Corelight vs NetWitness XDR comparison

Cancel
You must select at least 2 products to compare!
Corelight Logo
3,311 views|1,651 comparisons
NetWitness Logo
508 views|354 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Corelight and NetWitness XDR based on real PeerSpot user reviews.

Find out what your peers are saying about Darktrace, Vectra AI, Auvik and others in Network Traffic Analysis (NTA).
To learn more, read our detailed Network Traffic Analysis (NTA) Report (Updated: March 2024).
765,234 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Corelight is easy to use.""The most valuable feature is the embedded IDS from Suricata.""It is easy to deploy and easy to handle.""It's easy to create additional dashboards specific to supporting specific tasks.""It's an easy way for us to get visibility in a client's environment."

More Corelight Pros →

"The stability of the RSA NetWitness Endpoint is very good.""They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in.""RSA NetWitness does market analysis in a more granular form. It gives you full visibility.""Technical support is knowledgeable.""The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good.""It helps our security team respond more accurately when there are threats, then we get less false positives or negatives.""Ability to isolate the machine when there are malicious files.""The log correlation is good."

More NetWitness XDR Pros →

Cons
"They can enhance the interface of the product. They can make it more interactive and also easier to use for feature access.""In the next release, building a graphical user interface would be helpful.""The solution’s architecture is complex and difficult to understand. There are multiple machines and VMs.""Corelight hasn’t added features in a long time.""Machine learning could be a good improvement, but it's very costly."

More Corelight Cons →

"I would like to see Security Orchestration and Response Automation (SOAR) integration.""The solution lacks a reporting engine.""The threat intelligence could improve in RSA NetWitness Endpoint.""When analyzing something, you have to click several times. It requires a lot of effort to find something.""Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training.""RSA NetWitness Network could improve on integration with non-native application integration.""The contamination feature could be improved.""The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."

More NetWitness XDR Cons →

Pricing and Cost Advice
  • "It's a yearly fee and depends on what you are looking for."
  • More Corelight Pricing and Cost Advice →

  • "With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."
  • "They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."
  • "It is highly scalable. It can be bought based on your requirements."
  • "I do not have any opinion on the pricing or licensing of the product."
  • "The cost depends on the number of endpoints that you want to monitor, but it is not expensive."
  • "It is an expensive product."
  • "The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."
  • "The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."
  • More NetWitness XDR Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Network Traffic Analysis (NTA) solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:The two platforms take a fundamentally different approach to NDR. Corelight is limited to use cases that require the eventual forwarding of events and parsed data logs to a security team’s SIEM or… more »
    Top Answer:It's easy to create additional dashboards specific to supporting specific tasks.
    Top Answer:The solution is too expensive compared to others. If you have the technical knowledge, it's good. Corelight is a very big gap between you and others if you’re new.
    Top Answer:Technical support is knowledgeable.
    Top Answer:The solution is expensive. I'd rate it at a one or two out of five. They need to adjust it to keep up with the competition. I cannot speak to the exact pricing of the product.
    Top Answer:I have no real complaints about the solution. Threat detection could be better. They need to enhance their threat intelligence feeds. We would like to have more IOCs or more trade intelligence to not… more »
    Ranking
    Views
    3,311
    Comparisons
    1,651
    Reviews
    1
    Average Words per Review
    319
    Rating
    8.0
    Views
    508
    Comparisons
    354
    Reviews
    7
    Average Words per Review
    322
    Rating
    7.9
    Comparisons
    Also Known As
    RSA ECAT, NetWitness Network
    Learn More
    NetWitness
    Video Not Available
    Overview

    Corelight is the most powerful network visibility solution for information security professionals. We provide real-time data that organizations use to understand, detect, and prevent cyber attacks. Our solution is built on Zeek, the powerful and widely-used open source monitoring framework.

    Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness XDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

    Sample Customers
    Education First
    ADP, Ameritas, Partners Healthcare
    Top Industries
    VISITORS READING REVIEWS
    Financial Services Firm15%
    Computer Software Company13%
    Government9%
    Construction Company7%
    VISITORS READING REVIEWS
    Financial Services Firm16%
    Computer Software Company15%
    Government8%
    Manufacturing Company8%
    Company Size
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise13%
    Large Enterprise65%
    REVIEWERS
    Small Business59%
    Midsize Enterprise24%
    Large Enterprise18%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise16%
    Large Enterprise68%
    Buyer's Guide
    Network Traffic Analysis (NTA)
    March 2024
    Find out what your peers are saying about Darktrace, Vectra AI, Auvik and others in Network Traffic Analysis (NTA). Updated: March 2024.
    765,234 professionals have used our research since 2012.

    Corelight is ranked 7th in Network Traffic Analysis (NTA) with 5 reviews while NetWitness XDR is ranked 16th in Extended Detection and Response (XDR) with 15 reviews. Corelight is rated 9.0, while NetWitness XDR is rated 8.0. The top reviewer of Corelight writes "An open-source solution that gave us insight into our clients' network traffic flow ". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". Corelight is most compared with ExtraHop Reveal(x), Darktrace, Vectra AI, Cisco Secure Network Analytics and ExtraHop Reveal(x) 360, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, Microsoft Defender for Endpoint and Bitdefender GravityZone EDR.

    We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.