NetWitness NDR Reviews

Name: NetWitness NDR
Brand: NetWitness
Rating: 4.0 (15 reviews)

4.0 out of 5

15 reviews
87% willing to recommend

242 followers

What is NetWitness NDR?

Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness NDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

Get the NetWitness NDR Buyer's Guide and find out what your peers are saying about NetWitness NDR, CrowdStrike Falcon, Microsoft Defender for Endpoint and more!

NetWitness NDR is the #21 ranked solution in top Network Detection and Response (NDR) solutions, #25 ranked solution in SOAR tools, #38 ranked solution in XDR Security products, #39 ranked solution in top Threat Intelligence Platforms, #59 ranked solution in endpoint security software, and #60 ranked solution in EDR tools. PeerSpot users give NetWitness NDR an average rating of 8.0 out of 10. NetWitness NDR is most commonly compared to CrowdStrike Falcon: NetWitness NDR vs CrowdStrike Falcon. NetWitness NDR is popular among the large enterprise segment, accounting for 69% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 17% of all views.

Helped 856,807 peers since 2012

Featured NetWitness NDR reviews

SupravatMaji

Associate Vice President - IT Security at Inspira Enterprise

My advice to those wanting to implement RSA NetWitness Network is they have to first do a little due diligence, such as the exact requirement based on their needs. That will give them a direction for their investment because otherwise, the bill of material or bill of quantity (BOQ) may be higher side. It is important to do good due intelligence on the environment, see the exact requirement, and then go ahead with the solution. The solution is perfectly stable. I rate RSA NetWitness Network a nine out of ten.

Read full review

Jakaria Udoy

Information Security Engineer at Nhq Distribution Ltd

The initial setup is complex. On a scale from one to five with one being the worst and five being the best, I would rate the initial setup at four. It took a couple of hours to set up. The deployment and maintenance can be done by one person, such as a technician.

Read full review

reviewer1259418

Senior Cyber Security Analyst (SAFe Agile) at a transportation company with 1,001-5,000 employees

NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious. For example, if you put IOCs in the form of hashes, it's not possible to block those IOCs - the system will alert you, but they can't be blocked. In the next release, NetWitness Endpoint should include regular expressions for blocking processes and sub-processes, the ability to block IPs, and scalability and integration with the ServiceNow platform or other ticketing solutions.

Read full review

NetWitness NDR mindshare

Product category:

As of June 2025, the mindshare of NetWitness NDR in the Network Detection and Response (NDR) category stands at 2.1%, up from 1.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Network Detection and Response (NDR)

PeerResearch reports based on NetWitness NDR reviews

Type	Title	Date
Category	Network Detection and Response (NDR)	Jun 13, 2025	Download
Product	Reviews, tips, and advice from real users	Jun 13, 2025	Download
Comparison	NetWitness NDR vs Darktrace	Jun 13, 2025	Download
Comparison	NetWitness NDR vs Vectra AI	Jun 13, 2025	Download
Comparison	NetWitness NDR vs Trend Vision One	Jun 13, 2025	Download

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	N/A	96%	132 interviews Add to research
Microsoft Defender for Endpoint	4.1	N/A	94%	197 interviews Add to research

Valuable Features

Valuable features of NetWitness NDR include high detection rate, detailed traffic capture, efficient incident response, real-time malware location, lightweight performance, perfect reporting, seamless third-party integration with an easy-to-use API, and a unified dashboard. Users appreciate its interoperability across operating systems, visualizations, behavior analytics, and flexible interface. Enhanced features include instant threat response, web interface, and isolated machine capability. It operates without heavy IT management involvement and technical support is knowledgeable.

"Technical support is knowledgeable."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"The interface of this solution is very flexible and easy to use."

Room for Improvement

NetWitness NDR requires improvements in contamination features and ease of use. Clicking multiple times during analysis is cumbersome. Scalability and security orchestration need enhancement. The deployment process involving MSI files is complex. Pricing and training costs are high. The tool is slow and suffers from configuration and log passing issues. Threat intelligence should be better, and the UI needs a longer session time. Integration with non-native applications and improved detection features are also necessary.

"Threat detection could be better."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well.In the next release, we would like to see advanced fraud detection features."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."

ROI

Users indicate that NetWitness NDR significantly boosts threat detection capabilities, leading to a more secure environment and demonstrating a clear return on investment. Many highlight the efficiency in identifying and mitigating threats faster. They appreciate the comprehensive monitoring and superior analytical features. Enhanced visibility into network activities has also led to quicker response times and reduced potential losses from cyber incidents.

Pricing

NetWitness XDR offers a straightforward pricing model without setup costs, ensuring a smooth integration for users. Pricing methods typically involve subscription-based models, accommodating per-user or per-device licensing options. The pricing range is adaptable, catering to organizations of different sizes and complexities, providing comprehensive extended detection and response solutions.

"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."
"We are on a three-year contract to use RSA NetWitness Network."
"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."

