• Home
  • Forescout Platform vs. NetWitness XDR

Forescout Platform vs NetWitness XDR comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo
Microsoft Defender XDR
Read 79 Microsoft Defender XDR reviews
6,000 views|4,488 comparisons
97% willing to recommend
Forescout Logo
Forescout Platform
Read 69 Forescout Platform reviews
462 views|249 comparisons
87% willing to recommend
NetWitness Logo
NetWitness XDR
Read 15 NetWitness XDR reviews
506 views|353 comparisons
87% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Forescout Platform vs. NetWitness XDR
March 2024
Executive Summary
Updated on Jul 8, 2023

We performed a comparison between Forescout Platform and NetWitness XDR based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Features: Forescout Platform stands out for its agentless visibility and advanced features like device fingerprinting. NetWitness XDR is commended for its prompt threat response, seamless integration capabilities, and user behavior analytics. Forescout users say the product could be better at resolving connectivity and license issues. Users want better device compatibility and troubleshooting tools. NetWitness XDR could improve its threat intelligence and investigation. Some users suggested updates to its reporting engine.

  • Service and Support: Some users reported positive experiences with Forescout support, but others requested better responsiveness and training. NetWitness XDR provides effective 24/7 technical support. While some were satisfied with the response times, others experienced delays of up to 48 hours.

  • Ease of Deployment: Some users found Forescout’s setup to be simple and adaptable, while others perceived it as more complex and time-intensive. Some users found the initial setup of NetWitness uncomplicated, but others faced challenges.

  • Pricing: The total cost of Forescout Platform can be high depending on the level of customization and integration required. NetWitness XDR licensing is based on the number of endpoints. Larger users can receive discounts, but users say the solution might be too pricey for smaller companies. NetWitness XDR provides various licenses, including some that feature premium support 

  • ROI: Forescout Platform yields a solid ROI by improving network access control and overall security. NetWitness XDR has demonstrated positive outcomes by improving threat detection capabilities and facilitating digital forensics.

Comparison Results: Users prefer Forescout Platform over NetWitness XDR. Forescout provides agentless visibility and users like its device fingerprinting feature, which makes it easier for organizations to protect their entire environment without the need to add devices manually. The platform also offers granular configuration, comprehensive visibility, and excellent customer service. NetWitness XDR has mixed reviews for its initial setup, slower performance, and complicated licensing. 

To learn more, read our detailed Forescout Platform vs. NetWitness XDR Report (Updated: March 2024).
Download the complete report
770,394 professionals have used our research since 2012.
Featured Review
Dinesh Jaisankar
Helps extend its protection to third-party applications, stops malware attacks, and reduces costs
Microsoft Defender can extend its protection to the third-party applications we use, which is helpful. Microsoft Defender XDR not only helps stop... Read more →
ILAN-YACOBY
Robust solution with great asset management
Forescout Platform has made it possible to block people working near our construction sites who should not have access to our network.
Anonymous User
Advanced threat detection undermined by issues with blocking
NetWitness Endpoint has enabled us to detect attacks that bypass the first stage of cybersecurity, like zero-day and advanced attacks.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The unified view of the threat landscape on a central dashboard is the most valuable feature.""Scanning, vulnerability reporting, and the dashboard are the most valuable features.""I have found the ability to delete unwanted threats beneficial.""The attack simulation is excellent; initially, this feature wasn't very robust, but Microsoft improved what we could achieve with it. We can now customize our practice phishing emails and include our company logo, for example. Attack simulation also helps integrate with third-party solutions where applicable and provides an overview of our security architecture through testing. The summary includes areas for improvement in our protection and what steps we need to take to get there.""The incident threat response and its ability to facilitate effective remediation against threats are the standout features.""It has great stability.""The most valuable features are spam filtering, attachment filtering, and antivirus protection.""The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."

