Try our new research platform with insights from 80,000+ expert users

NetWitness NDR vs Palo Alto Networks AutoFocus comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

NetWitness NDR
Ranking in Threat Intelligence Platforms
40th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
15
Ranking in other categories
Endpoint Protection Platform (EPP) (59th), Endpoint Detection and Response (EDR) (61st), Security Orchestration Automation and Response (SOAR) (25th), Network Detection and Response (NDR) (19th), Extended Detection and Response (XDR) (39th)
Palo Alto Networks AutoFocus
Ranking in Threat Intelligence Platforms
29th
Average Rating
7.4
Reviews Sentiment
6.8
Number of Reviews
7
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of August 2025, in the Threat Intelligence Platforms category, the mindshare of NetWitness NDR is 1.1%, up from 0.6% compared to the previous year. The mindshare of Palo Alto Networks AutoFocus is 1.2%, down from 1.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Threat Intelligence Platforms
 

Featured Reviews

SupravatMaji - PeerSpot reviewer
Beneficial single unified dashboard, good native application integration, and high availability
My advice to those wanting to implement RSA NetWitness Network is they have to first do a little due diligence, such as the exact requirement based on their needs. That will give them a direction for their investment because otherwise, the bill of material or bill of quantity (BOQ) may be higher side. It is important to do good due intelligence on the environment, see the exact requirement, and then go ahead with the solution. The solution is perfectly stable. I rate RSA NetWitness Network a nine out of ten.
RichPhillips - PeerSpot reviewer
Offers a centralized dashboard for reporting threats and anomalies
The tool along with other suite of products provides us with threat and alert information.  The solution has provided us with a centralized dashboard for reporting threats and anomalies.  I am impressed with the tool's integration of Palo Alto products which serves as a platform for security.  I…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"This solution allows us to locate the malware in real-time."
"The stability of the RSA NetWitness Endpoint is very good."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"Ability to isolate the machine when there are malicious files."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"I would rate Palo Alto Networks AutoFocus a ten out of ten."
"The feature that I like best is the dashboard."
"The logs play a crucial role as they contribute to blocking unwanted Internet traffic."
"The most valuable feature is alerting."
"I am impressed with the tool's integration of Palo Alto products which serves as a platform for security."
"It integrates well with other solutions and provides good threat intelligence in terms of external threats."
"Palo Alto Networks AutoFocus has had a positive impact on my company as we can reduce the cost for the SOC investment, and we can also get good feedback on how to strengthen our network from the expertise people available."
 

Cons

"Threat detection could be better."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"The solution lacks a reporting engine."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"The contamination feature could be improved."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"It would be helpful to have better documentation for configuring and installing the solution."
"It is a completely cloud-based product at present."
"It would be better if they used the threat intelligence feeds directly from their side and changing the verdict instead of us requesting it."
"I would like to have more technical documentation that contains greater detail on the types of threats that are occurring."
"I would like the tool to see more integration with Cortex XDR. There is no real reason to keep them separate."
 

Pricing and Cost Advice

"The cost depends on the number of endpoints that you want to monitor, but it is not expensive."
"We are on a three-year contract to use RSA NetWitness Network."
"The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."
"I do not have any opinion on the pricing or licensing of the product."
"It is an expensive product."
"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."
"They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."
"It is highly scalable. It can be bought based on your requirements."
"It is expensive."
"The solution is reasonably priced."
report
Use our free recommendation engine to learn which Threat Intelligence Platforms solutions are best for your needs.
865,384 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Computer Software Company
12%
Manufacturing Company
10%
Government
7%
Performing Arts
12%
Insurance Company
10%
Computer Software Company
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Ask a question
Earn 20 points
What needs improvement with Palo Alto Networks AutoFocus?
While Palo Alto Networks AutoFocus is effective, I always prefer to have a second source of threat intelligence feed to ensure coverage for zero-day vulnerabilities that might be missed. This is mo...
What is your primary use case for Palo Alto Networks AutoFocus?
I use Palo Alto Networks AutoFocus ( /products/palo-alto-networks-autofocus-reviews ) for threat intelligence. Palo Alto Networks has its own threat intelligence team, Unit 42, which analyzes submi...
What advice do you have for others considering Palo Alto Networks AutoFocus?
I would rate Palo Alto Networks AutoFocus a ten out of ten. I always activate it when purchasing Palo Alto Networks products because it's simple to deploy and beneficial. However, for non-Palo Alto...
 

Also Known As

RSA ECAT, NetWitness Network
Palo Alto Threat Intelligence Management
 

Overview

 

Sample Customers

ADP, Ameritas, Partners Healthcare
Telkom Indonesia
Find out what your peers are saying about NetWitness NDR vs. Palo Alto Networks AutoFocus and other solutions. Updated: July 2025.
865,384 professionals have used our research since 2012.