Try our new research platform with insights from 80,000+ expert users

LogRhythm UEBA vs NetWitness NDR comparison

LogRhythm and NetWitness are both solutions in the Extended Detection and Response (XDR) category. LogRhythm is ranked #25 with an average rating of 7.0, while NetWitness is ranked #37. LogRhythm holds a 1.1% mindshare in XDR, compared to NetWitness’s 0.8% mindshare. Additionally, 55% of LogRhythm users are willing to recommend the solution, compared to 87% of NetWitness users who would recommend it.
LogRhythm UEBA
Read 11 LogRhythm UEBA reviews
  • 915 Views
  • 756 Comparison Views
55% willing to recommend
NetWitness NDR
Read 15 NetWitness NDR reviews
  • 638 Views
  • 493 Comparison Views
87% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 8, 2024

NetWitness NDR and LogRhythm UEBA compete in cyber threat detection capabilities. LogRhythm UEBA appears to have the upper hand due to its depth in behavioral analytics and user-friendly features.

Features: NetWitness NDR excels at comprehensive threat detection and network monitoring, providing precise network traffic analysis. It offers in-depth network insights. LogRhythm UEBA is notable for its behavioral analytics, detecting insider threats and anomalies with advanced machine learning capabilities. It gives users detailed threat context and is effective at behavior-based detection.

Room for Improvement: NetWitness NDR could improve with a more intuitive configuration process, as its settings are complex. Its user setup needs enhancements. LogRhythm UEBA should focus on more streamlined reporting features and would benefit from enhancements in its reporting capabilities.

Ease of Deployment and Customer Service: Deployment of NetWitness NDR is often cumbersome due to extensive configuration, though customer service is responsive. LogRhythm UEBA has a straightforward deployment process but needs to improve support responsiveness.

Pricing and ROI: NetWitness NDR is cost-effective regarding long-term ROI, justifying its setup cost with deep insights. LogRhythm UEBA, initially pricier, provides substantial ROI through effective behavior analytics. Both products have unique strengths in pricing and ROI benefits.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed LogRhythm UEBA vs. NetWitness NDR Report (Updated: April 2025).
Buyer's Guide
LogRhythm UEBA vs. NetWitness NDR
April 2025
Download the complete report
Helped 850,236 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

LogRhythm UEBA
Ranking in Extended Detection and Response (XDR)
25th
Average Rating
7.0
Reviews Sentiment
6.7
Number of Reviews
11
Ranking in other categories
User Entity Behavior Analytics (UEBA) (11th)
NetWitness NDR
Ranking in Extended Detection and Response (XDR)
37th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
15
Ranking in other categories
Endpoint Protection Platform (EPP) (59th), Threat Intelligence Platforms (36th), Endpoint Detection and Response (EDR) (63rd), Security Orchestration Automation and Response (SOAR) (25th), Network Detection and Response (NDR) (20th)
 

Mindshare comparison

As of May 2025, in the Extended Detection and Response (XDR) category, the mindshare of LogRhythm UEBA is 1.1%, up from 0.9% compared to the previous year. The mindshare of NetWitness NDR is 0.8%, up from 0.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR)
 

Featured Reviews

Sheikh Abu Ayub Azad - PeerSpot reviewer
Great at managing cyber incidents; the technical support could be improved
The initial setup is easy, partly because LogRhythm is primarily based on the Windows platform. It's good to have two engineers for deployment but it can be done with one. It's more about the knowledge. Deployment is typically done in two or three different phases. It usually takes up to three full months to get good deployment. There's the initial onboarding of all the log sources, then collecting data in the data lake, followed a couple of weeks later with some minor tuning before the final tuneup.
Read full review
SupravatMaji - PeerSpot reviewer
Beneficial single unified dashboard, good native application integration, and high availability
My advice to those wanting to implement RSA NetWitness Network is they have to first do a little due diligence, such as the exact requirement based on their needs. That will give them a direction for their investment because otherwise, the bill of material or bill of quantity (BOQ) may be higher side. It is important to do good due intelligence on the environment, see the exact requirement, and then go ahead with the solution. The solution is perfectly stable. I rate RSA NetWitness Network a nine out of ten.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution's most valuable features are the graphical user interface and the reporting."
"I typically use the product for reducing cyber risk, and I can investigate attacks more quickly using machine learning tools."
"The tool's most valuable feature is server threat hunting."
"I can investigate attacks more quickly using machine learning tools."
"The most valuable features are file activity monitoring and registry activity monitoring."
"Good capability pinpointing specific cyber incidents."
"What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."
"It is easy to monitor users and that is how the solution is adding value to our firm."
More LogRhythm UEBA pros
"It is stable. We have been using it for some time, without any issues."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"The log correlation is good."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"Technical support is knowledgeable."
"Ability to isolate the machine when there are malicious files."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
More NetWitness NDR pros
 

