We performed a comparison between IBM Security QRadar and NetWitness XDR based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."There is also one dashboard that shows us the status of many controls at once and the details I can get... It gives a great overview of many areas, such as files, emails, chats, and links. Even with the apps, it gives you a great overview. In one place you can see where you should look into things more deeply..."
"Microsoft 365 Defender is simple to upgrade."
"The summarization of emails is a valuable feature."
"The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats."
"Having a single pane of glass for all Microsoft security services makes everything much easier. A security analyst can go to a single portal and see everything in one view. The integration of everything into one portal is a huge benefit."
"The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
"The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"The threat intelligence is excellent."
"The monitoring and dashboards are great."
"Improved our organization's TCO."
"It does good correlation for events. It does good general analysis, and it has good apps as well."
"Overall a great solution."
"No doubt about it, the solution is extremely stable."
"The most valuable feature is user behavior analytics (UBA)."
"We've found the technical support to be very good."
"The threat protection network is the most valuable feature, because when you get an offense, you can actually trace it back to where it originated from, how it originated, and why."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"It is stable. We have been using it for some time, without any issues."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"The stability of the RSA NetWitness Endpoint is very good."
"At times, there may be delays in the execution of certain actions and their effects."
"Customers say they want absolutely seamless integration between other Microsoft solutions and Defender XDR, including the ability to change device settings within the Defender portal. They need to contact the IT team responsible for the device management tools to change some settings. They would prefer that those changes be initiated directly from the Defender portal or applied from Intune without involving the IT operations team."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"The management and automation of the cloud apps have room for improvement."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the road map, and we ware waiting for that feature."
"A lot of information that we receive for the devices is IP-based, but it would help if we could have a default dashboard in which we can add more details about the assets for which we are receiving the information. For example, if it is a Windows or Linux device, we only get the IP for that particular device. We don't really get the name and other details of that particular device. For that, you have to drill down into your own asset management system. It would be good to have a place where we can probably add this information so that we don't have to look into other tools."
"The IBM support can be better."
"The user interface is a bit clunky, a bit hard to find what you need."
"I would like to see more integration in place after the security lock."
"There could be improvements made to the UI, the user interface. Though the newer version, 7.3.2, might already have this improvement in place."
"IBM QRadar could improve the plugins and threat detection."
"The custom rules could be simplified more or it should be possible to use a different language, other than the ones that the solution is already using. They should add other languages into the mix."
"In terms of what could be improved, I would say the script which we have to create for custom actions. QRadar needs to improve that feature. Additionally, QRadar has to provide the playbooks designing features."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"Threat detection could be better."
"The initial setup requires a high level of skill."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"RSA NetWitness Network could improve on integration with non-native application integration."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"The contamination feature could be improved."
IBM Security QRadar is ranked 20th in Endpoint Detection and Response (EDR) with 198 reviews while NetWitness XDR is ranked 35th in Endpoint Detection and Response (EDR) with 15 reviews. IBM Security QRadar is rated 8.0, while NetWitness XDR is rated 8.0. The top reviewer of IBM Security QRadar writes "A highly stable and scalable solution that provides good technical support". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". IBM Security QRadar is most compared with Microsoft Sentinel, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Elastic Security, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Microsoft Defender for Endpoint. See our IBM Security QRadar vs. NetWitness XDR report.
See our list of best Endpoint Detection and Response (EDR) vendors, best Security Orchestration Automation and Response (SOAR) vendors, and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.