# Best Network Detection and Response (NDR) Software *By [Brandon Summers-Miller](https://research.g2.com/insights/author/brandon-summers-miller)* Network detection and response (NDR) software is used to document business network activity for security threats and alert relevant parties or automate threat remediation. These tools work by monitoring east-west traffic and comparing them to established baselines. When traffic behavior deviates from normal functionality, the solution will detect the issue and assist in forensic investigation. Many tools include or integrate with other solutions that automate incident response processes to minimize the threat’s impact. These tools are used by security professionals and IT staff to observe network traffic and detect anomalies related to user behavior. Other, older technologies may offer one component of network threat detection or incident response, but NDR combines the functionality of numerous security solutions. These tools use artificial intelligence and machine learning to analyze user behavior as well as existing security data; security professionals can then use that data to develop streamlined discovery and response workflows. [Network traffic analysis (NTA)](https://www.g2.com/categories/network-traffic-analysis-nta) is a similar emerging technology related to NDR. NTA is the core technology behind NDR; it refers to the analytical and monitoring capabilities used to develop baselines and response frameworks as NDR. But NTA solutions do not have the same level of response automation and end-user, behavioral anomaly detection used to trigger incident response. [Endpoint detection and response (EDR)](https://www.g2.com/categories/endpoint-detection-response-edr) has a similar name, but products within that category only detect issues at the device level while NDR provides visibility to threats across the entire network. To qualify for inclusion in the Network Detection and Response (NDR) category, a product must: - Analyze network traffic in real time - Utilize AI or ML to develop baselines for network behavior - Automate threat and anomaly detection across the network - Deploy network forensics upon detection for investigation and remediation ## How Many Network Detection and Response (NDR) Software Products Does G2 Track? **Total Products under this Category:** 68 ### Category Stats (Jun 2026) - **Average Rating**: 4.38/5 (↓0.01 vs May 2026) The average rating of products in this category, based on all submitted ratings - **Top Trending Product**: Secureworks Taegis XDR (+2.56%) - Among all products in this category, Secureworks Taegis XDR recorded the largest rating increase compared to last month *Last updated: June 09, 2026* ## How Does G2 Rank Network Detection and Response (NDR) Software Products? **Why You Can Trust G2's Software Rankings:** - 30 Analysts and Data Experts - 1,200+ Authentic Reviews - 68+ Products - Unbiased Rankings G2's software rankings are built on verified user reviews, rigorous moderation, and a consistent research methodology maintained by a team of analysts and data experts. Each product is measured using the same transparent criteria, with no paid placement or vendor influence. While reviews reflect real user experiences, which can be subjective, they offer valuable insight into how software performs in the hands of professionals. Together, these inputs power the G2 Score, a standardized way to compare tools within every category. ## Which Network Detection and Response (NDR) Software Is Best for Your Use Case? - **Leader:** [TrendAI Vision One](https://www.g2.com/products/trendai-vision-one/reviews) - **Highest Performer:** [Heimdal](https://www.g2.com/products/heimdal/reviews) - **Easiest to Use:** [Sophos NDR](https://www.g2.com/products/sophos-ndr/reviews) - **Top Trending:** [TrendAI Vision One](https://www.g2.com/products/trendai-vision-one/reviews) - **Best Free Software:** [TrendAI Vision One](https://www.g2.com/products/trendai-vision-one/reviews) --- **Sponsored** ### EventSentry EventSentry is a hybrid Security Information and Event Management (SIEM) solution designed to assist users in monitoring and managing their IT infrastructure effectively. By combining real-time event log monitoring with comprehensive system health and network monitoring, EventSentry provides a holistic view of servers and endpoints, enabling organizations to maintain robust security and operational efficiency. This SIEM solution is particularly beneficial for IT security teams, system administrators, and compliance officers who require a centralized platform to oversee their network's security posture. It caters to various industries, including finance, healthcare, and technology, where data integrity and security are paramount. The product is designed for organizations of all sizes, from small businesses to large enterprises, looking to enhance their security monitoring capabilities while ensuring system health. One of the standout features of EventSentry is its security event log normalization and correlation engine. This functionality transforms cryptic Windows security events into easily understandable reports, providing users with valuable insights that go beyond raw event data. The descriptive email alerts generated by the system offer additional context, allowing users to respond swiftly to potential security incidents. This capability is crucial for organizations that need to comply with regulatory requirements and maintain a proactive security stance. Moreover, EventSentry includes 200 compliance and security checks that strengthen security settings and reduce the attack surface - proactively identifying issues before they become liabilities. Malware & Ransomware attacks can be mitigated and detected in real time with innovative process activity monitoring and a flexible anomaly detection engine that can reveal suspicious patterns across any log source. EventSentry supports various integrations, making it adaptable to existing IT environments. This flexibility allows organizations to incorporate the SIEM solution seamlessly into their current systems, enhancing their overall security framework without significant disruption. The multi-tenancy feature further enables organizations to manage multiple clients or departments from a single platform, making it an ideal choice for managed service providers or organizations with diverse operational needs. In summary, EventSentry stands out in the SIEM category by providing a comprehensive approach to security and system monitoring. Its combination of real-time log analysis, health monitoring, and user-friendly reporting equips organizations with the tools necessary to safeguard their digital assets effectively. By leveraging this hybrid SIEM solution, users can achieve a clearer understanding of their security landscape, facilitating informed decision-making and enhancing overall cybersecurity resilience. [Visit website](https://www.g2.com/external_clickthroughs/record?secure%5Bad_program%5D=ppc&secure%5Bad_slot%5D=category_product_list&secure%5Bcategory_id%5D=2380&secure%5Bdisplayable_resource_id%5D=1081&secure%5Bdisplayable_resource_type%5D=Category&secure%5Bmedium%5D=sponsored&secure%5Bplacement_reason%5D=neighbor_category&secure%5Bplacement_resource_ids%5D%5B%5D=1081&secure%5Bprioritized%5D=false&secure%5Bproduct_id%5D=23676&secure%5Bresource_id%5D=2380&secure%5Bresource_type%5D=Category&secure%5Bsource_type%5D=category_page&secure%5Bsource_url%5D=https%3A%2F%2Fwww.g2.com%2Fcategories%2Fnetwork-detection-and-response-ndr&secure%5Btoken%5D=832901e60a6c68790ccfe8cc6f6014b4f07c0f58eb261fc8bb2772e098961af8&secure%5Burl%5D=https%3A%2F%2Fwww.eventsentry.com%2Fdownloads%2Ftrial&secure%5Burl_type%5D=free_trial) --- ## What Are the Top-Rated Network Detection and Response (NDR) Software Products in 2026? ### 1. [TrendAI Vision One](https://www.g2.com/products/trendai-vision-one/reviews) TrendAI Vision One is a cloud-native security operations platform, serving cloud, hybrid, and on-premises environments. It combines ASM and XDR in a single console to effectively manage cyber risk across your organization. The platform provides powerful risk insights, earlier threat detection, and automated risk and threat response options. Utilize the platform’s predictive machine learning and advanced security analytics for a broader perspective and advanced context. TrendAI Vision One integrates with its own expansive protection platform portfolio and industry-leading global threat intelligence, in addition to a broad ecosystem of purpose-built and API-driven third-party integrations. **Average Rating:** 4.7/5.0 **Total Reviews:** 246 **How Do G2 Users Rate TrendAI Vision One?** - **Metadata Enrichment:** 7.2/10 (Category avg: 8.5/10) - **Quality of Support:** 8.7/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 8.1/10 (Category avg: 8.6/10) - **Network Visibility:** 8.7/10 (Category avg: 8.8/10) **Who Is the Company Behind TrendAI Vision One?** - **Seller:** [Trend Micro](https://www.g2.com/sellers/trend-micro) - **Company Website:** https://www.trendmicro.com/ - **Year Founded:** 1988 - **HQ Location:** Tokyo - **LinkedIn® Page:** https://www.linkedin.com/company/4312/ (8,040 employees on LinkedIn®) - **Ownership:** OTCMKTS:TMICY **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 52% Enterprise, 33% Mid-Market #### What Are TrendAI Vision One's Pros and Cons? **Pros:** - Visibility (38 reviews) - Security (33 reviews) - Ease of Use (32 reviews) - Features (31 reviews) - Threat Detection (27 reviews) **Cons:** - Complex Interface (12 reviews) - Integration Issues (12 reviews) - Learning Curve (11 reviews) - Expensive (10 reviews) - Limited Features (10 reviews) ### What Do G2 Reviewers Say About TrendAI Vision One? *AI-generated summary from verified user reviews* **Pros:** - Users value the **centralized visibility across environments** provided by TrendAI Vision One, enhancing operational efficiency globally. - Users value the **intuitive security dashboard** of TrendAI Vision One, facilitating comprehensive monitoring and threat management. - Users appreciate the **ease of use** of TrendAI Vision One, making security management straightforward and intuitive. - Users highly value the **centralized cloud features** of TrendAI Vision One, along with its user-friendly interface and ease of setup. - Users value the **effective threat detection** of TrendAI Vision One, enabling quick identification and response to suspicious activity. **Cons:** - Users find the **interface complex** , leading to a steep learning curve and challenges in navigation and integration. - Users struggle with **integration issues** , particularly with complex licensing and difficulties connecting third-party tools effectively. - Users find the **learning curve steep** with TrendAI Vision One, requiring time to effectively utilize its features. - Users note that the service is **expensive** , which makes it less competitive compared to similar XDR offerings. - Users note the **limited features** of TrendAI Vision One, particularly in reporting and lack of certain integrations. #### What Are Recent G2 Reviews of TrendAI Vision One? **"[Unified XDR Platform Delivering Enhanced Visibility, Faster Detection, and Proactive Threat Response](https://www.g2.com/survey_responses/trendai-vision-one-review-12375604)"** **Rating:** 5.0/5.0 stars *— Nishant K.* [Read full review](https://www.g2.com/survey_responses/trendai-vision-one-review-12375604) --- **"[Scalable Security with Easy Setup, Needs Better Training Support](https://www.g2.com/survey_responses/trendai-vision-one-review-12800247)"** **Rating:** 4.5/5.0 stars *— Andrew W.* [Read full review](https://www.g2.com/survey_responses/trendai-vision-one-review-12800247) --- #### What Are G2 Users Discussing About TrendAI Vision One? - [What is Trend Micro Vision One (XDR) used for?](https://www.g2.com/discussions/what-is-trend-micro-vision-one-xdr-used-for) - 1 comment, 2 upvotes - [How does XDR work?](https://www.g2.com/discussions/how-does-xdr-work) - 1 comment, 2 upvotes - [How can Trend Micro XDR solve your detection and response challenges?](https://www.g2.com/discussions/how-can-trend-micro-xdr-solve-your-detection-and-response-challenges) - 1 comment - [What is Trend Micro XDR?](https://www.g2.com/discussions/what-is-trend-micro-xdr) - [What does Trend Micro XDR allow you to do?](https://www.g2.com/discussions/what-does-trend-micro-xdr-allow-you-to-do) - 1 comment ### 2. [Sophos NDR](https://www.g2.com/products/sophos-ndr/reviews) Sophos NDR works together with your managed endpoints and firewalls to monitor network activity for suspicious and malicious patterns they cannot see. It detects abnormal traffic flows from unmanaged systems and IoT devices, rogue assets, insider threats, previously unseen zero-day attacks, and unusual patterns deep within the network. **Average Rating:** 4.8/5.0 **Total Reviews:** 16 **How Do G2 Users Rate Sophos NDR?** - **Metadata Enrichment:** 9.8/10 (Category avg: 8.5/10) - **Quality of Support:** 9.9/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 9.8/10 (Category avg: 8.6/10) - **Network Visibility:** 9.4/10 (Category avg: 8.8/10) **Who Is the Company Behind Sophos NDR?