More Microsoft Defender XDR Pros →

"The initial setup is quite simple. It's not too complex or difficult to set up.""It has helped with improving our security posture in terms of controlling the access of rogue devices into our network through identification. We have been able to prevent rogue device activities on the network, check the health of the system, and ensure remediation.""Provides a good overview of all devices on a network.""Forescout Platform's best feature is plug-in integration.""The user interface is quite simple.""This solution can be used to organize guest portals, integrate switches, and create policies. Some of its standard use cases also include completing key process upgrades and anti-virus of Windows OS.""The initial setup is easy, taking no more than two or three weeks.""The stability is amazing for the Forescout Platform. We have been using Forescout for four years, and no one complained about the stability."

More Forescout Platform Pros →

"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good.""They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in.""Ability to isolate the machine when there are malicious files.""The interface of this solution is very flexible and easy to use.""The most valuable feature is the way it captures the traffic, and it contains every detail of the communication.""We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues.""It is stable. We have been using it for some time, without any issues.""RSA NetWitness does market analysis in a more granular form. It gives you full visibility."

More NetWitness XDR Pros →

Cons
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR.""There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the road map, and we ware waiting for that feature.""I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises.""The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year.""Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation.""The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging.""The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports.""There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use."

More Microsoft Defender XDR Cons →

"We experienced some detection issues when checking compliance for the Sophos agent.""Custom integrations need to be better.""Definitely, having more third-party integration would be an improvement.""Logging would be one area for improvement. When we're troubleshooting, there are not a lot of clear things on Google that we can look up for ourselves. When we have an issue with it, we have to call the company to get the vendors involved. The logging of Forescout is horrible compared to other things that we've used.""If older network devices are used there can be some compatibility issues while using the Forescout Platform. Additionally, if the switches that are deployed in your infrastructure are not captured properly to the endpoints there might be some difficulties with Forescout Platform trying to monitor the network traffic. Traffic management is an area the vendor should work on.""Forescout Platform could improve the costs of integrations.""We have found that the agent-based authentication, available within this solution could be improved.""The initial setup was complex."

More Forescout Platform Cons →

"The solution lacks a reporting engine.""The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features.""NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious.""The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution.""The contamination feature could be improved.""I would like to see Security Orchestration and Response Automation (SOAR) integration.""The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge.""Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."

More NetWitness XDR Cons →

Pricing and Cost Advice
  • "The solutions price is fair for what they offer."
  • "The price could be better. Normally, the costs depend on the country you're located in for the license. When we were in the initial stage, we went with the E5 license they call premium standard. It cost us around $5.20 per month for four users."
  • "The price of the solution is high compared to others and we have lost some customers because of it."
  • "Microsoft is not competitive with the pricing of the solution. The competitors are able to offer lower discounts. The price of the solution is higher."
  • "We have a lot of problems in Latin America regarding the price of Microsoft 365 Defender, because the relationship between dollars and the money of the different countries, it's is a lot. Many customers that have small businesses say that they would like the solution but it is too expensive. However, large companies do not find the cost an issue."
  • "The most valuable licensing option is expensive, so pricing could be improved. Licensing options for this solution also need to be consolidated, because they frequently change."
  • "Microsoft should provide lower-level licensing options. They should do it in such a way that even an individual could purchase a license, and it should be entirely flexible."
  • "They have moved from a licensing model to pay-per-use... The question is: What happens if, for any reason, there's not enough budget to accept this model? That could be a great problem."

    • More Microsoft Defender XDR Pricing and Cost Advice →

  • "Devices with multiple IP's count multiple times against your license count."
  • "The fact that we were allowed to spin up as many servers as we had need of to support our geographic requirements while paying for licensing as an enterprise truly set Forescout apart from the crowd and improved the way we could design our access."
  • "We went with the virtual appliance option. The biggest cost to running these types of appliances would be to either have multiple virtual appliances at every data center or running Remote SPAN hardware to provide you the real-time network visibility."
  • "The ROI is priceless."
  • "It might not be the cheapest solution, but you get what you pay for."
  • "Time savings in finding rogue devices as well as identifying potentially unwanted devices on the network has saved the organization time and money."
  • "The setup cost, pricing, and licensing are on the high side."
  • "Forescout Platform is too expensive, so the price should be reduced."

