No more typing reviews! Try our Samantha, our new voice AI agent.

NetWitness NDR vs Stormshield Endpoint Security comparison

NetWitness and Stormshield are both solutions in the Endpoint Protection Platform (EPP) category. NetWitness is ranked #50, while Stormshield is ranked #57. NetWitness holds a 0.7% mindshare in EPP, compared to Stormshield’s 0.4% mindshare. Additionally, 87% of NetWitness users are willing to recommend the solution, compared to 100% of Stormshield users who would recommend it.
Sponsored
Cortex XDR by Palo Alto Net...
Read 108 Cortex XDR by Palo Alto Networks reviews
  • 14,649 Views
  • 8,496 Comparison Views
96% willing to recommend
NetWitness NDR
Read 15 NetWitness NDR reviews
  • 3,192 Views
  • 926 Comparison Views
87% willing to recommend
Stormshield Endpoint Security
Read 3 Stormshield Endpoint Security reviews
  • 621 Views
  • 584 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 9, 2024

Stormshield Endpoint Security and NetWitness NDR compete in the cybersecurity sector, focusing on endpoint protection and network detection and response, respectively. NetWitness NDR appears to have the upper hand due to its advanced features, making it worth the higher cost.

Features: Stormshield Endpoint Security users value its strong malware protection, firewall capabilities, and ease of use in diverse environments. NetWitness NDR is known for comprehensive threat detection, automated response features, and deep packet inspection.

Room for Improvement: Users of Stormshield Endpoint Security indicate a need for better reporting tools, improved customization options, and enhanced analytics. NetWitness NDR users suggest reducing setup complexity, better training resources, and a more user-friendly interface.

Ease of Deployment and Customer Service: Stormshield Endpoint Security is noted for quick and straightforward deployment, supported by responsive customer service. NetWitness NDR deployment is seen as more complex, but customer service is effective once the product is in use.

Pricing and ROI: Stormshield Endpoint Security is considered cost-effective with a solid ROI, making it appealing for budget-conscious buyers. NetWitness NDR, though more expensive, is deemed worth the investment due to its robust capabilities and the perceived higher return on investment.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed NetWitness NDR vs. Stormshield Endpoint Security Report (Updated: March 2026).
Buyer's Guide
NetWitness NDR vs. Stormshield Endpoint Security
March 2026
Download the complete report
Helped 885,311 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Protection Platform (EPP)
5th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
108
Ranking in other categories
Endpoint Detection and Response (EDR) (7th), Extended Detection and Response (XDR) (6th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (2nd)
NetWitness NDR
Ranking in Endpoint Protection Platform (EPP)
50th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
15
Ranking in other categories
Threat Intelligence Platforms (TIP) (37th), Endpoint Detection and Response (EDR) (58th), Security Orchestration Automation and Response (SOAR) (25th), Network Detection and Response (NDR) (19th), Extended Detection and Response (XDR) (37th)
Stormshield Endpoint Security
Ranking in Endpoint Protection Platform (EPP)
57th
Average Rating
8.0
Number of Reviews
3
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of March 2026, in the Endpoint Protection Platform (EPP) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.5%, down from 4.0% compared to the previous year. The mindshare of NetWitness NDR is 0.7%, up from 0.3% compared to the previous year. The mindshare of Stormshield Endpoint Security is 0.4%, up from 0.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.5%
NetWitness NDR0.7%
Stormshield Endpoint Security0.4%
Other95.4%
Endpoint Protection Platform (EPP)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
ABHISHEK_SINGH
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Read full review
reviewer1799727 - PeerSpot reviewer
reviewer1799727
Manager, IT Security Operations at a non-profit with 11-50 employees
Reliable and good support but can be expensive
I have no real complaints about the solution. Threat detection could be better. They need to enhance their threat intelligence feeds. We would like to have more IOCs or more trade intelligence to not only rely on the intelligence of the engineer in charge but to have some threat intelligence and some seeds of IOCs and to have the host have some artificial intelligence to reduce the number of false positives. I don't see this solution being very scalable. The solution is pricey.
Read full review
it_user745593 - PeerSpot reviewer
it_user745593
Senior Project Manager, PMP at a transportation company with 10,001+ employees
Protects the global station and has good stability
The feature I find most valuable is that it protects the global station The solution's integration with the Windows environment could be better. The solution needs better integration with products, if it did, it would have the assumption of better security. I've been using the solution since…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We switched because there were a lot of added features with Palo Alto that Check Point didn't have, and it was an upgrade for us."
"The product's most valuable features are massive user and feature intelligence exploit detection."
"The most valuable aspect of Cortex XDR by Palo Alto Networks for me is its integration with AI detection, where we get to know the behavioral detection based on users, traffic patterns, and different services that we consume."
"There has been a significant reduction of approximately 70% to 80% in our internal MTTR and MTTD metrics, now around five to eight minutes whereas previously it was hours, which has helped tremendously."
"Stability is a primary factor, and then there's the ease of distribution and policy management."
"The product is mostly automated, and we do not have to make decisions, because all the decisions are made by the product itself and we are not required to create any custom policies since the policies that are created are well defined in the product itself."
"The level of security I get for my endpoints and servers is extremely valuable."
"This software helps us understand any issues that may arise when someone is not at work."
More Cortex XDR by Palo Alto Networks pros
"I would highly recommend the solution. Just go ahead and get it."
"One of the most valuable features is the Orchestrator."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"We like the solution doesn't have to be managed by an IT department; it's easy to use and you can still check the machine without the IT department being involved."
"Technical support is knowledgeable."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"It is very easy to use, and its usability is great."
"The solution is stable."
More NetWitness NDR pros
"The feature I find most valuable is that it protects the global station."
"If you need a Windows based multi-functional end-point security solution then this product is for you."
"The feature I find most valuable is that it protects the global station."
"It is very good for preventing cryptolocker attacks."
 