** - **Seller:** [Sophos](https://www.g2.com/sellers/sophos) - **Year Founded:** 1985 - **HQ Location:** Oxfordshire - **Twitter:** @Sophos (36,759 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/5053/ (5,500 employees on LinkedIn®) - **Ownership:** LSE:SOPH **Who Uses This Product?** - **Top Industries:** Information Technology and Services - **Company Size:** 100% Small-Business #### What Are Recent G2 Reviews of Sophos NDR? **"[Visibilidad completa y detección avanzada en tiempo real](https://www.g2.com/survey_responses/sophos-ndr-review-12609724)"** **Rating:** 4.5/5.0 stars *— Rafael L.* [Read full review](https://www.g2.com/survey_responses/sophos-ndr-review-12609724) --- **"[Network Awareness That Adds Real Depth to Security](https://www.g2.com/survey_responses/sophos-ndr-review-12128206)"** **Rating:** 5.0/5.0 stars *— Santosh K.* [Read full review](https://www.g2.com/survey_responses/sophos-ndr-review-12128206) --- ### 3. [Darktrace / NETWORK](https://www.g2.com/products/darktrace-network/reviews) Darktrace / NETWORK™ is the industry’s most advanced Network Detection and Response (NDR) solution. It learns what normal behavior is for your entire modern network, using Self-Learning AI to detect and autonomously contain any activity that could cause business disruption including known, novel and insider threats. - Sophisticated agentic AI to automate triage and investigation at speed and scale - Recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for NDR - Over 10,000 customers globally **Average Rating:** 4.5/5.0 **Total Reviews:** 44 **How Do G2 Users Rate Darktrace / NETWORK?** - **Metadata Enrichment:** 9.3/10 (Category avg: 8.5/10) - **Quality of Support:** 9.2/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 9.3/10 (Category avg: 8.6/10) - **Network Visibility:** 9.3/10 (Category avg: 8.8/10) **Who Is the Company Behind Darktrace / NETWORK?** - **Seller:** [Darktrace](https://www.g2.com/sellers/darktrace) - **Company Website:** https://www.darktrace.com - **Year Founded:** 2013 - **HQ Location:** Cambridgeshire, England - **Twitter:** @Darktrace (18,177 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/5013440/ (2,607 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Financial Services, Information Technology and Services - **Company Size:** 60% Mid-Market, 32% Enterprise #### What Are Darktrace / NETWORK's Pros and Cons? **Pros:** - Monitoring (5 reviews) - Artificial Intelligence (4 reviews) - Threat Detection (4 reviews) - Customer Support (3 reviews) - Cybersecurity (3 reviews) **Cons:** - Learning Curve (6 reviews) - Expensive (4 reviews) - Alert Issues (2 reviews) - Complex Setup (2 reviews) - False Positives (2 reviews) ### What Do G2 Reviewers Say About Darktrace / NETWORK? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **robust monitoring capabilities** of Darktrace/NETWORK, enabling efficient real-time and historical network analysis. - Users appreciate the **self-learning AI technology** of Darktrace/Network, which continually adapts for exceptional threat detection and response. - Users commend Darktrace for its **rapid threat detection** , providing confidence through impressive visibility and automated blocking. - Users praise the **responsive customer support** of Darktrace/Network, enhancing the learning curve and user experience significantly. - Users value the **autonomous cyber AI** of Darktrace, which effectively detects and responds to evolving cyber threats. **Cons:** - Users report a significant **learning curve** with Darktrace, requiring considerable time and training to optimize its performance. - Users find the product quite **expensive** , which may be a barrier for smaller organizations with limited budgets. - Users experience **alert issues** , especially during the learning phase, requiring significant time for tuning and validation. - Users struggle with the **complex setup** of Darktrace, requiring skilled teams for effective management and policy tuning. - Users experience **false positives** occasionally, necessitating IT intervention for resolution during critical network tasks. #### What Are Recent G2 Reviews of Darktrace / NETWORK? **"[AI-Powered Security, Needs a Friendlier UI](https://www.g2.com/survey_responses/darktrace-network-review-12984323)"** **Rating:** 5.0/5.0 stars *— Verified User* [Read full review](https://www.g2.com/survey_responses/darktrace-network-review-12984323) --- **"[Darktrace Network: Intuitive, AI-Driven Cybersecurity with Real-Time Threat Detection](https://www.g2.com/survey_responses/darktrace-network-review-12679592)"** **Rating:** 5.0/5.0 stars *— Daniel S.* [Read full review](https://www.g2.com/survey_responses/darktrace-network-review-12679592) --- #### What Are G2 Users Discussing About Darktrace / NETWORK? - [How does Darktrace collect data?](https://www.g2.com/discussions/how-does-darktrace-collect-data) - [What is Darktrace and how it works?](https://www.g2.com/discussions/what-is-darktrace-and-how-it-works) - [What can Darktrace do?](https://www.g2.com/discussions/what-can-darktrace-do) - [What is Darktrace Antigena network?](https://www.g2.com/discussions/what-is-darktrace-antigena-network) - [What is Darktrace Enterprise immune system?](https://www.g2.com/discussions/what-is-darktrace-enterprise-immune-system) - 1 comment ### 4. [Cortex XDR](https://www.g2.com/products/palo-alto-networks-cortex-xdr/reviews) Cortex XDR is the industry’s first extended detection and response platform that stops modern attacks by integrating data from any source. With Cortex XDR, you can harness the power of AI, analytics and rich data to detect stealthy threats. Your SOC team can cut through the noise and focus on what matters most with intelligent alert grouping and incident scoring. Cross-data insights accelerate investigations, so you can streamline incident response and recovery. Cortex XDR delivers peace of mind with best-in-class endpoint protection that achieved the highest combined protection and detection scores in the MITRE ATT&CK® round 3 evaluation. The Cortex XDR platform collects and analyzes all data, so you can gain complete visibility and holistic protection to secure what’s next. **Average Rating:** 4.6/5.0 **Total Reviews:** 50 **How Do G2 Users Rate Cortex XDR?** - **Quality of Support:** 9.0/10 (Category avg: 8.9/10) **Who Is the Company Behind Cortex XDR?** - **Seller:** [Palo Alto Networks](https://www.g2.com/sellers/palo-alto-networks) - **Year Founded:** 2005 - **HQ Location:** Santa Clara, CA - **Twitter:** @PaloAltoNtwks (128,951 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/30086/ (22,313 employees on LinkedIn®) - **Ownership:** NYSE: PANW **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 45% Enterprise, 38% Mid-Market #### What Are Cortex XDR's Pros and Cons? **Pros:** - Alert Notifications (2 reviews) - Ease of Use (2 reviews) - Features (2 reviews) - Threat Detection (2 reviews) - XDR Capabilities (2 reviews) **Cons:** - Limited Features (2 reviews) - Agent Issues (1 reviews) - Compatibility Issues (1 reviews) - Complexity (1 reviews) - Complex Management (1 reviews) ### What Do G2 Reviewers Say About Cortex XDR? *AI-generated summary from verified user reviews* **Pros:** - Users praise the **reliable alert notifications** of Cortex XDR for filtering out non-essential information effectively. - Users appreciate the **ease of use** of Cortex XDR, finding it simple and efficient for managing security tasks. - Users value the **unique features** of Cortex XDR, enjoying its efficient performance and AI-driven alerts for enhanced protection. - Users value the **rapid and accurate threat detection** of Cortex XDR, enhancing overall security and efficiency. - Users praise the **unified detection and response capability** of Cortex XDR for accurate and fast threat investigation. **Cons:** - Users find the **limited features** of Cortex XDR restrict essential functionalities, impacting overall performance and usability. - Users experience a **performance impact** on lower-end systems with the Cortex XDR agent installed, which is frustrating. - Users encounter **compatibility issues** with Cortex XDR, limiting the installation of essential software on their machines. - Users find the **complexity** of Cortex XDR challenging, particularly in managing policies and customizing detections. - Users find the **complex management** of Cortex XDR challenging, noting a steep learning curve for customization and policy tuning. #### What Are Recent G2 Reviews of Cortex XDR? **"[Cortex XDR Delivers Unified Threat Visibility and Faster Incident Response](https://www.g2.com/survey_responses/cortex-xdr-review-12208762)"** **Rating:** 5.0/5.0 stars *— Sushriya M.* [Read full review](https://www.g2.com/survey_responses/cortex-xdr-review-12208762) --- **"[Lightweight agent and a Modern Console with Strong Vendor Support](https://www.g2.com/survey_responses/cortex-xdr-review-11278639)"** **Rating:** 5.0/5.0 stars *— Verified User in Manufacturing* [Read full review](https://www.g2.com/survey_responses/cortex-xdr-review-11278639) --- #### What Are G2 Users Discussing About Cortex XDR? - [What is an advantage of Cortex XDR cloud based analysis?](https://www.g2.com/discussions/what-is-an-advantage-of-cortex-xdr-cloud-based-analysis) - [How does cortex XDR use machine learning?](https://www.g2.com/discussions/how-does-cortex-xdr-use-machine-learning) - [What is Cortex XDR?](https://www.g2.com/discussions/what-is-cortex-xdr) - 1 comment ### 5. [Heimdal](https://www.g2.com/products/heimdal/reviews) Accommodate all your cybersecurity needs under one convenient roof with the Heimdal® Unified Cybersecurity Platform. Our cybersecurity solutions can be used as standalone products or integrated into one another as part of a cohesive and unified XDR platform. Whether you’re a reseller, distributor, MSSP, or an organization committed to bolstering your online security, we provide an array of cutting-edge products to make your mission smoother. Heimdal® is a fast-growing cybersecurity company focused on continuous technological innovation. Since its establishment in 2014 in Copenhagen, based on the winning idea of CTF World Champions, Heimdal has experienced spectacular growth by proactively building products that anticipate threatscape trends. The company offers a multi-layeredand unified security suite that combines threat prevention, patch and asset management, endpoint rights management, antivirus and mail security which together secure customers against cyberattacks and keep critical information and intellectual property safe. Heimdal has been recognized as a thought leader in the industry and has won multiple international awards both for its solutions and for its educational content creation. The Heimdal line of products currently consists of 10 products and 2 services. The former category encompasses DNS Security for Endpoints & Network, Patch & Asset Management, Privileged Access Management, Application Control, Next-Gen Endpoint Antivirus, Ransomware Encryption Protection, Email Security, Email Fraud Prevention, and Remote Desktop. The latter is represented by Endpoint Detection & Response, as well as eXtended Detection & Response, or EDR and XDR for short. Currently, Heimdal’s cybersecurity solutions are deployed in more than 45 countries and supported regionally from offices in 15+ countries, by 175+ highly qualified specialists. Heimdal is ISAE 3000 certified and secures more than 2 million endpoints for over 10,000 companies. The company supports its partners without concessions on the basis of predictability and scalability. The common goal is to create a sustainable ecosystem and a strategic partnership. **Average Rating:** 4.4/5.0 **Total Reviews:** 70 **How Do G2 Users Rate Heimdal?** - **Quality of Support:** 9.5/10 (Category avg: 8.9/10) **Who Is the Company Behind Heimdal?** - **Seller:** [Heimdal®](https://www.g2.com/sellers/heimdal) - **Company Website:** https://heimdalsecurity.com/ - **Year Founded:** 2014 - **HQ Location:** Copenhagen, Denmark - **Twitter:** @HeimdalSecurity (5,086 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/heimdal-security/ (277 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer & Network Security, Construction - **Company Size:** 61% Mid-Market, 26% Small-Business #### What Are Heimdal's Pros and Cons? **Pros:** - Easy Setup (2 reviews) - File Transfer (2 reviews) - Issue Resolution (2 reviews) - Patch Management (2 reviews) - Product Quality (2 reviews) **Cons:** - Complex Interface (2 reviews) - Not User-Friendly (2 reviews) - Poor Customer Support (2 reviews) - Poor Interface Design (2 reviews) - Restart Issues (2 reviews) ### What Do G2 Reviewers Say About Heimdal? *AI-generated summary from verified user reviews* **Pros:** - Users commend the **easy setup** of Heimdal, enabling swift installation and integration of essential tools. - Users find that Heimdal's **file transfer feature** consistently performs well and is easy to use across devices. - Users commend Heimdal for its **exceptional issue resolution** , with responsive support delivering timely and effective solutions. - Users commend Heimdal's **Patch Management** for its reliability and ease of automated patching and support responsiveness. - Users value the **reliability and user-friendliness** of Heimdal, appreciating its consistent security solutions and support. **Cons:** - Users find the **complex interface** of Heimdal challenging, making navigation and finding key features difficult. - Users find the **interface confusing and illogical** , leading to difficulties in navigation and accessing essential features. - Users experience **poor customer support** initially, making setup and deployment more challenging than necessary. - Users find the **interface design frustrating** , with complex navigation and difficulty accessing essential features like the installer download. - Users experience **restart issues** with Heimdal, feeling unprotected after scans until they reboot the software. #### What Are Recent G2 Reviews of Heimdal? **"[Automated patching makes life easier, but remote desktop needs work](https://www.g2.com/survey_responses/heimdal-review-12879665)"** **Rating:** 5.0/5.0 stars *— Kris B.