No more typing reviews! Try our Samantha, our new voice AI agent.

BlackBerry Cylance Cybersecurity vs NetWitness NDR comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 8, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Protection Platform (EPP)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Detection and Response (EDR) (6th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
BlackBerry Cylance Cybersec...
Ranking in Endpoint Protection Platform (EPP)
32nd
Average Rating
8.0
Reviews Sentiment
4.6
Number of Reviews
44
Ranking in other categories
No ranking in other categories
NetWitness NDR
Ranking in Endpoint Protection Platform (EPP)
49th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
15
Ranking in other categories
Threat Intelligence Platforms (TIP) (34th), Endpoint Detection and Response (EDR) (59th), Security Orchestration Automation and Response (SOAR) (23rd), Network Detection and Response (NDR) (19th), Extended Detection and Response (XDR) (41st)
 

Mindshare comparison

As of July 2026, in the Endpoint Protection Platform (EPP) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.8%, up from 3.7% compared to the previous year. The mindshare of BlackBerry Cylance Cybersecurity is 1.5%, up from 1.1% compared to the previous year. The mindshare of NetWitness NDR is 0.9%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.8%
BlackBerry Cylance Cybersecurity1.5%
NetWitness NDR0.9%
Other93.8%
Endpoint Protection Platform (EPP)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Sooraj Makkancherrry - PeerSpot reviewer
Security Operations Manager at Philips
Doesn't have daily updates, which is important for healthcare IT
I face challenges with the exclusion policy - it still scans folders we told it not to, causing issues. When we contact support, they tell us to update the latest agent, but we can't do that immediately due to medical device protocols and validation testing. I wish support would try to understand our issues better instead of giving this standard response. The machine learning feature they use often tells us to upgrade the agent or add things to the exclusion list, which isn't unacceptable. It's a very good and new technology as a tool and antivirus. But sometimes, it doesn't work properly with our medical devices and products, quarantining files it shouldn't even after we add them to exclusions. This is tricky for us.
reviewer1799727 - PeerSpot reviewer
Manager, IT Security Operations at a non-profit with 11-50 employees
Reliable and good support but can be expensive
I have no real complaints about the solution. Threat detection could be better. They need to enhance their threat intelligence feeds. We would like to have more IOCs or more trade intelligence to not only rely on the intelligence of the engineer in charge but to have some threat intelligence and some seeds of IOCs and to have the host have some artificial intelligence to reduce the number of false positives. I don't see this solution being very scalable. The solution is pricey.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The normal protection was really effective, and we detected situations that if we didn't have Cortex XDR by Palo Alto Networks, it's highly likely that we would have been affected, but it protected the infrastructure."
"The product is mostly automated, and we do not have to make decisions, because all the decisions are made by the product itself and we are not required to create any custom policies since the policies that are created are well defined in the product itself."
"We use it for malicious connections from malicious websites, to identify payloads that might be inside the traffic, to identify malicious processes or bugs that are running on the network, and any activities that tend to lead to data infiltration."
"It's very stable. I've never experienced downtime for the ASM console or ASM core."
"The solution is a new generation XDR that has a lot of artificial intelligence modules."
"The anti-exploit is impenetrable. We chose Traps because it is the only product that we were not able to get anything past."
"There has been a significant reduction of approximately 70% to 80% in our internal MTTR and MTTD metrics, now around five to eight minutes whereas previously it was hours, which has helped tremendously."
"Overall, it's a great platform; it integrates very well with other solutions from Palo Alto and also with our vendors, the ease of use is excellent, I love the root cause analysis from Cortex, which is amazing, and in a few clicks you can have the full root cause."
"The quick installation would be the most valuable aspect of this solution."
"​Very easy to deploy. It can be done one by one or deployed by customizing an MSI file for GPO push.​"
"It is a good endpoint solution. It is very easy to manage and detect the threat immediately. It will take the necessary actions."
"The solution is stable; it was no problem and all went quite well, with no bugs or freezes."
"The initial setup of CylancePROTECT is very easy."
"The product works pretty well; it does a good job catching viruses, and while we haven't had a chance to test against any kind of ransomware attack, I know it works great and I'm not worried about its capabilities in that respect."
"Its setup is simple if you have a Windows device; it is executable."
"With Cylance AI and Machine Learning, it's ensuring that all types of malware, PUP (Potential Unwanted Programs) and Memory Protection your endpoint devices are fully protected, even with day zero threats."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"RSA NetWitness Endpoint has helped our organization from its many advantages and because it provides overall visibility of all of our endpoints within the enterprise network."
"It is stable. We have been using it for some time, without any issues."
"This solution allows us to locate the malware in real-time."
"I would recommend others to use RSA NetWitness Endpoint at this time because they have evolved from an MD to an EDR solution to an XDR solution."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
 

