NetWitness NDR vs Qualys Multi-Vector EDR comparison

NetWitness and Qualys are both solutions in the Endpoint Detection and Response (EDR) category. NetWitness is ranked #58, while Qualys is ranked #72. NetWitness holds a 0.8% mindshare in EDR, compared to Qualys’s 0.3% mindshare. Additionally, 87% of NetWitness users are willing to recommend the solution, compared to 100% of Qualys users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between NetWitness NDR and Qualys Multi-Vector EDR based on real PeerSpot user reviews.

Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in Endpoint Detection and Response (EDR).

To learn more, read our detailed Endpoint Detection and Response (EDR) Report (Updated: March 2026).

Buyer's Guide

Endpoint Detection and Response (EDR)

March 2026

Download the complete report

Helped 885,376 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cortex XDR by Palo Alto Net...

Mindshare comparison

As of March 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.4%, down from 4.0% compared to the previous year. The mindshare of NetWitness NDR is 0.8%, up from 0.3% compared to the previous year. The mindshare of Qualys Multi-Vector EDR is 0.3%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Endpoint Detection and Response (EDR) Mindshare Distribution
Product	Mindshare (%)
Cortex XDR by Palo Alto Networks	3.4%
NetWitness NDR	0.8%
Qualys Multi-Vector EDR	0.3%
Other	95.5%

Endpoint Detection and Response (EDR)

Featured Reviews

ABHISHEK_SINGH

Senior Process Expert at A.P. Moller - Maersk

Gained full visibility and streamlined threat detection through behavior-based insights and AI integration

Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.

Read full review

reviewer1799727

Manager, IT Security Operations at a non-profit with 11-50 employees

Reliable and good support but can be expensive

I have no real complaints about the solution. Threat detection could be better. They need to enhance their threat intelligence feeds. We would like to have more IOCs or more trade intelligence to not only rely on the intelligence of the engineer in charge but to have some threat intelligence and some seeds of IOCs and to have the host have some artificial intelligence to reduce the number of false positives. I don't see this solution being very scalable. The solution is pricey.

Read full review

reviewer1668453

Director, Security Innovation at a insurance company with 10,001+ employees

Provides contextual alerts and risk ratings on findings

It's kind of difficult to quantify areas for improvement. In the larger picture, one challenge is that the NDR space is very crowded today. I can mention half a dozen names just off the top of my head. There are at least 12 to 20 different players. All of them are well-known brand names, and it's difficult to compare them. They all claim to be giving you the same network difference capability: catching malware, dealing with all the minor taxonomy of attack, all that. Still, it's very difficult to compare them side by side because they all do things a little differently, and they all have different presentations and output. We haven't deployed it, so I can't give you what we felt about it exactly. But in the larger perspective, the critical feature is really giving a clear separation between a low, high, and medium criticality. You need a rating that is really true to the actual attack. There's one other capability we are evaluating them for, and it's for custom alerts detection. A lot of these products are trying to profile the threats that are already out there in the industry. They're very well known and published. Today, there are targeted acts being played against organizations, so you have to be sensitive to how your firewalls, protocols, and your HTTP are all operating. You might have some fine-tuned threats that are targeting you, and you should be able to build custom defenses. They should have some openness in terms of how you specify your threats. You get a standard library of threats. On top of it, every organization builds its own.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The positive impacts I see from Cortex XDR by Palo Alto Networks include a complete 360-degree view of our security posture altogether, being a uniform platform where we are ingesting logs from multiple resources."

"The most valuable feature of Cortex XDR by Palo Alto Networks is its machine-learning capabilities. Additionally, there is full integration with other solutions."

"Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place."

"Stability is one of the features we like the most."

"The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly. The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that."

"One thing that I like about Cortex XDR by Palo Alto Networks, it is detecting all the suspicious or malicious binaries, and it has integration with Palo Alto Firewall."

"The behavior-based detection feature is valuable."

"When the pandemic started, Palo Alto came up with many solutions, which helped with the quick shift from on-premises to the cloud."

More Cortex XDR by Palo Alto Networks pros

"The solution is scalable; it creates 3,000 lab logs per second, and I think the solution is suitable for large companies or medium to large companies."

"Ability to isolate the machine when there are malicious files."

"This solution allows us to locate the malware in real-time."

"I would recommend others to use RSA NetWitness Endpoint at this time because they have evolved from an MD to an EDR solution to an XDR solution."

