We performed a comparison between NetWitness XDR and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The integration between all the Defender products is the most valuable feature."
"The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"Microsoft 365 Defender is simple to upgrade."
"We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence."
"I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an attack is performed anywhere within the organization, you can isolate that instance from the network. This is what I can figure out for it. When integrated with Sentinel, you can set up playbooks to automate all the alerts gathered on Sentinel from different Microsoft solutions. Sentinel has a wider range of capabilities than XDR."
"I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"The product integrates security into one tool instead of having third-party security tools."
"The most valuable feature depends on the scenario. For compliance, I like Microsoft Purview Information Protection and Data Loss Prevention. Sentinel is the most helpful feature for security. 365 Defender helps us prioritize threats across an enterprise. It's a crucial feature for the managed services team."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"The interface of this solution is very flexible and easy to use."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"This solution allows us to locate the malware in real-time."
"Ability to isolate the machine when there are malicious files."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"Integration with threat modeling from the Metasploit and InsightIDR repositories."
"I like that it's a cloud-based solution."
"I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters."
"Rapid7 is easy to use and deploy. It is a simple solution and has easy data pulling."
"The solution is very stable and works very well for what I need it to do."
"It improved my organization by building a security alerting program."
"It is a very stable solution."
"Great coverage of all systems within our network from endpoint to firewall."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"Generally, antivirus products provide a central control to manage every device in terms of who is installing it or who is trying to disable it, but Microsoft doesn't have such a control center for the antivirus product it provides."
"At times, there may be delays in the execution of certain actions and their effects."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"The solution does not offer a unified response and standard data."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"RSA NetWitness Network could improve on integration with non-native application integration."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"Threat detection could be better."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"The solution lacks a reporting engine."
"The contamination feature could be improved."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"Cloud risk assessment is one area where I think they need a lot of improvement."
"The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources."
"They should add more configuration and security features to it."
"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."
"Inability to get access to compliance reports within the solution."
"One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."
"I would like the ability to adjust the threshold of certain existing alerts. Currently the only option is to change the notifications or create my own alert."
"The dashboard is an area that could be simplified."
NetWitness XDR is ranked 37th in Endpoint Detection and Response (EDR) with 15 reviews while Rapid7 InsightIDR is ranked 21st in Endpoint Detection and Response (EDR) with 29 reviews. NetWitness XDR is rated 8.0, while Rapid7 InsightIDR is rated 8.4. The top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". On the other hand, the top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Microsoft Defender for Endpoint, whereas Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and IBM Security QRadar. See our NetWitness XDR vs. Rapid7 InsightIDR report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.