NetWitness NDR vs Proofpoint Threat Response comparison

The compared NetWitness and Proofpoint solutions aren't in the same category. NetWitness is ranked #21 in NDaR , and holds a 2.1% mindshare in the category. Proofpoint is ranked #5 in IRP , with an average rating of 7.5, and holds a 17.5% mindshare. Additionally, 87% of NetWitness users are willing to recommend the solution, compared to 80% of Proofpoint users who would recommend it.

NetWitness NDR

Read 15 NetWitness NDR reviews

601 Views
127 Comparison Views

87% willing to recommend

Proofpoint Threat Response

Read 5 Proofpoint Threat Response reviews

232 Views
111 Comparison Views

80% willing to recommend

NetWitness NDR

Proofpoint Threat Response

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between NetWitness NDR and Proofpoint Threat Response based on real PeerSpot user reviews.

Find out what your peers are saying about Darktrace, Vectra AI, Trend Micro and others in Network Detection and Response (NDR).

To learn more, read our detailed Network Detection and Response (NDR) Report (Updated: June 2025).

Buyer's Guide

Network Detection and Response (NDR)

June 2025

Download the complete report

Helped 857,585 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

NetWitness NDR

Average Rating

8.0

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Endpoint Protection Platform (EPP) (59th), Threat Intelligence Platforms (39th), Endpoint Detection and Response (EDR) (60th), Security Orchestration Automation and Response (SOAR) (25th), Network Detection and Response (NDR) (21st), Extended Detection and Response (XDR) (38th)

Proofpoint Threat Response

Average Rating

8.0

Reviews Sentiment

7.7

Number of Reviews

Ranking in other categories

Security Incident Response (5th)

Mindshare comparison

While both are Security Software solutions, they serve different purposes. NetWitness NDR is designed for Network Detection and Response (NDR) and holds a mindshare of 2.1%, up 1.9% compared to last year.
Proofpoint Threat Response, on the other hand, focuses on Security Incident Response, holds 17.5% mindshare, up 7.2% since last year.

Network Detection and Response (NDR)

Security Incident Response

Featured Reviews

SupravatMaji

Associate Vice President - IT Security at Inspira Enterprise

Beneficial single unified dashboard, good native application integration, and high availability

My advice to those wanting to implement RSA NetWitness Network is they have to first do a little due diligence, such as the exact requirement based on their needs. That will give them a direction for their investment because otherwise, the bill of material or bill of quantity (BOQ) may be higher side. It is important to do good due intelligence on the environment, see the exact requirement, and then go ahead with the solution. The solution is perfectly stable. I rate RSA NetWitness Network a nine out of ten.

Read full review

Giuseppe Sgroi

Senior Project Manager at CAP Holding S.p.A.

Blocks potential spam emails efficiently and integrates well with our security framework

We use the product to verify and manage emails sent and received through our Microsoft Exchange server, focusing on blocking potential spam emails The platform's most valuable include the ability to check emails and block potential spam. The platform's technical support services and pricing need…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The interface of this solution is very flexible and easy to use."

"It is stable. We have been using it for some time, without any issues."

"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."

"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."

"The log correlation is good."

"Ability to isolate the machine when there are malicious files."

"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."

"This solution allows us to locate the malware in real-time."

More NetWitness NDR pros

"If something's pulled and then it's later declared a false positive, it will automatically restore. They also take automatic feeds from their advanced threat detection modules."

"The platform's most valuable include the ability to check emails and block potential spam."

"The best part of Proofpoint Threat Response is the Auto-Pull feature. Being able to pull an email back from a user's mailbox is very useful, yet I have noticed that not a lot of organizations use this kind of feature."

"Support is very responsive."

"It has reduced our manual efforts to remove emails from each user's inbox, and in this case we do not have to ask our IT department or users to do so."

Cons

"The initial setup requires a high level of skill."

"The solution lacks a reporting engine."

"I would like to see Security Orchestration and Response Automation (SOAR) integration."

