWitness XDR reportDownload NetWitness XDR product report
 

Also Known As

Awake Security Platform
RSA ECAT, NetWitness Network
 

Learn More

Arista
Video not available
NetWitness
 

Overview

Arista NDR (formerly Awake Security) is the only advanced network detection and response company that delivers answers, not alerts. By combining artificial intelligence with human expertise, Arista NDR hunts for both insider and external attacker behaviors, while providing autonomous triage and response with full forensics across traditional, IoT, and cloud networks. Arista NDR delivers continuous diagnostics for the entire enterprise threat landscape, processes countless network data points, senses abnormalities or threats, and reacts if necessary—all in a matter of seconds. The Arista NDP platform stands out from traditional security because it is designed to mimic the human brain. It recognizes malicious intent and learns over time, giving defenders greater visibility and insight into what threats exist and how to respond to them. 

The Advent of Advanced Network Detection and Response & Why it Matters

The 5 Levels of Autonomous Security paper

Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness XDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

 

Sample Customers

- Dolby Laboratories- Seattle Genetics- ARM Energy- Ooma- Prophix- Yapstone
ADP, Ameritas, Partners Healthcare
Buyer's Guide
Arista NDR vs. NetWitness XDR
May 2024
Free Report: Arista NDR vs. NetWitness XDR
Find out what your peers are saying about Arista NDR vs. NetWitness XDR and other solutions. Updated: May 2024.
DOWNLOAD NOW
787,779 professionals have used our research since 2012.
See our Arista NDR vs. NetWitness XDR report.
See our list of best Network Detection and Response (NDR) vendors.

We monitor all Network Detection and Response (NDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.