Cons

"Based on our experience so far, its implementation is quite complex."
"It is a complex solution to implement."
"Cortex XDR by Palo Alto Networks is not only pricey; it is extremely expensive."
"This is a very costly product."
"There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, is not user-friendly."
"It is not easy to sell Cortex XDR, not because it isn't a good tool. Its marketing needs to be improved."
"It's more focused on network communication. If a customer wants to increase the level of protection and start working with documents, it's impossible to integrate these features into the system. It's more of a communication-oriented system than a content security-oriented system."
"Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms."
"It is not stable. The solution has caused six crashes over two years, with one of them requiring us to rebuild all of our Windows 10 devices."
"The product needs to continue to offer better alerts, in particular around false positives, and it needs to reduce them from happening."
"I would not rate this solution in the top five for things like presenting information, or ease of use."
"The management console needs a little maturity in how it presents data and allows the administrator to drill down or search across systems."
"​It needs real analysis of quarantined files. The EDR product isn't showing much right now."
"The process of whitelisting a script that you want to be able to run can be a little bit difficult, or awkward."
"Additionally, their channel management has been lacking, with a notable disregard for small and medium-sized businesses, focusing primarily on large enterprises and very large MSPs."
"It was not effective. There were a lot of false positives, even when we use Adobe, and everybody uses Adobe, which is not a threat."
"RSA NetWitness Endpoint is a scalable solution. However, the problem which we normally face is in terms of the migration of the solution."
"The solution doesn't have a reporting engine which would be helpful."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"The initial setup requires a high level of skill, then the setup is good and smooth."
"I don't see this solution being very scalable."
 

Pricing and Cost Advice

"In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage."
"Our license will require renewal in August, after which the maintenance will continue as usual."
"Our customers have expressed that the price is high."
"It is "expensive" and flexible."
"I don't recall what the cost was, but it wasn't really that expensive."
"We pay about $50,000 USD per year for a bundle that includes Cortex XDR."
"It has reasonable pricing for the use cases it provides to the company."
"The pricing is a little high. It is per user per year."
"This cost of the license is approximately $5 USD monthly per user."
"On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven out of ten."
"Do not get hung up on price. You pay for what you get and expensive will hurt one time, where cheap will hurt forever, especially if you fall victim to a ransom attack, etc.​"
"CylancePROTECT's pricing is reasonable, at about €18 per user, per year."
"It is expensive, but not unreasonable."
"Our licensing cost for the solution is around $4,000 for six months. There are no costs in addition to the standard licensing fees."
"The licensing part of the product is too expensive compared to other solutions in the market."
"CylancePROTECT is worth the money, but I'm not sure of its exact price. I can't remember off the top of my head."
"They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."
"It is highly scalable. It can be bought based on your requirements."
"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."
"The cost depends on the number of endpoints that you want to monitor, but it is not expensive."
"The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."
"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."
"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."
"It is an expensive product."
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Construction Company
11%
Financial Services Firm
7%
Manufacturing Company
7%
Computer Software Company
7%
Financial Services Firm
12%
Manufacturing Company
9%
Construction Company
8%
Computer Software Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business33
Midsize Enterprise5
Large Enterprise14
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise2
Large Enterprise6
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What is your experience regarding pricing and costs for Blackberry Protect?
The price is reasonable for us at the moment. I rate the overall solution an eight out of ten.
What needs improvement with Blackberry Protect?
I face challenges with the exclusion policy - it still scans folders we told it not to, causing issues. When we conta...
What is your primary use case for Blackberry Protect?
I am using CylancePROTECT as an active learning algorithm. We installed it on almost 20,000 servers and virtual machi...
Ask a question
Earn 20 points
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Blackberry Protect
RSA ECAT, NetWitness Network
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Panasonic, Noble Energy, Apria Healthcare Group Inc., Charles River Laboratories, Rovi Corporation, Toyota, Kiewit
ADP, Ameritas, Partners Healthcare
Find out what your peers are saying about BlackBerry Cylance Cybersecurity vs. NetWitness NDR and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.