* [Read full review](https://www.g2.com/survey_responses/heimdal-review-12879665) --- **"[Reliable, Evolving Security Platform with Excellent Support](https://www.g2.com/survey_responses/heimdal-review-12446520)"** **Rating:** 4.5/5.0 stars *— Mahdi H.* [Read full review](https://www.g2.com/survey_responses/heimdal-review-12446520) --- ### 6. [ExtraHop](https://www.g2.com/products/extrahop/reviews) ExtraHop is the cybersecurity partner enterprises trust to reveal cyber risk and build business resilience. The ExtraHop RevealX platform for network detection and response and network performance management uniquely delivers the instant visibility and unparalleled decryption capabilities organizations need to expose the cyber risks and performance issues that other tools can’t see. When organizations have full network transparency with ExtraHop, they can investigate smarter, stop threats faster, and keep operations running. RevealX deploys on premises or in the cloud. It addresses the following use cases: - Ransomware - Zero trust - Software supply chain attacks - Lateral movement and C2 communication - Security hygiene - Network and Application Performance Management - IDS - Forensics and more A few of our differentiators: Continuous and on-demand PCAP: Full packet processing is superior to NetFlow and yields higher quality detections. Strategic decryption across a variety of protocols, including SSL/TLS, MS-RPC, WinRM, and SMBv3, gives you better visibility into early-stage threats hiding in encrypted traffic as they attempt to move laterally across your network. Protocol coverage: RevealX decodes more than 70 network protocols. Cloud-scale machine learning: Rather than relying on limited "on-box" compute power for analysis and detections, RevealX uses sophisticated cloud-hosted and cloud-scale machine learning workloads to identify suspicious behavior in real time and create high-fidelity alerts. ExtraHop was named a Leader in The Forrester Wave™: Network Analysis and Visibility, Q2 2023. Key Technology Integration and Go-to-Market Partners: CrowdStrike: RevealX integrates with CrowdStrike Falcon® LogScale, Falcon Insight XDR, Falcon Threat Graph, and Falcon Intelligence. Splunk SOAR AWS Google Cloud Security Founded in 2007, ExtraHop is privately held and headquartered in Seattle, Wash. To learn more, visit www.extrahop.com. **Average Rating:** 4.6/5.0 **Total Reviews:** 68 **How Do G2 Users Rate ExtraHop?** - **Metadata Enrichment:** 9.1/10 (Category avg: 8.5/10) - **Quality of Support:** 9.0/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 9.3/10 (Category avg: 8.6/10) - **Network Visibility:** 9.8/10 (Category avg: 8.8/10) **Who Is the Company Behind ExtraHop?** - **Seller:** [ExtraHop Networks](https://www.g2.com/sellers/extrahop-networks) - **Year Founded:** 2007 - **HQ Location:** Seattle, Washington - **Twitter:** @ExtraHop (10,695 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/extrahop-networks/ (761 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Hospital & Health Care, Transportation/Trucking/Railroad - **Company Size:** 69% Enterprise, 26% Mid-Market #### What Are ExtraHop's Pros and Cons? **Pros:** - All-in-One Solution (1 reviews) - Comprehensive Monitoring (1 reviews) - Easy Deployment (1 reviews) - Responsive Support (1 reviews) ### What Do G2 Reviewers Say About ExtraHop? *AI-generated summary from verified user reviews* **Pros:** - Users value the **all-in-one solution** of ExtraHop, providing unmatched network visibility and excellent customer support. - Users value ExtraHop's **comprehensive monitoring** , offering complete visibility into network traffic and enhancing security operations. - Users find ExtraHop's product benefits enhanced by its **easy deployment** via physical or virtual appliances, supported by knowledgeable teams. - Users value the **responsive support** from ExtraHop, highlighting the knowledgeable Customer Success teams that enhance their experience. #### What Are Recent G2 Reviews of ExtraHop? **"[Complete visibility on network activity](https://www.g2.com/survey_responses/extrahop-review-10580190)"** **Rating:** 5.0/5.0 stars *— Verified User in Insurance* [Read full review](https://www.g2.com/survey_responses/extrahop-review-10580190) --- **"[One stop shop for network detections and notifications Easy to use and easy to understand.](https://www.g2.com/survey_responses/extrahop-review-9197231)"** **Rating:** 5.0/5.0 stars *— Jeff H.* [Read full review](https://www.g2.com/survey_responses/extrahop-review-9197231) --- #### What Are G2 Users Discussing About ExtraHop? - [Is ExtraHop a startup?](https://www.g2.com/discussions/is-extrahop-a-startup) - [What is ExtraHop appliance?](https://www.g2.com/discussions/what-is-extrahop-appliance) - [Is ExtraHop a SIEM?](https://www.g2.com/discussions/is-extrahop-a-siem) - [What is ExtraHop?](https://www.g2.com/discussions/what-is-extrahop) ### 7. [Verizon Network Detection and Response](https://www.g2.com/products/verizon-network-detection-and-response/reviews) Network Detection and Response is a cloud-delivered network security platform that helps you take action against threats and identify future threats with speed, accuracy and scale. **Average Rating:** 3.6/5.0 **Total Reviews:** 16 **How Do G2 Users Rate Verizon Network Detection and Response?** - **Metadata Enrichment:** 8.3/10 (Category avg: 8.5/10) - **Quality of Support:** 9.0/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 8.5/10 (Category avg: 8.6/10) - **Network Visibility:** 8.7/10 (Category avg: 8.8/10) **Who Is the Company Behind Verizon Network Detection and Response?** - **Seller:** [Verizon](https://www.g2.com/sellers/verizon) - **Year Founded:** 1983 - **HQ Location:** Basking RIdge, NJ - **Twitter:** @Verizon (1,486,564 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/1103/ (95,704 employees on LinkedIn®) - **Ownership:** NYSE:VZ **Who Uses This Product?** - **Company Size:** 44% Small-Business, 31% Enterprise #### What Are Recent G2 Reviews of Verizon Network Detection and Response? **"[An Effective Network Detection and Response Solution](https://www.g2.com/survey_responses/verizon-network-detection-and-response-review-9549778)"** **Rating:** 4.5/5.0 stars *— Jack M.* [Read full review](https://www.g2.com/survey_responses/verizon-network-detection-and-response-review-9549778) --- **"[Verizon Network Detection and Response: Very Reliable Tool for Threat Detection and Instant Response](https://www.g2.com/survey_responses/verizon-network-detection-and-response-review-9215039)"** **Rating:** 5.0/5.0 stars *— Sigit P.* [Read full review](https://www.g2.com/survey_responses/verizon-network-detection-and-response-review-9215039) --- ### 8. [NETSCOUT Network Security](https://www.g2.com/products/netscout-network-security/reviews) NETSCOUT Network Security Solution Suite, known as Omnis Security, is a high-performance threat detection and response platform engineered for the scale and complexity of modern enterprise networks. Built on NETSCOUT’s Smart Data technology, it transforms raw packet data into actionable intelligence in real time, enabling security teams to detect, investigate, and mitigate threats across hybrid cloud, data center, and edge environments. Omnis Security delivers continuous, packet-level visibility across the entire infrastructure, eliminating blind spots and enabling deep forensic analysis. Its analytics engine correlates network telemetry with threat intelligence to surface both known and unknown threats, including zero-day exploits and lateral movement. Adaptive Threat Analytics power thorough threat investigation workflows reduce mean time to detect and respond, while full-fidelity packet capture supports retrospective analysis and compliance requirements. Designed for scalability and operational efficiency, Omnis Security integrates seamlessly with leading SIEM and SOAR platforms, including Splunk, IBM QRadar, and Palo Alto Networks Cortex XSOAR. This integration enables security teams to enrich alerts with high-fidelity network context, automate incident response actions, and orchestrate workflows across the broader security stack—enhancing both detection accuracy and response speed. For practitioners defending complex, distributed environments, NETSCOUT Omnis Security delivers the visibility, intelligence, and interoperability needed to stay ahead of advanced threats and streamline security operations. Products included in this solution are: - Omnis Cyber Intelligence - Omnis CyberStream - nGenius Decryption Appliance **Average Rating:** 4.6/5.0 **Total Reviews:** 11 **How Do G2 Users Rate NETSCOUT Network Security?** - **Quality of Support:** 10.0/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 10.0/10 (Category avg: 8.6/10) - **Network Visibility:** 10.0/10 (Category avg: 8.8/10) **Who Is the Company Behind NETSCOUT Network Security?** - **Seller:** [NETSCOUT](https://www.g2.com/sellers/netscout) - **Company Website:** https://www.netscout.com - **Year Founded:** 1984 - **HQ Location:** Westford, Mass. - **Twitter:** @NETSCOUT (13,759 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/netscout/ (2,692 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 55% Enterprise, 27% Mid-Market #### What Are NETSCOUT Network Security's Pros and Cons? **Pros:** - Artificial Intelligence (1 reviews) ### What Do G2 Reviewers Say About NETSCOUT Network Security? *AI-generated summary from verified user reviews* **Pros:** - Users value the **Omnis Cyber security intelligence** of NETSCOUT Network Security for comprehensive and proactive threat detection. #### What Are Recent G2 Reviews of NETSCOUT Network Security? **"[Enhanced Visibility with NETSCOUT Network Security](https://www.g2.com/survey_responses/netscout-network-security-review-11724556)"** **Rating:** 5.0/5.0 stars *— Mauro L.* [Read full review](https://www.g2.com/survey_responses/netscout-network-security-review-11724556) --- **"[Unbeatable DDoS Protection and Total Visibility in Complex Environments](https://www.g2.com/survey_responses/netscout-network-security-review-12097716)"** **Rating:** 5.0/5.0 stars *— Verified User in Business Supplies and Equipment* [Read full review](https://www.g2.com/survey_responses/netscout-network-security-review-12097716) --- ### 9. [Rapid7 Next-Gen SIEM](https://www.g2.com/products/rapid7-next-gen-siem/reviews) Rapid7 InsightIDR is a SaaS SIEM for modern threat detection and response. InsightIDR enables security analysts to work more efficiently and effectively, by unifying diverse data sources, providing early and reliable out of the box detections, and delivering rich visual investigations and automation to expedite response. With a lightweight cloud deployment and intuitive UI and onboarding experience, InsightIDR customers recognize an accelerated return on their investment and start seeing valuable insights from Day 1. With InsightIDR, teams can advance their threat detection and response program without adding headcount. **Average Rating:** 4.4/5.0 **Total Reviews:** 67 **How Do G2 Users Rate Rapid7 Next-Gen SIEM?** - **Metadata Enrichment:** 8.3/10 (Category avg: 8.5/10) - **Quality of Support:** 8.9/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 8.0/10 (Category avg: 8.6/10) - **Network Visibility:** 9.0/10 (Category avg: 8.8/10) **Who Is the Company Behind Rapid7 Next-Gen SIEM?** - **Seller:** [Rapid7](https://www.g2.com/sellers/rapid7) - **Year Founded:** 2000 - **HQ Location:** Boston, MA - **Twitter:** @rapid7 (124,405 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/39624/ (3,274 employees on LinkedIn®) - **Ownership:** NASDAQ:RPD **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer Software - **Company Size:** 66% Mid-Market, 31% Enterprise #### What Are Rapid7 Next-Gen SIEM's Pros and Cons? **Pros:** - Ease of Use (2 reviews) - Easy Integrations (2 reviews) - Integrations (2 reviews) - Threat Detection (2 reviews) - Visibility (2 reviews) **Cons:** - Limited Features (2 reviews) - Alerting Issues (1 reviews) - Alert Management (1 reviews) - Difficult Customization (1 reviews) - Difficult Setup (1 reviews) ### What Do G2 Reviewers Say About Rapid7 Next-Gen SIEM? