Microsoft Defender for Identity vs NetWitness Platform comparison

The compared Microsoft and NetWitness solutions aren't in the same category. Microsoft is ranked #3 in ITDR , with an average rating of 8.8, and holds a 14.6% mindshare in the category. NetWitness is ranked #33 in Log Management , with an average rating of 8.3, and holds a 0.4% mindshare. Additionally, 100% of Microsoft users are willing to recommend the solution, compared to 75% of NetWitness users who would recommend it.

Microsoft Defender for Iden...

Read 26 Microsoft Defender for Identity reviews

7,070 Views
3,606 Comparison Views

100% willing to recommend

NetWitness Platform

Read 37 NetWitness Platform reviews

1,507 Views
738 Comparison Views

75% willing to recommend

Microsoft Defender for Iden...

NetWitness Platform

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Microsoft Defender for Identity and NetWitness Platform based on real PeerSpot user reviews.

Find out in this report how the two Identity Threat Detection and Response (ITDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Microsoft Defender for Identity vs. NetWitness Platform Report (Updated: September 2022).

Buyer's Guide

Microsoft Defender for Identity vs. NetWitness Platform

September 2022

Download the complete report

Helped 869,513 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Microsoft Defender for Iden...

Average Rating

8.8

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Advanced Threat Protection (ATP) (5th), Microsoft Security Suite (3rd), Identity Threat Detection and Response (ITDR) (3rd)

NetWitness Platform

Average Rating

7.4

Reviews Sentiment

7.4

Number of Reviews

Ranking in other categories

Log Management (33rd), Security Information and Event Management (SIEM) (30th)

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Microsoft Defender for Identity is designed for Identity Threat Detection and Response (ITDR) and holds a mindshare of 14.6%, down 22.2% compared to last year.
NetWitness Platform, on the other hand, focuses on Log Management, holds 0.4% mindshare, up 0.3% since last year.

Identity Threat Detection and Response (ITDR) Market Share Distribution
Product	Market Share (%)
Microsoft Defender for Identity	14.6%
CrowdStrike Falcon	15.6%
Microsoft Entra ID Protection	11.2%
Other	58.6%

Identity Threat Detection and Response (ITDR)

Log Management Market Share Distribution
Product	Market Share (%)
NetWitness Platform	0.4%
Wazuh	12.2%
Grafana Loki	7.9%
Other	79.5%

Log Management

Featured Reviews

Peter Arabomen

Security Engineer at Fidelity Bank Plc

Has supported hybrid identity management while integrating well with cloud directory services

The only challenge I have with Microsoft Defender for Identity is the latency. I may not put that entirely on Microsoft, because latency could be network related. At times when trying to authenticate, the prompt is delayed. We tried implementing passwordless authentication, especially for on-premises workloads, but we haven't been able to achieve that. Passwordless authentication is part of the identity functionalities, particularly when it comes to enforcing passwordless for on-premises workloads. In terms of improvements, you can't create OUs on Azure AD. Regarding giving users privileges on what they can do across different OUs, I haven't seen that feature on Microsoft Defender for Identity. Microsoft Defender for Identity needs to be able to plug into third-party applications that are not Microsoft. For instance, with a human resource application used to manage users and leave requests, when staff leaves the organization, they are first exited from that application before AD. Integration between Azure AD and third-party applications would allow automatic syncing when removing staff. The initial setup of Microsoft Defender for Identity is not hard. However, setup is one thing, and getting value from the application end-to-end is another. It can be set up and running from the first day but not functioning optimally. Initially, when we did the setup, it wasn't optimal. Over time, with continuous improvement, which we're still doing, we've gotten to a comfortable level, but there's still room for improvement.

Read full review

MOTASHIM Al Razi

CISO at One Bank Limited

It is a stable solution, but they should make the user interface easier to understand

The solution's initial setup takes work. We have to organize multiple paths and many features. The deployment process takes less than a week. But it takes a month to complete if we want to make the solution smarter by integrating it with various devices. I rate the process as a six out of ten.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"We use AD Connect to sync on-premises AD to Azure AD, and so far, it has been effective."

