Try our new research platform with insights from 80,000+ expert users

Microsoft Defender Threat Intelligence vs NetWitness Platform comparison

The compared Microsoft and NetWitness solutions aren't in the same category. Microsoft is ranked #10 in ATP , with an average rating of 8.4, and holds a 1.6% mindshare in the category. NetWitness is ranked #38 in Log Management , with an average rating of 8.0, and holds a 0.3% mindshare. Additionally, 93% of Microsoft users are willing to recommend the solution, compared to 75% of NetWitness users who would recommend it.
Microsoft Defender Threat I...
Read 31 Microsoft Defender Threat Intelligence reviews
  • 358 Views
  • 196 Comparison Views
93% willing to recommend
NetWitness Platform
Read 37 NetWitness Platform reviews
  • 739 Views
  • 465 Comparison Views
75% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Microsoft Defender Threat Intelligence and NetWitness Platform based on real PeerSpot user reviews.

Find out what your peers are saying about Microsoft, Palo Alto Networks, Fortinet and others in Advanced Threat Protection (ATP).

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Advanced Threat Protection (ATP) Report (Updated: May 2025).
Buyer's Guide
Advanced Threat Protection (ATP)
May 2025
Download the complete report
Helped 851,823 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Defender Threat I...
Average Rating
8.4
Reviews Sentiment
7.4
Number of Reviews
31
Ranking in other categories
Advanced Threat Protection (ATP) (10th), Threat Intelligence Platforms (4th), Microsoft Security Suite (18th)
NetWitness Platform
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
37
Ranking in other categories
Log Management (38th), Security Information and Event Management (SIEM) (32nd)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Microsoft Defender Threat Intelligence is designed for Advanced Threat Protection (ATP) and holds a mindshare of 1.6%, up 1.2% compared to last year.
NetWitness Platform, on the other hand, focuses on Log Management, holds 0.3% mindshare, down 0.4% since last year.
Advanced Threat Protection (ATP)
Log Management
 

Featured Reviews

Nim Nadarajah - PeerSpot reviewer
A native Microsoft solution the provides great ROI and continuously improves its offering
We have Microsoft bias. We generally don't have any significant negative feedback or improvement points around Defender, EDR and CMDR platforms. It does a good job across the board. The price point is something they can improve slightly for those who don't have an M 365 E5. I believe it's a $2.80 cents add-on. In Canadian, that's expensive. If they can drop it to a dollar, for those who don't have M 365 E5, they're going to open up market share and increase affordability for an entire market segment in the medium business category. Other than that, we have no major negative feedback.
Read full review
MdZaman - PeerSpot reviewer
Really scalable for enterprise customers
The solution should have more integration capabilities with different platforms. The API is nearly open and scalable, so the solution can integrate with many platforms. The solution has more than 200 log sources in the scalability to support, but this is its limit. Installation is pretty easy. However, there are a couple of modules involved, so it is not as easy as it could be. We are talking about a distributed module, not a single-module type. This is what makes things a bit complex, instead of easier. I rate it as a seven out of ten on its installation and configuration capabilities.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Microsoft Defender Threat Intelligence assesses machines for vulnerabilities and gives remediations."
"One of the best features is that it provides a certain level of customization, allowing us to set our spam confidence levels."
"The product is stable."
"You can use it to monitor third parties and ensure they are not under threat attacks. It is beneficial in the GRC model."
"It just runs in the background. I don't have to worry about, making sure it's Intelligence. So, you know, this kind of makes it very easy, have to worry about installing. It is easy to use."
"The tool is managed from the cloud, because of which the maintenance is very low."
"I value how Threat Intelligence integrates with the different platforms in Microsoft."
"The product is useful when the end user downloads malware files."
More Microsoft Defender Threat Intelligence pros
"NetWitness Platform is valuable for creating rules that the solution must detect."
"Incident management is its most valuable feature."
"It's quite economical compared to other solutions in the market."
"The product's initial setup phase was not at all difficult."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"The most valuable features are the packet decoder, log decoder, and concentrator."
"The product has a user-friendly interface and a valuable feature for threat intelligence integration."
"Their technical support responds quickly and are knowledgable."
More NetWitness Platform pros
 

Cons

"The price point is something they can improve slightly for those who don't have an M 365 E5."
"The product's dashboard and incident reports functionality needs enhancement."
"There could be AI functionality included for features like reporting and dashboard preparation."
"Microsoft Defender Threat Intelligence is evolving and needs to fix and enhance numerous issues like stability and licensing. The continuous rebranding and licensing changes are confusing."
"The stability of the product is an area of concern where improvements are required."
"A stable licensing model is absent"
"It would be beneficial to enhance the pricing structure and make it more affordable."
"Microsoft Defender Threat Intelligence should integrate with different platforms."
More Microsoft Defender Threat Intelligence cons
"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10."
"An area for improvement would be better automation and more inbuilt use cases."
"Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."
"More customizability is required, which is something that they need to improve on."
"They should implement algorithms to digest that data and produce additional, more advanced reporting, alerting and support of internal security teams."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"If we have the ability to run a dynamic analysis through malware in the same suite, it would be great to have a sandbox solution to analyze malware through dynamic analysis."
"The implementation needs assistance."
More NetWitness Platform cons
 

