No more typing reviews! Try our Samantha, our new voice AI agent.

Cynet vs NetWitness Platform comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Cynet
Average Rating
8.8
Reviews Sentiment
7.3
Number of Reviews
45
Ranking in other categories
Security Information and Event Management (SIEM) (20th), Endpoint Protection Platform (EPP) (18th), User Entity Behavior Analytics (UEBA) (8th), Endpoint Detection and Response (EDR) (17th), Threat Deception Platforms (2nd), Network Detection and Response (NDR) (8th), Extended Detection and Response (XDR) (13th), Ransomware Protection (3rd)
NetWitness Platform
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
36
Ranking in other categories
Log Management (38th), Security Information and Event Management (SIEM) (36th)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Roshan Jadhav - PeerSpot reviewer
Technical Consultant at Vincacyber
Has improved threat detection and streamlined incident analysis through centralized control and AI-driven insights
People are looking for Cynet because it has next-generation threat protection that detects zero-day threats. It has UEBA (user entity behavior analysis), threat hunting features, and storage device control where we can create profiles and block unauthorized USB storage devices. We can also create threat protection policies to detect malware, ransomware, and many other threats. The most valuable feature is the UBA (User behavior analysis). It has integration with SIEM solutions, allowing us to share our logs to third-party SIEM servers. Cynet has AI integration which showcases complete forensic data about threats, making it very easy to understand what happened with the system and what type of incident was detected. Autonomous breach protection is a feature of Cynet which can detect and mitigate known and unknown threats based on signatures. If there are any signature-less files, malware, or ransomware, it will detect them based on autonomous breach protection capabilities. The centralized management console provides a dashboard where we can see four types of attack vectors and incident counts in real-time. It continuously scans the radar and shows open alerts related to files, hosts, users, or networks. We can easily export these alerts and send reports via email.
reviewer2256927 - PeerSpot reviewer
Head of Information Security, Cyber Defense and IT Risk Management at HCT. at a transportation company with 201-500 employees
A solid SIEM solution that should improve technical support and online resources to be easier to use
A big problem with the product is that we don't have much professional experience in Israel installing, implementing, and integrating this product. There is not enough of a knowledge base. There is no support for this product in this country, so problems have to be resolved through global technical teams. We like to work locally because of the language, and when the product is only supported outside the country, it's a little difficult to implement and use this product. Moreover, AI is something that must be added immediately. Artificial intelligence is a part of the competitors' products, and it's not been implemented for us.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The best feature of Cortex XDR by Palo Alto Networks is that it collects logs from different sections such as the endpoint, the network, and the cloud, making it easy to investigate alerts, collect some of the investigation packages related to the infected machines, and provide live response."
"The stability of the solution is very good. We have about 100 users on it right now, and we use it twice a week."
"They have a new GUI which is just fantastic."
"It is an easy-to-use tool."
"Cortex XDR features advanced threat detection capabilities."
"This software helps us understand any issues that may arise when someone is not at work."
"One of the things that I enjoy the most is using policy extensions. It's like having host firewalls to control USB connections. I think it's a wonderful tool to restrict use when connecting to our computers. Another important tool is Home Insights. That is an add-on to the Cortex solution. I like that because we can see all the vulnerabilities in the environment and control what assets are connected to our network."
"If you are looking to deploy a security solution as a whole, this is a good option."
"Cynet is unique in that it has almost everything included and it was built up from the ground, instead of a bundle of purchased and composed modules. It gives you easier very good visibility than Sentinel One as well as a lower maintenance burden."
"It is a very stable solution...It is a very scalable solution...The initial setup of Cynet was easy."
"As a reseller, I believe the best functions in Cynet's product are the lightweight agent and good detection performance."
"The feature I find most valuable is the reality graphical user interface, which I think is really different from the others on the market."
"We have definitely seen an ROI because we have very sensitive information, and we never had any viruses."
"I like that you can implement it in the managed service portfolio."
"Cynet has AI integration which showcases complete forensic data about threats, making it very easy to understand what happened with the system and what type of incident was detected."
"The solution's most valuable aspect is the complete coverage as well as automation of protection and response, including its complimentary 24/7 SOC service, CyOps."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The solution is reliable."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"Integration is exceedingly minimal, since its project development is much easier than that of LogRythm or IBM."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"Stability has not been an issue with this product."
"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."
"NetWitness Platform offers flexibility for deployment and robust integration capabilities."
 