"The solution’s alerting is fairly efficient."

"We do not see any issues with the stability of Microsoft Defender for Identity. I can say it is 100% stable."

"The solution offers excellent visibility into threats."

"One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password."

"The feature I like most is that you can create your own customized detection rules. It has a lot of default alerts and rules, but you can customize them according to your business needs."

"Auto-remediation is a valuable feature applied to Microsoft Defender for Identity, reducing the burden of investigating false positives."

"The integration into the Microsoft Defender ecosystem is the most valuable feature of Microsoft Defender for Identity."

More Microsoft Defender for Identity pros

"NetWitness can be highly beneficial for incident detection and response."

"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."

"Alerting Module: It provides real-time event processing language on all the logs/packets stream for advanced alerting, i.e., using SQL LIKE statements."

"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."

"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."

"The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs."

"The most valuable features are the threat prediction and network forensics."

"The solution is really scalable for the high-end power, enterprise customer."

More NetWitness Platform pros

Cons

"The tracking instance needs to be configured appropriately."

"One improvement I would recommend is the integration of an admin application within Teams, allowing easy access to attack information on a mobile platform to promptly alert affected users and their friends."

"The documentation provided by Microsoft is often seen as a waste of time."

"The solution could be better at using group-managed access and they could replace it with broad-based access controls."

"One area that needs improvement is the number of alerts generated, leading to alert fatigue."

"Feedback on sync issues with the Microsoft portal highlighted its slow nature, with syncs sometimes taking eight hours."

"Fixing the solution isn't very seamless."

More Microsoft Defender for Identity cons

"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."

"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."

"The implementation needs assistance."

"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."

"RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms."

"The product's licensing models are complex to understand. This particular area needs improvement."

"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."

"Security needs improvement."

More NetWitness Platform cons

Pricing and Cost Advice

"The product is costly, and we had multiple discussions with accounting to receive a discounted rate. However, on the open market, the tool is expensive."

"You won't be able to change your tenants from where you deploy them. For example, if you select Canada, they will charge you based on Canadian pricing. If you are also in London, when you deploy in Canada, the pound is higher than Canadian dollars, but your platform resources are billable in Canadian dollars. Using your pounds to pay for any of these things will be cheaper. Or, if you deploy in London, they will charge you based on your local currency."

"It is very affordable considering that other SIEM solutions are much more expensive and have many more licensing restrictions and fees."

"Microsoft Defender for Identity comes as part of the Microsoft E5 licensing stack."

"Defender for Identity is a little more expensive than other Microsoft products. Identity and Microsoft Defender for Cloud are both a bit costly."

"It’s cheaper to run virtual machines in a VMware environment."

"The NetWitness Platform may be affordable only for enterprise-level customers, as it may not be within the budget of small and medium-sized businesses."

"The licenses are good but the cost is very expensive."

"The product is expensive."

"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."

"Our license is for one year."

"In comparison to other SIEM solutions such as Splunk, NetWitness is less costly."

"This is a pricey solution; it's not cheap."

More NetWitness Platform pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Identity Threat Detection and Response (ITDR) solutions are best for your needs.

See recommendations

869,513 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at Deloitte & Touche

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Read full review

Top Industries

By visitors reading reviews

Computer Software Company

15%

Financial Services Firm

12%

Manufacturing Company

Comms Service Provider

Financial Services Firm

13%

Computer Software Company

11%

Comms Service Provider

Performing Arts

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	7
Midsize Enterprise	3
Large Enterprise	14

By reviewers
Company Size	Count
Small Business	9
Midsize Enterprise	7
Large Enterprise	20

Questions from the Community

What do you like most about Microsoft Defender for Identity?

Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence.

See all answers

What needs improvement with Microsoft Defender for Identity?

See all answers

What is your primary use case for Microsoft Defender for Identity?

I've used Microsoft Defender for Identity primarily for provisioning users on Azure AD and Microsoft authentication. For hybrid scenarios, I integrate on-premises AD to Azure AD. We use AD Connect ...