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **ease of use** of Rapid7 Next-Gen SIEM, finding implementation and integration straightforward and simple. - Users appreciate the **easy integrations** of Rapid7 Next-Gen SIEM, benefiting from many pre-built connections with third-party tools. - Users appreciate the **easy integrations** with numerous third-party tools, enhancing overall functionality and usability. - Users appreciate the **seamless integration of UEBA and deception tools** for effective threat detection and faster investigations. - Users appreciate the **visibility** Rapid7 Next-Gen SIEM provides through easy log searches and clear alerts. **Cons:** - Users find the **limited features** of Rapid7 Next-Gen SIEM restrictive, especially for alert creation and customization. - Users find the **alerting issues** of Rapid7 Next-Gen SIEM to be limiting and difficult to manage effectively. - Users find the **alert management too limited** , making it challenging to create and configure alerts effectively. - Users find **difficult customization** challenges when creating alerts and setting up pattern-based alerts in Rapid7 Next-Gen SIEM. - Users find the **difficult setup** of Rapid7 Next-Gen SIEM hinders effective alert creation and pattern recognition. #### What Are Recent G2 Reviews of Rapid7 Next-Gen SIEM? **"[Easiest SIEM Implementation with Transparent Pricing](https://www.g2.com/survey_responses/rapid7-next-gen-siem-review-12182908)"** **Rating:** 5.0/5.0 stars *— Joevanne V.* [Read full review](https://www.g2.com/survey_responses/rapid7-next-gen-siem-review-12182908) --- **"[Intuitive, High-Performance SIEM with Great Support and Cost-Effective Value](https://www.g2.com/survey_responses/rapid7-next-gen-siem-review-12711350)"** **Rating:** 4.5/5.0 stars *— Nihal J.* [Read full review](https://www.g2.com/survey_responses/rapid7-next-gen-siem-review-12711350) --- #### What Are G2 Users Discussing About Rapid7 Next-Gen SIEM? - [What is InsightIDR used for?](https://www.g2.com/discussions/what-is-insightidr-used-for) - [What is rapid7 InsightVM?](https://www.g2.com/discussions/what-is-rapid7-insightvm) - [Is rapid7 a SIEM?](https://www.g2.com/discussions/is-rapid7-a-siem) - [What is rapid7 used for?](https://www.g2.com/discussions/insightidr-what-is-rapid7-used-for) - [What is InsightIDR?](https://www.g2.com/discussions/what-is-insightidr) ### 10. [Blumira Automated Detection & Response](https://www.g2.com/products/blumira-automated-detection-response/reviews) Blumira is an integrated security operations platform built for growing teams and the partners supporting them to gain complete visibility into their environment, identify and address risk faster, and deliver advanced security and compliance. The platform includes: - Managed Detections for automated threat hunting to identify attacks early - AI Investigation with 98.5% accurate, human-in-the-loop triage validated against real cases - Rapid Response with automation and 1-click actions to contain and block threats immediately - One Year of Data Retention with unlimited log ingestion to satisfy compliance requirements - Advanced Reporting and dashboards for forensics and easy investigation - Endpoint & Identity Protection (EDR/ITDR) for real-time remediation across devices and users - 24/7 Security Operations support for critical priority issues **Average Rating:** 4.6/5.0 **Total Reviews:** 122 **How Do G2 Users Rate Blumira Automated Detection & Response?** - **Metadata Enrichment:** 6.7/10 (Category avg: 8.5/10) - **Quality of Support:** 9.5/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 8.9/10 (Category avg: 8.6/10) - **Network Visibility:** 7.9/10 (Category avg: 8.8/10) **Who Is the Company Behind Blumira Automated Detection & Response?** - **Seller:** [Blumira](https://www.g2.com/sellers/blumira) - **Company Website:** https://www.blumira.com - **Year Founded:** 2018 - **HQ Location:** Ann Arbor, Michigan - **Twitter:** @blumira (1 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/blumira/ (67 employees on LinkedIn®) **Who Uses This Product?** - **Who Uses This:** IT Manager - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 51% Mid-Market, 36% Small-Business #### What Are Blumira Automated Detection & Response's Pros and Cons? **Pros:** - Ease of Use (33 reviews) - Customer Support (20 reviews) - Setup Ease (20 reviews) - Alerting (16 reviews) - Alert Management (16 reviews) **Cons:** - Limited Customization (11 reviews) - Alert System (7 reviews) - Expensive (6 reviews) - Faulty Detection (6 reviews) - Inefficient Alert System (6 reviews) ### What Do G2 Reviewers Say About Blumira Automated Detection & Response? *AI-generated summary from verified user reviews* **Pros:** - Users value the **ease of use** of Blumira Automated Detection & Response, highlighting its simple workflows and effective support. - Users appreciate the **terrific customer support** of Blumira, enhancing security understanding and simplifying integration processes. - Users appreciate the **easy setup** of Blumira, valuing the quick integration with essential services and support. - Users value the **timely and clear email alerts** from Blumira, enhancing security awareness and response efforts. - Users value the **clear and effective email alerts** from Blumira, enhancing security awareness and response capabilities. **Cons:** - Users desire **greater customization** in workflows and rules, feeling the current options lack flexibility for unique needs. - Users find the **false positive alerts** to be frustrating, often wasting time and causing unnecessary stress. - Users find Blumira Automated Detection & Response to be **prohibitively expensive** , limiting its accessibility for some customers. - Users report issues with **faulty detection** , including frustrating false positives that waste time and require manual review. - Users face an **inefficient alert system** with frequent false positives, causing frustration and wasted time in response efforts. #### What Are Recent G2 Reviews of Blumira Automated Detection & Response? **"[Breeze From Sales to Onboarding With an Intuitive, Easy-to-Configure UI](https://www.g2.com/survey_responses/blumira-automated-detection-response-review-12984186)"** **Rating:** 5.0/5.0 stars *— Blake C.* [Read full review](https://www.g2.com/survey_responses/blumira-automated-detection-response-review-12984186) --- **"[A well-rounded detection system with fantastic support](https://www.g2.com/survey_responses/blumira-automated-detection-response-review-10479545)"** **Rating:** 5.0/5.0 stars *— Jeremy A.* [Read full review](https://www.g2.com/survey_responses/blumira-automated-detection-response-review-10479545) --- #### What Are G2 Users Discussing About Blumira Automated Detection & Response? - [What are the benefits and drawbacks of using Blumira for threat detection?](https://www.g2.com/discussions/what-are-the-benefits-and-drawbacks-of-using-blumira-for-threat-detection) - [What is cloud SIEM?](https://www.g2.com/discussions/what-is-cloud-siem) - [What does the term Siem stand for?](https://www.g2.com/discussions/what-does-the-term-siem-stand-for) - [What does Blumira do?](https://www.g2.com/discussions/what-does-blumira-do) - [What is Blumira automated detection & response?](https://www.g2.com/discussions/what-is-blumira-automated-detection-response) ### 11. [Cisco Secure Network Analytics](https://www.g2.com/products/cisco-secure-network-analytics/reviews) Stealthwatch is the only solution that detects threats across your private network, public clouds, and even in encrypted traffic. **Average Rating:** 4.4/5.0 **Total Reviews:** 31 **How Do G2 Users Rate Cisco Secure Network Analytics?** - **Metadata Enrichment:** 8.9/10 (Category avg: 8.5/10) - **Quality of Support:** 8.9/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 10.0/10 (Category avg: 8.6/10) - **Network Visibility:** 9.7/10 (Category avg: 8.8/10) **Who Is the Company Behind Cisco Secure Network Analytics?** - **Seller:** [Cisco](https://www.g2.com/sellers/cisco) - **Year Founded:** 1984 - **HQ Location:** San Jose, CA - **Twitter:** @Cisco (720,366 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/cisco/ (95,545 employees on LinkedIn®) - **Ownership:** NASDAQ:CSCO **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 52% Enterprise, 33% Small-Business #### What Are Recent G2 Reviews of Cisco Secure Network Analytics? **"[Great network analytics tool by Cisco](https://www.g2.com/survey_responses/cisco-secure-network-analytics-review-8647472)"** **Rating:** 4.5/5.0 stars *— Verified User in Information Technology and Services* [Read full review](https://www.g2.com/survey_responses/cisco-secure-network-analytics-review-8647472) --- **"[Cisco Secure Network Review](https://www.g2.com/survey_responses/cisco-secure-network-analytics-review-8728642)"** **Rating:** 5.0/5.0 stars *— Harsh P.* [Read full review](https://www.g2.com/survey_responses/cisco-secure-network-analytics-review-8728642) --- ### 12. [NetWitness Platform](https://www.g2.com/products/netwitness-platform/reviews) NetWitness is a comprehensive threat detection, investigation and response platform that combines visibility, analytics, insight, and automation into a single solution. It collects and analyzes data across all capture points (logs, packets, netflow, endpoint and IoT) and computing platforms (physical, virtual and cloud), enriching data with threat intelligence and business context. **Average Rating:** 3.9/5.0 **Total Reviews:** 23 **How Do G2 Users Rate NetWitness Platform?** - **Metadata Enrichment:** 8.3/10 (Category avg: 8.5/10) - **Quality of Support:** 7.6/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 6.7/10 (Category avg: 8.6/10) - **Network Visibility:** 8.3/10 (Category avg: 8.8/10) **Who Is the Company Behind NetWitness Platform?** - **Seller:** [NetWitness](https://www.g2.com/sellers/netwitness) - **Year Founded:** 1997 - **HQ Location:** Bedford, MA - **Twitter:** @Netwitness (1,621 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/netwitness-platform/ (194 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 54% Enterprise, 33% Mid-Market #### What Are NetWitness Platform's Pros and Cons? **Pros:** - Centralized Management (1 reviews) - Cybersecurity (1 reviews) - Features (1 reviews) - Investigation (1 reviews) - Management Console (1 reviews) **Cons:** - Complex Implementation (2 reviews) - Complexity (2 reviews) - Complex Setup (2 reviews) - Deployment Difficulties (2 reviews) - Expertise Required (2 reviews) ### What Do G2 Reviewers Say About NetWitness Platform? *AI-generated summary from verified user reviews* **Pros:** - Users value the **centralized management** of NetWitness Platform, which streamlines threat hunting across various data sources. - Users value the **integrated security capabilities** of NetWitness Platform, simplifying threat hunting across various data sources. - Users appreciate the **packet capture and replay capabilities** of NetWitness Platform for thorough forensic investigations. - Users value the **deep forensic investigation capabilities** of NetWitness Platform, especially its packet capture and session replay features. - Users value the **centralized view and comprehensive capabilities** of the Management Console for efficient threat hunting. **Cons:** - Users experience **complex implementation** challenges, often needing significant expertise for initial setup and upgrades. - Users find the **complexity of initial deployment** to be a challenge, often needing considerable technical expertise and stability during upgrades. - Users find the **complex setup** of the NetWitness Platform challenging, often needing extensive technical expertise for deployment. - Users report **deployment difficulties** , citing complex initial setups and challenging upgrades that demand significant technical expertise. - Users find the **expertise required** for initial deployment and upgrades to be a significant barrier to use. #### What Are Recent G2 Reviews of NetWitness Platform? **"[A Powerhouse in Endpoint, Network, and SIEM Integration.](https://www.g2.com/survey_responses/netwitness-platform-review-11524038)"** **Rating:** 4.0/5.0 stars *— pushpendra Y.* [Read full review](https://www.g2.com/survey_responses/netwitness-platform-review-11524038) --- **"[All-in-One Security Console for Centralized Threat Hunting](https://www.g2.com/survey_responses/netwitness-platform-review-12381089)"** **Rating:** 5.0/5.0 stars *— Verified User in Information Services* [Read full review](https://www.g2.com/survey_responses/netwitness-platform-review-12381089) --- #### What Are G2 Users Discussing About NetWitness Platform? - [What is one of the biggest differentiators for RSA NetWitness platform?](https://www.g2.com/discussions/what-is-one-of-the-biggest-differentiators-for-rsa-netwitness-platform) - [What types of data can the RSA NetWitness platform capture and process?](https://www.g2.com/discussions/what-types-of-data-can-the-rsa-netwitness-platform-capture-and-process) - [What is NetWitness used for?](https://www.g2.com/discussions/what-is-netwitness-used-for) - 1 comment - [What does RSA NetWitness do?](https://www.g2.com/discussions/what-does-rsa-netwitness-do) ### 13. [Corelight](https://www.g2.com/products/corelight/reviews) Corelight's Open Network Detection and Response (NDR) Platform improves network detection coverage, accelerates incident response, and reduces operational costs by consolidating NDR, intrusion detection (IDS), and PCAP functionality in a single solution and by providing security analysts with machine learning-assisted investigations and one-click-pivots from prioritized alerts to the evidence needed to investigate and remediate them. Network Detection and Response platforms monitor and analyze network traffic, delivering telemetry into existing SIEM, XDR, or SaaS-based solutions. Corelight’s platform is unique because our detections and visibility engineering are community driven—with continuous content creation from Zeek®, Suricata IDS, and other Intel communities. And our integration with CrowdStrike XDR enables cross platform (EDR+NDR) analytics. This provides you with the most complete network visibility, powerful analytics, and threat hunting capabilities, and accelerates investigation across your entire kill chain. Corelight also delivers a comprehensive suite of network security analytics that help organizations identify more than 75 adversarial TTPs across the MITRE ATT&CK® spectrum including Exfiltration, Command and Control (C2), and Lateral Movement. These detections reveal known and unknown threats via hundreds of unique insights and alerts across machine learning, behavioral analysis, and signature-based approaches. CORELIGHT PRODUCTS + SERVICES Open NDR Platform Appliance, Cloud, Software, Virtual and SaaS Sensors IDS Fleet Manager Investigator Threat Hunting Platform Smart PCAP Corelight Training CERTIFICATIONS FIPS 140-2 **Average Rating:** 4.6/5.0 **Total Reviews:** 20 **How Do G2 Users Rate Corelight?