We performed a comparison between Elastic Security and NetWitness XDR based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The threat intelligence is excellent."
"The summarization of emails is a valuable feature."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"Advanced hunting is good. I like that. We can drill down to lots of details."
"The integration between all the Defender products is the most valuable feature."
"It has great stability."
"It provides a single pane of glass within the 365 admin interface, streamlining our experience by consolidating information in one place and eliminating the need to navigate through multiple interfaces."
"The integration with other Microsoft solutions is the most valuable feature."
"It's very stable and reliable."
"We chose the product based on the ability to scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as intensive."
"The most valuable feature is the machine learning capability."
"It is scalable."
"It can handle millions of loads at a time, and you can always use the filters to find exactly what you are looking for and detect errors in every log message you are searching for, basically."
"One of the most valuable features of this solution is that it is more flexible than AlienVault."
"What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results."
"The visualization is very good."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"The stability of the RSA NetWitness Endpoint is very good."
"The interface of this solution is very flexible and easy to use."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"The log correlation is good."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"It is stable. We have been using it for some time, without any issues."
"The web filtering solution needs to be improved because currently, it is very simple."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"The logs could be better."
"One of the biggest downsides of Microsoft products, in general, is that the menus are often difficult to find, as they tend to move from place to place between versions."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"Intrusion detection and prevention would be great to have with 365 Defender."
"The support team is not competent or responsive."
"Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"Elastic Security can be a bit difficult to use if a person only has experience in SMBs with tools like Zoho. The product can also be difficult for those who have never dealt with query language."
"We'd like to see some more artificial intelligence capabilities."
"Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them."
"There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated."
"It is difficult to anticipate and understand the space utilization, so more clarity there would be great."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"RSA NetWitness Network could improve on integration with non-native application integration."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"Threat detection could be better."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
Elastic Security is ranked 16th in Endpoint Detection and Response (EDR) with 58 reviews while NetWitness XDR is ranked 35th in Endpoint Detection and Response (EDR) with 15 reviews. Elastic Security is rated 7.6, while NetWitness XDR is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Microsoft Defender for Endpoint. See our Elastic Security vs. NetWitness XDR report.
See our list of best Endpoint Detection and Response (EDR) vendors, best Security Orchestration Automation and Response (SOAR) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.