NetWitness NDR Primary Use Case
I primarily use NetWitness Endpoint to detect anomalies like the presence of web shields that are not detected by traditional antivirus solutions. I also use it for digital forensics and containment.
View full review »We primarily use the solution for NDR.
View full review »The product is mainly used for security, log reviews, and monitoring.
In India, mostly on the requirement segment, we don't deploy the solution on the cloud. We use the solution on-premises.
View full review »Buyer's Guide
NetWitness NDR
June 2025

Learn what your peers think about NetWitness NDR. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
860,632 professionals have used our research since 2012.
TM
Dr Trust Tshepo Mapoka
Senior Cybersecurity Consultant at CIA Botswana
RSA NetWitness Endpoint is used to get an instant detection response from network threats. Additionally, it has the capability to do malware analysis and investigations.
We use it for IT security purposes. This is our central log management solution. So we incorporate all of our servers and PCs to this software, and we can monitor the logs from there.
View full review »We are customers of RSA.
View full review »MM
Maged Magdy
Security Consultant at Global Solutions
It is our all-in-one platform for logs and packets for our network and for EDR.
View full review »TM
Dr Trust Tshepo Mapoka
Senior Cybersecurity Consultant at CIA Botswana
We use this solution to detect indicators of compromise, where incidents that occur are analyzed and given risk scores. For example, if the endpoint is of high risk then it will be indicated in red. By contrast, if it's of low risk then it will be indicated in green. The scoring criteria are what we call the Indicators of Compromise.
The overall goal is to detect malware that is affecting the endpoints and then provide a response. It is often used by banks and telecom companies.
View full review »We are using this solution as a network forensic tool with other security devices such as IPS and SIEM.
View full review »We use the solution for the contamination. We detect the incidents and then proceed for the contamination and error notification. For example, there's some intrusion history to the endpoint and there's a partial command that detects the code imbalance. We're able to find it and deal with it.
View full review »We are using it as a SIEM tool.
View full review »AA
Ayodeji Abimbola
Account Manager at a tech services company with 11-50 employees
It is mainly for market analysis. It has been performing exceedingly well.
View full review »We use this solution for network security.
View full review »Buyer's Guide
NetWitness NDR
June 2025

Learn what your peers think about NetWitness NDR. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
860,632 professionals have used our research since 2012.