No more typing reviews! Try our Samantha, our new voice AI agent.

NetWitness NDR vs VIPRE Endpoint Security comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Protection Platform (EPP)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Detection and Response (EDR) (6th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
NetWitness NDR
Ranking in Endpoint Protection Platform (EPP)
49th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
15
Ranking in other categories
Threat Intelligence Platforms (TIP) (34th), Endpoint Detection and Response (EDR) (59th), Security Orchestration Automation and Response (SOAR) (23rd), Network Detection and Response (NDR) (19th), Extended Detection and Response (XDR) (41st)
VIPRE Endpoint Security
Ranking in Endpoint Protection Platform (EPP)
52nd
Average Rating
7.0
Number of Reviews
2
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Endpoint Protection Platform (EPP) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.8%, up from 3.7% compared to the previous year. The mindshare of NetWitness NDR is 0.9%, up from 0.3% compared to the previous year. The mindshare of VIPRE Endpoint Security is 0.6%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.8%
NetWitness NDR0.9%
VIPRE Endpoint Security0.6%
Other94.7%
Endpoint Protection Platform (EPP)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
reviewer1799727 - PeerSpot reviewer
Manager, IT Security Operations at a non-profit with 11-50 employees
Reliable and good support but can be expensive
I have no real complaints about the solution. Threat detection could be better. They need to enhance their threat intelligence feeds. We would like to have more IOCs or more trade intelligence to not only rely on the intelligence of the engineer in charge but to have some threat intelligence and some seeds of IOCs and to have the host have some artificial intelligence to reduce the number of false positives. I don't see this solution being very scalable. The solution is pricey.
SS
IT Security Analyst at a healthcare company with 11-50 employees
Easy to upgrade and manage but needs better reporting
There just was a lot about it that I didn't like. For blocking certain items, such as USBs, we felt like it was slowing down the network too much. Therefore we utilized a GPO for blocking things like that instead. Our environment was big and I didn't feel like the console did a good enough job. We outgrew the product. I've been asking for a change for a couple of years now, and it finally got approved. In terms of the console, I had over 2000 endpoints in there and there wasn't even a search feature for me to look through them. If I had to find where a policy was I had to sort in alphabetical order to find an endpoint that I wanted. They need to offer a search function within the console - maybe something that shows a "last connected" notice. That way, it's easier to manage obsolete machines that you don't need anymore. They had a very vague setting, like after so many days, when do you want us to remove these, you'd see them. I just wish the console was a little more responsive when I would do commands. The reports could have been better. The product would show a lot of endpoints as not communicating. That was another pain point. We constantly had to run an SQL query to clean up the database as I would know immediately when I was in the console, that it just wasn't being responsive. I could tell I was being given bad data and that we had to clean up the database. As soon as I would clean up that database, it was like a purging of the SQL database and it would become a lot more responsive. The problem was that our environment was too big. We're going through a growth spurt right now. In the end, the solution is small and much better suited for a small business. We would get a lot of false positives and instead of them fixing the false positive, they would just want us to put in an exception, which I didn't care for. The product is based on an older model of signature files. It doesn't use any artificial intelligence or anything. It was slow to refresh the policies and computer scans. The larger we got, the more it became an issue. If a company stayed small, I'm not sure if they would have noticed.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"They have a new GUI which is just fantastic."
"My advice for others looking into using Cortex is that it is very easy to use and very useful for the customer environment, whether it's a public or private one."
"The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical."
"I recommend this solution to others because it is easy to manage, reliable, and overall good to use."
"The solution helps find bugs, and it is safe to use to prevent attacks by hackers."
"Its interface and pricing are most valuable, and it is better than other vendors in terms of security."
"The most valuable features are incident creation, policy-based protection, IP whitelisting, and device encryption. These are beneficial for endpoint and server security."
"The normal protection was really effective, and we detected situations that if we didn't have Cortex XDR by Palo Alto Networks, it's highly likely that we would have been affected, but it protected the infrastructure."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"The stability of the RSA NetWitness Endpoint is very good."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"The solution is stable."
"I would highly recommend the solution. Just go ahead and get it."
"It is very easy to use, and its usability is great."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"In general, it was pretty easy to manage."
"It has improved the way our organization functions, made things run faster in our company, and has done a fantastic job of keeping our networks free of virus."
"Technical support was always very helpful and responsive."
"It has low overhead as far as machine resources are concerned. Everything runs faster with VIPRE installed versus some of the competitors. It has also been pretty easy to use. It just runs and gives us reports. It also sends us alerts when there is something that we need to look at. It does its job, and you just look at the reports. In other ways, you just forget that it is there."
 

Cons

"It is not easy to sell Cortex XDR, not because it isn't a good tool. Its marketing needs to be improved."
"It is not a suitable solution if you are looking for a single product with multiple features such as DLP, encryption, rollback, etc."
"The negative aspect I see is the economic model used by Palo Alto."
"It is a complex solution to implement."
"Whenever the tool releases a new version when deploying the product across the organization, I feel like there are some disturbances in the CPU usage after upgrading the tool to the latest version."
"They have the worst support, as a company, that I have ever worked with, as they are difficult to get a hold of and keep on the phone. They don't know what they are talking about when you get them on the phone. They don't like to respond to messages when you send them to them. They like to "research problems" for weeks on end, then pass you off to somebody else."
"There are some limitations on the Traps agents."
"The solution lacks real-time, on-demand antivirus."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"The problem with this product is that it's a bit slow."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"RSA NetWitness Endpoint is a scalable solution. However, the problem which we normally face is in terms of the migration of the solution."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"The solution lacks a reporting engine."
"We would get a lot of false positives and instead of them fixing the false positive, they would just want us to put in an exception, which I didn't care for."
"Their management interface is a little buggy. It requires a few system resources on the management interface. Its reporting can also be better. Overall, the reports are pretty good. They patch some third-party software, but if they can expand what they do for reporting and patch enterprise software, it would be handy."
"Their management interface is a little buggy as it will hang up and crash from time to time."
 

Pricing and Cost Advice

"The tool's price is moderate."
"Very costly product."
"I don't recall what the cost was, but it wasn't really that expensive."
"The price was fine."
"It has a yearly renewal."
"Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance."
"If one wishes to work with another team or large number of users at a future point, he must purchase a license for them."
"The price is on the higher side, but it's okay."
"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."
"They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."
"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."
"It is an expensive product."
"It is highly scalable. It can be bought based on your requirements."
"We are on a three-year contract to use RSA NetWitness Network."
"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."
"The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."
"Its price point has been phenomenal. Our previous solution from Trend Micro was triple the cost of it."
"Its price point has been phenomenal. Our previous solution from Trend Micro was triple the cost of it."
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
12%
Manufacturing Company
9%
Construction Company
8%
Computer Software Company
8%
Comms Service Provider
16%
University
9%
Computer Software Company
8%
Government
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise2
Large Enterprise6
No data available
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
Ask a question
Earn 20 points
Ask a question
Earn 20 points
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
RSA ECAT, NetWitness Network
VIPRE Cloud, VIPRE Endpoint Security Cloud Edition, VIPRE Endpoint Security Server Edition
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
ADP, Ameritas, Partners Healthcare
College Station ISD, Mid-West Companies, Guardian Network Solutions
Find out what your peers are saying about NetWitness NDR vs. VIPRE Endpoint Security and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.