Try our new research platform with insights from 80,000+ expert users

IBM Resilient vs NetWitness NDR comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

IBM Resilient
Ranking in Security Orchestration Automation and Response (SOAR)
11th
Average Rating
7.4
Reviews Sentiment
6.6
Number of Reviews
18
Ranking in other categories
Security Incident Response (3rd)
NetWitness NDR
Ranking in Security Orchestration Automation and Response (SOAR)
24th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
15
Ranking in other categories
Endpoint Protection Platform (EPP) (59th), Threat Intelligence Platforms (39th), Endpoint Detection and Response (EDR) (63rd), Network Detection and Response (NDR) (20th), Extended Detection and Response (XDR) (38th)
 

Mindshare comparison

As of July 2025, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of IBM Resilient is 1.9%, down from 2.7% compared to the previous year. The mindshare of NetWitness NDR is 0.7%, up from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

Usman Bhatti - PeerSpot reviewer
Simple deployment, scalable, but lacking third-party solution compatibility
Integrating IBM Resilient with other applications can be very difficult and technically challenging. Often, they use the excuse that you are using the latest version of an application, such as an endpoint security system, and they don't have an API or support for it at the moment. There is no automation in the SOAR solution. It's worth noting that many third-party add-on applications needed to be purchased separately to integrate with IBM Resilient. While there were built-in applications available for incident remediation, the selection was limited. Additionally, integrating third-party applications was often a difficult and time-consuming process due to the technical complexity involved.
SupravatMaji - PeerSpot reviewer
Beneficial single unified dashboard, good native application integration, and high availability
My advice to those wanting to implement RSA NetWitness Network is they have to first do a little due diligence, such as the exact requirement based on their needs. That will give them a direction for their investment because otherwise, the bill of material or bill of quantity (BOQ) may be higher side. It is important to do good due intelligence on the environment, see the exact requirement, and then go ahead with the solution. The solution is perfectly stable. I rate RSA NetWitness Network a nine out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution is very easy to use."
"The product is very good at incident response."
"The solution is simple to use and to integrate with IBM QRadar."
"The solution is easy to use."
"The initial setup of IBM Resilient is not that complex since my company already has a support license that we use internally. In general, the product's deployment phase is not that complex."
"The most valuable features of IBM Resilient are its flexibility and customization options for incident response."
"It's really simple and has a flexible interface."
"As a whole, the product is stable...Technical support is very good."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"The interface of this solution is very flexible and easy to use."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"Ability to isolate the machine when there are malicious files."
"The log correlation is good."
"It is stable. We have been using it for some time, without any issues."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
 

Cons

"One thing to improve is how it handles data formats, which currently might require scripting for conversion to CSV before uploading."
"The initial setup is complex."
"The tool needs to improve its documentation on license scripts."
"There are shortcomings with IBM Resilient's technical support team that can be considered for improvement in the future."
"It is not very straightforward to set up custom integrations, especially with services like Azure. You need an additional server for integration."
"IBM Resilient could integrate better with my tools."
"The product needs a bit more development."
"The integration could be improved so that it is easy to integrate with other solutions."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"The initial setup requires a high level of skill."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"RSA NetWitness Network could improve on integration with non-native application integration."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
 

Pricing and Cost Advice

"The cost of the product is quite high."
"There is a license you need to pay for in order to use this product."
"We could create unlimited users using the license we had purchased."
"There are no costs except for the support services that our company pays in addition to the licensing charges attached to the solution."
"It is very expensive."
"I would rate the tool’s pricing a three out of ten. The tool’s pricing is on a yearly basis."
"The licensing cost for IBM Resilient is not too expensive, but it's not affordable, so it's moderately expensive. Regarding price, I'm rating the solution seven out of ten. The company pays for the license yearly, based on the number of users. Apart from the cost of the license you need to pay for each user, you also need to spend an initial investment for the base platform. You also have to pay for IBM Resilient support."
"I feel it is an expensive product when my company pays annually for renewal, support, and follow-up."
"The cost depends on the number of endpoints that you want to monitor, but it is not expensive."
"It is an expensive product."
"The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."
"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."
"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."
"We are on a three-year contract to use RSA NetWitness Network."
"It is highly scalable. It can be bought based on your requirements."
"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
861,481 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
33%
Computer Software Company
12%
Manufacturing Company
8%
Government
6%
Financial Services Firm
16%
Computer Software Company
15%
Government
8%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about IBM Resilient?
It is a stable solution...It is a scalable solution.
What is your experience regarding pricing and costs for IBM Resilient?
I am not the one in charge of pricing, so I am not sure about the costs.
What needs improvement with IBM Resilient?
Integration with some devices, including Cisco PowerPower and certain antivirus products, has limitations.
Ask a question
Earn 20 points
 

Also Known As

No data available
RSA ECAT, NetWitness Network
 

Overview

 

Sample Customers

Golden Living, Health Equity, USA Funds
ADP, Ameritas, Partners Healthcare
Find out what your peers are saying about IBM Resilient vs. NetWitness NDR and other solutions. Updated: June 2025.
861,481 professionals have used our research since 2012.