Try our new research platform with insights from 80,000+ expert users

LogRhythm UEBA vs NetWitness NDR comparison

LogRhythm and NetWitness are both solutions in the Extended Detection and Response (XDR) category. LogRhythm is ranked #25 with an average rating of 7.0, while NetWitness is ranked #38. LogRhythm holds a 1.0% mindshare in XDR, compared to NetWitness’s 0.8% mindshare. Additionally, 55% of LogRhythm users are willing to recommend the solution, compared to 87% of NetWitness users who would recommend it.
LogRhythm UEBA
Read 11 LogRhythm UEBA reviews
  • 914 Views
  • 307 Comparison Views
55% willing to recommend
NetWitness NDR
Read 15 NetWitness NDR reviews
  • 656 Views
  • 176 Comparison Views
87% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 8, 2024

NetWitness NDR and LogRhythm UEBA compete in cyber threat detection capabilities. LogRhythm UEBA appears to have the upper hand due to its depth in behavioral analytics and user-friendly features.

Features: NetWitness NDR excels at comprehensive threat detection and network monitoring, providing precise network traffic analysis. It offers in-depth network insights. LogRhythm UEBA is notable for its behavioral analytics, detecting insider threats and anomalies with advanced machine learning capabilities. It gives users detailed threat context and is effective at behavior-based detection.

Room for Improvement: NetWitness NDR could improve with a more intuitive configuration process, as its settings are complex. Its user setup needs enhancements. LogRhythm UEBA should focus on more streamlined reporting features and would benefit from enhancements in its reporting capabilities.

Ease of Deployment and Customer Service: Deployment of NetWitness NDR is often cumbersome due to extensive configuration, though customer service is responsive. LogRhythm UEBA has a straightforward deployment process but needs to improve support responsiveness.

Pricing and ROI: NetWitness NDR is cost-effective regarding long-term ROI, justifying its setup cost with deep insights. LogRhythm UEBA, initially pricier, provides substantial ROI through effective behavior analytics. Both products have unique strengths in pricing and ROI benefits.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed LogRhythm UEBA vs. NetWitness NDR Report (Updated: June 2025).
Buyer's Guide
LogRhythm UEBA vs. NetWitness NDR
June 2025
Download the complete report
Helped 859,129 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

LogRhythm UEBA
Ranking in Extended Detection and Response (XDR)
25th
Average Rating
7.0
Reviews Sentiment
6.7
Number of Reviews
11
Ranking in other categories
User Entity Behavior Analytics (UEBA) (10th)
NetWitness NDR
Ranking in Extended Detection and Response (XDR)
38th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
15
Ranking in other categories
Endpoint Protection Platform (EPP) (59th), Threat Intelligence Platforms (39th), Endpoint Detection and Response (EDR) (60th), Security Orchestration Automation and Response (SOAR) (25th), Network Detection and Response (NDR) (21st)
 

Mindshare comparison

As of June 2025, in the Extended Detection and Response (XDR) category, the mindshare of LogRhythm UEBA is 1.0%, up from 0.9% compared to the previous year. The mindshare of NetWitness NDR is 0.8%, up from 0.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR)
 

Featured Reviews

Sheikh Abu Ayub Azad - PeerSpot reviewer
Great at managing cyber incidents; the technical support could be improved
The initial setup is easy, partly because LogRhythm is primarily based on the Windows platform. It's good to have two engineers for deployment but it can be done with one. It's more about the knowledge. Deployment is typically done in two or three different phases. It usually takes up to three full months to get good deployment. There's the initial onboarding of all the log sources, then collecting data in the data lake, followed a couple of weeks later with some minor tuning before the final tuneup.
Read full review
SupravatMaji - PeerSpot reviewer
Beneficial single unified dashboard, good native application integration, and high availability
My advice to those wanting to implement RSA NetWitness Network is they have to first do a little due diligence, such as the exact requirement based on their needs. That will give them a direction for their investment because otherwise, the bill of material or bill of quantity (BOQ) may be higher side. It is important to do good due intelligence on the environment, see the exact requirement, and then go ahead with the solution. The solution is perfectly stable. I rate RSA NetWitness Network a nine out of ten.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution's most valuable features are the graphical user interface and the reporting."
"The tool's most valuable feature is server threat hunting."
"It has a lot of features. It has file integration monitoring."
"Good capability pinpointing specific cyber incidents."
"I typically use the product for reducing cyber risk, and I can investigate attacks more quickly using machine learning tools."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"It is easy to monitor users and that is how the solution is adding value to our firm."
"The most valuable features are file activity monitoring and registry activity monitoring."
More LogRhythm UEBA pros
"It is stable. We have been using it for some time, without any issues."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"The log correlation is good."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"The interface of this solution is very flexible and easy to use."
More NetWitness NDR pros
 