Cons

"In general, if something needs to be improved in the algorithm, it would be the dashboards."
"The UI could be improved a little bit."
"The on-premises LogRhythm is not very scalable. When considering packets per second or the MPS needed for additional logs such as web application logs, scalability is usually found in cloud products."
"The search feature needs to be improved."
"The cloud version is lacking and not up to par."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"It would be helpful if there were more guidance provided for integrating with unsupported devices."
"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."
More LogRhythm UEBA cons
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"Threat detection could be better."
More NetWitness NDR cons
 

Pricing and Cost Advice

"As LogRhythm UEBA is pretty expensive, I'd give its pricing a seven out of ten."
"I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive."
"It is quite a budget-friendly product."
"The pricing is nice when compared to other products in the industry."
"LogRhythm UEBA's pricing is affordable for small and medium businesses."
"Licensing is on a yearly basis. It's not expensive compared to its competitors."
"It is highly scalable. It can be bought based on your requirements."
"It is an expensive product."
"The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."
"The cost depends on the number of endpoints that you want to monitor, but it is not expensive."
"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."
"They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."
"We are on a three-year contract to use RSA NetWitness Network."
"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."
More NetWitness NDR pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
See recommendations
850,236 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
18%
Financial Services Firm
11%
Manufacturing Company
9%
Real Estate/Law Firm
7%
Computer Software Company
18%
Financial Services Firm
17%
Government
9%
Manufacturing Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about LogRhythm UserXDR?
The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance...
See all answers
What is your experience regarding pricing and costs for LogRhythm UserXDR?
I rate the product's pricing a three out of ten. However, the cloud version is expensive. You need to hire professional services for deployment and migrations, which can be expensive.
See all answers
What needs improvement with LogRhythm UserXDR?
In general, if something needs to be improved in the algorithm, it would be the dashboards. The dashboards with solutions such as Splunk are very neat and clean. I would also like to improve the us...
See all answers
Ask a question
Earn 20 points
 

Comparisons

Wazuh vs LogRhythm UEBA Logo
Wazuh vs LogRhythm UEBA
Compared 45% of the time
Darktrace vs LogRhythm UEBA Logo
Darktrace vs LogRhythm UEBA
Compared 20% of the time
Cortex XDR by Palo Alto Networks vs LogRhythm UEBA Logo
Cortex XDR by Palo Alto Networks vs LogRhythm UEBA
Compared 10% of the time
Microsoft Purview Insider Risk Management vs LogRhythm UEBA Logo
Microsoft Purview Insider Risk Management vs LogRhythm UEBA
Compared 9% of the time
CrowdStrike Falcon vs LogRhythm UEBA Logo
CrowdStrike Falcon vs LogRhythm UEBA
Compared 6% of the time
More LogRhythm UEBA Competitors
Darktrace vs NetWitness NDR Logo
Darktrace vs NetWitness NDR
Compared 14% of the time
Fidelis Elevate vs NetWitness NDR Logo
Fidelis Elevate vs NetWitness NDR
Compared 11% of the time
Vectra AI vs NetWitness NDR Logo
Vectra AI vs NetWitness NDR
Compared 9% of the time
Cortex XDR by Palo Alto Networks vs NetWitness NDR Logo
Cortex XDR by Palo Alto Networks vs NetWitness NDR
Compared 9% of the time
Corelight vs NetWitness NDR Logo
Corelight vs NetWitness NDR
Compared 7% of the time
More NetWitness NDR Competitors
 

Product Reports

Buyer's Guide
User Entity Behavior Analytics (UEBA)
April 2025
LogRhythm UEBA reportDownload LogRhythm UEBA product report
Buyer's Guide
NetWitness NDR
April 2025
NetWitness NDR reportDownload NetWitness NDR product report
 

Also Known As

LogRhythm UserXDR, LogRhythm Enterprise UEBA
RSA ECAT, NetWitness Network
 

Overview

LogRhythm UEBA enables your security team to quickly and effectively detect, respond to, and neutralize both known and unknown threats. Providing evidence-based starting points for investigation, it employs a combination of scenario analytics techniques (e.g., statistical analysis, rate analysis, trend analysis, advanced correlation), and both supervised and unsupervised machine learning (ML).

LogRhythm

Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness NDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

NetWitness
 

Sample Customers

Information Not Available
ADP, Ameritas, Partners Healthcare
Buyer's Guide
LogRhythm UEBA vs. NetWitness NDR
April 2025
Free Report: LogRhythm UEBA vs. NetWitness NDR
Find out what your peers are saying about LogRhythm UEBA vs. NetWitness NDR and other solutions. Updated: April 2025.
DOWNLOAD NOW
850,236 professionals have used our research since 2012.
See our LogRhythm UEBA vs. NetWitness NDR report.
See our list of best Extended Detection and Response (XDR) vendors.

We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.