Try our new research platform with insights from 80,000+ expert users

CrowdStrike Falcon vs NetWitness Platform comparison

CrowdStrike and NetWitness are both solutions in the Security Information and Event Management (SIEM) category. CrowdStrike is ranked #6 with an average rating of 8.6, while NetWitness is ranked #29 with an average rating of 8.0. CrowdStrike holds a 4.8% mindshare in SIEM, compared to NetWitness’s 0.6% mindshare. Additionally, 96% of CrowdStrike users are willing to recommend the solution, compared to 75% of NetWitness users who would recommend it.
CrowdStrike Falcon
Read 132 CrowdStrike Falcon reviews
  • 4,557 Views
  • 2,155 Comparison Views
96% willing to recommend
NetWitness Platform
Read 37 NetWitness Platform reviews
  • 1,052 Views
  • 579 Comparison Views
75% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between CrowdStrike Falcon and NetWitness Platform based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed CrowdStrike Falcon vs. NetWitness Platform Report (Updated: June 2025).
Buyer's Guide
CrowdStrike Falcon vs. NetWitness Platform
June 2025
Download the complete report
Helped 859,129 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

CrowdStrike Falcon
Ranking in Security Information and Event Management (SIEM)
6th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
132
Ranking in other categories
Endpoint Protection Platform (EPP) (2nd), Threat Intelligence Platforms (1st), Endpoint Detection and Response (EDR) (1st), Extended Detection and Response (XDR) (1st), Attack Surface Management (ASM) (1st), Identity Threat Detection and Response (ITDR) (2nd), AI-Powered Cybersecurity Platforms (1st)
NetWitness Platform
Ranking in Security Information and Event Management (SIEM)
29th
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
37
Ranking in other categories
Log Management (38th)
 

Mindshare comparison

As of June 2025, in the Security Information and Event Management (SIEM) category, the mindshare of CrowdStrike Falcon is 4.8%, up from 2.4% compared to the previous year. The mindshare of NetWitness Platform is 0.6%, down from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Waleed Omar - PeerSpot reviewer
Provides effective real-time threat detection with potential for cost optimization
Some features such as device control, firewall management, and file analysis are standalone products that we need to purchase separately. If these features came out of the box within the product, it would be much more beneficial for us. Other providers such as SentinelOne include these features in their base product. We attended a CrowdStrike Falcon event where they discussed some shallow AI features, but we cannot see these in our panel yet. We work with different solutions such as Darktrace and SocRadar, where AI features are automatically displayed in our dashboards after release. However, for CrowdStrike Falcon, we cannot see these features.
Read full review
MOTASHIM Al Razi - PeerSpot reviewer
It is a stable solution, but they should make the user interface easier to understand
The solution's initial setup takes work. We have to organize multiple paths and many features. The deployment process takes less than a week. But it takes a month to complete if we want to make the solution smarter by integrating it with various devices. I rate the process as a six out of ten.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Among CrowdStrike Falcon's most valuable capabilities are its UEBA and SOAR functionalities, along with its seamless integration with any other SIEM solution."
"We haven't had any infections or down time."
"It provides very good protection and the ability to crosscheck environments."
"CrowdStrike displays a threat score when it detects an infection. This is helpful because not all detections are the same. It will classify them as ransomware, malware, phishing, etc. This feature helps us prioritize and cross-check with other EDR tools."
"The detection and response console is the most valuable feature."
"The solution offers great stability."
"The features I like the most are the response time and the dashboard are both excellent."
"It helps to prevent unauthorized access or identity theft from external sites. If your identity is stolen, you can ban it."
More CrowdStrike Falcon pros
"The newer 11.5 version that my team is using has found it to have good mapping."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"It's quite economical compared to other solutions in the market."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"Incident management is its most valuable feature."
"Setting up NetWitness is straightforward. There are multiple connectors, including standard and specialized connectors. One purpose of the connectors is the enhanced capability integrate the custom applications. NetWitness comes with E6 appliances and application images that we use for the initial configurations and for the OS stack information. From there, you can consider the correlation rules, integrate the different log sources, and easily create correlation rules and backlog reports."
"I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."
"The solution is really scalable for the high-end power, enterprise customer."
More NetWitness Platform pros
 

Cons

"We'd like to see more integration capabilities."
"The solution could improve the policies themselves. It would be helpful if there were cost-cutting measures."
"Forensic controls have room for improvement."
"The technical support team often just replies to an issue with a link to an article rather than actually calling back and talking to someone and making sure the problem is solved. To me, that's kind of weak."
"They don't really have anything when it comes to scanning attachments."
"The performance could be better."
"They respond quickly on the weekdays, but the weekend response times are slower."
"The management of the solution could improve."
More CrowdStrike Falcon cons
"The threat detection capability and centralizing and upgrading capability need to be improved. The threat alert capability needs to be improved as well because there is some lag time at present. They need to work on their database search too."
"The log system is a bit complex and has room for improvement."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"We have encountered issues with unresolved crashes."
"Its technical support could be better."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"The product's licensing models are complex to understand. This particular area needs improvement."
"It is not so easy to customize this product."
More NetWitness Platform cons
 