"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."

"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."

"I would highly recommend the solution. Just go ahead and get it."

"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."

More NetWitness NDR pros

"They can provide you very contextual alerts on if something bad is happening—coming into your network or going out of your network. As part of that, they gather a lot of threat intelligence and map your connections against that. The larger benefit is that they give you a risk rating on their findings."

"They can provide you with very contextual alerts on if something bad is happening—coming into your network or going out of your network."

Cons

"It is not a suitable solution if you are looking for a single product with multiple features such as DLP, encryption, rollback, etc."

"The server sometimes stops continuously to check things so it would be helpful to receive access updates or technical reasons."

"It is an enterprise-level solution. Its price could be less expensive."

"Additionally, I think the price is very high, and if it can be adjusted, I believe it will be a very good solution."

"Managing the product should be easier."

"Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats."

"The playbooks could be improved to include more functionalities or actions."

"In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are the big company, so they can improve the UI a little bit. The UI, the reports, the log system can all be improved."

More Cortex XDR by Palo Alto Networks cons

"The integration of the solution needs to be improved. The dashboard needs lots of updates as well."

"RSA NetWitness Network could improve on integration with non-native application integration."

"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."

"When analyzing something, you have to click several times. It requires a lot of effort to find something."

"The initial setup requires a high level of skill."

"I don't see this solution being very scalable."

"One of the drawbacks of using this product is that when you deploy, you have to create MSI files."

"The problem with this product is that it's a bit slow."

More NetWitness NDR cons

"My challenge is actually comparing offerings from different vendors across a threat spectrum that is very large."

"My challenge is actually comparing offerings from different vendors across a threat spectrum that is very large. We are talking about millions of threats. How are you confident that Blue Hexagon is catching all one million of them and Palo Alto is doing the same thing? They all have their strengths. Within that, Blue Hexagon might cover 990,000 of them. Palo Alto might cover another 990,000. It's a bit difficult to compare them and say, "Oh, are they catching the same 990,000?" I don't know."

Pricing and Cost Advice

"The price of the solution could be reduced. I have customers that have voiced that the solution is good for the value but if I want to sell more of the solution the price reduction would help."

"The pricing seems fair, and I do like the licensing model. You use wherever they are, and it is elastic."

"It is cost-effective compared to similar solutions. It fits for the small businesses through to the big businesses."

"I did PoCs on products called Cylance and CrowdStrike. Although, I consider these products and they were also good, when it come to cost and budgetary factors, Traps has been proven to be better than the other two products. It is quite cost-effective and delivers all the entire solution which we require."

"Compared to CrowdStrike, Cortex XDR is an expensive solution."

"The pricing is a little high. It is per user per year."

"The price is on the higher side, but it's okay."

"The cost depends on your chosen license type, like Pro or other licenses."

More Cortex XDR by Palo Alto Networks pricing and cost advice

"It is highly scalable. It can be bought based on your requirements."

"The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."

"We are on a three-year contract to use RSA NetWitness Network."

"It is an expensive product."

"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."

"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."

"The cost depends on the number of endpoints that you want to monitor, but it is not expensive."

"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."

More NetWitness NDR pricing and cost advice

"It's difficult to state the setup cost. All the NDRs range anywhere between $500,000, plus or minus, to $2 million. There's a spread of pricing here, depending on who you are talking to. Obviously the major brand names want more money. They typically bundle it with their other offerings. With Cisco, for example, you don't just buy an NDR. So, typically it gets rolled into the cost."

See which vendors are best for you

Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.

See recommendations

885,376 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Construction Company

13%

Manufacturing Company

Computer Software Company

Financial Services Firm

Computer Software Company

Financial Services Firm

Manufacturing Company

Outsourcing Company

Construction Company

13%

Comms Service Provider

11%

Financial Services Firm

11%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	44
Midsize Enterprise	20
Large Enterprise	47

By reviewers
Company Size	Count
Small Business	10
Midsize Enterprise	2
Large Enterprise	5

No data available

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One

Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...

See all answers

Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)

Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...

See all answers

How is Cortex XDR compared with Microsoft Defender?

Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...

