No more typing reviews! Try our Samantha, our new voice AI agent.

NetWitness NDR vs Zscaler Client Connector comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 8, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
NetWitness NDR
Ranking in Endpoint Detection and Response (EDR)
59th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
15
Ranking in other categories
Endpoint Protection Platform (EPP) (49th), Threat Intelligence Platforms (TIP) (34th), Security Orchestration Automation and Response (SOAR) (23rd), Network Detection and Response (NDR) (19th), Extended Detection and Response (XDR) (41st)
Zscaler Client Connector
Ranking in Endpoint Detection and Response (EDR)
24th
Average Rating
8.8
Reviews Sentiment
5.9
Number of Reviews
6
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of NetWitness NDR is 1.0%, up from 0.4% compared to the previous year. The mindshare of Zscaler Client Connector is 0.7%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
Zscaler Client Connector0.7%
NetWitness NDR1.0%
Other94.7%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
reviewer1799727 - PeerSpot reviewer
Manager, IT Security Operations at a non-profit with 11-50 employees
Reliable and good support but can be expensive
I have no real complaints about the solution. Threat detection could be better. They need to enhance their threat intelligence feeds. We would like to have more IOCs or more trade intelligence to not only rely on the intelligence of the engineer in charge but to have some threat intelligence and some seeds of IOCs and to have the host have some artificial intelligence to reduce the number of false positives. I don't see this solution being very scalable. The solution is pricey.
DA
IT Support Admin at Kuehne & Nagel Inc.
Client activity has been monitored efficiently through in-depth log analysis and traffic filtering
I use the Zscaler speed test, and it is very nice. We use some logs from Zscaler Client Connector to collect data and see what is happening, such as if there is an interruption or something. There is a specific tunnel version that we have to use because, depending on the internet provider, some of them have lower speed, so we have some issues. This is because of the provider, not from Zscaler. We use Office 365 services and Office applications, and because some connections are slow and they do not have full coverage from the internet provider, we have some issues. If the speed is slow for Zscaler Client Connector connection, then we have issues because if the speed is not good, then Zscaler Client Connector goes down. This may be because they put some policy. Of course, if you use Office 365 services such as Outlook, the minimum bandwidth is 5 megabits and more, so this causes issues if the users do not have a good remote connection. This depends on the companies and the users, so they need to fix it. This is not from us or our company. It is very useful, and the logs are very helpful. When we go to logs, we understand what is happening.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"These days it's machine-learning technology and behavior-based analytics features that make us more secure."
"Cortex XDR lets us manage several clients from the same console, and its endpoint defense is more advanced than traditional antivirus."
"Palo Alto is constantly adding new features."
"There are a lot of lead solutions in this space, however, Palo Alto is number one."
"We can use Cortex XDR to get the entire graph of the incidents from source to destination, and we can take remedial action."
"If you are looking for security, mainly for advanced threat prevention from ransomware and malware attacks, I would recommend Cortex."
"In one single alert, we are getting the network telemetry, endpoint telemetry, email security telemetry, and proxy telemetry all in one single ticket, making it very easy."
"The dashboard is customizable."
"In my opinion, this is the best platform, world-wide, and I am happy with it."
"It is very easy to use, and its usability is great."
"This solution allows us to locate the malware in real-time."
"I would highly recommend the solution. Just go ahead and get it."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"The solution is scalable; it creates 3,000 lab logs per second, and I think the solution is suitable for large companies or medium to large companies."
"The interface of this solution is very flexible and easy to use."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"Zscaler Client Connector is quite scalable, and I would rate its scalability as nine or ten out of ten."
"It is very useful, and the logs are very helpful; when we go to logs, we understand what is happening."
"It is very important to see what is happening between the user and the applications that we have, and to filter the traffic from outbound traffic and inside traffic."
"The real-time analytics feature in Zscaler Client Connector is another valuable feature called Digital Experience, or ZDX, which can easily identify the root cause of issues accessing public or internal resources and provide good analysis so relevant teams can quickly resolve them, making it a very good tool that helps customers."
"The solution operates in the background seamlessly without the user noticing."
"I'd rate the solution nine out of ten."
"Zscaler Client Connector has eliminated VPN bottlenecks and outages, improved user productivity with instant secure access, and reduced help desk tickets related to VPN issues, overcoming 60% of VPN-related problems while allowing faster onboarding of remote users and better enforcement of zero-trust security policies."
"The best features of Zscaler Client Connector are that it gives the client a much more transparent experience, as they don't have to worry about connecting to a VPN."
 