Pricing and Cost Advice

"Considering Microsoft is constantly changing licensing, I would give it a seven out of ten. It can be difficult to get your head around it, especially for small to medium-sized enterprises (SMEs)."
"The solution's pricing is reasonable and not very expensive."
"I use the product's default version, which is a free one and not the licensed version."
"They offer two license plans: Microsoft Defender for endpoints and Microsoft Defender for businesses."
"The pricing of the solution is good."
"The product’s pricing is worth it."
"On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a six or seven out of ten."
"The product has multiple subscription models."
More Microsoft Defender Threat Intelligence pricing and cost advice
"The new pricing and licensing mechanisms are fair. I would advise always to get the full solution (i.e., not only Logs)."
"The product is expensive."
"We are on an annual license for the use of the solution."
"It is cheap."
"We have a perpetual license, so the total cost of ownership is not very expensive. It's a good investment."
"The tool is very expensive, so I rate the pricing a ten out of ten. The solution has an annual subscription."
"It provides tools to assist in selecting the appropriate license and usage scenarios."
"There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
More NetWitness Platform pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.
See recommendations
851,823 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
Read full review
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
14%
Educational Organization
10%
Government
10%
Computer Software Company
18%
Financial Services Firm
17%
Government
6%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Microsoft Defender Threat Intelligence?
It just runs in the background. I don't have to worry about, making sure it's Intelligence. So, you know, this kind of makes it very easy, have to worry about installing. It is easy to use.
See all answers
What needs improvement with Microsoft Defender Threat Intelligence?
Some of the customization features could be improved by providing a portion of it as open source. This would allow integration with other solutions, enhancing Threat Intelligence. Providing code cu...
See all answers
What is your primary use case for Microsoft Defender Threat Intelligence?
We are using Microsoft Defender ATP specifically as an email security solution, as well as for our critical servers as a web security solution. We have almost eleven hundred users utilizing it for ...
See all answers
What do you like most about NetWitness Platform?
The product's initial setup phase was not at all difficult.
See all answers
What is your experience regarding pricing and costs for NetWitness Platform?
The pricing is comparable to others, and I consider the cost to be intermediate. Specific cost details are unknown to me.
See all answers
What needs improvement with NetWitness Platform?
There is currently no need for improvement in the SIEM ( /categories/security-information-and-event-management-siem ), though there could be potential enhancements by integrating with AI.
See all answers
 

Comparisons

Recorded Future vs Microsoft Defender Threat Intelligence Logo
Recorded Future vs Microsoft Defender Threat Intelligence
Compared 22% of the time
VirusTotal vs Microsoft Defender Threat Intelligence Logo
VirusTotal vs Microsoft Defender Threat Intelligence
Compared 18% of the time
Anomali vs Microsoft Defender Threat Intelligence Logo
Anomali vs Microsoft Defender Threat Intelligence
Compared 15% of the time
Cisco Threat Grid vs Microsoft Defender Threat Intelligence Logo
Cisco Threat Grid vs Microsoft Defender Threat Intelligence
Compared 14% of the time
Microsoft Sentinel vs Microsoft Defender Threat Intelligence Logo
Microsoft Sentinel vs Microsoft Defender Threat Intelligence
Compared 10% of the time
More Microsoft Defender Threat Intelligence Competitors
Splunk Enterprise Security vs NetWitness Platform Logo
Splunk Enterprise Security vs NetWitness Platform
Compared 23% of the time
IBM Security QRadar vs NetWitness Platform Logo
IBM Security QRadar vs NetWitness Platform
Compared 17% of the time
Elastic Security vs NetWitness Platform Logo
Elastic Security vs NetWitness Platform
Compared 13% of the time
Trellix Network Detection and Response vs NetWitness Platform Logo
Trellix Network Detection and Response vs NetWitness Platform
Compared 10% of the time
RSA enVision vs NetWitness Platform Logo
RSA enVision vs NetWitness Platform
Compared 9% of the time
More NetWitness Platform Competitors
 

Product Reports

Buyer's Guide
Microsoft Defender Threat Intelligence
May 2025
Microsoft Defender Threat Intelligence reportDownload Microsoft Defender Threat Intelligence product report
Buyer's Guide
NetWitness Platform
May 2025
NetWitness Platform reportDownload NetWitness Platform product report
 

Also Known As

No data available
RSA Security Analytics
 

Overview

Microsoft Defender Threat Intelligence is a comprehensive security solution that provides organizations with real-time insights into the latest cyber threats. Leveraging advanced machine learning and artificial intelligence capabilities, it offers proactive threat detection and response, enabling businesses to stay one step ahead of attackers. With Microsoft Defender Threat Intelligence, organizations gain access to a vast array of threat intelligence data, including indicators of compromise (IOCs), security incidents, and emerging threats. This data is collected from a wide range of sources, such as Microsoft's global sensor network, industry partners, and security researchers, ensuring comprehensive coverage and accuracy. The solution's advanced analytics and machine learning algorithms analyze this threat intelligence data in real-time, identifying patterns, trends, and anomalies that may indicate a potential security breach. By continuously monitoring the network and endpoints, Microsoft Defender Threat Intelligence can quickly detect and respond to threats, minimizing the impact of attacks and reducing the time to remediation. 

Microsoft

NetWitness Platform is an evolved SIEM and threat detection and response solution that functions as a single, unified platform for ALL your security data. It features an advanced analyst workbench for triaging alerts and incidents, and it orchestrates security operations programs end to end. In short: NetWitness Platform is all you need to run an intelligent SOC.

NetWitness
 

Sample Customers

Information Not Available
Los Angeles World Airports, Reply
Buyer's Guide
Advanced Threat Protection (ATP)
May 2025
Download Free Report
Find out what your peers are saying about Microsoft, Palo Alto Networks, Fortinet and others in Advanced Threat Protection (ATP). Updated: May 2025.
DOWNLOAD NOW
851,823 professionals have used our research since 2012.

We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.