We performed a comparison between CrowdStrike Falcon and Elastic Security based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"I like that it's fully integrated with Windows, Microsoft 365 Exchange Online, and Outlook. It is better than other antivirus solutions because it's fully integrated with all Microsoft products. It's easy to integrate them and onboard all Windows devices from SCCM."
"Microsoft Defender XDR is scalable."
"The product integrates security into one tool instead of having third-party security tools."
"The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"The solution is well integrated with applications. It is easy to maintain and administer."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"The CrowdStrike Falcon agent is very lightweight. Users never complain about their PCs getting stuck and things like that."
"I like the overall reports of this solution. They are crisp, and to the point."
"The initial setup is very simple."
"It has an extremely low footprint, so it has got minimum impact on the user end points in terms of CPU and memory usage."
"The automatic alert feature is the most important feature of the solution."
"We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur."
"It helps us to identify the threats according to the behavior of any process that is running on any particular system. It helps immensely to identify any malicious behavior on any endpoints."
"The ability to execute real-time response, or, that you can connect to the agent and see exactly what processes are operating, is the most important feature of this solution."
"The stability of the solution is good."
"The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
"It's not very complicated to install Elastic."
"I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users."
"Elastic Security is very customizable, and the dashboards are very easy to build."
"Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted."
"The scalability is good. It can be scaled easily in the production environment."
"I like the indexing of the logs."
"The mobile app support for Android and iOS is difficult and needs improvement."
"Improving scalability, especially for very large tenants, could be beneficial for Microsoft Defender XDR."
"A simple dashboard without having to use MS Sentinel would be a welcome improvement."
"The management and automation of the cloud apps have room for improvement."
"I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"CrowdStrike Falcon could improve by adding manual scanning or serverless scanning. It is not available at this time."
"The management of log aggregation is in need of improvement."
"The technical support team often just replies to an issue with a link to an article rather than actually calling back and talking to someone and making sure the problem is solved. To me, that's kind of weak."
"The console is a little cluttered and at times, finding what you're looking for is not intuitive."
"The GUI can use improvement, it's cloud-based so sometimes the interface can be a bit slow. The interface could use a little bit more speed."
"The solution needs to have integration with on-premises security devices and security facilities. That means all the security products, including the perimeter firewall, the DMZ."
"Falcon could include more integrative features."
"We can't do scanning audits or device blocking or application control."
"It is difficult to anticipate and understand the space utilization, so more clarity there would be great."
"We had issues with scalability. Logstash was not scaling and aggregation was getting delayed. We moved to Fluentd making our stack from ELK to EFK."
"I would like more ways to manage permissions and restrict access to certain users."
"The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that."
"Elastic Security could improve the documentation. It would help if they were more simple and clean."
"The biggest challenge has been related to the implementation."
"Technical support could respond faster."
"There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 107 reviews while Elastic Security is ranked 16th in Endpoint Detection and Response (EDR) with 59 reviews. CrowdStrike Falcon is rated 8.8, while Elastic Security is rated 7.6. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and SentinelOne Singularity Complete, whereas Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and AlienVault OSSIM. See our CrowdStrike Falcon vs. Elastic Security report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.