We performed a comparison between CrowdStrike Falcon and Forescout XDR based on real PeerSpot user reviews.
Find out what your peers are saying about CrowdStrike, SentinelOne, Wazuh and others in Extended Detection and Response (XDR)."Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"It provides a single pane of glass within the 365 admin interface, streamlining our experience by consolidating information in one place and eliminating the need to navigate through multiple interfaces."
"The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"Microsoft 365 Defender is a stable solution."
"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"The initial setup is a very fast process."
"The initial setup is very simple."
"We like Falcon's network visibility. We can see how threats are evolving on PCS or in the company network. The solution's real-time incident response is very fast."
"The OverWatch is the most valuable feature to me. It's a 24x7 monitoring service, and when they see anything suspicious in my environment, they will investigate."
"It helps us to identify the threats according to the behavior of any process that is running on any particular system. It helps immensely to identify any malicious behavior on any endpoints."
"It has an extremely low footprint, so it has got minimum impact on the user end points in terms of CPU and memory usage."
"The most valuable feature of CrowdStrike Falcon is its accuracy. That's very important for me. False-positive are very bad for everyone. As we are a financial institution, it's even worse. I like Falcon because it's very accurate."
"The features we showcase to potential customers are prevention, malware protection, zero-day protection, and application scripting. Vulnerability assessment is another valuable feature."
"The product has valuable features for cloud IoT device enhancement, intelligent threat detection, etc."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"It would be helpful if the solution could scan faster when it comes to scanning attachments to emails."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"We encounter occasional issues, such as when disabling network access for a host that uses CrowdStrike."
"They offered a white glove service that was extremely costly. When we got into it, we saw it was relatively easy. If I was being nitpicky, I'd say that I don't like being sold something that's unnecessary. That's the only downside I've seen to the solution."
"Sometimes CrowdStrike changes the GUI, and they need to be better at informing us and providing guidance concerning that."
"CrowdStrike Falcon could improve by having an easier way to search and use the interface for extracting queries from the data. The interface could improve."
"In the six months that I have been using CrowdStrike, it has not been able to detect anything."
"Basically, they don't cover legacy OS or applications. That's the only issue we're concerned about"
"CrowdStrike Falcon could improve by adding manual scanning or serverless scanning. It is not available at this time."
"Technical support could be better than what is currently offered."
"The product is more expensive than other vendors in terms of features."
CrowdStrike Falcon is ranked 1st in Extended Detection and Response (XDR) with 107 reviews while Forescout XDR is ranked 29th in Extended Detection and Response (XDR) with 1 review. CrowdStrike Falcon is rated 8.8, while Forescout XDR is rated 6.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Forescout XDR writes "Provides efficient network access control, but its support services need improvement". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and Fortinet FortiEDR, whereas Forescout XDR is most compared with Arctic Wolf Managed Detection and Response.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.