No more typing reviews! Try our Samantha, our new voice AI agent.

Blink Ops vs NetWitness NDR comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Torq
Sponsored
Ranking in Security Orchestration Automation and Response (SOAR)
4th
Average Rating
8.8
Reviews Sentiment
6.5
Number of Reviews
14
Ranking in other categories
AI-SOC (1st), AI-Powered Security Automation (1st)
Blink Ops
Ranking in Security Orchestration Automation and Response (SOAR)
19th
Average Rating
7.6
Reviews Sentiment
4.4
Number of Reviews
2
Ranking in other categories
AI-SOC (9th), AI-Powered Security Automation (4th)
NetWitness NDR
Ranking in Security Orchestration Automation and Response (SOAR)
23rd
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
15
Ranking in other categories
Endpoint Protection Platform (EPP) (49th), Threat Intelligence Platforms (TIP) (34th), Endpoint Detection and Response (EDR) (59th), Network Detection and Response (NDR) (19th), Extended Detection and Response (XDR) (41st)
 

Mindshare comparison

As of July 2026, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Torq is 3.8%, down from 5.7% compared to the previous year. The mindshare of Blink Ops is 1.4%, up from 1.3% compared to the previous year. The mindshare of NetWitness NDR is 1.8%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR) Mindshare Distribution
ProductMindshare (%)
Torq3.8%
Blink Ops1.4%
NetWitness NDR1.8%
Other93.0%
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

AD
Solutions Architect at Swimlane
Automation has streamlined multi-tenant SOC workflows and improves alert handling efficiency
Although the reporting within Torq is not that great, we did ask for many features regarding reporting in Torq, but due to some platform constraints, they could not make the whole dataset available for us to be used in reporting. Except for that, we used some basic reporting. When I used Torq, it was indeed in the early stages of AI capabilities. Only a few customers were allowed to use it, and we were among them. It functioned well as long as we summarized the data properly. If you input garbage, you would get garbage out. Thus, we had to do significant fine-tuning regarding what data context we provided to the AI orchestrator to get meaningful results. In terms of Torq's unified platform approach to AI SOC automation and case management compared to managing multiple point solutions across my security stack, I find it case-centric. The unified view in case management is good since it provides clarity, although there are limitations regarding how many items in case management can be modified at once. Bulk operations are very limited, potentially due to their back-end database or data retrieval processes that can be improved. Regarding improvements for Torq, when we were onboarded, there were aspects we were uncertain about, such as the number of cases that could be generated, what data we could bring in, how many clients we could onboard, and similar concerns. Initially, we also lacked clarity about the number of playbooks or workflows we could build. Different triggers like system triggers, case-based triggers, and others can be employed without restrictions, but when it comes to on-demand and scheduled jobs, there is a limitation based on the subscription and pricing tier that notably caps the number of workflows we can create. No bulk editing across cases was one issue, along with limited filtering related to single grouping constraints. Additionally, the out-of-the-box case templates provided require substantial modifications before they become usable. There is also a feature in the cases for notes that cannot be searched. They are only visible through the UI, which is another area for improvement. The workflow and execution-based charges seem misleading as this was not discussed initially. I am not sure if new customers are made aware of this. It seems that workflows revolving around cases hinder functionality outside of case management, as we have many use cases needing on-demand triggers and schedules for functions like reporting or polling devices. Creating additional workflows to achieve basic functionalities raises costs significantly, which disadvantages customers. While they facilitate optimization and scaling, the support received tends to be very basic. Improvements can be made in that area as well.
AH
CEO at cybovate
Workflow automation has transformed SOC decisions and now manages security workload effectively
At the moment, I have no idea what an improvement can be because my feeling is Blink Ops can be deployed on-site in a hybrid mode or in the cloud. Hybrid mode means more or less the cloud environment running within the cloud. In Switzerland, I have seen quite a few clients where discussions happened and they said they do not want to go to cloud and want to run it on-premises. But the solution is just too big to run on-premises. Having a smaller version on-premises would be helpful, but my feeling is that is hard to achieve because the solution is just too big and too diverse to run on-premises. The other thing is also the support model. Support models normally work if platforms are accessible from outside, but if I need to go within the company and do some modifications on the platform within the company, it is normally just time-consuming. This limits some of the use cases in some clients if they say, okay, we are a nuclear power plant and we do not want anyone coming from outside. At the moment, nothing else comes to my mind because I would say Blink Ops is a comprehensive platform and sometimes I feel people are overwhelmed. Maybe one thing I have had twice now, and I am not sure if this would be a Blink Ops topic or also one of the competitors. On CRM platforms, if someone changes from one CRM platform to the other CRM platform, there are always converters. From one music platform to the other music platform, there are converters. I think that is quite often missing. People struggle and said they had an automation platform or quite often they have seven or several automation platforms and say they want to reduce to, for example, two different platforms and want to get rid of the other ones. But then sometimes it is quite often a redevelopment, especially if it was a no-coding platform and everything is in code. Then normally it requires a huge transformation project. I think really helping the clients understand what the other platform does and then maybe on this level, just having the wizard would be fine. But my feeling is that migrating from one platform to the other is quite difficult.
reviewer1799727 - PeerSpot reviewer
Manager, IT Security Operations at a non-profit with 11-50 employees
Reliable and good support but can be expensive
I have no real complaints about the solution. Threat detection could be better. They need to enhance their threat intelligence feeds. We would like to have more IOCs or more trade intelligence to not only rely on the intelligence of the engineer in charge but to have some threat intelligence and some seeds of IOCs and to have the host have some artificial intelligence to reduce the number of false positives. I don't see this solution being very scalable. The solution is pricey.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"What I appreciate most about Torq is that it is an essential part of our system."
"Torq has exceeded expectations by delivering workflows in a timely and lower effort manner than XSOAR, and it meets all my needs while saving a ton of time and targeting $600,000 saved this year, which is a substantial amount of money."
"According to positive outcomes, Torq reduced manual work and made incident response more efficient."
"Since we started working with Torq, I am handling much fewer alerts, it is becoming really easy for me to handle an alert, I have all the information that I need, I do not need to connect to different vendors to receive this information, and the main thing I got from Torq is time, which now helps me to build another automated system and learn."
"Almost four or five hours of work is now completed in four or five minutes."
"We have seen fewer failures of automations from the time Torq came into the picture, we've had a more streamlined process of handling incidents, and at the same time, we've learned to embed the AI into our incident types, and that is how it has helped us in the automation."
"Using that one piece of AI, we auto-closed 511 cases in quarter four alone."
"What I liked the most about Torq is the actual workflow builder, which is really great because they offer a lot of features and convenience features that are useful for any automation engineer."
"I really appreciate the accuracy of prompt engineering and the GUI that Blink offers, as it allows us to evaluate before testing exactly how the workflow will look."
"I would say Blink Ops has probably the best technical support of all my vendors."
"The stability of the RSA NetWitness Endpoint is very good."
"One of the most valuable features is the Orchestrator."
"We use it for IT security purposes; this is our central log management solution, so we incorporate all of our servers and PCs into this software and can monitor the logs from there."
"I would recommend others to use RSA NetWitness Endpoint at this time because they have evolved from an MD to an EDR solution to an XDR solution."
"This solution allows us to locate the malware in real-time."
"I would highly recommend the solution. Just go ahead and get it."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"Technical support is knowledgeable."
 

