We performed a comparison between CrowdStrike Falcon and Elastic Security based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft 365 Defender is a good solution and easy to use."
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"The ability to integrate and observe a more cohesive narrative across the products is crucial."
"The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging."
"Scanning, vulnerability reporting, and the dashboard are the most valuable features."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"It is an easy product to deploy."
"Falcon's best feature is its detection and blocking of threats."
"The CrowdStrike Falcon agent is very lightweight. Users never complain about their PCs getting stuck and things like that."
"The initial setup was straightforward."
"The most valuable feature is the indicator of compromise, which show you what file was either quarantined or removed."
"One of the most valuable features of CrowdStrike Falcon is when there are upgrades there are no additional fees."
"The detection is very reliable. Also, OverWatch is a great feature."
"CrowdStrike Falcon offers a comprehensive dashboard that is highly effective in protecting against and blocking external infiltration attempts."
"The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"ELK documentation is very good, so never needed to contact technical support."
"It's simple and easy to use."
"I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash."
"The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
"I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users."
"It's very customizable, which is quite helpful."
"From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"Stability could be improved by avoiding frequent changes to the interface."
"The data recovery and backup could be improved."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"We should be able to use the product on devices like Apple, Linux, etc."
"We sometimes get false positives."
"The management of the solution could improve."
"To simplify the budgeting process for our clients, CrowdStrike should consider offering bundled packages that include essential features."
"I would like to see a more accurate integration and an option to check the local machine."
"I would like them to improve the correlation of data in the search algorithms. When we run an investigation, malware, phishing, etc., I want to look at multiple endpoints at once to correlate that data to see the likenesses, e.g., how are they not alike or what systems and processes are running across those systems? I don't want to have to run the same search in their Spotlight module five, 10, 15, or 100 times to get 100 different results, copy that data out, and then correlate it on my own. In a very simple way, I want to be able to load up a comma-delimited list giving me the spotlight data on these X amount of hosts, letting me search for it quickly. We have had to go back to CrowdStrike, and say, "Our search are taking far too long for even one host." They did bump up the cores and that did improve performance, but it is still kind of slow to get that Spotlight data. That is probably our biggest pain point. I think that needs some help. I understand this kind of information access is probably not the easiest thing to do. It is probably a big ask depending on how their back-end is setup."
"The overall cost of CrowdStrike Falcon could be reduced."
"Falcon could include more integrative features."
"Technical support could be better than what is currently offered."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"Email notification should be done the same way as Logentries does it."
"If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."
"We'd like to see some more artificial intelligence capabilities."
"The interface could be more user friendly because it is sometimes hard to deal with."
"It is difficult to anticipate and understand the space utilization, so more clarity there would be great."
"Authentication is not a default in Kibana. We need to have another tool to have authentication and authorization. These two should be part of Kibana."
"It would be better if Elastic Security had less storage for data. My customers do not like this. Other vendors have local support in different countries, but Elastic Security doesn't. I would like to have Operational Technology (OT) security in the next release."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 107 reviews while Elastic Security is ranked 16th in Endpoint Detection and Response (EDR) with 59 reviews. CrowdStrike Falcon is rated 8.8, while Elastic Security is rated 7.6. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and SentinelOne Singularity Complete, whereas Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and AlienVault OSSIM. See our CrowdStrike Falcon vs. Elastic Security report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.