"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."

"The contamination feature could be improved."

"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."

"RSA NetWitness Network could improve on integration with non-native application integration."

"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."

More NetWitness NDR cons

"The interface within Threat Response could be made simpler."

"The platform's technical support services and pricing need improvement."

"Has some quirks."

"If the reporting gets improved then it would be better, but the product is running amazing as it is."

"The on-premise version doesn't scale well for large companies."

Pricing and Cost Advice

"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."

"I do not have any opinion on the pricing or licensing of the product."

"We are on a three-year contract to use RSA NetWitness Network."

"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."

"It is highly scalable. It can be bought based on your requirements."

"The cost depends on the number of endpoints that you want to monitor, but it is not expensive."

"They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."

"It is an expensive product."

More NetWitness NDR pricing and cost advice

"It's quite affordable to have it with this much functionality and ease to administrate."

"The way most big companies work with Proofpoint is that they try to tie everything into an enterprise license. I can't comment on the actual costs, however I do know that alternative solutions such as Abnormal Security can be much more expensive than Proofpoint Threat Response."

See which vendors are best for you

Use our free recommendation engine to learn which Network Detection and Response (NDR) solutions are best for your needs.

See recommendations

857,585 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

16%

Financial Services Firm

16%

Manufacturing Company

Government

Financial Services Firm

16%

Healthcare Company

13%

Computer Software Company

12%

Energy/Utilities Company

10%

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

Ask a question

Earn 20 points

What is your experience regarding pricing and costs for Proofpoint Threat Response?

I have a vague idea because I don't know what others are charging. But we felt that putting up with the pains and having to spend more time keeping it running than we expected is still better than ...

See all answers

What needs improvement with Proofpoint Threat Response?

The platform's technical support services and pricing need improvement.

See all answers

What is your primary use case for Proofpoint Threat Response?

We use the product to verify and manage emails sent and received through our Microsoft Exchange server, focusing on blocking potential spam emails.

See all answers

Comparisons

Darktrace vs NetWitness NDR

Compared 13% of the time

Fidelis Elevate vs NetWitness NDR

Compared 11% of the time

Cortex XDR by Palo Alto Networks vs NetWitness NDR

Compared 9% of the time

Vectra AI vs NetWitness NDR

Compared 7% of the time

ExtraHop Reveal(x) vs NetWitness NDR

Compared 7% of the time

More NetWitness NDR Competitors

Splunk Attack Analyzer vs Proofpoint Threat Response

Compared 41% of the time

Palo Alto Networks Cortex XSOAR vs Proofpoint Threat Response

Compared 22% of the time

ServiceNow Security Operations vs Proofpoint Threat Response

Compared 19% of the time

Cofense Triage vs Proofpoint Threat Response

Compared 18% of the time

More Proofpoint Threat Response Competitors

Product Reports

Buyer's Guide

NetWitness NDR

May 2025

Download NetWitness NDR product report

Buyer's Guide

Proofpoint Threat Response

May 2025

Download Proofpoint Threat Response product report

Also Known As

RSA ECAT, NetWitness Network

No data available

Overview

Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness NDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

NetWitness

No defense can stop every attack. When something does get through, Proofpoint Threat Response takes the manual labor and guesswork out of incident response to help you resolve threats faster and more efficiently. Get an actionable view of threats, enrich alerts, and automate forensic collection and comparison. For verified threats, quarantine and contain users, hosts, and malicious email attachments - automatically or at the push of a button.

Proofpoint

Sample Customers

ADP, Ameritas, Partners Healthcare

University of Waterloo, Akorn, Fenwick and West LLP

Buyer's Guide

Network Detection and Response (NDR)

June 2025

Download Free Report

Find out what your peers are saying about Darktrace, Vectra AI, Trend Micro and others in Network Detection and Response (NDR). Updated: June 2025.

DOWNLOAD NOW

857,585 professionals have used our research since 2012.

We monitor all Network Detection and Response (NDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.