We performed a comparison between Microsoft Defender XDR and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Scanning, vulnerability reporting, and the dashboard are the most valuable features."
"The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"I like how Microsoft XDR and the other Microsoft products are integrated into a single unified security stack covering identity access management, endpoint protection, email, cloud applications, etc."
"The integration between all the Defender products is the most valuable feature."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an attack is performed anywhere within the organization, you can isolate that instance from the network. This is what I can figure out for it. When integrated with Sentinel, you can set up playbooks to automate all the alerts gathered on Sentinel from different Microsoft solutions. Sentinel has a wider range of capabilities than XDR."
"One of the most valuable features is threat hunting. We can do threat hunting and identify if there is any malicious activity happening within our environment, which is a key feature for us."
"The alerts are very effective."
"The completeness of the solution is what we like the most."
"It provides logs in one place, so they are easy to find. It collects the logs from multiple places, then you have just one place where you see the whole flow from the front-end to the back-end."
"Positive features include replication capabilities, software development kits, and the architecture."
"Out-of-the-box, it seems very powerful."
"The product is adept at log mining."
"The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly."
"The user interface of Microsoft 365 Defender could improve. They could make it simpler."
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises."
"Stability could be improved by avoiding frequent changes to the interface."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"Automated playbooks and automated dashboards would be preferable to the way the data is currently being presented."
"The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"Its interface and usability can always be improved."
"There are a lot of competitive products that are doing better than what Splunk is doing on the analytics side."
"I feel the solution to be too slow."
"The documentation is in definite need of improvement."
"Sometimes the communication with support happens with multiple staff. They should reduce the time to resolution."
"Splunk should have more regional data centers in the Middle East."
"In terms of the interface, it could include some improvements for the look and feel."
"Configuring a few apps is complex, not straightforward."
Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 78 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Microsoft Defender XDR is rated 8.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Trend Vision One, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Microsoft Sentinel. See our Microsoft Defender XDR vs. Splunk Enterprise Security report.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.