Cons

"In general, the price could be more competitive."
"The connection to the internet has not performed as expected."
"Basically, they don't provide customer support tools just to investigate the logs."
"They've been having some issues with updating their endpoint agents, and it has been quite frustrating."
"The installation should be easier and the Palo Alto pre-sales and sales teams should have more information on the product because they don't know what they are selling."
"We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky."
"Cortex XDR by Palo Alto Networks can improve mobile integration to allow access to the console."
"For working with the solution, you only really need a web browser, however, we've found that working on Chrome, for example, is horrible."
More Cortex XDR by Palo Alto Networks cons
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"The contamination feature could be improved."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"The initial setup requires a high level of skill, then the setup is good and smooth."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
More NetWitness NDR cons
"Only Windows based. Dependence on MS updates and service start-up priority."
"The solution's integration with the Windows environment could be better."
"The solution's integration with the Windows environment could be better."
"Release speed for newer versions. When a new OS is released, you've got to wait half year to get the new version that covers the new Windows OS."
 

Pricing and Cost Advice

"If one wishes to work with another team or large number of users at a future point, he must purchase a license for them."
"The price of the solution could be reduced. I have customers that have voiced that the solution is good for the value but if I want to sell more of the solution the price reduction would help."
"The pricing is a little high. It is per user per year."
"I don't like that they have different types of licenses."
"The cost depends on your chosen license type, like Pro or other licenses."
"Cortex XDR’s pricing is very reasonable."
"Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance."
"The solution is expensive. It's pricing is on a yearly-basis."
More Cortex XDR by Palo Alto Networks pricing and cost advice
"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."
"They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."
"It is highly scalable. It can be bought based on your requirements."
"The cost depends on the number of endpoints that you want to monitor, but it is not expensive."
"The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."
"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."
"We are on a three-year contract to use RSA NetWitness Network."
"It is an expensive product."
More NetWitness NDR pricing and cost advice
Information not available
report
See which vendors are best for you
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
See recommendations
885,311 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
13%
Manufacturing Company
8%
Computer Software Company
8%
Financial Services Firm
8%
Computer Software Company
9%
Financial Services Firm
9%
Manufacturing Company
9%
Outsourcing Company
7%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business44
Midsize Enterprise20
Large Enterprise47
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise2
Large Enterprise5
No data available
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
See all answers
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
See all answers
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
See all answers
Ask a question
Earn 20 points
Ask a question
Earn 20 points
 