    • More Forescout Platform Pricing and Cost Advice →

  • "With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."
  • "They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."
  • "It is highly scalable. It can be bought based on your requirements."
  • "I do not have any opinion on the pricing or licensing of the product."
  • "The cost depends on the number of endpoints that you want to monitor, but it is not expensive."
  • "It is an expensive product."
  • "The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."
  • "The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."

    • More NetWitness XDR Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
    See Recommendations
    770,394 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about Microsoft 365 Defender?
    Top Answer:The integration, visibility, vulnerability management, and device identification are valuable.
    Read all 39 answers   →
    What is your experience regarding pricing and costs for Microsoft 365 Def...
    Top Answer:There is the cost of the license, and there is the cost of implementation services. Only by enabling a license for your… more »
    Read all 30 answers   →
    What needs improvement with Microsoft 365 Defender?
    Top Answer:The web filtering solution needs to be improved because currently, it is very simple. It is very important. Integrations… more »
    Read all 38 answers   →
    What advice do you have for others considering Forescout Platform?
    Top Answer:Forescout is a very powerful NAC product that does not rely on port level configuration. It can detect and block… more »
    Read all 41 answers   →
    What advice do you have for others considering Forescout Platform?
    Top Answer:I would rate the Forescout Device and Visibility Control Platform at a six out of ten.
    Read all 41 answers   →
    What advice do you have for others considering Forescout Platform?
    Top Answer:I recommend doing a compression demo. If people use it, they will buy it. So they have to see the product in place… more »
    Read all 41 answers   →
    What do you like most about NetWitness XDR?
    Top Answer:Technical support is knowledgeable.
    Read all 15 answers   →
    What is your experience regarding pricing and costs for NetWitness XDR?
    Top Answer:The solution is expensive. I'd rate it at a one or two out of five. They need to adjust it to keep up with the… more »
    Read all 10 answers   →
    What needs improvement with NetWitness XDR?
    Top Answer:I have no real complaints about the solution. Threat detection could be better. They need to enhance their threat… more »
    Read all 14 answers   →
    Comparisons
    Also Known As
    Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
    Forescout Platform, CounterACT for Endpoint Compliance, ForeScout CounterACT
    RSA ECAT, NetWitness Network
    Learn More
    Microsoft
    Forescout
    NetWitness
    Video Not Available
    Overview

    Microsoft Defender XDR is a comprehensive security solution designed to protect against threats in the Microsoft 365 environment. 

    It offers robust security measures, comprehensive threat detection capabilities, and an efficient incident response system. With seamless integration with other Microsoft products and a user-friendly interface, it simplifies security management tasks. 

    Users have found it effective in detecting and preventing various types of attacks, such as phishing attempts, malware infections, and data breaches.

    Watch the Microsoft demo video here: Microsoft Defender XDR demo video.

    Forescout Platform provides today’s busy enterprise organizations with policy and protocol management, workflow coordination, streamlining, and complete device and infrastructure visibility to improve overall network security. The solution also provides concise real-time intelligence of all devices and users on the network. Policy and protocols are delineated using gathered intelligence to facilitate the appropriate levels of remediation, compliance, network access, and all service operations. Forescout Platform is very flexible, integrates well with most of today’s leading network security products, and is a very cost-effective solution.

    Forescout Platform Features

    • Real-time complete visibility: With Forescout eyeSight, each and every device is classified when any attempt to access your network has been made. This includes - but is not limited to - desktops, laptops, android devices, virtual machines, switches, VoIP phones, USB memory sticks, webcams, IoT devices, and more.