Pricing and Cost Advice

"The price of CrowdStrike Falcon is expensive."
"The price is high in comparison to similar brands."
"The cost of CrowdStrike Falcon could be reduced. It is quite expensive if you compare it to other solutions, such as Blue Coat, Symantec, McAfee, or Kaspersky."
"The pricing on CrowdStrike is per license. It was about $42 per seat yearly."
"The pricing is not bad. It's on the higher end of the market, but you get what you pay for."
"The tool is a little bit expensive compared to other products, but I think it's okay owing to its quality."
"The pricing will depend upon your volume of usage."
"The pricing could be reduced. If it was more reasonable that would be great."
More CrowdStrike Falcon pricing and cost advice
"This is a pricey solution; it's not cheap."
"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
"It provides tools to assist in selecting the appropriate license and usage scenarios."
"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
"We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
"We are on an annual license for the use of the solution."
"The product is expensive."
More NetWitness Platform pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
859,129 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
Read full review
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
10%
Manufacturing Company
9%
Government
7%
Computer Software Company
18%
Financial Services Firm
18%
Government
5%
Manufacturing Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that are very scalable, secure, and user-friendly. Cortex XDR by Palo Alto offers ...
See all answers
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a cl...
See all answers
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...
See all answers
What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
See all answers
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
See all answers
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
See all answers
 

Comparisons

Microsoft Defender for Endpoint vs CrowdStrike Falcon Logo
Microsoft Defender for Endpoint vs CrowdStrike Falcon
Compared 6% of the time
Kaspersky Endpoint Detection and Response vs CrowdStrike Falcon Logo
Kaspersky Endpoint Detection and Response vs CrowdStrike Falcon
Compared 5% of the time
Kaspersky Endpoint Security for Business vs CrowdStrike Falcon Logo
Kaspersky Endpoint Security for Business vs CrowdStrike Falcon
Compared 3% of the time
Symantec Endpoint Security vs CrowdStrike Falcon Logo
Symantec Endpoint Security vs CrowdStrike Falcon
Compared 3% of the time
Microsoft Defender XDR vs CrowdStrike Falcon Logo
Microsoft Defender XDR vs CrowdStrike Falcon
Compared 3% of the time
More CrowdStrike Falcon Competitors
Splunk Enterprise Security vs NetWitness Platform Logo
Splunk Enterprise Security vs NetWitness Platform
Compared 22% of the time
IBM Security QRadar vs NetWitness Platform Logo
IBM Security QRadar vs NetWitness Platform
Compared 19% of the time
Elastic Security vs NetWitness Platform Logo
Elastic Security vs NetWitness Platform
Compared 13% of the time
RSA enVision vs NetWitness Platform Logo
RSA enVision vs NetWitness Platform
Compared 10% of the time
Trellix Network Detection and Response vs NetWitness Platform Logo
Trellix Network Detection and Response vs NetWitness Platform
Compared 8% of the time
More NetWitness Platform Competitors
 

Product Reports

Buyer's Guide
CrowdStrike Falcon
June 2025
CrowdStrike Falcon reportDownload CrowdStrike Falcon product report
Buyer's Guide
NetWitness Platform
June 2025
NetWitness Platform reportDownload NetWitness Platform product report
 

Also Known As

CrowdStrike Falcon, CrowdStrike Falcon XDR, CrowdStrike Falcon Threat Intelligence, CrowdStrike Identity Protection, CrowdStrike Falcon Surface
RSA Security Analytics
 

Overview

CrowdStrike Falcon provides endpoint protection and threat intelligence using a cloud-based platform for real-time detection and response. Its minimal impact on system performance and ease of deployment are key benefits along with advanced logging and reporting for compliance and forensic analysis.

CrowdStrike Falcon is known for its efficacy in identifying malware, ransomware, and sophisticated cyber threats. The platform's cloud-native architecture and advanced AI capabilities ensure comprehensive endpoint visibility and rapid response times. Users appreciate the lightweight agent and seamless deployment process, along with detailed reporting features. Integration with security tools and efficient customer support are essential features.

What are the key features of CrowdStrike Falcon?

  • Real-time Threat Detection: Provides immediate threat identification and response.
  • Lightweight Agent: Minimal impact on system performance.
  • Cloud-native Architecture: Ensures flexibility and scalability.
  • Advanced AI Capabilities: Enhances threat detection and prevention.
  • Comprehensive Endpoint Visibility: Complete insight into endpoint activities.
  • Detailed Reporting: Facilitates compliance and forensic analysis.
  • Security Tool Integration: Seamless integration with other tools.
  • Efficient Customer Support: Robust support services.

What are the benefits or ROI of CrowdStrike Falcon?

  • Improved Threat Detection: Identifies sophisticated threats, reducing risk.
  • Enhanced System Performance: Lightweight agent ensures minimal disruption.
  • Faster Response Times: Swift reaction to incidents minimizes damage.
  • Better Compliance: Detailed logs meet regulatory requirements.
  • Streamlined Deployment: Easy to implement with minimal downtime.

In industries like finance, healthcare, and retail, CrowdStrike Falcon is often used for critical security due to its robust threat detection capabilities. Financial firms value its rapid response and detailed reporting for compliance, while healthcare providers appreciate the minimal system performance impact. Retailers benefit from its comprehensive endpoint visibility and integration with other security tools.

CrowdStrike

NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

NetWitness
 

Sample Customers

Information Not Available
Los Angeles World Airports, Reply
Buyer's Guide
CrowdStrike Falcon vs. NetWitness Platform
June 2025
Free Report: CrowdStrike Falcon vs. NetWitness Platform
Find out what your peers are saying about CrowdStrike Falcon vs. NetWitness Platform and other solutions. Updated: June 2025.
DOWNLOAD NOW
859,129 professionals have used our research since 2012.
See our CrowdStrike Falcon vs. NetWitness Platform report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.