We performed a comparison between LogRhythm UEBA and NetWitness XDR based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like that it's fully integrated with Windows, Microsoft 365 Exchange Online, and Outlook. It is better than other antivirus solutions because it's fully integrated with all Microsoft products. It's easy to integrate them and onboard all Windows devices from SCCM."
"The integration with other Microsoft solutions is the most valuable feature."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"The integration between all the Defender products is the most valuable feature."
"Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"The most valuable aspect is undoubtedly the exploration capability"
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"The most valuable features are file activity monitoring and registry activity monitoring."
"The tool's most valuable feature is server threat hunting."
"It has a lot of features. It has file integration monitoring."
"The solution's most valuable features are the graphical user interface and the reporting."
"LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs."
"Good capability pinpointing specific cyber incidents."
"What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"The stability of the RSA NetWitness Endpoint is very good."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"The interface of this solution is very flexible and easy to use."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"Ability to isolate the machine when there are malicious files."
"This solution allows us to locate the malware in real-time."
"Automated playbooks and automated dashboards would be preferable to the way the data is currently being presented."
"I'd like to see a wider solution that includes not only desktop devices but also other devices, such as servers, storage cabinets, switching equipment, et cetera."
"Support is hit or miss. Microsoft wants you to buy premium support contracts. Though they call themselves professional support, it's almost like throwing questions into a black hole. You get an answer, but it's never helpful."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"Sometimes, configurations take much longer than expected."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"The search feature needs to be improved."
"It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"The UI could be improved a little bit."
"It would be helpful if there were more guidance provided for integrating with unsupported devices."
"LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users."
"The cloud version is lacking and not up to par."
"What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"RSA NetWitness Network could improve on integration with non-native application integration."
"Threat detection could be better."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"The initial setup requires a high level of skill."
LogRhythm UEBA is ranked 22nd in Extended Detection and Response (XDR) with 10 reviews while NetWitness XDR is ranked 17th in Extended Detection and Response (XDR) with 15 reviews. LogRhythm UEBA is rated 7.2, while NetWitness XDR is rated 8.0. The top reviewer of LogRhythm UEBA writes "Detects unusual logins but dashboards need improvement ". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". LogRhythm UEBA is most compared with Wazuh, Darktrace, CrowdStrike Falcon, Trend Micro Deep Discovery and Aruba IntroSpect, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Microsoft Defender for Endpoint. See our LogRhythm UEBA vs. NetWitness XDR report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
