We performed a comparison between Corelight and NetWitness XDR based on real PeerSpot user reviews.
Find out what your peers are saying about Darktrace, Vectra AI, Auvik and others in Network Traffic Analysis (NTA)."Corelight is easy to use."
"The most valuable feature is the embedded IDS from Suricata."
"It is easy to deploy and easy to handle."
"It's easy to create additional dashboards specific to supporting specific tasks."
"It's an easy way for us to get visibility in a client's environment."
"The stability of the RSA NetWitness Endpoint is very good."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"Technical support is knowledgeable."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"Ability to isolate the machine when there are malicious files."
"The log correlation is good."
"They can enhance the interface of the product. They can make it more interactive and also easier to use for feature access."
"In the next release, building a graphical user interface would be helpful."
"The solution’s architecture is complex and difficult to understand. There are multiple machines and VMs."
"Corelight hasn’t added features in a long time."
"Machine learning could be a good improvement, but it's very costly."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"The solution lacks a reporting engine."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"RSA NetWitness Network could improve on integration with non-native application integration."
"The contamination feature could be improved."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
Corelight is ranked 7th in Network Traffic Analysis (NTA) with 5 reviews while NetWitness XDR is ranked 16th in Extended Detection and Response (XDR) with 15 reviews. Corelight is rated 9.0, while NetWitness XDR is rated 8.0. The top reviewer of Corelight writes "An open-source solution that gave us insight into our clients' network traffic flow ". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". Corelight is most compared with ExtraHop Reveal(x), Darktrace, Vectra AI, Cisco Secure Network Analytics and ExtraHop Reveal(x) 360, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, Microsoft Defender for Endpoint and Bitdefender GravityZone EDR.
We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.