We performed a comparison between Forescout Platform and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The comprehensiveness of Microsoft's threat detection is good."
"Microsoft 365 Defender is a good solution and easy to use."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"The attack simulation is excellent; initially, this feature wasn't very robust, but Microsoft improved what we could achieve with it. We can now customize our practice phishing emails and include our company logo, for example. Attack simulation also helps integrate with third-party solutions where applicable and provides an overview of our security architecture through testing. The summary includes areas for improvement in our protection and what steps we need to take to get there."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"This solution can be used to organize guest portals, integrate switches, and create policies. Some of its standard use cases also include completing key process upgrades and anti-virus of Windows OS."
"Forescout Platform has made it possible to block people working near our construction sites who should not have access to our network."
"The most valuable features of ForeScout is the fact that it can do network access control either with 802.1x or without 802.1x."
"The user management has been very easy for the most part."
"You can quickly filter your view of devices and zero in on the ones you want using a variety of tools, such as what subnet it is on or what it has been classified as."
"Forescout is easy to integrate with a lot of end systems."
"The most valuable feature is the ease of deployment, which does not require the use of an agent."
"Forescout has a feature that blocks the endpoint at the point of collection. It sets preconditions and will block the system if those aren't met."
"It offers built-in modules for file integrity and vulnerability management."
"The MITRE ATT&CK correlation is most valuable."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"The most valuable features are the modules and metrics."
"It has efficient SCA capabilities."
"The deployment is easy and they provide very good documentation."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"Sometimes, configurations take much longer than expected."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"A simple dashboard without having to use MS Sentinel would be a welcome improvement."
"In the Microsoft Azure Portal, in Active Directory, if there is anything on the user it will provide you with the information, but you still have to go through it a bit. And sometimes, I have experienced difficulties in understanding the information, especially because the synchronization between Microsoft Intune and the devices that are connected to the user in Azure Active Directory takes a lot of time."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"At times, there may be delays in the execution of certain actions and their effects."
"Generally, antivirus products provide a central control to manage every device in terms of who is installing it or who is trying to disable it, but Microsoft doesn't have such a control center for the antivirus product it provides."
"Advanced attacks could use an improvement."
"We experienced some detection issues when checking compliance for the Sophos agent."
"Forescout Platform needs to improve how the device works in preventing rogue servers."
"The initial setup is a bit complex."
"The initial setup was complex."
"The system controls could be better."
"Search - needs boolean functionality (or pseudo operand now working)."
"The product needs to improve its support. I know a case that dragged on for about one and a half years. They eventually suggested professional services and closed the ticket. We followed their advice, engaging the account manager and professional service team, only to discover that the issue was a bug. After reopening the case, it's been about six months, and the problem still hasn't been resolved."
"The solution needs more definitive pricing. The costs are hard to nail down."
"The tool does not provide CTI to monitor darknet."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded."
"There could be a hardware monitoring tool for the solution."
"They need to go towards integrating with more cloud applications and not just OS like Windows and Linux."
"We would like to see more improvements on the cloud."
"Wazuh should come up with more in-built rules and integrations for the cloud."
Forescout Platform is ranked 12th in Extended Detection and Response (XDR) with 69 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. Forescout Platform is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Forescout Platform writes "We can go granular on each endpoint, quarantine non-compliant machines, and target vulnerabilities through scripting". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Forescout Platform is most compared with Cisco ISE (Identity Services Engine), Aruba ClearPass, Fortinet FortiNAC, Nozomi Networks and Armis, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and USM Anywhere. See our Forescout Platform vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.