No more typing reviews! Try our Samantha, our new voice AI agent.

BlackBerry Cylance Cybersecurity vs NetWitness NDR comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 8, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Protection Platform (EPP)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Detection and Response (EDR) (6th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
BlackBerry Cylance Cybersec...
Ranking in Endpoint Protection Platform (EPP)
32nd
Average Rating
8.0
Reviews Sentiment
4.6
Number of Reviews
44
Ranking in other categories
No ranking in other categories
NetWitness NDR
Ranking in Endpoint Protection Platform (EPP)
49th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
15
Ranking in other categories
Threat Intelligence Platforms (TIP) (34th), Endpoint Detection and Response (EDR) (59th), Security Orchestration Automation and Response (SOAR) (23rd), Network Detection and Response (NDR) (19th), Extended Detection and Response (XDR) (41st)
 

Mindshare comparison

As of July 2026, in the Endpoint Protection Platform (EPP) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.8%, up from 3.7% compared to the previous year. The mindshare of BlackBerry Cylance Cybersecurity is 1.5%, up from 1.1% compared to the previous year. The mindshare of NetWitness NDR is 0.9%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.8%
BlackBerry Cylance Cybersecurity1.5%
NetWitness NDR0.9%
Other93.8%
Endpoint Protection Platform (EPP)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Sooraj Makkancherrry - PeerSpot reviewer
Security Operations Manager at Philips
Doesn't have daily updates, which is important for healthcare IT
I face challenges with the exclusion policy - it still scans folders we told it not to, causing issues. When we contact support, they tell us to update the latest agent, but we can't do that immediately due to medical device protocols and validation testing. I wish support would try to understand our issues better instead of giving this standard response. The machine learning feature they use often tells us to upgrade the agent or add things to the exclusion list, which isn't unacceptable. It's a very good and new technology as a tool and antivirus. But sometimes, it doesn't work properly with our medical devices and products, quarantining files it shouldn't even after we add them to exclusions. This is tricky for us.
reviewer1799727 - PeerSpot reviewer
Manager, IT Security Operations at a non-profit with 11-50 employees
Reliable and good support but can be expensive
I have no real complaints about the solution. Threat detection could be better. They need to enhance their threat intelligence feeds. We would like to have more IOCs or more trade intelligence to not only rely on the intelligence of the engineer in charge but to have some threat intelligence and some seeds of IOCs and to have the host have some artificial intelligence to reduce the number of false positives. I don't see this solution being very scalable. The solution is pricey.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Traps pays for itself within the first 16 months of a three-year subscription."
"One thing that I like about Cortex XDR by Palo Alto Networks, it is detecting all the suspicious or malicious binaries, and it has integration with Palo Alto Firewall."
"After deploying Traps, we saw the performance of the network improve by 65 to 70 percent."
"The tool's use cases are relevant to security."
"Cortex XDR by Palo Alto Networks saves time in various ways, although the user interface is fairly standard."
"The user interface of the solution is sophisticated and straightforward."
"The solution allows us to make investigations. Other XDR solutions also provide similar capabilities but for investigation, Cortex XDR is better."
"Palo Alto Networks Traps improves our security posture and lowers risk by providing next-gen methods to combat against modern threats on all the major platforms."
"A user can continue to add endpoints and the solution will continue to perform well."
"It handles situations that the other threat management tools wouldn't find. It has worked well covering the weaker sides of the other products that we're integrating."
"It is a good endpoint solution. It is very easy to manage and detect the threat immediately. It will take the necessary actions."
"​Centralized dashboard online which can be used for managing a huge product."
"The solution is stable; it was no problem and all went quite well, with no bugs or freezes."
"The solution is very quick at easily changing the levels of protection for each computer and the server."
"Its setup is simple if you have a Windows device; it is executable."
"I've found the AI engine in CylancePROTECT to be particularly effective for technology and in preventing unknown threats."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"The detection rate and tracking features including historical tracking, tracking of the fires on the desk, and tracking of the file last monitored are all quite valuable for us."
"The solution is stable."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"I would highly recommend the solution. Just go ahead and get it."
"Ability to isolate the machine when there are malicious files."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
 