See all answers

What do you like most about NetWitness Platform?

The product's initial setup phase was not at all difficult.

See all answers

What is your experience regarding pricing and costs for NetWitness Platform?

The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.

See all answers

What needs improvement with NetWitness Platform?

There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.

See all answers

Comparisons

Microsoft Entra ID Protection vs Microsoft Defender for Identity

Compared 17% of the time

Microsoft Purview Insider Risk Management vs Microsoft Defender for Identity

Compared 16% of the time

CrowdStrike Falcon vs Microsoft Defender for Identity

Compared 13% of the time

BloodHound Enterprise vs Microsoft Defender for Identity

Compared 7% of the time

Microsoft Defender for Endpoint vs Microsoft Defender for Identity

Compared 6% of the time

More Microsoft Defender for Identity Competitors

IBM Security QRadar vs NetWitness Platform

Compared 23% of the time

Splunk Enterprise Security vs NetWitness Platform

Compared 17% of the time

Elastic Security vs NetWitness Platform

Compared 13% of the time

USM Anywhere vs NetWitness Platform

Compared 10% of the time

Trellix Network Detection and Response vs NetWitness Platform

Compared 9% of the time

More NetWitness Platform Competitors

Product Reports

Buyer's Guide

Microsoft Defender for Identity

September 2025

Download Microsoft Defender for Identity product report

Buyer's Guide

NetWitness Platform

September 2025

Download NetWitness Platform product report

Also Known As

Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity

RSA Security Analytics

Overview

Microsoft Defender for Identity integrates with Microsoft tools to monitor user activity, providing advanced threat detection and analysis using AI. It enhances proactive threat response and security visibility, making it essential for securing on-premises and cloud environments like Active Directory.

Microsoft Defender for Identity offers comprehensive monitoring and AI-driven user behavior analysis. It detects threats through real-time alerts and identifies lateral movements and entity tagging, ensuring robust security management. With excellent visibility via its dashboard, it supports customized detection rules and seamlessly integrates with SIEM platforms. While SecureScore and SecureScan provide robust environment security, there is room for improvement in cloud security, on-premises application integration, and remediation capabilities. Azure integration is limited, and the administrative interface could be more user-friendly. Users experience frequent false positives, affecting threat detection efficiency.

What key features stand out in Microsoft Defender for Identity?

Integration with Microsoft Tools: Ensures comprehensive protection across environments.
AI-driven Behavior Analysis: Uses artificial intelligence to analyze user actions.
Real-time Threat Detection: Provides immediate alerts to potential threats.
Lateral Movement Identification: Detects unusual lateral access among users.
Dashboards with Visibility: Offers insights into security issues with customization options.
SIEM Integration: Works seamlessly with security information and event management systems.

What benefits should users look for when reviewing Microsoft Defender for Identity?

Enhanced Threat Prioritization: Helps in effective identification and tackling of threats.
Improved Proactive Responses: Facilitates a prompt and efficient response mechanism.
Security Across Environments: Protects both on-premises and cloud-based infrastructures.
Optimized Conditional Access: Manages policies to enhance security protocol efficacy.

In specific industries such as education and finance, Microsoft Defender for Identity is crucial for securing on-premises Active Directory and Azure Active Directory environments. It effectively detects suspicious activities and manages conditional access policies, offering user and entity behavior analytics, endpoint detection and response capabilities. This helps prevent unauthorized access and strengthens overall security, making it an invaluable asset for organizations aiming to safeguard their digital infrastructure.

Microsoft

NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

NetWitness

Sample Customers

Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.

Los Angeles World Airports, Reply

Buyer's Guide

Microsoft Defender for Identity vs. NetWitness Platform

September 2022

Free Report: Microsoft Defender for Identity vs. NetWitness Platform

Find out what your peers are saying about Microsoft Defender for Identity vs. NetWitness Platform and other solutions. Updated: September 2022.

DOWNLOAD NOW

869,513 professionals have used our research since 2012.

See our Microsoft Defender for Identity vs. NetWitness Platform report.

We monitor all Identity Threat Detection and Response (ITDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.