Cons

"It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."
"The on-premises LogRhythm is not very scalable. When considering packets per second or the MPS needed for additional logs such as web application logs, scalability is usually found in cloud products."
"The cloud version is lacking and not up to par."
"It would be helpful if there were more guidance provided for integrating with unsupported devices."
"In general, if something needs to be improved in the algorithm, it would be the dashboards."
"The search feature needs to be improved."
More LogRhythm UEBA cons
"The contamination feature could be improved."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"The initial setup requires a high level of skill."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
More NetWitness NDR cons
 

Pricing and Cost Advice

"I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive."
"As LogRhythm UEBA is pretty expensive, I'd give its pricing a seven out of ten."
"LogRhythm UEBA's pricing is affordable for small and medium businesses."
"Licensing is on a yearly basis. It's not expensive compared to its competitors."
"It is quite a budget-friendly product."
"The pricing is nice when compared to other products in the industry."
"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."
"They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."
"It is an expensive product."
"The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."
"The cost depends on the number of endpoints that you want to monitor, but it is not expensive."
"We are on a three-year contract to use RSA NetWitness Network."
"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."
"I do not have any opinion on the pricing or licensing of the product."
More NetWitness NDR pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
See recommendations
859,129 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
11%
Manufacturing Company
10%
Real Estate/Law Firm
6%
Computer Software Company
17%
Financial Services Firm
16%
Government
9%
Manufacturing Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about LogRhythm UserXDR?
The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance...
See all answers
What is your experience regarding pricing and costs for LogRhythm UserXDR?
I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive.
See all answers
What needs improvement with LogRhythm UserXDR?
In general, if something needs to be improved in the algorithm, it would be the dashboards. The dashboards with solutions such as Splunk are very neat and clean. I would also like to improve the us...
See all answers
Ask a question
Earn 20 points
 

Comparisons

Wazuh vs LogRhythm UEBA Logo
Wazuh vs LogRhythm UEBA
Compared 43% of the time
Darktrace vs LogRhythm UEBA Logo
Darktrace vs LogRhythm UEBA
Compared 20% of the time
Cortex XDR by Palo Alto Networks vs LogRhythm UEBA Logo
Cortex XDR by Palo Alto Networks vs LogRhythm UEBA
Compared 10% of the time
Microsoft Purview Insider Risk Management vs LogRhythm UEBA Logo
Microsoft Purview Insider Risk Management vs LogRhythm UEBA
Compared 9% of the time
IBM Security QRadar vs LogRhythm UEBA Logo
IBM Security QRadar vs LogRhythm UEBA
Compared 6% of the time
More LogRhythm UEBA Competitors
Darktrace vs NetWitness NDR Logo
Darktrace vs NetWitness NDR
Compared 13% of the time
Fidelis Elevate vs NetWitness NDR Logo
Fidelis Elevate vs NetWitness NDR
Compared 11% of the time
Cortex XDR by Palo Alto Networks vs NetWitness NDR Logo
Cortex XDR by Palo Alto Networks vs NetWitness NDR
Compared 8% of the time
Vectra AI vs NetWitness NDR Logo
Vectra AI vs NetWitness NDR
Compared 8% of the time
ExtraHop Reveal(x) vs NetWitness NDR Logo
ExtraHop Reveal(x) vs NetWitness NDR
Compared 7% of the time
More NetWitness NDR Competitors
 

Product Reports

Buyer's Guide
User Entity Behavior Analytics (UEBA)
June 2025
LogRhythm UEBA reportDownload LogRhythm UEBA product report
Buyer's Guide
NetWitness NDR
June 2025
NetWitness NDR reportDownload NetWitness NDR product report
 

Also Known As

LogRhythm UserXDR, LogRhythm Enterprise UEBA
RSA ECAT, NetWitness Network
 

Overview

LogRhythm UEBA enables your security team to quickly and effectively detect, respond to, and neutralize both known and unknown threats. Providing evidence-based starting points for investigation, it employs a combination of scenario analytics techniques (e.g., statistical analysis, rate analysis, trend analysis, advanced correlation), and both supervised and unsupervised machine learning (ML).

LogRhythm

Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness NDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

NetWitness
 

Sample Customers

Information Not Available
ADP, Ameritas, Partners Healthcare
Buyer's Guide
LogRhythm UEBA vs. NetWitness NDR
June 2025
Free Report: LogRhythm UEBA vs. NetWitness NDR
Find out what your peers are saying about LogRhythm UEBA vs. NetWitness NDR and other solutions. Updated: June 2025.
DOWNLOAD NOW
859,129 professionals have used our research since 2012.
See our LogRhythm UEBA vs. NetWitness NDR report.
See our list of best Extended Detection and Response (XDR) vendors.

We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.