** - **Metadata Enrichment:** 8.6/10 (Category avg: 8.5/10) - **Quality of Support:** 9.1/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 9.0/10 (Category avg: 8.6/10) - **Network Visibility:** 9.1/10 (Category avg: 8.8/10) **Who Is the Company Behind Corelight?** - **Seller:** [Corelight](https://www.g2.com/sellers/corelight) - **Year Founded:** 2013 - **HQ Location:** San Francisco, CA - **Twitter:** @corelight_inc (4,227 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/corelight (474 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 50% Enterprise, 50% Mid-Market #### What Are Corelight's Pros and Cons? **Pros:** - Comprehensive Security (2 reviews) - Cybersecurity (2 reviews) - Network Security (2 reviews) - Security (2 reviews) - Security Features (2 reviews) **Cons:** - Complex Coding (2 reviews) - Complex Configuration (2 reviews) - Complexity (2 reviews) - Complex Setup (2 reviews) - Learning Curve (2 reviews) ### What Do G2 Reviewers Say About Corelight? *AI-generated summary from verified user reviews* **Pros:** - Users praise Corelight for its **comprehensive security** , effectively identifying threats and enhancing network safety through excellent telemetry. - Users commend Corelight for its **excellent network telemetry** , enabling clear presentation and detection of security events. - Users value the **great network telemetry** of Corelight, making security events easy to understand and manage. - Users value the **excellent security network telemetry** of Corelight, enabling easy detection of threats and issues. - Users value Corelight's **network telemetry and security features** , enhancing event comprehension and threat detection effectively. **Cons:** - Users find Corelight's setup and management **complex** , making it challenging for novice security analysts to utilize effectively. - Users find Corelight's setup to be **complex and challenging** , often requiring specialized knowledge for effective management. - Users find Corelight **complex to set up and manage** , making it challenging for novice security analysts to use effectively. - Users find Corelight's **complex setup** challenging, particularly for novice security analysts needing extensive training. - Users find that Corelight has a **steep learning curve** , making it challenging for novice security analysts to use effectively. #### What Are Recent G2 Reviews of Corelight? **"[Corelight the Threat Hunters](https://www.g2.com/survey_responses/corelight-review-11196044)"** **Rating:** 4.5/5.0 stars *— Andy V.* [Read full review](https://www.g2.com/survey_responses/corelight-review-11196044) --- **"[Best NDR solution Guardians of Network](https://www.g2.com/survey_responses/corelight-review-8692252)"** **Rating:** 5.0/5.0 stars *— Aman P.* [Read full review](https://www.g2.com/survey_responses/corelight-review-8692252) --- ### 14. [ManageEngine ADAudit Plus](https://www.g2.com/products/manageengine-adaudit-plus/reviews) ADAudit Plus is a UBA-driven auditor that helps keep your AD, Azure AD, file systems (including Windows, NetApp, EMC, Synology, Hitachi, and Huawei), Windows servers, and workstations secure and compliant. ADAudit Plus transforms raw and noisy event log data into real-time reports and alerts, enabling you to get full visibility into activities happening across your Windows Server ecosystem in just a few clicks. More than 10,000 organizations across the world trust ADAudit Plus to: 1. Instantly notify them about changes in their Windows Server environments. 2. Continuously track Windows user logon activity. 3. Monitor the active and idle time spent by employees at their workstations. 4. Detect and troubleshoot AD account lockouts. 5. Provide a consolidated audit trail of privileged user activities across their domains. 6. Track changes and sign-ins in Azure AD. 7. Audit file accesses across Windows, NetApp, EMC, Synology, Hitachi, and Huawei file systems. 8. Monitor file integrity across local files residing on Windows systems. 9. Mitigate insider threats by leveraging UBA and response automation. 10. Generate audit-ready compliance reports for SOX, the GDPR, and other IT mandates. **Average Rating:** 4.6/5.0 **Total Reviews:** 43 **How Do G2 Users Rate ManageEngine ADAudit Plus?** - **Metadata Enrichment:** 5.8/10 (Category avg: 8.5/10) - **Quality of Support:** 7.9/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 6.7/10 (Category avg: 8.6/10) - **Network Visibility:** 5.8/10 (Category avg: 8.8/10) **Who Is the Company Behind ManageEngine ADAudit Plus?** - **Seller:** [Zoho](https://www.g2.com/sellers/zoho-b00ca9d5-bca8-41b5-a8ad-275480841704) - **Year Founded:** 1996 - **HQ Location:** Austin, TX - **Twitter:** @Zoho (137,880 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/38373/ (30,766 employees on LinkedIn®) - **Phone:** +1 (888) 900-9646 **Who Uses This Product?** - **Top Industries:** Information Technology and Services - **Company Size:** 52% Mid-Market, 39% Enterprise #### What Are ManageEngine ADAudit Plus's Pros and Cons? **Pros:** - Reporting (3 reviews) - Dashboard Usability (2 reviews) - Features (2 reviews) - Dashboard Design (1 reviews) - Detailed Information (1 reviews) **Cons:** - Alert Management (1 reviews) - Data Overload (1 reviews) - Expensive (1 reviews) - False Positives (1 reviews) - High Resource Usage (1 reviews) ### What Do G2 Reviewers Say About ManageEngine ADAudit Plus? *AI-generated summary from verified user reviews* **Pros:** - Users value the **in-depth reporting capabilities** of ManageEngine ADAudit Plus, enhancing visibility into their AD environments. - Users enjoy the **intuitive dashboard usability** of ManageEngine ADAudit Plus, making navigation and report access seamless. - Users appreciate the **user-friendly setup and robust reporting features** of ManageEngine ADAudit Plus for Active Directory management. - Users value the **insightful dashboard design** of ADAudit Plus, enabling effective monitoring and detailed reporting in Active Directory. - Users appreciate the **robust reporting options** in ADAudit Plus, providing valuable insights into their Active Directory environment. **Cons:** - Users find the limited **severity levels for alerts** restrictive, complicating the customization of notifications in ADAudit Plus. - Users find the **data overload** daunting, making report location challenging without prior knowledge, despite a helpful search feature. - Users find the product **expensive** , indicating that the cost may outweigh the quality of support received. - Users experience some **false positives** when attempting to locate reports, although a search feature helps alleviate this issue. - Users have concerns about the **high resource usage** of ManageEngine ADAudit Plus, impacting system performance. #### What Are Recent G2 Reviews of ManageEngine ADAudit Plus? **"[Makes Active Directory Auditing Clear with Instant Alerts and Ready-to-Use Compliance Reports](https://www.g2.com/survey_responses/manageengine-adaudit-plus-review-12992989)"** **Rating:** 5.0/5.0 stars *— Jeffrey C.* [Read full review](https://www.g2.com/survey_responses/manageengine-adaudit-plus-review-12992989) --- **"[A reliable AD auditing tool that's saved us real time](https://www.g2.com/survey_responses/manageengine-adaudit-plus-review-8214651)"** **Rating:** 5.0/5.0 stars *— Arvind K.* [Read full review](https://www.g2.com/survey_responses/manageengine-adaudit-plus-review-8214651) --- #### What Are G2 Users Discussing About ManageEngine ADAudit Plus? - [What does AD audit do?](https://www.g2.com/discussions/what-does-ad-audit-do) - [Is Ad audit plus a SIEM?](https://www.g2.com/discussions/is-ad-audit-plus-a-siem) - [What is ManageEngine Audit Plus?](https://www.g2.com/discussions/what-is-manageengine-audit-plus) - [What does ADAudit plus do?](https://www.g2.com/discussions/what-does-adaudit-plus-do) ### 15. [Cisco Adaptive Wireless IPS Software](https://www.g2.com/products/cisco-adaptive-wireless-ips-software/reviews) Cisco Adaptive Wireless Intrusion Prevention System (IPS) offers advanced network security for dedicated monitoring and detection of wireless network anomalies, unauthorized access, and RF attacks. Fully integrated with the Cisco Unified Wireless Network, this solution delivers integrated visibility and control across the network, without the need for an overlay solution. **Average Rating:** 4.3/5.0 **Total Reviews:** 16 **How Do G2 Users Rate Cisco Adaptive Wireless IPS Software?** - **Metadata Enrichment:** 8.5/10 (Category avg: 8.5/10) - **Quality of Support:** 8.2/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 8.3/10 (Category avg: 8.6/10) - **Network Visibility:** 8.7/10 (Category avg: 8.8/10) **Who Is the Company Behind Cisco Adaptive Wireless IPS Software?** - **Seller:** [Cisco](https://www.g2.com/sellers/cisco) - **Year Founded:** 1984 - **HQ Location:** San Jose, CA - **Twitter:** @Cisco (720,366 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/cisco/ (95,545 employees on LinkedIn®) - **Ownership:** NASDAQ:CSCO **Who Uses This Product?** - **Company Size:** 63% Mid-Market, 25% Enterprise #### What Are Recent G2 Reviews of Cisco Adaptive Wireless IPS Software? **"[Securing Wireless Networks with Cisco Adaptive Wireless IPS](https://www.g2.com/survey_responses/cisco-adaptive-wireless-ips-software-review-9025295)"** **Rating:** 4.5/5.0 stars *— umesh s.* [Read full review](https://www.g2.com/survey_responses/cisco-adaptive-wireless-ips-software-review-9025295) --- **"[Cisco Adaptive Wireless IPS Software.](https://www.g2.com/survey_responses/cisco-adaptive-wireless-ips-software-review-9051686)"** **Rating:** 5.0/5.0 stars *— Varun Preet S.* [Read full review](https://www.g2.com/survey_responses/cisco-adaptive-wireless-ips-software-review-9051686) --- ### 16. [guardsix](https://www.g2.com/products/guardsix/reviews) guardsix is a comprehensive cybersecurity solution designed specifically for Managed Security Service Providers (MSSPs) and Critical National Infrastructure Providers (CNI). guardsix command center, a unified SecOps platform, enables organizations to effectively detect cyberattacks while ensuring compliance with various data regulations. By offering a robust framework for monitoring and managing security events, guardsix addresses the increasing need for advanced threat detection and regulatory adherence in today’s complex digital landscape. guardsix command center stands out by providing complete visibility across IT environments through the integration of multiple security technologies, including Security Information and Event Management (SIEM), Network Detection and Response (NDR), and Security Orchestration, Automation, and Response (SOAR). This integration allows organizations to monitor their systems holistically, ensuring that potential threats are identified and addressed promptly. Additionally, guardsix employs hypergraph technology, which connects detections from diverse sources, enabling users to determine whether an incident is part of a more extensive attack. This capability enhances situational awareness and improves incident response times. One of the key advantages of guardsix is its open, vendor- and platform-agnostic nature, allowing users to choose how and from where to ingest data. This flexibility is crucial for organizations that operate in heterogeneous environments, as it enables them to tailor their security solutions to fit their specific needs. Furthermore, guardsix automatically normalizes data into a common taxonomy, simplifying the analysis and utilization of ingested information. This feature ensures that users can easily derive insights from their data, regardless of its original format or source. guardsix also prioritizes compliance with major regulatory frameworks, including NIS2, Schrems II, HIPAA, GDPR, PCI-DSS, and SOX. By providing centralized logging and reporting capabilities, the platform facilitates adherence to security guidelines such as CERT-In, SOC 2 Type II, and ISO27001. This focus on compliance not only helps organizations avoid potential legal pitfalls but also enhances their overall security posture by ensuring that they meet industry standards and best practices. In summary, guardsix is a versatile cybersecurity solution that empowers MSSPs and CNI providers to detect threats effectively while maintaining compliance with regulatory requirements. Its integration of essential security technologies, flexible data ingestion options, and emphasis on compliance make it a valuable asset for organizations looking to strengthen their cybersecurity defenses. **Average Rating:** 4.3/5.0 **Total Reviews:** 105 **How Do G2 Users Rate guardsix?