    • Policy-based and manual controls: In today’s busy robust environment, networks are continually changing; there are different types and amounts of devices connected, various software applications, network compliance requirements, and the constant potential for risk make managing an IT network a very daunting challenge. The Forescout Console is used to simplify the administration and management of important alerts, remediation, and access controls to keep the network secure.

    • Intuitive real-time dashboards: Forescout Dashboards, a component of Forescout WebClient, is a comprehensive web-based intelligence center that gives full visibility and real-time insight of the complete network using both out-of-the-box and user-created widgets. The dashboards are very intuitive and deliver robust, easy-to-understand information about device visibility, compliance, health monitoring, and more.

    • Advanced reporting capabilities: The Forescout Reports Plugin will generate numerous valuable reports indicating real-time and overall status information about endpoint compliance, device details, networks guests, protocols, and more. The reports help to ensure IT administrators, executives, security teams, and other important shareholders stay well-informed about all network activity at all times.

    • Comprehensive third-party overview: Forescout eyeExtend facilitates seamless information sharing with third-party vendors, networks, and IT management solutions supporting improved automated workflows, productivity, cost-effectiveness, and overall security.

    Real User Reviews

    An important main feature of Forescout is the visibility the solution offers.

    One reviewer who is a Consultant at a tech services company, says, "Within three or four days, you can have complete visibility of your infrastructure on the network. Compared to other solutions, the deployment of the solution is easier and we can close the project quickly."

    Users also appreciate that the user interface is clear and easy to understand.

    An Instructor at a tech services company, shares, "The most valuable feature of the Forescout Platform is the large capacity it can handle. Additionally, the interface of the platform is good."

    Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness XDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

    Sample Customers
    Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
    NHS Sussex, SAP, SEGA, Vistaprint, Miami Children's Hospital, Pioneer Investments, New York Law School, OmnicomGroup, Meritrust
    ADP, Ameritas, Partners Healthcare
    Top Industries
    REVIEWERS
    Manufacturing Company18%
    Computer Software Company13%
    Financial Services Firm13%
    Government11%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm10%
    Government8%
    Manufacturing Company8%
    REVIEWERS
    Financial Services Firm17%
    Government12%
    Manufacturing Company10%
    Computer Software Company10%
    VISITORS READING REVIEWS
    Educational Organization29%
    Computer Software Company11%
    Government8%
    Financial Services Firm7%
    VISITORS READING REVIEWS
    Financial Services Firm15%
    Computer Software Company15%
    Government8%
    Manufacturing Company7%
    Company Size
    REVIEWERS
    Small Business44%
    Midsize Enterprise23%
    Large Enterprise34%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise17%
    Large Enterprise57%
    REVIEWERS
    Small Business37%
    Midsize Enterprise12%
    Large Enterprise51%
    VISITORS READING REVIEWS
    Small Business14%
    Midsize Enterprise37%
    Large Enterprise50%
    REVIEWERS
    Small Business59%
    Midsize Enterprise24%
    Large Enterprise18%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise16%
    Large Enterprise67%
    Buyer's Guide
    Forescout Platform vs. NetWitness XDR
    March 2024
    Free Report: Forescout Platform vs. NetWitness XDR
    Find out what your peers are saying about Forescout Platform vs. NetWitness XDR and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    770,394 professionals have used our research since 2012.

    Forescout Platform is ranked 12th in Extended Detection and Response (XDR) with 69 reviews while NetWitness XDR is ranked 17th in Extended Detection and Response (XDR) with 15 reviews. Forescout Platform is rated 8.4, while NetWitness XDR is rated 8.0. The top reviewer of Forescout Platform writes "We can go granular on each endpoint, quarantine non-compliant machines, and target vulnerabilities through scripting". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". Forescout Platform is most compared with Cisco ISE (Identity Services Engine), Aruba ClearPass, Fortinet FortiNAC, Nozomi Networks and Armis, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Microsoft Defender for Endpoint. See our Forescout Platform vs. NetWitness XDR report.

    See our list of best Extended Detection and Response (XDR) vendors.

    We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.