NetWitness NDR Reviews

Name: NetWitness NDR
Brand: NetWitness
Rating: 4.0 (15 reviews)

4.0 out of 5

15 reviews
87% willing to recommend

What is NetWitness NDR?

Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness NDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

Get the NetWitness NDR Buyer's Guide and find out what your peers are saying about NetWitness NDR, CrowdStrike Falcon, Wazuh and more!

NetWitness NDR is the #20 ranked solution in top Network Detection and Response (NDR) solutions, #24 ranked solution in SOAR tools, #38 ranked solution in XDR Security products, #39 ranked solution in top Threat Intelligence Platforms, #59 ranked solution in endpoint security software, and #63 ranked solution in EDR tools. PeerSpot users give NetWitness NDR an average rating of 8.0 out of 10. NetWitness NDR is most commonly compared to CrowdStrike Falcon: NetWitness NDR vs CrowdStrike Falcon. NetWitness NDR is popular among the large enterprise segment, accounting for 66% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 16% of all views.

Helped 861,481 peers since 2012

Featured NetWitness NDR reviews

SupravatMaji

Associate Vice President - IT Security at Inspira Enterprise

My advice to those wanting to implement RSA NetWitness Network is they have to first do a little due diligence, such as the exact requirement based on their needs. That will give them a direction for their investment because otherwise, the bill of material or bill of quantity (BOQ) may be higher side. It is important to do good due intelligence on the environment, see the exact requirement, and then go ahead with the solution. The solution is perfectly stable. I rate RSA NetWitness Network a nine out of ten.

Read full review

Jakaria Udoy

Information Security Engineer at Nhq Distribution Ltd

The initial setup is complex. On a scale from one to five with one being the worst and five being the best, I would rate the initial setup at four. It took a couple of hours to set up. The deployment and maintenance can be done by one person, such as a technician.

Read full review

HananSyed

Cyber Security Consultant at Mideast Data Systems

RSA NetWitness Endpoint is a scalable solution. However, the problem which we normally face is in terms of the migration of the solution. This solution has hard-coded IP addresses in its agents. When somebody wants to migrate from one data center to another data center, they have to reinstall all the agents. They can't change the hard-coded IP address to allow communication with the target server. That is the largest problem of the solution. Otherwise, in terms of scalability, it's fine. If they are able to provide provisioning of the IP address change in the agents only when somebody migrates the hardware appliances from one data center to another data center. It would be a great improvement for those who want to migrate.

Read full review

NetWitness NDR mindshare

Product category:

As of July 2025, the mindshare of NetWitness NDR in the Network Detection and Response (NDR) category stands at 2.2%, up from 1.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Network Detection and Response (NDR)

PeerResearch reports based on NetWitness NDR reviews

Type	Title	Date
Category	Network Detection and Response (NDR)	Jul 12, 2025	Download
Product	Reviews, tips, and advice from real users	Jul 12, 2025	Download
Comparison	NetWitness NDR vs Darktrace	Jul 12, 2025	Download
Comparison	NetWitness NDR vs Vectra AI	Jul 12, 2025	Download
Comparison	NetWitness NDR vs Trend Vision One	Jul 12, 2025	Download

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	N/A	96%	132 interviews Add to research
Wazuh	3.7	N/A	80%	48 interviews Add to research

Valuable Features

Valuable features of NetWitness NDR include high detection rate, detailed traffic capture, efficient incident response, real-time malware location, lightweight performance, perfect reporting, seamless third-party integration with an easy-to-use API, and a unified dashboard. Users appreciate its interoperability across operating systems, visualizations, behavior analytics, and flexible interface. Enhanced features include instant threat response, web interface, and isolated machine capability. It operates without heavy IT management involvement and technical support is knowledgeable.

"Technical support is knowledgeable."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"The interface of this solution is very flexible and easy to use."

Room for Improvement

NetWitness NDR requires improvements in contamination features and ease of use. Clicking multiple times during analysis is cumbersome. Scalability and security orchestration need enhancement. The deployment process involving MSI files is complex. Pricing and training costs are high. The tool is slow and suffers from configuration and log passing issues. Threat intelligence should be better, and the UI needs a longer session time. Integration with non-native applications and improved detection features are also necessary.

"Threat detection could be better."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well.In the next release, we would like to see advanced fraud detection features."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."

ROI

Users indicate that NetWitness NDR significantly boosts threat detection capabilities, leading to a more secure environment and demonstrating a clear return on investment. Many highlight the efficiency in identifying and mitigating threats faster. They appreciate the comprehensive monitoring and superior analytical features. Enhanced visibility into network activities has also led to quicker response times and reduced potential losses from cyber incidents.

Pricing

NetWitness XDR offers a straightforward pricing model without setup costs, ensuring a smooth integration for users. Pricing methods typically involve subscription-based models, accommodating per-user or per-device licensing options. The pricing range is adaptable, catering to organizations of different sizes and complexities, providing comprehensive extended detection and response solutions.

"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."
"We are on a three-year contract to use RSA NetWitness Network."
"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."

Popular Use Cases

Organizations primarily use NetWitness NDR for contamination detection, network forensics, and IT security. It identifies incidents, scores risks, detects malware, and provides responses. It is used alongside other security devices like IPS and SIEM, logs, and packets for network and EDR. Companies such as banks and telecom firms rely on it for instant detection responses, malware analysis, digital forensics, and monitoring logs, typically deploying it on-premises.

Service and Support

Customers find NetWitness NDR technical support reliable, knowledgeable, and responsive. Some note high satisfaction and 24/7 availability, with support tiers and quick resolutions. A few express concerns about response times, sometimes taking up to two days. Many appreciate the knowledgeable staff and efficient ticketing system that prioritizes incidents. A minority thinks RSA support needs improvement.

Deployment

Most found NetWitness NDR's initial setup straightforward and easy, with some deploying in a day. One organization experienced a more complex deployment, facing issues like log failures and wiring problems, extending it to over nine months. Some noted that while basic installation was simple, creating dashboards required professional services. A few rated the process as moderate, acknowledging minor complications.

Scalability

NetWitness NDR is highly scalable for larger enterprises and medium businesses, though some users face challenges during migration due to hard-coded IP addresses. Its scalability covers thousands of endpoints and multiple users. Some users report it does not scale well, while others find it easy to scale horizontally and vertically. Specific features are highlighted compared to competitors. The user experience varies, with some praising and others criticizing the scalability.

Stability

NetWitness NDR is praised for being stable, reliable, and non-disruptive to networks. Users rate it positively, though minor issues such as technical difficulties and endpoint agent responsiveness are noted. Complex networks may experience challenges, but this does not detract from the overall performance. Users appreciate the real-time data capabilities and stability across various deployments, despite occasional power issues complicating scenarios.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our NetWitness NDR Buyer's Guide for additional reliable information.