See all answers

Ask a question

Earn 20 points

Ask a question

Earn 20 points

Comparisons

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks

Compared 9% of the time

SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks

Compared 6% of the time

CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Cortex XSIAM vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks

Compared 3% of the time

More Cortex XDR by Palo Alto Networks Competitors

Trellix Endpoint Security Platform vs NetWitness NDR

Compared 6% of the time

Darktrace vs NetWitness NDR

Compared 6% of the time

ServiceNow Security Operations vs NetWitness NDR

Compared 4% of the time

ExtraHop Reveal(x) vs NetWitness NDR

Compared 4% of the time

Tanium vs NetWitness NDR

Compared 2% of the time

More NetWitness NDR Competitors

CrowdStrike Falcon vs Qualys Multi-Vector EDR

Compared 28% of the time

Microsoft Defender for Endpoint vs Qualys Multi-Vector EDR

Compared 23% of the time

ExtraHop Reveal(x) vs Qualys Multi-Vector EDR

Compared 14% of the time

Huntress Managed EDR vs Qualys Multi-Vector EDR

Compared 8% of the time

Darktrace vs Qualys Multi-Vector EDR

Compared 8% of the time

More Qualys Multi-Vector EDR Competitors

Product Reports

Buyer's Guide

Cortex XDR by Palo Alto Networks

March 2026

Download Cortex XDR by Palo Alto Networks product report

Buyer's Guide

NetWitness NDR

March 2026

Download NetWitness NDR product report

Buyer's Guide

Endpoint Detection and Response (EDR)

March 2026

Download Qualys Multi-Vector EDR product report

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps

RSA ECAT, NetWitness Network

Blue Hexagon

Overview

Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.

Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.

What are the key features of Cortex XDR?

Advanced Threat Detection: Uses AI and machine learning for proactive threat identification.
Multi-layered Security: Combines various security measures for comprehensive protection.
Endpoint Protection: Safeguards against malware and exploits.
Behavioral Analysis: Monitors suspicious activity for early detection.
Automatic Threat Response: Automates responses to neutralize threats.

What benefits should users expect?

Ease of Use: Simplifies security management with intuitive design.
Resource Efficiency: Minimizes impact on system resources.
Integration Capabilities: Works well with existing security setups.
Reduced Analyst Workload: Automates processes to decrease manual intervention.

Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.

Palo Alto Networks

Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness NDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

NetWitness

Qualys Multi-Vector EDR is designed for real-time threat detection and response, offering comprehensive visibility into potential security breaches across endpoints.

This solution integrates seamlessly with other Qualys modules, facilitating automated workflows that streamline incident management and enhance efficiency in monitoring and mitigating cyber threats. With features like real-time monitoring, detailed reporting, and proactive alerting, security teams can quickly identify and address vulnerabilities. While appreciated for its scalability and ease of deployment, users suggest improvements in integration, reporting, and configuration to further enhance its capabilities.

What are the key features of Qualys Multi-Vector EDR?

Real-time Threat Detection: Continuously monitors endpoints to detect potential threats immediately.
Seamless Integration: Integrates with other Qualys modules and existing systems for streamlined operations.
Automated Response: Automates incident response workflows to enhance efficiency and reduce manual tasks.
Detailed Reporting: Provides in-depth reports to support proactive security measures and quick remediation.
Scalability: Suitable for businesses of varying sizes due to its scalable architecture.

What are the benefits and ROI to look for when evaluating Qualys Multi-Vector EDR?

Enhanced Security: Comprehensive threat detection ensures robust security measures.
Improved Efficiency: Automated workflows save time and reduce manual intervention.
Quick Remediation: Real-time alerts and detailed reports facilitate swift vulnerability mitigation.
Cost-effective Deployment: Scalable and resource-efficient architecture suitable for businesses large and small.

Qualys Multi-Vector EDR is implemented across industries such as finance, healthcare, and retail, where real-time threat detection and automated response are critical. Its ability to integrate with existing systems and provide detailed reporting makes it a valuable asset for enhancing cybersecurity measures in diverse environments.

Qualys

Sample Customers

CBI Health Group, University Honda, VakifBank

ADP, Ameritas, Partners Healthcare

Pacific Dental Services, Greenhill and Co, Heffernan Insurance Brokers

Buyer's Guide

Endpoint Detection and Response (EDR)

March 2026

Download Free Report

Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in Endpoint Detection and Response (EDR). Updated: March 2026.

DOWNLOAD NOW

885,376 professionals have used our research since 2012.

See our list of best Endpoint Detection and Response (EDR) vendors and best Network Detection and Response (NDR) vendors.

We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.