Cons

"I wish Torq's AI assistant for building templated workflows from scratch worked better; when you start with a blank slate, asking AI to help you build or template the workflow out does not go well."
"Torq does extensive marketing saying that SOAR is dead and markets itself as an all-in-one solution, but this is not actually true."
"It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet."
"The initial deployment of Torq was not easy."
"We have MCP that we are working with our cloud security platform, and we wanted to connect this MCP to the case management."
"Even now, we have workflows that are in production that use AI steps and I get different results, making it unusable to some degree."
"Torq can probably use more ML and look at what can be closed and what cannot be closed in terms of data classification."
"The workflow and execution-based charges seem misleading as this was not discussed initially, and creating additional workflows to achieve basic functionalities raises costs significantly, which disadvantages customers."
"At the moment, nothing else comes to my mind because I would say Blink Ops is a comprehensive platform and sometimes I feel people are overwhelmed."
"The current LLM in Blink is quite accurate, but it still requires a lot of optimization because after a few prompts, it starts creating random responses, which sometimes is problematic."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"The problem with this product is that it's a bit slow."
"I don't see this solution being very scalable."
"Threat detection could be better."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"One of the drawbacks of using this product is that when you deploy, you have to create MSI files."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
 

Pricing and Cost Advice

Information not available
Information not available
"I do not have any opinion on the pricing or licensing of the product."
"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."
"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."
"They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."
"The cost depends on the number of endpoints that you want to monitor, but it is not expensive."
"It is an expensive product."
"It is highly scalable. It can be bought based on your requirements."
"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Construction Company
10%
Manufacturing Company
10%
Comms Service Provider
9%
Manufacturing Company
18%
Financial Services Firm
11%
Insurance Company
8%
Comms Service Provider
8%
Financial Services Firm
12%
Manufacturing Company
9%
Construction Company
8%
Computer Software Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise5
Large Enterprise6
No data available
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise2
Large Enterprise6
 

Questions from the Community

What needs improvement with Torq?
I do not dislike anything about Torq because it has satisfied all of our use cases and requirements. We contacted sup...
What is your primary use case for Torq?
Initially, we were using Slack for small automations, such as creating pipelines or shutting down servers. For exampl...
What advice do you have for others considering Torq?
I have been working for five years with experience in the IT field. Torq is very good. It manages everything. I would...
What needs improvement with Blink Ops?
At the moment, I have no idea what an improvement can be because my feeling is Blink Ops can be deployed on-site in a...
What is your primary use case for Blink Ops?
I have several use cases rather than a single one. When we start engagements, it is often for the SOC team on the SOA...
What advice do you have for others considering Blink Ops?
I would say also on automation, there is a need to have the least privilege or a zero trust approach because the agen...
Ask a question
Earn 20 points
 

Also Known As

No data available
No data available
RSA ECAT, NetWitness Network
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
ADP, Ameritas, Partners Healthcare
Find out what your peers are saying about Blink Ops vs. NetWitness NDR and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.