** - **Metadata Enrichment:** 8.9/10 (Category avg: 8.5/10) - **Quality of Support:** 9.0/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 8.6/10 (Category avg: 8.6/10) - **Network Visibility:** 9.3/10 (Category avg: 8.8/10) **Who Is the Company Behind guardsix?** - **Seller:** [guardsix](https://www.g2.com/sellers/guardsix) - **Company Website:** https://guardsix.com/ - **Year Founded:** 2001 - **HQ Location:** Copenhagen, Capital Region - **LinkedIn® Page:** https://linkedin.com/company/guardsix (117 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Computer & Network Security, Information Technology and Services - **Company Size:** 44% Mid-Market, 31% Small-Business #### What Are guardsix's Pros and Cons? **Pros:** - Ease of Use (8 reviews) - Log Management (5 reviews) - Customer Support (4 reviews) - Easy Integrations (4 reviews) - Efficiency (4 reviews) **Cons:** - Poor Interface Design (3 reviews) - UX Improvement (3 reviews) - Complexity (2 reviews) - Confusing Interface (2 reviews) - Information Deficiency (2 reviews) ### What Do G2 Reviewers Say About guardsix? *AI-generated summary from verified user reviews* **Pros:** - Users appreciate the **ease of use** of Guardsix, finding it simple to learn and operate effectively. - Users value the **simplicity and ease of use** of Log Management in LogPoint, enhancing their overall experience. - Users commend the **excellent customer support** of Logpoint, ensuring rapid responses and satisfaction across various industries. - Users value the **easy integrations** with existing tools, enhancing compatibility and adaptability in their tech ecosystems. - Users appreciate the **efficiency** of Logpoint, enabling effortless investigations and streamlined incident management across diverse systems. **Cons:** - Users find the **poor interface design** of Guardsix frustrating, as it complicates user experience and functionality. - Users find the **UX improvement** necessary due to poor log presentation and a slow, confusing interface. - Users find the **complex interface** of guardsix challenging, though improvements are expected in the future. - Users find the **confusing interface** of guardsix difficult to navigate, impacting their overall experience. - Users feel there is a lack of **technical information** to aid in optimal device design and comparison with competitors. #### What Are Recent G2 Reviews of guardsix? **"[Context-Driven SIEM That Enhances Incident Response](https://www.g2.com/survey_responses/guardsix-review-11985484)"** **Rating:** 4.5/5.0 stars *— Simon A.* [Read full review](https://www.g2.com/survey_responses/guardsix-review-11985484) --- **"[Review](https://www.g2.com/survey_responses/guardsix-review-11378057)"** **Rating:** 4.0/5.0 stars *— Ronny K.* [Read full review](https://www.g2.com/survey_responses/guardsix-review-11378057) --- #### What Are G2 Users Discussing About guardsix? - [What is your experience with Logpoint for SIEM, and what do you recommend for new users?](https://www.g2.com/discussions/what-is-your-experience-with-logpoint-for-siem-and-what-do-you-recommend-for-new-users) - [What is LogPoint used for?](https://www.g2.com/discussions/what-is-logpoint-used-for) ### 17. [Arista NDR](https://www.g2.com/products/arista-ndr/reviews) Arista NDR is the only advanced network traffic analysis company that delivers a privacy-aware solution capable of detecting and visualizing behavioral, mal-intent and compliance incidents with full forensics context. Powered by Ava, Arista's security expert system, the Arista NDR Platform combines federated machine learning, threat intelligence and human expertise. The platform analyzes billions of communications to autonomously discover, profile and classify every device, user and application on any network. Through automated hunting and investigation, Arista NDR uncovers malicious intent from insiders and external attackers alike. The company is ranked #1 for time to value because of its frictionless approach that delivers answers rather than alerts. **Average Rating:** 4.3/5.0 **Total Reviews:** 21 **How Do G2 Users Rate Arista NDR?** - **Metadata Enrichment:** 8.1/10 (Category avg: 8.5/10) - **Quality of Support:** 8.3/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 8.2/10 (Category avg: 8.6/10) - **Network Visibility:** 8.7/10 (Category avg: 8.8/10) **Who Is the Company Behind Arista NDR?** - **Seller:** [Arista Networks](https://www.g2.com/sellers/arista-networks-39d4d864-54b5-4f9b-bebc-dc5cf72757ca) - **Year Founded:** 2004 - **HQ Location:** Santa Clara, US - **Twitter:** @arista_channels (2,437 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/80069/ (5,642 employees on LinkedIn®) - **Ownership:** NYSE:ANET **Who Uses This Product?** - **Top Industries:** Information Technology and Services - **Company Size:** 38% Small-Business, 38% Mid-Market #### What Are Recent G2 Reviews of Arista NDR? **"[Very much helpful in protection of company data.](https://www.g2.com/survey_responses/arista-ndr-review-9915133)"** **Rating:** 5.0/5.0 stars *— Grenvill G.* [Read full review](https://www.g2.com/survey_responses/arista-ndr-review-9915133) --- **"[Network traffic and analysis tool. Prevent, Detect and threads with Arista NDR .](https://www.g2.com/survey_responses/arista-ndr-review-8816146)"** **Rating:** 4.5/5.0 stars *— NavNeet S.* [Read full review](https://www.g2.com/survey_responses/arista-ndr-review-8816146) --- ### 18. [Vectra AI Platform](https://www.g2.com/products/vectra-ai-platform/reviews) The Vectra AI Platform helps security teams detect and stop real attacks that evade traditional security controls across network, identity, cloud, and SaaS environments. It provides real-time visibility into how attackers move through hybrid and multi-cloud environments, enabling teams to understand attack activity early and respond before incidents escalate. By correlating attacker behavior across the full attack lifecycle, the platform reduces alert noise and surfaces high-confidence threats that matter most. Analysts spend less time triaging isolated alerts and more time investigating complete attack stories with the context needed to take decisive action. Vectra AI unifies detection, investigation, and coordinated response across identity, endpoint, and network controls. Its approach is aligned with real-world defensive techniques, reflected in the highest number of vendor references in MITRE D3FEND and recognition as a Leader in the 2025 Gartner® Magic Quadrant™ for Network Detection and Response. Organizations worldwide rely on Vectra AI to detect attacks others miss and demonstrate measurable improvements in security operations. **Average Rating:** 4.3/5.0 **Total Reviews:** 20 **How Do G2 Users Rate Vectra AI Platform?** - **Metadata Enrichment:** 10.0/10 (Category avg: 8.5/10) - **Quality of Support:** 8.2/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 10.0/10 (Category avg: 8.6/10) - **Network Visibility:** 10.0/10 (Category avg: 8.8/10) **Who Is the Company Behind Vectra AI Platform?** - **Seller:** [Vectra AI](https://www.g2.com/sellers/vectra-ai) - **Year Founded:** 2011 - **HQ Location:** San Jose, CA - **Twitter:** @Vectra_AI (3,269 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/1229716/ (662 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services - **Company Size:** 75% Enterprise, 15% Mid-Market #### What Are Vectra AI Platform's Pros and Cons? **Pros:** - Ease of Understanding (1 reviews) - Ease of Use (1 reviews) ### What Do G2 Reviewers Say About Vectra AI Platform? *AI-generated summary from verified user reviews* **Pros:** - Users find the **ease of understanding** with Vectra AI Platform enhances their learning and overall usability experience. - Users value the **ease of use** of Vectra AI Platform, finding it simple to navigate and learn. #### What Are Recent G2 Reviews of Vectra AI Platform? **"[Vectra AI: Fast, Insightful Threat Detection with Strong M365 and Azure AD Integration](https://www.g2.com/survey_responses/vectra-ai-platform-review-12581259)"** **Rating:** 5.0/5.0 stars *— Verified User in Manufacturing* [Read full review](https://www.g2.com/survey_responses/vectra-ai-platform-review-12581259) --- **"[Easy to Learn, Clear, and Truly Helpfulclear use of product](https://www.g2.com/survey_responses/vectra-ai-platform-review-12098311)"** **Rating:** 4.0/5.0 stars *— Verified User in Higher Education* [Read full review](https://www.g2.com/survey_responses/vectra-ai-platform-review-12098311) --- ### 19. [B1 Platform by CloudCover](https://www.g2.com/products/b1-platform-by-cloudcover/reviews) A network security platform, years in the making, leveraging mathematics to continuously learn, predict, and defend against attacks. **Average Rating:** 4.6/5.0 **Total Reviews:** 43 **How Do G2 Users Rate B1 Platform by CloudCover?** - **Metadata Enrichment:** 8.5/10 (Category avg: 8.5/10) - **Quality of Support:** 8.4/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 8.3/10 (Category avg: 8.6/10) - **Network Visibility:** 8.3/10 (Category avg: 8.8/10) **Who Is the Company Behind B1 Platform by CloudCover?** - **Seller:** [CloudCover, Inc.](https://www.g2.com/sellers/cloudcover-inc) - **Year Founded:** 2007 - **HQ Location:** Minneapolis, US - **LinkedIn® Page:** https://www.linkedin.com/company/1642753 (15 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services, Computer & Network Security - **Company Size:** 39% Small-Business, 39% Mid-Market #### What Are Recent G2 Reviews of B1 Platform by CloudCover? **"[Top-Notch Support and a Solid, Reliable CloudCover Experience](https://www.g2.com/survey_responses/b1-platform-by-cloudcover-review-12676357)"** **Rating:** 4.0/5.0 stars *— Verified User in Higher Education* [Read full review](https://www.g2.com/survey_responses/b1-platform-by-cloudcover-review-12676357) --- **"[Secure, Easy-to-Use Platform That Protects Information Well](https://www.g2.com/survey_responses/b1-platform-by-cloudcover-review-12695111)"** **Rating:** 5.0/5.0 stars *— Beth O.* [Read full review](https://www.g2.com/survey_responses/b1-platform-by-cloudcover-review-12695111) --- #### What Are G2 Users Discussing About B1 Platform by CloudCover? - [What is B1 Platform by CloudCover used for?](https://www.g2.com/discussions/what-is-b1-platform-by-cloudcover-used-for) ### 20. [CyberShark SOC-as-a-Service](https://www.g2.com/products/cybershark-soc-as-a-service/reviews) CyberShark is a Security Operations Center as a Service (SOCaaS) solution designed to provide organizations with comprehensive cybersecurity monitoring and management. It offers real-time threat detection, incident response, and continuous security analysis to safeguard against evolving cyber threats. Key Features and Functionality: - 24/7 Monitoring: Continuous surveillance of networks and systems to detect and respond to security incidents promptly. - Threat Intelligence: Utilization of advanced analytics and threat intelligence to identify and mitigate potential risks. - Incident Response: Rapid response mechanisms to address and neutralize security breaches effectively. - Compliance Management: Assistance in meeting regulatory requirements and maintaining compliance through detailed reporting and analysis. - Scalability: Flexible solutions that can be tailored to fit the needs of businesses of various sizes and industries. Primary Value and Problem Solved: CyberShark addresses the critical need for robust cybersecurity by providing organizations with a cost-effective and efficient SOCaaS solution. It eliminates the necessity for in-house security operations centers, reducing overhead costs and resource allocation. By offering continuous monitoring and rapid incident response, CyberShark enhances an organization's security posture, ensuring protection against cyber threats and aiding in regulatory compliance. **Average Rating:** 4.1/5.0 **Total Reviews:** 24 **How Do G2 Users Rate CyberShark SOC-as-a-Service?** - **Metadata Enrichment:** 7.8/10 (Category avg: 8.5/10) - **Quality of Support:** 8.4/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 7.8/10 (Category avg: 8.6/10) - **Network Visibility:** 8.2/10 (Category avg: 8.8/10) **Who Is the Company Behind CyberShark SOC-as-a-Service?