CrowdStrike Falcon and Microsoft Defender XDR are both Extended Detection and Response (XDR) solutions that offer endpoint protection and threat detection capabilities. CrowdStrike Falcon is a standalone platform, whereas Defender XDR integrates seamlessly with Microsoft security products. CrowdStrike Falcon offers customizable alert settings and machine-learning algorithms for proactive threat hunting. Microsoft Defender is highlighted for its efficient incident response system. Both products have flexible pricing options, with users noting positive ROI from both solutions.
The summary above is based on 207 interviews we conducted recently with CrowdStrike Falcon and Microsoft 365 Defender users. To access the review's full transcripts, download our report.
"he solution is an anti-malware product that integrates well with other vendor products such as firewalls, SIEM, etc. It captures threat intelligence and gives you better visibility. The product also has sandboxing features."
"Fortinet is very user-friendly for customers."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"The solution was relatively easy to deploy."
"Forensics is a valuable feature of Fortinet FortiEDR."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"The price is low and quite competitive with others."
"The product's initial setup phase is very easy."
"I have found the connection to search the hosts for detections very useful in CrowdStrike Falcon."
"The automatic alert feature is the most important feature of the solution."
"CrowdStrike Falcon is a very light solution. It does not use too much processor or RAM."
"It is an easy product to deploy."
"Everything we've done with CrowdStrike is due to Arctic Wolf. We don't even need to get alerts from CrowdStrike anymore. It'll send those to Arctic Wolf, and then Arctic Wolf analyzes those and let us know if there's a major issue."
"There are two things which customers really like about CrowdStrike. If they buy managed services from CrowdStrike, it offers them detection of security issues in one minute. If you buy their professional services, they offer insurance where you can claim up to $5 million if there's a breach. This is a huge upsell for customers."
"The stability is very good."
"The most valuable feature of CrowdStrike Falcon is crowdsourcing intelligence."
"I have found the ability to delete unwanted threats beneficial."
"It provides a single pane of glass within the 365 admin interface, streamlining our experience by consolidating information in one place and eliminating the need to navigate through multiple interfaces."
"It has great stability."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"The attack simulation is excellent; initially, this feature wasn't very robust, but Microsoft improved what we could achieve with it. We can now customize our practice phishing emails and include our company logo, for example. Attack simulation also helps integrate with third-party solutions where applicable and provides an overview of our security architecture through testing. The summary includes areas for improvement in our protection and what steps we need to take to get there."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"The solution should address emerging threats like SQL injection."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"Making the portal mobile friendly would be helpful when I am out of office."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"FortiEDR can be improved by providing more detailed reporting."
"The support needs improvement."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"It takes about two business days for initial support, which is too slow in urgent situations."
"They don't really have anything when it comes to scanning attachments."
"I would like to see a little bit more in the offline scanning ability. This just comes from my background in what I have done in other positions. They only scan on demand, so I always have this fear that we sometimes maybe email out a dormant virus and can be held liable for that. That is something where I would like to see a little bit more robustness to the tool."
"As the company has grown, the technical support has felt less personal."
"Too many false positives."
"If CrowdStrike can further expand its support for XDR compatibility, that would give it an edge over all the other competing new products."
"The management of the solution could improve."
"I would love to see more investment in Insight because CrowdStrike have an opportunity to potentially displace some of the vulnerability management vendors with the visibility they can see over time. I want to see them continue to evolve, e.g., what other things can they disrupt which are operational things we have to continue to do as an organization."
"Technical support could be better than what is currently offered."
"The support team is not competent or responsive."
"The mobile app support for Android and iOS is difficult and needs improvement."
"The solution does not offer a unified response and standard data."
"The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense."
"The price should be adjustable by region."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"Stability could be improved by avoiding frequent changes to the interface."
"There could be a way to proactively monitor unusual activity ."
CrowdStrike Falcon is ranked 1st in Extended Detection and Response (XDR) with 107 reviews while Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 78 reviews. CrowdStrike Falcon is rated 8.8, while Microsoft Defender XDR is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and VMware Carbon Black Endpoint, whereas Microsoft Defender XDR is most compared with Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh, Trend Vision One and Microsoft Entra ID. See our CrowdStrike Falcon vs. Microsoft Defender XDR report.
See our list of best Extended Detection and Response (XDR) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.