We performed a comparison between NetWitness XDR and Trend Micro XDR based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: NetWitness XDR is commended for its prompt threat response, seamless integration capabilities, and user behavior analytics. Trend Micro XDR is commended for its holistic approach to threat prevention, real-time visualization, and ability to prioritize network-based detection and response. Users say NetWitness XDR could improve its threat intelligence and investigation. Some suggested updates to its reporting engine. Trend Micro XDR should improve integration, overhaul its web interface, and strengthen its business relationships.
Service and Support: NetWitness XDR provides effective 24/7 technical support. While some were satisfied with the response times, others experienced delays of up to 48 hours. Some customers have found Trend Micro’s customer service to be helpful and responsive, while others have encountered challenges with technical support in complex situations.
Ease of Deployment: Some users found the initial setup of NetWitness uncomplicated, but others faced challenges. The initial setup of Trend Micro XDR is straightforward and fast, but it may require the involvement of several technical professionals.
Pricing: The total cost of NetWitness XDR depends on the environment and the number of endpoints. Larger users can receive discounts, but users say the solution might be too pricey for smaller companies. NetWitness XDR provides various licenses, including some that feature premium support. Some reviews noted that Trend Micro XDR might be too costly for small organizations, but others found the price reasonable.
ROI: NetWitness XDR has demonstrated positive outcomes by improving threat detection capabilities and facilitating digital forensics. Trend Micro XDR delivers value through automation. Its efficient alerts ensure timely threat detection and prevention.
Comparison Results: Our users prefer Trend Micro XDR over NetWitness XDR. Trend Micro XDR is commended for its comprehensive visibility, high detection rate, and user-friendliness. NetWitness XDR users report challenges with integration, setup, and performance. Trend Micro XDR is considered reasonably priced, while NetWitness XDR is viewed as expensive.
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics."
"The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"The comprehensiveness of Microsoft's threat detection is good."
"Ability to isolate the machine when there are malicious files."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"The log correlation is good."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"This solution allows us to locate the malware in real-time."
"The stability of the RSA NetWitness Endpoint is very good."
"I can prevent my environment from different types of attacks based on what I see in the Vision One console."
"I like XDR's workbench feature and observed attack technique. It generates an alert once certain conditions are met. For example, let's say there's a threat called malicious.exe being deployed on your system. It will generate an alert with information like the file path, location, hash, etc. You also see a relational matrix showing how that file was executed and which processes were installed."
"The solution is stable."
"Drilling down further, we can analyze how our users are utilizing their workstations, including the websites they visit."
"VisionOne offers a clear window into the security posture of our endpoints."
"The solution is very easy to use."
"Scaling is not a problem at all."
"The centralized visibility is good."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"The contamination feature could be improved."
"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"While blocking an IP address restricts access for 30 days, it eventually becomes accessible again."
"I think that continued optimization of the environment towards automation and orchestration, a kind of layer that sits underneath all of the technologies, would be extremely important."
"Trend Micro doesn't have the next-generation firewall."
"It should integrate with more tools. There are a lot of tools that can do the PTP dump."
"The agent system is very slow, it needs to improve its performance."
"The zero trust is a bit complicated compared to other parts of the solution."
"The integration with third-party tools and with on-premises Active Directory needs improvement."
"The centralized dashboard has room for improvement."
NetWitness XDR is ranked 36th in EDR (Endpoint Detection and Response) with 15 reviews while Trend Vision One is ranked 5th in EDR (Endpoint Detection and Response) with 42 reviews. NetWitness XDR is rated 8.0, while Trend Vision One is rated 8.6. The top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". On the other hand, the top reviewer of Trend Vision One writes "The integration of toolsets is key, enabling automation, and vendor has been tremendous partner for us". NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, Microsoft Defender for Endpoint and SentinelOne Singularity Complete, whereas Trend Vision One is most compared with CrowdStrike Falcon, SentinelOne Singularity Complete, Microsoft Defender for Endpoint, Fortinet FortiEDR and Cortex XDR by Palo Alto Networks. See our NetWitness XDR vs. Trend Vision One report.
See our list of best EDR (Endpoint Detection and Response) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all EDR (Endpoint Detection and Response) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.