We performed a comparison between CrowdStrike Falcon and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, SentinelOne, CrowdStrike and others in Endpoint Detection and Response (EDR)."Additionally, when it comes to EDR, there are more tools available to assist with client work."
"This is stable and scalable."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"The product's initial setup phase is very easy."
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"The product detects and blocks threats and is more proactive than firewalls."
"It's ability to do threat hunting is really great, quite robust, and even allows you to do hygiene stuff."
"CrowdStrike Falcon offers a comprehensive dashboard that is highly effective in protecting against and blocking external infiltration attempts."
"I like the Overwatch feature the most."
"The detection is very effective."
"As long as the machine is connected to the Internet, and CrowdStrike is running, then it will be on and we will have visibility; no VPNing in or making some type of network connection. CrowdStrike always there and running in the background; for us, that is big. We wanted something that could give us data as long as the machines connected to the Internet and be almost invisible to the employees."
"We are now able to find the root cause analysis on any threat. We can figure out where the issue came in versus just dealing with where it is at the moment."
"The most valuable features are the complete IPS and IDS."
"The feature I like the most is the solution's detection."
"Compared to IBM QRadar, Splunk Enterprise Security offers faster alert resolution."
"The most valuable feature is the DSS, also known as SPL, because it allows users to script advanced queries with limited knowledge."
"You can integrate Splunk with third-party security automation solutions and set rules for automatic response."
"We can extract the metrics we want on the dashboards. We are able to react to the incidents."
"Its compatibility with other SIEMS is very useful."
"We have a one stop dashboard for health of some of our services where you can click in and it takes you to other dashboards that have custom near real-time metrics that show the application's health."
"Splunk Enterprise Security's dashboards are a key asset."
"It is very scalable."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"We'd like to see more one-to-one product presentations for the distribution channels."
"FortiEDR can be improved by providing more detailed reporting."
"I haven't seen the use of AI in the solution."
"The only minor concern is occasional interference with desired programs."
"Cannot be used on mobile devices with a secure connection."
"It takes about two business days for initial support, which is too slow in urgent situations."
"The dashboard isn't easy to access and manage."
"Tighter integration around XDR could be included."
"There is room for improvement in managing multiple customer IDs."
"I would like CrowdStrike to provide some correlation in the threat analysis, so we can visualize things better."
"CrowdStrike Falcon by itself does not supply in-depth reporting."
"CrowdStrike Falcon could improve the EDR functionality. Once the functionality of the solution improves, it will be even better in the market and able to compete with Carbon Black."
"Some of Falcon's features are a bit pricey."
"It would be nice if the dashboard had some more information upfront, and looked a little better."
"CrowdStrike should provide better visibility in its reporting. There should be more forensic details about detected threats."
"Their technical support sucks."
"The setup time is quite long."
"Not even Splunk's support guy, who came to our firm, could help with defining proper role management."
"The training was mostly sales-focused, like how to monitor your sales. It was hard to then come back from doing the training and try to switch it to a cybersecurity focus because all the training we did was sales oriented. The basic training didn't really touch on any kind of cybersecurity use cases or anything like that. That would have been great to see in the training."
"Splunk needs local technical support."
"There is a definite learning curve to starting out."
"They can incorporate the SOAR solution within the actual product so that we do not require two different products, two different installations, and two different pricing methods. In regards to UBA, I am familiar with the UBA that existed two years ago. I am not updated about it today, but two years ago, UBA required such an amount of data that from a cost perspective, it was not worth it. When you compare it to what you get out of the box with Microsoft Sentinel without additional costs, there is no match."
"Splunk could enhance its services by providing more comprehensive professional assistance aimed at optimizing our investment."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 107 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 246 reviews. CrowdStrike Falcon is rated 8.8, while Splunk Enterprise Security is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security and VMware Carbon Black Endpoint, whereas Splunk Enterprise Security is most compared with Wazuh, IBM Security QRadar, Dynatrace, Elastic Security and Microsoft Sentinel.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.