Cons

"I would like to see them include NDR (Network Detection Response). Then it would work well with SIEM Response."
"Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer."
"The solution eats memory of the computer, unlike anything I've ever seen."
"The GUI could be improved."
"Cortex XDR by Palo Alto Networks is a strong tool, but it is true that digesting information sometimes makes the tool go a little bit slower."
"There's room for improvement with Mac device installations, which can be challenging."
"It's not an ideal choice for smaller businesses, as you need a minimum of 200 endpoints to even use the solution at all."
"It takes time to scan the servers and devices."
"For advanced security, I wouldn't."
"I would like to see a little bit of additional reporting or insight as to what it is doing exactly."
"It's a good solution but some features just need to be updated."
"Enhancing the product's detection rates and streamlining the user interface for easier management in daily operations would be beneficial improvements."
"The product needs to continue to offer better alerts, in particular around false positives, and it needs to reduce them from happening."
"The product does not do a lot of reporting on what it is taking care of. Enhanced reporting would be a welcome improvement."
"The AI of CylancePROTECT has room for improvement. I'm on a trial license of SentinelOne, and its AI is much better than what's on CylancePROTECT."
"The solution’s technical support could be improved."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"One of the drawbacks of using this product is that when you deploy, you have to create MSI files."
"The problem with this product is that it's a bit slow."
"RSA NetWitness Network could improve on integration with non-native application integration."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"The solution doesn't have a reporting engine which would be helpful."
 

Pricing and Cost Advice

"I feel it is fairly priced."
"This is an expensive solution."
"It is cost-effective compared to similar solutions. It fits for the small businesses through to the big businesses."
"Its pricing is kind of in line with its competitors and everybody else out there."
"When we first bought it, it was a bit expensive, but it was worth it. The licensing was straightforward."
"The price of the solution is high for the license and in general."
"We didn't have to pay any additional fee for the cloud instance. It just came with the renewal, which was nice."
"I don't like that they have different types of licenses."
"This cost of the license is approximately $5 USD monthly per user."
"CylancePROTECT's pricing is reasonable, at about €18 per user, per year."
"Review closely how many endpoints you actually need before buying into a pricing level. Deal and deal with the VAR of your choice."
"Our licensing cost for the solution is around $4,000 for six months. There are no costs in addition to the standard licensing fees."
"The licensing part of the product is too expensive compared to other solutions in the market."
"Currently, we have competitive pricing for Cylance, which is affordable enough to consider."
"Do not get hung up on price. You pay for what you get and expensive will hurt one time, where cheap will hurt forever, especially if you fall victim to a ransom attack, etc.​"
"My company is on a yearly CylancePROTECT subscription. Price-wise, the solution is slightly expensive, so I'd rate it as eight out of ten."
"I do not have any opinion on the pricing or licensing of the product."
"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."
"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."
"It is highly scalable. It can be bought based on your requirements."
"The cost depends on the number of endpoints that you want to monitor, but it is not expensive."
"It is an expensive product."
"We are on a three-year contract to use RSA NetWitness Network."
"The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Construction Company
11%
Financial Services Firm
7%
Manufacturing Company
7%
Computer Software Company
7%
Financial Services Firm
12%
Manufacturing Company
9%
Construction Company
8%
Computer Software Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business33
Midsize Enterprise5
Large Enterprise14
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise2
Large Enterprise6
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What is your experience regarding pricing and costs for Blackberry Protect?
The price is reasonable for us at the moment. I rate the overall solution an eight out of ten.
What needs improvement with Blackberry Protect?
I face challenges with the exclusion policy - it still scans folders we told it not to, causing issues. When we conta...
What is your primary use case for Blackberry Protect?
I am using CylancePROTECT as an active learning algorithm. We installed it on almost 20,000 servers and virtual machi...
Ask a question
Earn 20 points
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Blackberry Protect
RSA ECAT, NetWitness Network
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Panasonic, Noble Energy, Apria Healthcare Group Inc., Charles River Laboratories, Rovi Corporation, Toyota, Kiewit
ADP, Ameritas, Partners Healthcare
Find out what your peers are saying about BlackBerry Cylance Cybersecurity vs. NetWitness NDR and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.