Popular Use Cases

Organizations primarily use NetWitness NDR for contamination detection, network forensics, and IT security. It identifies incidents, scores risks, detects malware, and provides responses. It is used alongside other security devices like IPS and SIEM, logs, and packets for network and EDR. Companies such as banks and telecom firms rely on it for instant detection responses, malware analysis, digital forensics, and monitoring logs, typically deploying it on-premises.

Service and Support

Customers find NetWitness NDR technical support reliable, knowledgeable, and responsive. Some note high satisfaction and 24/7 availability, with support tiers and quick resolutions. A few express concerns about response times, sometimes taking up to two days. Many appreciate the knowledgeable staff and efficient ticketing system that prioritizes incidents. A minority thinks RSA support needs improvement.

Deployment

Most found NetWitness NDR's initial setup straightforward and easy, with some deploying in a day. One organization experienced a more complex deployment, facing issues like log failures and wiring problems, extending it to over nine months. Some noted that while basic installation was simple, creating dashboards required professional services. A few rated the process as moderate, acknowledging minor complications.

Scalability

NetWitness NDR is highly scalable for larger enterprises and medium businesses, though some users face challenges during migration due to hard-coded IP addresses. Its scalability covers thousands of endpoints and multiple users. Some users report it does not scale well, while others find it easy to scale horizontally and vertically. Specific features are highlighted compared to competitors. The user experience varies, with some praising and others criticizing the scalability.

Stability

NetWitness NDR is praised for being stable, reliable, and non-disruptive to networks. Users rate it positively, though minor issues such as technical difficulties and endpoint agent responsiveness are noted. Complex networks may experience challenges, but this does not detract from the overall performance. Users appreciate the real-time data capabilities and stability across various deployments, despite occasional power issues complicating scenarios.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our NetWitness NDR Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

16%

Government

10%

Manufacturing Company

Healthcare Company

Energy/Utilities Company

Retailer

Comms Service Provider

University

Educational Organization

Real Estate/Law Firm

Non Profit

Insurance Company

Logistics Company

Legal Firm

Transportation Company

Construction Company

Media Company

Engineering Company

Hospitality Company

International Affairs Institute

Recruiting/Hr Firm

Outsourcing Company

Aerospace/Defense Firm

Security Firm

Performing Arts

Compare NetWitness NDR with alternative products

Learn more about NetWitness NDR

NetWitness NDR was previously known as RSA ECAT, NetWitness Network.

NetWitness NDR customers

ADP, Ameritas, Partners Healthcare

Product Categories

Network Detection and Response (NDR)

Endpoint Protection Platform (EPP)

Threat Intelligence Platforms

Endpoint Detection and Response (EDR)

Security Orchestration Automation and Response (SOAR)

Extended Detection and Response (XDR)

Popular Comparisons

CrowdStrike Falcon vs NetWitness NDR

Microsoft Defender for Endpoint vs NetWitness NDR

Wazuh vs NetWitness NDR

Darktrace vs NetWitness NDR

SentinelOne Singularity Complete vs NetWitness NDR

Microsoft Defender XDR vs NetWitness NDR

Cortex XDR by Palo Alto Networks vs NetWitness NDR

IBM Security QRadar vs NetWitness NDR

Elastic Security vs NetWitness NDR

Symantec Endpoint Security vs NetWitness NDR

Trellix Endpoint Security Platform vs NetWitness NDR

Tanium vs NetWitness NDR

Trend Vision One Endpoint Security vs NetWitness NDR

Kaspersky Endpoint Security for Business vs NetWitness NDR

Trend Vision One vs NetWitness NDR

See all alternatives

NetWitness NDR reviews

Sort by:

reviewer1259418

Senior Cyber Security Analyst (SAFe Agile) at a transportation company with 1,001-5,000 employees

Verified user of NetWitness NDR

Sep 3, 2022

Advanced threat detection undermined by issues with blocking

Pros

"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."

Cons

"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."

What is our primary use case?

I primarily use NetWitness Endpoint to detect anomalies like the presence of web shields that are not detected by traditional antivirus solutions. I also use it for digital forensics and containment.

How has it helped my organization?

NetWitness Endpoint has enabled us to detect attacks that bypass the first stage of cybersecurity, like zero-day and advanced attacks.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Read full review (483 words)

SupravatMaji

Associate Vice President - IT Security at Inspira Enterprise

Verified user of NetWitness NDR

Jun 26, 2022

Product version discussed: 11.7

Beneficial single unified dashboard, good native application integration, and high availability

Pros

"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."

Cons

"RSA NetWitness Network could improve on integration with non-native application integration."

What is most valuable?

The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good.

What needs improvement?

RSA NetWitness Network could improve on integration with non-native application integration.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Read full review (363 words)

Buyer's Guide

NetWitness NDR

Download free report

Find out what your peers are saying about NetWitness NDR. Updated May 2025

856,807 professionals have used our research since 2012.

reviewer1799727

Manager, IT Security Operations at a non-profit with 11-50 employees

Verified user of NetWitness NDR

Oct 9, 2022

Reliable and good support but can be expensive

Pros

"Technical support is knowledgeable. "

Cons

"Threat detection could be better."