Cons

"For Cortex XDR by Palo Alto Networks, if I had to point out improvements, I would say the UI is still somewhat difficult for beginners."
"I have run into some detection issues with Cortex XDR. It needs to be better at detection of internal attacks."
"I have faced some issues with Cortex XDR by Palo Alto Networks; there is room for improvement in the sense that certain options prevent us from seeing and segregating data."
"The GUI could be improved."
"There are some limitations on the Traps agents."
"The solution eats memory of the computer, unlike anything I've ever seen."
"A little bit more automation would be nice."
"Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files. It was unable to retrieve new file verdicts. It was using a thing called "local analysis" to determine if something was a malicious file or not. There was no dynamic analysis."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"RSA NetWitness Network could improve on integration with non-native application integration."
"Threat detection could be better."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"The contamination feature could be improved."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"One of the drawbacks of using this product is that when you deploy, you have to create MSI files."
"I rate this product nine out of ten because I have seen some minor instability issues after updates and some room for UI improvement for deeper analytics, with instances of major issues after updating the GCC that required rollbacks."
"Zscaler Client Connector is not low in cost; it is definitely on the higher side."
"There is a hard learning curve for Zscaler Client Connector; their support isn't the greatest all the time."
"If the speed is slow for Zscaler Client Connector connection, then we have issues because if the speed is not good, then Zscaler Client Connector goes down."
"The stability of Zscaler Client Connector needs improvement, as it often disconnects and reconnects."
"There is room for improvement regarding the price of Zscaler Client Connector, as it is one of the most expensive solutions available."
 

Pricing and Cost Advice

"I did PoCs on products called Cylance and CrowdStrike. Although, I consider these products and they were also good, when it come to cost and budgetary factors, Traps has been proven to be better than the other two products. It is quite cost-effective and delivers all the entire solution which we require."
"We didn't have to pay any additional fee for the cloud instance. It just came with the renewal, which was nice."
"In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage."
"It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."
"I don't recall what the cost was, but it wasn't really that expensive."
"It is cost-effective compared to similar solutions. It fits for the small businesses through to the big businesses."
"It's the most expensive solution, but features-wise, it's quite strong. It's very good for protection, so the results are very good in the case of protection. I would rate it a two out of ten in terms of pricing."
"The solution has one subscription for endpoint protection and one subscription for detection and response. The two licenses combined give you the BRO version."
"We are on a three-year contract to use RSA NetWitness Network."
"It is highly scalable. It can be bought based on your requirements."
"It is an expensive product."
"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."
"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."
"The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."
"The cost depends on the number of endpoints that you want to monitor, but it is not expensive."
"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."
Information not available
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
12%
Manufacturing Company
9%
Construction Company
8%
Computer Software Company
8%
Manufacturing Company
21%
Financial Services Firm
10%
Government
9%
Comms Service Provider
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise2
Large Enterprise6
By reviewers
Company SizeCount
Small Business3
Large Enterprise5
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
Ask a question
Earn 20 points
What is your experience regarding pricing and costs for Zscaler Client Connector?
My experience with pricing, setup cost, and licensing is that the pricing is fair, though it is a bit costly. It oper...
What needs improvement with Zscaler Client Connector?
For Zscaler Client Connector, I would appreciate more granular control over the client update rollout and slightly fa...
What is your primary use case for Zscaler Client Connector?
My main use case of Zscaler Client Connector is to provide secure, seamless access to the internet and internal appli...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
RSA ECAT, NetWitness Network
No data available
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
ADP, Ameritas, Partners Healthcare
Information Not Available
Find out what your peers are saying about NetWitness NDR vs. Zscaler Client Connector and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.