We performed a comparison between NetWitness XDR and OpenText EnCase eDiscovery based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The integration, visibility, vulnerability management, and device identification are valuable."
"The most valuable aspect is undoubtedly the exploration capability"
"The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"Ability to isolate the machine when there are malicious files."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"This solution allows us to locate the malware in real-time."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"It is stable. We have been using it for some time, without any issues."
"It indexes much faster, and is more reflexive because of the Enscripts."
"I like the processing feature on the product because it does everything at once, i.e, indexing, recovery, keyword searches, etc."
"The most important feature we've found is the Enscripts. That is one powerful feature that I, personally, love to use."
"The solution is very stable."
"It speeds up the process, so I can meet my deadlines."
"The technical support is excellent."
"Data Recovery: Its ability to repair damaged partitions and uncover hidden partitions from within the tool, and allow further analysis."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"One of the biggest downsides of Microsoft products, in general, is that the menus are often difficult to find, as they tend to move from place to place between versions."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"The user interface of Microsoft 365 Defender could improve. They could make it simpler."
"The support could be more knowledgable to improve their offering."
"The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense."
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises."
"RSA NetWitness Network could improve on integration with non-native application integration."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"Threat detection could be better."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"The solution lacks a reporting engine."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"Ease of use and learning curve need improvement."
"The reporting is a bit unreliable. It needs to be better."
"In the past, incident response time for tech support was slow."
"There were minor UI bugs."
"I would like to see a capability to ingest and absorb more data. That would be really good. It currently is lacking this function."
"We have come across problems with the end-case. We could not find an email discovery type of module and there was not flexibility with the email."
"Sometimes the application can take more time to complete the image processing or fail at the end of the process."
NetWitness XDR is ranked 17th in Extended Detection and Response (XDR) with 15 reviews while OpenText EnCase eDiscovery is ranked 6th in eDiscovery with 8 reviews. NetWitness XDR is rated 8.0, while OpenText EnCase eDiscovery is rated 7.8. The top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". On the other hand, the top reviewer of OpenText EnCase eDiscovery writes "A stable and scalable hybrid solution with easy setup". NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Vectra AI, whereas OpenText EnCase eDiscovery is most compared with Nuix eDiscovery, CrowdStrike Falcon, Microsoft Defender for Endpoint, Trellix Endpoint Security (ENS) and Microsoft Purview eDiscovery. See our NetWitness XDR vs. OpenText EnCase eDiscovery report.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