Comparisons

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks Logo
Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks
Compared 9% of the time
SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks Logo
SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks
Compared 6% of the time
CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks Logo
CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks
Compared 4% of the time
Cortex XSIAM vs Cortex XDR by Palo Alto Networks Logo
Cortex XSIAM vs Cortex XDR by Palo Alto Networks
Compared 4% of the time
Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks Logo
Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks
Compared 3% of the time
More Cortex XDR by Palo Alto Networks Competitors
Trellix Endpoint Security Platform vs NetWitness NDR Logo
Trellix Endpoint Security Platform vs NetWitness NDR
Compared 6% of the time
Darktrace vs NetWitness NDR Logo
Darktrace vs NetWitness NDR
Compared 6% of the time
ServiceNow Security Operations vs NetWitness NDR Logo
ServiceNow Security Operations vs NetWitness NDR
Compared 4% of the time
ExtraHop Reveal(x) vs NetWitness NDR Logo
ExtraHop Reveal(x) vs NetWitness NDR
Compared 4% of the time
Tanium vs NetWitness NDR Logo
Tanium vs NetWitness NDR
Compared 2% of the time
More NetWitness NDR Competitors
Trellix Endpoint Security Platform vs Stormshield Endpoint Security Logo
Trellix Endpoint Security Platform vs Stormshield Endpoint Security
Compared 19% of the time
Sophos Endpoint vs Stormshield Endpoint Security Logo
Sophos Endpoint vs Stormshield Endpoint Security
Compared 17% of the time
Symantec Endpoint Security vs Stormshield Endpoint Security Logo
Symantec Endpoint Security vs Stormshield Endpoint Security
Compared 17% of the time
WithSecure Elements Endpoint Protection vs Stormshield Endpoint Security Logo
WithSecure Elements Endpoint Protection vs Stormshield Endpoint Security
Compared 12% of the time
Fortinet FortiClient vs Stormshield Endpoint Security Logo
Fortinet FortiClient vs Stormshield Endpoint Security
Compared 11% of the time
More Stormshield Endpoint Security Competitors
 

Product Reports

Buyer's Guide
Cortex XDR by Palo Alto Networks
March 2026
Cortex XDR by Palo Alto Networks reportDownload Cortex XDR by Palo Alto Networks product report
Buyer's Guide
NetWitness NDR
March 2026
NetWitness NDR reportDownload NetWitness NDR product report
Buyer's Guide
Endpoint Protection Platform (EPP)
February 2026
Stormshield Endpoint Security reportDownload Stormshield Endpoint Security product report
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
RSA ECAT, NetWitness Network
SkyRecon Systems StormShield Security Suite
 

Overview

Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.

Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.

What are the key features of Cortex XDR?
  • Advanced Threat Detection: Uses AI and machine learning for proactive threat identification.
  • Multi-layered Security: Combines various security measures for comprehensive protection.
  • Endpoint Protection: Safeguards against malware and exploits.
  • Behavioral Analysis: Monitors suspicious activity for early detection.
  • Automatic Threat Response: Automates responses to neutralize threats.
What benefits should users expect?
  • Ease of Use: Simplifies security management with intuitive design.
  • Resource Efficiency: Minimizes impact on system resources.
  • Integration Capabilities: Works well with existing security setups.
  • Reduced Analyst Workload: Automates processes to decrease manual intervention.

Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.

Palo Alto Networks

Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness NDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

NetWitness
Stormshield offers innovative end-to-end security solutions worldwide to protect networks (Stormshield Network Security), workstations (Stormshield Endpoint Security) and data (Stormshield Data Security). These next-generation trusted solutions ensure the protection of strategic information and are deployed through a partner network of distributors, integrators and operators in businesses of all sizes, government institutions and defense organizations worldwide.
Stormshield
 

Sample Customers

CBI Health Group, University Honda, VakifBank
ADP, Ameritas, Partners Healthcare
Arkoon, Netasq
Buyer's Guide
NetWitness NDR vs. Stormshield Endpoint Security
March 2026
Free Report: NetWitness NDR vs. Stormshield Endpoint Security
Find out what your peers are saying about NetWitness NDR vs. Stormshield Endpoint Security and other solutions. Updated: March 2026.
DOWNLOAD NOW
885,311 professionals have used our research since 2012.
See our NetWitness NDR vs. Stormshield Endpoint Security report.
See our list of best Endpoint Protection Platform (EPP) vendors.

We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.