NetWitness NDR vs Palo Alto Networks AutoFocus comparison

NetWitness and Palo Alto Networks are both solutions in the Threat Intelligence Platforms (TIP) category. NetWitness is ranked #40, while Palo Alto Networks is ranked #17 with an average rating of 6.0. NetWitness holds a 0.9% mindshare in TIPT, compared to Palo Alto Networks’s 1.2% mindshare. Additionally, 87% of NetWitness users are willing to recommend the solution, compared to 87% of Palo Alto Networks users who would recommend it.

NetWitness NDR

Read 15 NetWitness NDR reviews

2,568 Views
360 Comparison Views

87% willing to recommend

Palo Alto Networks AutoFocus

Read 7 Palo Alto Networks AutoFocus reviews

1,321 Views
1,149 Comparison Views

87% willing to recommend

NetWitness NDR

Palo Alto Networks AutoFocus

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between NetWitness NDR and Palo Alto Networks AutoFocus based on real PeerSpot user reviews.

Find out in this report how the two Threat Intelligence Platforms (TIP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed NetWitness NDR vs. Palo Alto Networks AutoFocus Report (Updated: December 2025).

Buyer's Guide

NetWitness NDR vs. Palo Alto Networks AutoFocus

December 2025

Download the complete report

Helped 881,114 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

NetWitness NDR

Ranking in Threat Intelligence Platforms (TIP)

40th

Average Rating

8.0

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Endpoint Protection Platform (EPP) (55th), Endpoint Detection and Response (EDR) (57th), Security Orchestration Automation and Response (SOAR) (25th), Network Detection and Response (NDR) (19th), Extended Detection and Response (XDR) (38th)

Palo Alto Networks AutoFocus

Ranking in Threat Intelligence Platforms (TIP)

17th

Average Rating

7.4

Reviews Sentiment

6.8

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of January 2026, in the Threat Intelligence Platforms (TIP) category, the mindshare of NetWitness NDR is 0.9%, down from 1.2% compared to the previous year. The mindshare of Palo Alto Networks AutoFocus is 1.2%, down from 1.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Threat Intelligence Platforms (TIP) Market Share Distribution
Product	Market Share (%)
Palo Alto Networks AutoFocus	1.2%
NetWitness NDR	0.9%
Other	97.9%

Threat Intelligence Platforms (TIP)

Featured Reviews

reviewer1799727

Manager, IT Security Operations at a non-profit with 11-50 employees

Reliable and good support but can be expensive

I have no real complaints about the solution. Threat detection could be better. They need to enhance their threat intelligence feeds. We would like to have more IOCs or more trade intelligence to not only rely on the intelligence of the engineer in charge but to have some threat intelligence and some seeds of IOCs and to have the host have some artificial intelligence to reduce the number of false positives. I don't see this solution being very scalable. The solution is pricey.

Read full review

reviewer9216065

Sr. Cloud Security Architect at a tech services company with 11-50 employees

Seamless integration into existing ecosystem empowers effective threat detection

The most valuable feature of Palo Alto Networks AutoFocus is its seamless integration into the Palo Alto Networks ecosystem, allowing the threat intelligence feeds to be automatically consumed without manual effort. It uses the STIX format, which is automatically understood by the firewalls. AutoFocus also excels in behavioral analytics and reputation scoring, providing thorough threat analysis.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."

"It is stable. We have been using it for some time, without any issues."

"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."

"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."

"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."

"Ability to isolate the machine when there are malicious files."

"Technical support is knowledgeable."

"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."

More NetWitness NDR pros

"The logs play a crucial role as they contribute to blocking unwanted Internet traffic."

"It integrates well with other solutions and provides good threat intelligence in terms of external threats."

"The feature that I like best is the dashboard."

"The most valuable feature is alerting."

"Palo Alto Networks AutoFocus has had a positive impact on my company as we can reduce the cost for the SOC investment, and we can also get good feedback on how to strengthen our network from the expertise people available."

"I am impressed with the tool's integration of Palo Alto products which serves as a platform for security."

"I would rate Palo Alto Networks AutoFocus a ten out of ten."

Cons

"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."

"RSA NetWitness Network could improve on integration with non-native application integration."

"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."

"Threat detection could be better."

"The initial setup requires a high level of skill."

"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."

"The contamination feature could be improved."

"When analyzing something, you have to click several times. It requires a lot of effort to find something."

