We performed a comparison between NetWitness XDR and Cisco SecureX based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: NetWitness XDR is commended for its prompt threat response, seamless integration capabilities, and user behavior analytics. Cisco SecureX earns high marks for its automated utilities, comprehensive visibility, and seamless integration with external resources. Users say NetWitness XDR could improve its threat intelligence and investigation. Some suggested updates to its reporting engine. Cisco SecureX could offer better documentation and integration with on-premises systems.
Service and Support: NetWitness XDR provides effective 24/7 technical support. While some were satisfied with the response times, others experienced delays of up to 48 hours. Some users describe Cisco support as dependable and efficient, while others noted a decline in quality due to personnel changes.
Ease of Deployment: Some users found the initial setup of NetWitness uncomplicated, but others faced challenges. Setting up Cisco SecureX is generally considered to be straightforward in cloud environments, but it requires more effort to integrate the solution with on-premise products.
Pricing: The total cost of NetWitness XDR depends on the environment and the number of endpoints. Larger users can receive discounts, but users say the solution might be too pricey for smaller companies. NetWitness XDR provides various licenses, including some that feature premium support. A few users said Cisco SecureX’s price could be lower, given that it is included for free with certain Cisco products.
ROI: NetWitness XDR has demonstrated positive outcomes by improving threat detection capabilities and facilitating digital forensics. Cisco SecureX provides a positive ROI by speeding up detection and resolution. It also decreases workloads through automation and proactive information gathering.
Comparison Results: NetWitness XDR is preferred over Cisco SecureX for its prompt threat response, user-friendly interface, integration capabilities, and unified dashboard. NetWitness also offers consistent performance and excellent technical support. Cisco SecureX received mixed feedback about its setup process. Users say SecureX lacks comprehensive documentation and requires enhancements in integration and automation features.
"Microsoft 365 Defender is a good solution and easy to use."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"The integration with other Microsoft solutions is the most valuable feature."
"The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics."
"The integration between all the Defender products is the most valuable feature."
"All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"The solution is well integrated with applications. It is easy to maintain and administer."
"SecureX enables us to have all the threat intelligence and threat event data in one place."
"Integrates well with our existing security infrastructure."
"SecureX takes all the separate pieces of security within your company, adds in intelligence from different sites and services on the internet, and makes them work together."
"One of the most valuable features is the simplicity of deploying SecureX. It's very easy to do that and then you gain very detailed visibility into everything that's going on in your network and, obviously, at the device level. There's just a wealth of information that you can pull from all of these products that are part of SecureX. You know exactly if you have an issue or not."
"The most beneficial feature of Cisco SecureX for cybersecurity efforts is its integration with other Cisco solutions and the environment. This sets it apart, as its APIs and overall integration capabilities are very strong. Additionally, its detection capabilities are commendable."
"The most valuable feature is its ability to manage all the applications and visibility. For example, if there is malware, spam, or another component that wants to attack the company in my servers, network, or applications, then SecureX will react to the problem."
"The forensics are amazing because when you have enrichment, and the solutions talk with each other, when you need it, you have the ability to know everything in the organization: when, why, whatever."
"Our customers find the product's third-party integrations valuable. Our customers are also impressed with the tool's capability to pick up third-party threat feeds and use that as part of the decision-making process."
"Technical support is knowledgeable."
"The log correlation is good."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"The interface of this solution is very flexible and easy to use."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"Ability to isolate the machine when there are malicious files."
"The patching capability should be there. Patching is something that you cannot do even though you see the vulnerabilities present in your environment. For patching, you have to depend on another solution."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"The only problem I find is that the use cases are built-in. There is no template available that you can modify according to your organization's standards. What they give is very generic, the market standard, but that might not be applicable to every organization."
"If they could make the Cisco Umbrella piece a little bit more advanced or easier to manage, that would help. We use it for filtering and when you compare it to a normal content filter, it lacks some functionality."
"I would like it to integrate with another solution, e.g., DNA. I would like it to connect to that solution, but not the security aspect."
"The playbooks provided with the product are great, although I would appreciate having more playbooks available. Threats are constantly evolving, so having access to updated playbooks is crucial."
"The front-end work controls the new algorithm and the firewall rules. The search feature of these rules could be improved."
"They could put in more third-party [integrations]... also more playbooks, out-of-the-box, for automation [would be helpful]."
"what's missing right now is the multi-tenant capability."
"The automation and orchestration could be simpler. It could be that all the other parts are that easy to use so that these stick out as a negative, but that's the trickiest part for us. The workflows within the orchestration are just a bit more difficult."
"For us, the biggest sticking point is that the product is not being designed for multi-tenancy use at present, from an MSP perspective."
"RSA NetWitness Network could improve on integration with non-native application integration."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"The contamination feature could be improved."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"The initial setup requires a high level of skill."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
Cisco SecureX is ranked 14th in Extended Detection and Response (XDR) with 13 reviews while NetWitness XDR is ranked 17th in Extended Detection and Response (XDR) with 15 reviews. Cisco SecureX is rated 9.0, while NetWitness XDR is rated 8.0. The top reviewer of Cisco SecureX writes "Gives our customers visibility and they don't have to go multiple management consoles anymore". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". Cisco SecureX is most compared with Cortex XDR by Palo Alto Networks, Trend Vision One, Splunk SOAR, Cisco Secure Network Analytics and Fortinet FortiSOAR, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Microsoft Defender for Endpoint. See our Cisco SecureX vs. NetWitness XDR report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.