What is our primary use case?

We primarily use the solution for NDR.

What is most valuable?

We like the solution doesn't have to be managed by an IT department. It's easy to use. You can still check the machine without the IT department being involved.

The solution is stable.

Technical support is knowledgeable.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Read full review (371 words)

reviewer1724928

Manager, Soc

Verified user of NetWitness NDR

Dec 10, 2021

Log correlation is good, but the solution is slow and there are many licensing complications

Pros

"The log correlation is good."

Cons

"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge. "

What is our primary use case?

The product is mainly used for security, log reviews, and monitoring.

In India, mostly on the requirement segment, we don't deploy the solution on the cloud. We use the solution on-premises.

What is most valuable?

The log correlation is good. There may be some benefits to the solution, but most of my time has gone to configure it rather than to work with it. So maybe I'm not so aware of that.

*Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

Read full review (698 words)

Dr Trust Tshepo Mapoka

Senior Cybersecurity Consultant at CIA Botswana

Verified user of NetWitness NDR

Sep 21, 2021

Product version discussed: Latest version

Overall great feature functionality, simple installation, and helpful technical support

Pros

"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."

What is our primary use case?

RSA NetWitness Endpoint is used to get an instant detection response from network threats. Additionally, it has the capability to do malware analysis and investigations.

How has it helped my organization?

RSA NetWitness Endpoint has helped our organization from its many advantages and because it provides overall visibility of all of our endpoints within the enterprise network. You are able to see what exactly is going on and it provides real-time incident reports, instant management, and investigations.

*Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

Read full review (679 words)

Dr Trust Tshepo Mapoka

Senior Cybersecurity Consultant at CIA Botswana

Verified user of NetWitness NDR

Nov 9, 2020

Product version discussed: 3.3

Good performance and reporting, and can discover unknown malware using signatureless detection methods

Pros

"This solution allows us to locate the malware in real-time."

Cons

"I would like to see Security Orchestration and Response Automation (SOAR) integration."

What is our primary use case?

We use this solution to detect indicators of compromise, where incidents that occur are analyzed and given risk scores. For example, if the endpoint is of high risk then it will be indicated in red. By contrast, if it's of low risk then it will be indicated in green. The scoring criteria are what we call the Indicators of Compromise.

The overall goal is to detect malware that is affecting the endpoints and then provide a response. It is often used by banks and telecom companies.

What is most valuable?

The incident response is very good.

When you are searching for malware, you can easily decrease the endpoints to narrow the search and find it. Examples of endpoints can be servers or laptops, each with different operating systems. This solution allows us to locate the malware in real-time.

I like the performance. It can detect signatureless malware, which many perimeter control and antivirus solutions cannot do. It is helpful for discovering unknown malware and it is so lightweight that you don't even notice that it is installed in your environment. It doesn't load the network and it uses less bandwidth than some other products.

The reporting is perfect and I haven't seen any problems with it.

RSA can easily integrate with third-party applications like Rapid7. All of the documentation for integration with other platforms and other vendors is available. The API makes integration even easier.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Read full review (886 words)

Jakaria Udoy

Information Security Engineer at Nhq Distribution Ltd

Verified user of NetWitness NDR

Sep 14, 2022

Has user behavior analytics features and is stable and scalable

Pros

"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."

Cons

"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."

What is our primary use case?

We use it for IT security purposes. This is our central log management solution. So we incorporate all of our servers and PCs to this software, and we can monitor the logs from there.

What is most valuable?

I like the user behavior analytics feature.

*Disclosure: My company has a business relationship with this vendor other than being a customer: Partner

Read full review (324 words)

reviewer1110027

Security Information & Incident Analyst at a financial services firm with 1,001-5,000 employees

Verified user of NetWitness NDR

Jun 6, 2022

Product version discussed: 048

Provides great protection against malicious files

Pros

"Ability to isolate the machine when there are malicious files."

Cons

"The solution lacks a reporting engine. "

What is our primary use case?

We are customers of RSA.

What is most valuable?

The valuable feature is being able to isolate the machine when there are malicious files.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Read full review (251 words)

NetWitness NDR Reviews

What is NetWitness NDR?

Featured NetWitness NDR reviews

NetWitness NDR mindshare

PeerResearch reports based on NetWitness NDR reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare NetWitness NDR with alternative products

Learn more about NetWitness NDR

NetWitness NDR customers

Related questions

Product Categories

Popular Comparisons

NetWitness NDR reviews

Pros

Cons

What is our primary use case?

How has it helped my organization?

Pros

Cons

What is most valuable?

What needs improvement?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

What is our primary use case?

How has it helped my organization?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

What is most valuable?

Pros

Cons

What is our primary use case?

What is most valuable?

What needs improvement?

For how long have I used the solution?

What do I think about the stability of the solution?

What do I think about the scalability of the solution?

How are customer service and support?

How was the initial setup?

What was our ROI?

What other advice do I have?

Which deployment model are you using for this solution?