** - **Seller:** [BlackStratus](https://www.g2.com/sellers/blackstratus-7a7f354d-d55e-481b-a285-f6ad4a4c05de) - **Year Founded:** 2016 - **HQ Location:** Brookhaven, Mississippi - **Twitter:** @BlackStratusInc (2,325 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/blackstratus-inc-/ (24 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services - **Company Size:** 44% Small-Business, 32% Mid-Market #### What Are Recent G2 Reviews of CyberShark SOC-as-a-Service? **"[Unleash the Shark: Cutting-Edge Software to Secure Your Clients' Digital Oceans](https://www.g2.com/survey_responses/cybershark-soc-as-a-service-review-9832007)"** **Rating:** 4.5/5.0 stars *— Verified User in Computer Software* [Read full review](https://www.g2.com/survey_responses/cybershark-soc-as-a-service-review-9832007) --- **"[Super Fantastic](https://www.g2.com/survey_responses/cybershark-soc-as-a-service-review-8788614)"** **Rating:** 4.0/5.0 stars *— Omkar B.* [Read full review](https://www.g2.com/survey_responses/cybershark-soc-as-a-service-review-8788614) --- ### 21. [Progress Flowmon Platform](https://www.g2.com/products/progress-flowmon-platform/reviews) Flowmon is a professional NPMD tool for effective network troubleshooting, performance monitoring, capacity planning, encrypted traffic analysis and cloud monitoring. Instead of just the red/green infrastructure status, it helps NetOps teams to understand user experience (UX) while keeping the amount of data noise and analytical work to a minimum. The Flowmon solution is a part of the Progress product portfolio. **Average Rating:** 4.2/5.0 **Total Reviews:** 24 **How Do G2 Users Rate Progress Flowmon Platform?** - **Metadata Enrichment:** 8.3/10 (Category avg: 8.5/10) - **Quality of Support:** 8.8/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 7.8/10 (Category avg: 8.6/10) - **Network Visibility:** 7.5/10 (Category avg: 8.8/10) **Who Is the Company Behind Progress Flowmon Platform?** - **Seller:** [Progress Software](https://www.g2.com/sellers/progress-software) - **Year Founded:** 1981 - **HQ Location:** Burlington, MA. - **Twitter:** @ProgressSW (48,773 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/progress-software/ (4,205 employees on LinkedIn®) - **Ownership:** NASDAQ:PRGS **Who Uses This Product?** - **Top Industries:** Information Technology and Services - **Company Size:** 52% Mid-Market, 24% Small-Business #### What Are Recent G2 Reviews of Progress Flowmon Platform? **"[Best Network Marketing tool](https://www.g2.com/survey_responses/progress-flowmon-platform-review-9705657)"** **Rating:** 4.5/5.0 stars *— Bhavesh N.* [Read full review](https://www.g2.com/survey_responses/progress-flowmon-platform-review-9705657) --- **"[Best for real time network traffic monitoring and security](https://www.g2.com/survey_responses/progress-flowmon-platform-review-9562874)"** **Rating:** 4.5/5.0 stars *— Verified User in Computer Software* [Read full review](https://www.g2.com/survey_responses/progress-flowmon-platform-review-9562874) --- #### What Are G2 Users Discussing About Progress Flowmon Platform? - [What is Flowmon Platform used for?](https://www.g2.com/discussions/what-is-flowmon-platform-used-for) ### 22. [Cyber Hawk](https://www.g2.com/products/cyber-hawk/reviews) Cyber Hawk detects the critical changes inside the networks you manage that create risk. Whether caused by hackers, internal bad actors, or honest mistakes, Cyber Hawk will sound the alarm on hard-to-detect critical changes in your network. Avoid the negative consequences of unplanned or unauthorized changes in your IT environment. Catch unauthorized log-in attempts, track suspicious changes to network settings, and identify anomalous user behavior **Average Rating:** 4.0/5.0 **Total Reviews:** 9 **How Do G2 Users Rate Cyber Hawk?** - **Metadata Enrichment:** 9.0/10 (Category avg: 8.5/10) - **Quality of Support:** 7.9/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 8.7/10 (Category avg: 8.6/10) - **Network Visibility:** 9.3/10 (Category avg: 8.8/10) **Who Is the Company Behind Cyber Hawk?** - **Seller:** [Kaseya](https://www.g2.com/sellers/kaseya) - **Year Founded:** 2000 - **HQ Location:** Miami, FL - **Twitter:** @KaseyaCorp (17,411 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/kaseya/ (5,471 employees on LinkedIn®) **Who Uses This Product?** - **Top Industries:** Information Technology and Services - **Company Size:** 44% Mid-Market, 33% Enterprise #### What Are Cyber Hawk's Pros and Cons? **Pros:** - Cloud Security (1 reviews) - Detailed Analysis (1 reviews) - Ease of Use (1 reviews) - Insights (1 reviews) - Monitoring (1 reviews) **Cons:** - Network Issues (1 reviews) - Slow Loading (1 reviews) - Slow Performance (1 reviews) ### What Do G2 Reviewers Say About Cyber Hawk? *AI-generated summary from verified user reviews* **Pros:** - Users value the **cloud-based monitoring** that enhances visibility and improves outcomes for critical asset management. - Users value the **cloud-based monitoring** of Cyber Hawk, enhancing asset inspection and delivering actionable insights for improved results. - Users love the **ease of use** of Cyber Hawk, making threat detection and management straightforward and efficient. - Users value the **actionable insights** from Cyber Hawk, enhancing monitoring and performance at critical industrial assets. - Users value the **cloud-based monitoring** capabilities of Cyber Hawk, enhancing asset management and data insights significantly. **Cons:** - Users report **slow resolution times** for complaint tickets, which can hinder timely problem-solving and satisfaction. - Users experience **slow loading** times, which can hinder the overall effectiveness of Cyber Hawk. - Users experience **slow performance** when it comes to resolving complaint tickets, leading to frustration in addressing issues. #### What Are Recent G2 Reviews of Cyber Hawk? **"[CyberHawk's Solutions](https://www.g2.com/survey_responses/cyber-hawk-review-10304431)"** **Rating:** 5.0/5.0 stars *— Pooja S.* [Read full review](https://www.g2.com/survey_responses/cyber-hawk-review-10304431) --- **"[Cyberhawk: Eagle eye security at your fingertips!](https://www.g2.com/survey_responses/cyber-hawk-review-9926089)"** **Rating:** 4.5/5.0 stars *— Seema S.* [Read full review](https://www.g2.com/survey_responses/cyber-hawk-review-9926089) --- ### 23. [LMNTRIX](https://www.g2.com/products/lmntrix/reviews) LMNTRIX has reimagined cybersecurity, turning the tables in favor of the defenders once again. We have cut out the bloat of SIEM, log analysis and false positives resulting in alert fatigue, and we created new methods for confounding even the most advanced attackers. We believe that in a time of continuous compromise you need continuous response – not incident response. Our approach turns inward and assumes that you’re already breached and that you’re continually going to be breached, so we take a pro-active, offensive, hunting, and adversarial pursuit stance as opposed to a reactive, defensive, legacy stance with analysts staring at a SIEM console wishing they could detect an APT. LMNTRIX Active Defense is a best in class Managed Detection & Response (MDR) service that detects and responds to advanced threats that bypass perimeter controls. We combine deep expertise with cutting-edge technology, leading intelligence, and advanced analytics to detect and investigate threats with great speed, accuracy, and focus. The outcomes we deliver clients are validated breaches that are investigated, contained and remediated. All incidents are aligned to the kill chain and Mitre ATT&CK frameworks and contain detailed investigative actions and recommendations that your organisation follows to protect against the unknown, insider threat and malicious attacker. Active Defense is made up of 3 elements: LMNTRIX GRID (XDR) – This is our cyber defence SaaS platform that provides a new utility model for enterprise security, delivering pervasive visibility, automated threat detection & prevention, threat hunting, investigation, validation and unlimited forensic exploration on-demand and entirely from the cloud. It is a single investigative platform for insights into threats on enterprise, cloud, hybrid, and industrial control systems (ICS) networks. The LMNTRIX Grid delivers unique advantages over current network security solutions. It is a holistic and multi-vector platform with unlimited retention window of full-fidelity network traffic, innovative security visualizations, and the ease and cost-savings of an on-demand deployment model. LMNTRIX Technology Stack –This is our powerful proprietary threat detection stack that is deployed onsite, behind existing controls. It combines multiple threat detection systems, with deceptions everywhere, machine learning, threat intel, correlation, static file analysis, heuristics, and behavior and anomaly detection techniques to find threats in real-time. It decreases alarm fatigue by automatically determining which alerts should be elevated to security events, and reduces false positives by requiring consensus across detection. LMNTRIX Cyber Defense Centers - While these technologies are without peer, what sets us apart from the pack is our team of cybersecurity professionals who continually monitor our clients environments 24x7 while simultaneously hunting threats internally as well as monitoring developments on the deep and dark web. Our CDC's are a global network of cyber defense centers with highly trained and certified intrusion analysts who provide constant vigilance and on-demand analysis of your networks. Our intrusion analysts monitor your networks and endpoints 24x7, applying the latest intelligence and proprietary methodologies to look for signs of compromise. When a potential compromise is detected, the team performs an in- depth analysis on affected systems to confirm the breach. When data theft or lateral movement is imminent, our automated perimeter containment blocks attackers in their tracks while endpoint containment feature makes immediate reaction possible by quarantining affected hosts, whether they are on or off your corporate network, significantly reducing or eliminating the consequences of a breach. **Average Rating:** 4.9/5.0 **Total Reviews:** 10 **How Do G2 Users Rate LMNTRIX?** - **Metadata Enrichment:** 10.0/10 (Category avg: 8.5/10) - **Quality of Support:** 9.6/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 10.0/10 (Category avg: 8.6/10) - **Network Visibility:** 10.0/10 (Category avg: 8.8/10) **Who Is the Company Behind LMNTRIX?** - **Seller:** [LMNTRIX](https://www.g2.com/sellers/lmntrix) - **Year Founded:** 2015 - **HQ Location:** Orange, California - **Twitter:** @lmntrixlabs (75 Twitter followers) - **LinkedIn® Page:** https://www.linkedin.com/company/lmntrix (66 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 60% Mid-Market, 20% Enterprise #### What Are Recent G2 Reviews of LMNTRIX? **"[Ultimate tool for Cyber Defense](https://www.g2.com/survey_responses/lmntrix-review-8328112)"** **Rating:** 4.5/5.0 stars *— Prakash Gupta K.* [Read full review](https://www.g2.com/survey_responses/lmntrix-review-8328112) --- **"[Good level of security service !](https://www.g2.com/survey_responses/lmntrix-review-7834658)"** **Rating:** 4.5/5.0 stars *— Verified User in Computer & Network Security* [Read full review](https://www.g2.com/survey_responses/lmntrix-review-7834658) --- #### What Are G2 Users Discussing About LMNTRIX? - [What is LMNTRIX used for?](https://www.g2.com/discussions/what-is-lmntrix-used-for) ### 24. [Lumu](https://www.g2.com/products/lumu/reviews) A proficient cybersecurity operation requires a fast, precise response. Lumu lets you measure compromise in real time and automate the mitigation and remediation of confirmed compromise incidents. **Average Rating:** 4.8/5.0 **Total Reviews:** 5 **How Do G2 Users Rate Lumu?** - **Metadata Enrichment:** 9.6/10 (Category avg: 8.5/10) - **Quality of Support:** 9.6/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 9.2/10 (Category avg: 8.6/10) - **Network Visibility:** 8.3/10 (Category avg: 8.8/10) **Who Is the Company Behind Lumu?** - **Seller:** [Lumu Technologies](https://www.g2.com/sellers/lumu-technologies) - **HQ Location:** N/A - **LinkedIn® Page:** https://www.linkedin.com/company/No-Linkedin-Presence-Added-Intentionally-By-DataOps (1 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 60% Small-Business, 20% Enterprise #### What Are Recent G2 Reviews of Lumu? **"[Exceptional Threat Response Automation for MSPs and MSSPs](https://www.g2.com/survey_responses/lumu-review-10878271)"** **Rating:** 5.0/5.0 stars *— Jason M.* [Read full review](https://www.g2.com/survey_responses/lumu-review-10878271) --- **"[Peace of Mind for Resilient Technologies to our Customers](https://www.g2.com/survey_responses/lumu-review-11682850)"** **Rating:** 5.0/5.0 stars *— Daniel M.* [Read full review](https://www.g2.com/survey_responses/lumu-review-11682850) --- ### 25. [Open XDR Security Operations Platform](https://www.g2.com/products/open-xdr-security-operations-platform/reviews) The Stellar Cyber Open XDR platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill to successfully secure their environments. With Stellar Cyber, organizations reduce risk with early and precise identification and remediation of threats while slashing costs, retaining investments in existing tools, and improving analyst productivity, delivering an 8x improvement in MTTD and a 20x improvement in MTTR. The company is based in Silicon Valley. For more information, visit stellarcyber.ai. **Average Rating:** 4.9/5.0 **Total Reviews:** 8 **How Do G2 Users Rate Open XDR Security Operations Platform?