We performed a comparison between Microsoft Defender for Endpoint and NetWitness XDR based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Protection Platform (EPP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Forensics is a valuable feature of Fortinet FortiEDR."
"The product detects and blocks threats and is more proactive than firewalls."
"The solution was relatively easy to deploy."
"It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"This is stable and scalable."
"The product's initial setup phase is very easy."
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"It's pretty easy to scale."
"It shows us the risky sign-ins, and if a user's password has been compromised."
"Defender works in the background monitoring the traffic for viruses."
"This solution definitely increases our security posture. When you are reviewing your existing fleet or endpoints and based on the configuration that you put out of your Defender for Endpoint, you then receive a security score from Microsoft. Depending on what rules you have configured, what policies you have deployed, and what attack surface reduction rules that you have set up and deployed, it is almost gamifying information security in the sense that you are always trying to achieve a higher score. The more hardening you perform on your endpoints, the better score you receive. This generally tends to give you a better peace of mind, but also makes you secure at the same time."
"The main features of this solution are that it handles everything by itself and is well integrated."
"It is stable and easy to use. Everything is okay, and there are no performance issues."
"Defender is stable enough and is competitive with the other products in the market."
"It's stable."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"The log correlation is good."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"It is stable. We have been using it for some time, without any issues."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"Technical support is knowledgeable."
"It takes about two business days for initial support, which is too slow in urgent situations."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"Cannot be used on mobile devices with a secure connection."
"The SIEM could be improved."
"The support needs improvement."
"The dashboard isn't easy to access and manage."
"Microsoft Defender for Endpoint is secure but when it comes to security all solutions could improve security."
"The time it takes to restore the application could be improved. It has a lot of dependencies. It's not like the Microsoft security that comes with the OS. Updating through the command prompt, most of the time, it takes some time to download some of these dependencies."
"The reporting in Microsoft Defender for Endpoint should improve. The solution has limited features."
"The profiling method currently in use is not very user-friendly and has ample scope for improvement."
"It should support non-Windows products better. Microsoft is now one of the leading vendors in the security area. So, they should be product-independent."
"The solution could be more friendly for end-users, with different type of scans or scheduled scans for it."
"Integration with third-party vendors could be better. It would be better if it integrates with other protection solutions or other products outside of Microsoft. Nowadays, anti-virus protection doesn't really have to be planned as overall protection for your environment in terms of security. There are really different avenues that bad actors can take to wreak havoc on your machine."
"Other vendors provide a lot of customization when it comes to integration, which every big organization requires. No big organization depends on one particular tool. Defender lacks that at this point."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"Threat detection could be better."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"The initial setup requires a high level of skill."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Microsoft Defender for Endpoint is ranked 1st in Endpoint Protection Platform (EPP) with 182 reviews while NetWitness XDR is ranked 40th in Endpoint Protection Platform (EPP) with 15 reviews. Microsoft Defender for Endpoint is rated 8.0, while NetWitness XDR is rated 8.0. The top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, CrowdStrike Falcon, SentinelOne Singularity Complete and Fortinet FortiClient, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Vectra AI. See our Microsoft Defender for Endpoint vs. NetWitness XDR report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.