Try our new research platform with insights from 80,000+ expert users

NetWitness NDR vs Tanium comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 18, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

NetWitness NDR
Ranking in Endpoint Protection Platform (EPP)
55th
Ranking in Endpoint Detection and Response (EDR)
57th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
15
Ranking in other categories
Threat Intelligence Platforms (TIP) (40th), Security Orchestration Automation and Response (SOAR) (25th), Network Detection and Response (NDR) (19th), Extended Detection and Response (XDR) (38th)
Tanium
Ranking in Endpoint Protection Platform (EPP)
21st
Ranking in Endpoint Detection and Response (EDR)
21st
Average Rating
7.8
Reviews Sentiment
6.4
Number of Reviews
20
Ranking in other categories
Server Monitoring (3rd), Vulnerability Management (23rd), Unified Endpoint Management (UEM) (7th)
 

Mindshare comparison

As of January 2026, in the Endpoint Protection Platform (EPP) category, the mindshare of NetWitness NDR is 0.5%, up from 0.2% compared to the previous year. The mindshare of Tanium is 2.2%, down from 2.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP) Market Share Distribution
ProductMarket Share (%)
Tanium2.2%
NetWitness NDR0.5%
Other97.3%
Endpoint Protection Platform (EPP)
 

Featured Reviews

reviewer1799727 - PeerSpot reviewer
Manager, IT Security Operations at a non-profit with 11-50 employees
Reliable and good support but can be expensive
I have no real complaints about the solution. Threat detection could be better. They need to enhance their threat intelligence feeds. We would like to have more IOCs or more trade intelligence to not only rely on the intelligence of the engineer in charge but to have some threat intelligence and some seeds of IOCs and to have the host have some artificial intelligence to reduce the number of false positives. I don't see this solution being very scalable. The solution is pricey.
VK
Infra Vulnarability Manager at Rezilyens
Immediate results in patching promptly address vulnerabilities
When working with Tanium, there are some older devices that haven't been patched for a long time, and certain patches are not included in Tanium. I have to search outside to download patches, create bundles, and then perform the task. It would be easier if Tanium provided the patches directly. Some other brands provide the patch with a direct download link, which facilitates the process. Also, I feel that if there were more detailed documents and remediations readily available online for troubleshooting, especially more up-to-date information, it would be beneficial. Currently, some resources online are very out-of-date.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"Technical support is knowledgeable."
"This solution allows us to locate the malware in real-time."
"It is stable. We have been using it for some time, without any issues."
"The stability of the RSA NetWitness Endpoint is very good."
"The interface of this solution is very flexible and easy to use."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"Tanium’s best features include support for any Windows, Linux, or Mac endpoint, regardless of where it is, and the ability to do IT operations and security operations."
"When I push a quick update, it's done right away, and I can rescan immediately to confirm completion within minutes."
"I would say Tanium is the best tool for vulnerability management."
"Tanium has made the process of detecting threats more proactive with its detection. So, the process is easier and more efficient."
"I find the inventory and compliance features of Tanium to be the most impressive."
"Threat hunting is a very good feature on Tanium. We have just started using it and have not used it extensively."
"The interrogation piece was the most valuable feature because it was very detailed."
"The solution is scalable and helps to understand how infrastructure works. It helps to improve the health of the organization."
 

Cons

"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"RSA NetWitness Network could improve on integration with non-native application integration."
"The solution lacks a reporting engine."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"They could improve the UI."
"The solution needs to improve the reporting and tracking capabilities."
"The solution can give a lot of false positives."
"We had some issues with the solution's OS upgrade."
"Tanium’s scalability could be improved."
"Most of the time, agent-relative issues have to be more equipped with self-healing features. At times, the agent is there, but for some reason, it doesn't report a status. It gives certain problems that are obviously agent-based."
"When working with Tanium, there are some older devices that haven't been patched for a long time, and certain patches are not included in Tanium."
"It is not really additional functions, or the features that are needed, rather the complexity would be reduced based on the number of modules required to put together a comprehensive operational security and risk compliance model."
 

Pricing and Cost Advice

"It is highly scalable. It can be bought based on your requirements."
"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."
"They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."
"The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."
"We are on a three-year contract to use RSA NetWitness Network."
"It is an expensive product."
"The cost depends on the number of endpoints that you want to monitor, but it is not expensive."
"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."
"It's an expensive solution. It would be nice if the cost were lower."
"The product's pricing differs from region to region depending on negotiations and the number of endpoints."
"Tanium is a more expensive solution in Latin America than some of the competitors, such as BigFix."
"The solution is expensive but it's a good investment."
"The solution offers value for money."
"It is higher than some competitors in the market."
"There is an annual license required to use this solution."
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
881,082 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
10%
Computer Software Company
10%
Manufacturing Company
9%
Performing Arts
7%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise2
Large Enterprise5
By reviewers
Company SizeCount
Small Business6
Midsize Enterprise3
Large Enterprise11
 

Questions from the Community

Ask a question
Earn 20 points
What needs improvement with Tanium?
While there is always room for improvement, I am pleased with Tanium.
What is your primary use case for Tanium?
The primary use case for Tanium ( /products/tanium-reviews ) is compliance, patching, and inventory as part of the core functions.
What advice do you have for others considering Tanium?
For smaller companies, Tanium is quite a big investment, and one needs to have a considerable setup to make it economically viable. I would recommend it to others with a similar use case. The solut...
 

Also Known As

RSA ECAT, NetWitness Network
Tanium Inc Cloud, Tanium XEM
 

Overview

 

Sample Customers

ADP, Ameritas, Partners Healthcare
JPMorgan Chase, eBay, Amazon, US Bank, MetLife, pwc, Cerner, Delphi, MGM Grand, New York Life
Find out what your peers are saying about NetWitness NDR vs. Tanium and other solutions. Updated: January 2026.
881,082 professionals have used our research since 2012.