Cons

"Cortex XDR is trickier to configure than other Palo Alto products. This is one area where we are not so satisfied."
"The solution should force customers to integrate with network traffic to see the full benefits of XDR."
"It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue."
"The server sometimes stops continuously to check things so it would be helpful to receive access updates or technical reasons."
"The solution eats memory of the computer, unlike anything I've ever seen."
"We would also like to have advanced tech protection and email scanning."
"There are some default policies which sometimes affect our applications and cause them to run around. In the hotel industry, we use a different type of data versus Oracle and SQL. By default, there are some policies which stop us from running properly. Because of this, the support level is also not that strong. We have to wait to get a results."
"Cortex XDR by Palo Alto Networks is a strong tool, but it is true that digesting information sometimes makes the tool go a little bit slower."
"Maybe they should add more cloud-to-cloud integrations and also focus on integrations with local, on-premises services."
"Compliance reports need to improve."
"The inability to add contact information inside the Cynet is also an issue because it makes things more complicated. I would like to have a simple feature to enter a contact name and number for the person taking care of that unit or that server."
"Automation could be improved, and orchestration could be added to the features."
"I cannot provide more details about Cynet's automation features. While Cynet claims to be automated, the specifics of this automation are unclear. They claim to have a high capability to detect and block attacks, but I am cautious about companies that claim to solve every problem without limitations. It does help in identifying malware on the network but doesn't specifically identify vulnerabilities."
"There have to be more integrations with other firewalls and domain controllers of the network."
"One thing to note is that I highly recommend adding a deep learning-based prevention environment as an additional layer to Cynet. However, I always advise my customers to start with Cynet or XDR, for example, and then focus on the people, technology, and processes involved. This is the best approach to ensure that you are not breached with ransomware. While Cynet can prevent most attacks, there have been cases where ransomware has been quicker than Cynet's detection capabilities. In these situations, an additional tool is necessary to ensure complete protection, and that is what I sell as well."
"There could be more customization options and detailed information provided in the reports."
"I believe they could improve their support, there are often delays."
"It is not so easy to customize this product."
"Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"One thing to be improved in NetWitness is the capability to correlate event logs in a general sense."
"The initial setup is complex. There are other solutions that are easier to implement."
"The implementation needs assistance."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
 

Pricing and Cost Advice

"When we first bought it, it was a bit expensive, but it was worth it. The licensing was straightforward."
"This is an expensive solution."
"It is "expensive" and flexible."
"I don't recall what the cost was, but it wasn't really that expensive."
"It's about $55 per license on a yearly basis."
"The pricing is a little high. It is per user per year."
"The price of the product is not very economical."
"The tool's price is moderate."
"I don't have specific information about integration capabilities or licensing costs."
"Everything is included in this one solution and the pricing is pretty competitive."
"This solution is expensive. I would rate the price as a three out of five when compared to similar products."
"Cynet is cheaper than other solutions in the market."
"Pricing wise, Cynet seems to be very competitive. The cost is probably lower than that offered by many of its competitors for all the functions and features it offers."
"Cynet has a pay-as-you-go pricing model."
"Its licensing is on a monthly basis."
"The price is very competitive."
"The licenses are good but the cost is very expensive."
"RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."
"Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day."
"The product is expensive."
"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
"This is a pricey solution; it's not cheap."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Manufacturing Company
12%
Financial Services Firm
10%
Comms Service Provider
9%
Computer Software Company
8%
Financial Services Firm
12%
Construction Company
11%
Comms Service Provider
9%
Outsourcing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business30
Midsize Enterprise7
Large Enterprise12
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise7
Large Enterprise20
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
When evaluating User Activity Monitoring, what aspect do you think is the most important to look for?
The support team that stands behind the detection and response. Is there adequate expertise and are they behind you ...
What is your experience regarding pricing and costs for Cynet?
Cynet is not very costly. We can refer it to other customers because Cynet does not ask for additional costs for add-...
What needs improvement with Cynet?
One area where Cynet needs improvement is tamper protection for Mac and Linux agents. It currently has tamper protect...
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to...
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem )...
What is your primary use case for NetWitness Platform?
I use NetWitness Platform ( /products/netwitness-platform-reviews ) in the financial industry as a good product with ...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
No data available
RSA Security Analytics
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Meuhedet, East Boston Neighborhood Health Center
Los Angeles World Airports, Reply
Find out what your peers are saying about Cynet vs. NetWitness Platform and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.