** - **Metadata Enrichment:** 9.6/10 (Category avg: 8.5/10) - **Quality of Support:** 9.0/10 (Category avg: 8.9/10) - **Multi-Network Monitoring:** 9.2/10 (Category avg: 8.6/10) - **Network Visibility:** 8.8/10 (Category avg: 8.8/10) **Who Is the Company Behind Open XDR Security Operations Platform?** - **Seller:** [STELLAR CYBER](https://www.g2.com/sellers/stellar-cyber-4d4425d1-14e9-4e8d-9a23-0fa3d6fc3901) - **Year Founded:** 2017 - **HQ Location:** San Jose, California, United States - **LinkedIn® Page:** https://www.linkedin.com/company/stellarcyber (150 employees on LinkedIn®) **Who Uses This Product?** - **Company Size:** 50% Mid-Market, 25% Enterprise #### What Are Open XDR Security Operations Platform's Pros and Cons? **Pros:** - Integrations (6 reviews) - Easy Integrations (5 reviews) - Visibility (5 reviews) - Threat Detection (4 reviews) - AI Automation (3 reviews) **Cons:** - Integration Issues (4 reviews) - Alerting Issues (2 reviews) - Alert Management (2 reviews) - False Positives (2 reviews) - Inefficient Alert System (2 reviews) ### What Do G2 Reviewers Say About Open XDR Security Operations Platform? *AI-generated summary from verified user reviews* **Pros:** - Users value the **seamless integrations** of Open XDR, enhancing their security operations by unifying multiple vendor solutions effortlessly. - Users value the **easy integrations** with existing technologies, enhancing overall security operations and threat detection efficiency. - Users value the **unified visibility** of Open XDR, enabling efficient monitoring and response across diverse data sources. - Users value the **effective threat detection** of Open XDR, benefiting from streamlined investigations and improved accuracy. - Users appreciate the **AI automation** in Open XDR, which enhances accuracy and reduces response times during security incidents. **Cons:** - Users experience **integration issues** , as initial setup can be time-consuming and requires skilled personnel for third-party tools. - Users experience **alerting issues** , such as bugs with notifications and alert noise, complicating their operational efficiency. - Users face **troublesome alert management bugs** that complicate the process and affect overall usability. - Users face **false positives** that complicate alert management, leading to additional workload and potential analyst fatigue. - Users experience issues with an **inefficient alert system** , leading to confusion and extra steps during bulk assignments. #### What Are Recent G2 Reviews of Open XDR Security Operations Platform? **"[Seamless SIEM Integration with Stellar Support](https://www.g2.com/survey_responses/open-xdr-security-operations-platform-review-12740066)"** **Rating:** 5.0/5.0 stars *— Erik P.* [Read full review](https://www.g2.com/survey_responses/open-xdr-security-operations-platform-review-12740066) --- **"[Comprehensive and unified platform for streamlined security operations](https://www.g2.com/survey_responses/open-xdr-security-operations-platform-review-9962769)"** **Rating:** 5.0/5.0 stars *— Clem C.* [Read full review](https://www.g2.com/survey_responses/open-xdr-security-operations-platform-review-9962769) --- ## What Is Network Detection and Response (NDR) Software? [Network Security Software](https://www.g2.com/categories/network-security) ## What Software Categories Are Similar to Network Detection and Response (NDR) Software? - [Security Information and Event Management (SIEM) Software](https://www.g2.com/categories/security-information-and-event-management-siem) - [Network Traffic Analysis (NTA) Software](https://www.g2.com/categories/network-traffic-analysis-nta) - [Extended Detection and Response (XDR) Platforms](https://www.g2.com/categories/extended-detection-and-response-xdr-platforms) --- ## How Do You Choose the Right Network Detection and Response (NDR) Software? ### What You Should Know About Network Detection and Response (NDR) Software ### What is Network Detection and Response (NDR) Software? Network detection and response (NDR) software documents a company’s network activity while automating threat remediation and reporting cyber threats to IT and security teams. NDR enables an organization to consolidate IT security services into one solution and simplifies network protection. NDR is critical because it provides an end-to-end view of network activity. For example, certain malicious activity may not be reflected in network logs but will be visible by network tools as soon as they interact with systems throughout the network.  Since NDR software uses artificial intelligence (AI) and machine learning (ML) to analyze network traffic, it is highly adept at detecting malicious behavior as well as reporting and remediating such activity in real time.  ### What are the Common Features of Network Detection and Response (NDR) System? NDR system usually includes the following: **AI and ML:** NDR uses AI and ML in its software solution. IT and security professionals can use the data to develop streamlined discovery and response workflows across an organization’s network. **Automated threat detection:** When traffic behavior deviates from normal functionality, an NDR solution detects the issue and automatically assists in an investigation. NDR software includes or integrates with other solutions that automate incident response processes to minimize the threat’s impact. ### What are the Benefits of Network Detection and Response (NDR)  Software? There are several benefits to using NDR software. **Automatically detects anomalies** : NDR software automatically detects anomalies in network traffic by applying non-signature-based detection techniques and using behavioral analytics, AI, and ML. **Monitors all traffic flows** : NDR solutions monitor all traffic entering or exiting the network so there is visibility to identify and mitigate security incidents, regardless of where a threat comes from. Giving this end-to-end view of the network offers IT and security teams greater visibility across the network to mitigate traffic threats. **Analyzes network in real time** : NDR analyzes an organization’s network for threats in real time or near real time. It provides timely alerts for IT and security teams, improving incident response times. **Narrows down incident response** : NDR solutions attribute malicious behavior to specific IP addresses and perform forensic analyses through AI and ML to determine how threats have moved across a network environment. This leads to faster, more efficient incident response.  **Who Uses Network Detection and Response (NDR) Software?** **Network IT and cybersecurity staff:** These workers use NDR software to observe network traffic and detect anomalies related to user behavior. **Industries** : Organizations in all industries, especially technology or highly sensitive data-oriented sectors like financial services, seek NDR solutions to help protect their networks. ### What Are Alternatives to Network Detection and Response (NDR) Software? Network traffic analysis (NTA) software and endpoint detection response (EDR) software are alternatives to NDR software. [Network traffic analysis (NTA) software](https://www.g2.com/categories/network-traffic-analysis-nta): NTA software is similar to NDR tools in that it monitors network traffic and looks for suspicious activity while providing real-time analysis and alerting IT administrators. The main difference is that it also analyzes network performance and pinpoints reasons for slow downloads.  [Endpoint detection & response (EDR)](https://www.g2.com/categories/endpoint-detection-response-edr)[software](https://www.g2.com/categories/endpoint-detection-response-edr): EDR tools are similar to NDR solutions, focusing on network activity. It detects, investigates, and removes malicious software penetrating a network’s devices. These tools give greater visibility of a system’s overall health, including each specific device’s state. Companies use these tools to mitigate endpoint penetrations quickly and prevent data loss, theft, or system failures.  ### Challenges with Network Detection and Response (NDR) Software There are some challenges IT teams can encounter with NDR software. **Sophisticated hackers:** With high volumes of data traveling across an organization’s network, hackers create more sophisticated threats that can hide their tracks and avoid detection by blending in with traffic patterns. Attackers can also make threats move in small and infrequent batches to avoid detection. **Budget constraints:** As hackers become more sophisticated, organizations must keep their NDR solutions up-to-date to keep up with the latest threats. Budget constraints could prevent IT and security teams from doing so. ### How to Buy Network Detection and Response (NDR) Software #### Requirements Gathering (RFI/RFP) for Network Detection and Response (NDR) Software  If an organization is just starting and looking to purchase NDR software, G2 can help. The manual work necessary in security and compliance causes multiple pain points. If the company is large and has a lot of networks, data, or devices in its organization, it may need to shop for scalable NDR  solutions. Users should think about the pain points in their security to help create a checklist of criteria. Additionally, the buyer must determine the number of employees who will need to use this software and if they currently have the skills to administer it.  Taking a holistic overview of the business and identifying pain points can help the team springboard into creating a checklist of criteria. The list is a detailed guide that includes necessary and nice-to-have features, including budget features, number of users, integrations, security staff skills, cloud or on-premises solutions, and more. Depending on the deployment scope, producing an RFI, a one-page list with bullet points describing what is needed from NDR software, might be helpful. #### Compare Network Detection and Response (NDR) Software Products **Create a long list** Vendor evaluations are essential to the software buying process, from meeting the business functionality needs to implementation. For ease of comparison, after all demos are complete, it helps to prepare a consistent list of questions regarding specific needs and concerns to ask each vendor. **Create a short list** From the long list of vendors, it is helpful to narrow the list of vendors and come up with a shorter list of contenders, preferably no more than three to five. With this list, businesses can produce a matrix to compare the features and pricing of the various solutions. **Conduct demos** To ensure a comprehensive comparison, the user should demo each solution on the short list with the same use cases. This allows the business to evaluate like for like and see how each vendor stacks up against the competition.  #### Selection of Network Detection and Response (NDR) Software **Choose a selection team** Before getting started, creating a winning team that will work together throughout the process, from identifying pain points to implementation, is crucial. The selection team should include organization members with the right interests, skills, and participation time.  A good starting point is to aim for three to five people who fill roles such as the primary decision maker, project manager, process owner, system owner, or staffing subject matter expert, as well as a technical lead, head administrator, or security administrator. The vendor selection team in smaller companies may have fewer participants who will multitask and take on more responsibilities. **Compare notes** The selection team should compare notes, facts, and figures noted during the process, such as costs, security capabilities, and alert and incident response times. **Negotiation** Just because something is written on a company’s pricing page does not mean it's final. It is crucial to open up a conversation regarding pricing and licensing. For example, the vendor may be willing to give a discount for multi-year contracts or for recommending the product to others. **Final decision** After this stage, and before going all in, it is recommended to roll out a test run or pilot program to test adoption with a small sample size of users. If the tool is well used and received, the buyer can be confident that the selection was correct. If not, it might be time to return to the drawing board. ### What Does Network Detection and Response (NDR) Software Cost? NDR software is considered a long-term investment. This means there must be a careful evaluation of vendors, and the software should be tailored to each organization's specific requirements. Once NDR software is purchased, deployed, and integrated into an organization’s security system, the cost could be high, so the evaluation stage of selecting the right tool is crucial.  The chosen NDR vendor should continue to provide support for the platform with flexibility and open integration. Pricing can be pay-as-you-go, and costs may also vary depending on whether unified threat management is self-managed or fully managed. #### Return on Investment (ROI) As organizations consider recouping the money spent on the software, it is critical to understand the costs that will be saved in terms of efficiency. In the long run, the investment must be worth preventing downtime, loss of revenue, and any reputation damage that a security breach would cause.