More NetWitness NDR cons

"I would like to have more technical documentation that contains greater detail on the types of threats that are occurring."

"It would be better if they used the threat intelligence feeds directly from their side and changing the verdict instead of us requesting it."

"It is a completely cloud-based product at present."

"I would like the tool to see more integration with Cortex XDR. There is no real reason to keep them separate."

"It would be helpful to have better documentation for configuring and installing the solution."

Pricing and Cost Advice

"The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."

"They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."

"I do not have any opinion on the pricing or licensing of the product."

"It is highly scalable. It can be bought based on your requirements."

"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."

"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."

"We are on a three-year contract to use RSA NetWitness Network."

"It is an expensive product."

More NetWitness NDR pricing and cost advice

"The solution is reasonably priced."

"It is expensive."

See which vendors are best for you

Use our free recommendation engine to learn which Threat Intelligence Platforms (TIP) solutions are best for your needs.

See recommendations

881,114 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

10%

Computer Software Company

10%

Manufacturing Company

Performing Arts

15%

Computer Software Company

Outsourcing Company

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	10
Midsize Enterprise	2
Large Enterprise	5

By reviewers
Company Size	Count
Small Business	4
Midsize Enterprise	1
Large Enterprise	4

Questions from the Community

Ask a question

Earn 20 points

What needs improvement with Palo Alto Networks AutoFocus?

I feel that Palo Alto Networks AutoFocus can improve, especially since most of the OEMs are implementing MDR, Managed Service feature, which is still not available with Palo Alto. The MDR feature i...

See all answers

What is your primary use case for Palo Alto Networks AutoFocus?

I use Palo Alto Networks AutoFocus for threat monitoring, and it is provided by the OEM itself. I use the threat data correlation feature, which correlates with Cortex. We can use it for data corre...

See all answers

What advice do you have for others considering Palo Alto Networks AutoFocus?

As a partner with Palo Alto Networks, my email is Sarvajit at bsrgroup.in. My job title is Technical Manager. I confirm that we will publish these reviews on peerspot.com in written or audio format...

See all answers

Comparisons

Darktrace vs NetWitness NDR

Compared 8% of the time

Wazuh vs NetWitness NDR

Compared 5% of the time

Trellix Endpoint Security Platform vs NetWitness NDR

Compared 5% of the time

ExtraHop Reveal(x) vs NetWitness NDR

Compared 5% of the time

ServiceNow Security Operations vs NetWitness NDR

Compared 4% of the time

More NetWitness NDR Competitors

Trend Micro TippingPoint Threat Protection System vs Palo Alto Networks AutoFocus

Compared 18% of the time

Recorded Future vs Palo Alto Networks AutoFocus

Compared 17% of the time

CrowdStrike Falcon vs Palo Alto Networks AutoFocus

Compared 17% of the time

ThreatConnect Threat Intelligence Platform (TIP) vs Palo Alto Networks AutoFocus

Compared 17% of the time

Cisco Threat Grid vs Palo Alto Networks AutoFocus

Compared 16% of the time

More Palo Alto Networks AutoFocus Competitors

Product Reports

Buyer's Guide

NetWitness NDR

January 2026

Download NetWitness NDR product report

Buyer's Guide

Threat Intelligence Platforms (TIP)

December 2025

Download Palo Alto Networks AutoFocus product report

Also Known As

RSA ECAT, NetWitness Network

Palo Alto Threat Intelligence Management

Overview

Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness NDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

NetWitness

AutoFocus contextual threat intelligence service accelerates analysis, correlation and prevention workflows. Unique, targeted attacks are automatically prioritized with full context, allowing security teams to respond to critical attacks faster, without additional IT security resources.

Palo Alto Networks

Sample Customers

ADP, Ameritas, Partners Healthcare

Telkom Indonesia

Buyer's Guide

NetWitness NDR vs. Palo Alto Networks AutoFocus

December 2025

Free Report: NetWitness NDR vs. Palo Alto Networks AutoFocus

Find out what your peers are saying about NetWitness NDR vs. Palo Alto Networks AutoFocus and other solutions. Updated: December 2025.

DOWNLOAD NOW

881,114 professionals have used our research since 2012.

See our NetWitness NDR vs. Palo Alto Networks AutoFocus report.

See our list of best Threat Intelligence Platforms (TIP) vendors.

We monitor all Threat Intelligence Platforms (TIP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.