Try our new research platform with insights from 80,000+ expert users

NetWitness NDR vs Proofpoint Threat Response comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

NetWitness NDR
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
15
Ranking in other categories
Endpoint Protection Platform (EPP) (59th), Threat Intelligence Platforms (39th), Endpoint Detection and Response (EDR) (63rd), Security Orchestration Automation and Response (SOAR) (24th), Network Detection and Response (NDR) (20th), Extended Detection and Response (XDR) (38th)
Proofpoint Threat Response
Average Rating
8.0
Reviews Sentiment
7.7
Number of Reviews
5
Ranking in other categories
Security Incident Response (4th)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. NetWitness NDR is designed for Network Detection and Response (NDR) and holds a mindshare of 2.2%, up 1.9% compared to last year.
Proofpoint Threat Response, on the other hand, focuses on Security Incident Response, holds 17.9% mindshare, up 7.9% since last year.
Network Detection and Response (NDR)
Security Incident Response
 

Featured Reviews

SupravatMaji - PeerSpot reviewer
Beneficial single unified dashboard, good native application integration, and high availability
My advice to those wanting to implement RSA NetWitness Network is they have to first do a little due diligence, such as the exact requirement based on their needs. That will give them a direction for their investment because otherwise, the bill of material or bill of quantity (BOQ) may be higher side. It is important to do good due intelligence on the environment, see the exact requirement, and then go ahead with the solution. The solution is perfectly stable. I rate RSA NetWitness Network a nine out of ten.
Giuseppe Sgroi - PeerSpot reviewer
Blocks potential spam emails efficiently and integrates well with our security framework
We use the product to verify and manage emails sent and received through our Microsoft Exchange server, focusing on blocking potential spam emails The platform's most valuable include the ability to check emails and block potential spam. The platform's technical support services and pricing need…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"This solution allows us to locate the malware in real-time."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"It is stable. We have been using it for some time, without any issues."
"Ability to isolate the machine when there are malicious files."
"Technical support is knowledgeable."
"If something's pulled and then it's later declared a false positive, it will automatically restore. They also take automatic feeds from their advanced threat detection modules."
"The best part of Proofpoint Threat Response is the Auto-Pull feature. Being able to pull an email back from a user's mailbox is very useful, yet I have noticed that not a lot of organizations use this kind of feature."
"The platform's most valuable include the ability to check emails and block potential spam."
"Support is very responsive."
"It has reduced our manual efforts to remove emails from each user's inbox, and in this case we do not have to ask our IT department or users to do so."
 

Cons

"Threat detection could be better."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"RSA NetWitness Network could improve on integration with non-native application integration."
"The initial setup requires a high level of skill."
"If the reporting gets improved then it would be better, but the product is running amazing as it is."
"The on-premise version doesn't scale well for large companies."
"The platform's technical support services and pricing need improvement."
"The interface within Threat Response could be made simpler."
"Has some quirks."
 

Pricing and Cost Advice

"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."
"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."
"We are on a three-year contract to use RSA NetWitness Network."
"I do not have any opinion on the pricing or licensing of the product."
"It is an expensive product."
"They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."
"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."
"It is highly scalable. It can be bought based on your requirements."
"It's quite affordable to have it with this much functionality and ease to administrate."
"The way most big companies work with Proofpoint is that they try to tie everything into an enterprise license. I can't comment on the actual costs, however I do know that alternative solutions such as Abnormal Security can be much more expensive than Proofpoint Threat Response."
report
Use our free recommendation engine to learn which Network Detection and Response (NDR) solutions are best for your needs.
863,641 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Computer Software Company
13%
Manufacturing Company
9%
Government
9%
Healthcare Company
13%
Financial Services Firm
13%
Computer Software Company
11%
Energy/Utilities Company
11%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Ask a question
Earn 20 points
What is your experience regarding pricing and costs for Proofpoint Threat Response?
I have a vague idea because I don't know what others are charging. But we felt that putting up with the pains and having to spend more time keeping it running than we expected is still better than ...
What needs improvement with Proofpoint Threat Response?
The platform's technical support services and pricing need improvement.
What is your primary use case for Proofpoint Threat Response?
We use the product to verify and manage emails sent and received through our Microsoft Exchange server, focusing on blocking potential spam emails.
 

Also Known As

RSA ECAT, NetWitness Network
No data available
 

Overview

 

Sample Customers

ADP, Ameritas, Partners Healthcare
University of Waterloo, Akorn, Fenwick and West LLP
Find out what your peers are saying about Darktrace, Vectra AI, Trend Micro and others in Network Detection and Response (NDR). Updated: July 2025.
863,641 professionals have used our research since 2012.