We compared Darktrace and Microsoft Defender for Endpoint across several parameters based on our user's reviews. After reading the collected data, you can find our conclusion below:
Darktrace is preferred over Microsoft Defender for Endpoint due to its advanced machine-learning capabilities and ability to detect and respond to threats in real time. Users praise Darktrace for its unparalleled threat visibility and proactive approach, while Microsoft Defender is reported to lack some of the advanced features and responsiveness of Darktrace.
"The benefit that stands out to me is the ability for multiple individuals to collaborate simultaneously within the same document. Additionally, there is the option to save the document directly in the integrated OneDrive or SharePoint."
"The email protection is excellent, especially in terms of anti-phishing policies."
"I would say that 90% of the spam and phishing attack emails get blocked right off the bat."
"It also gives me good visibility because, with Defender, I'm using a Microsoft product to defend Microsoft products. The integration was really seamless and I have wide visibility because it picks up almost everything. Literally, I can see almost every activity that happens, from the e-mail to the workstation itself."
"It gives us visibility into threats and, for endpoints, it helps us to prioritize threats. We used to have a lack of visibility, but now our time to detect and respond has decreased."
"Does a thorough job of examining email and URLs for malicious content."
"Some of the valuable features on the email side are anti-phishing, anti-malware, and Safe Links."
"Safe attachments, safe links, policies, and the ability to protect from zero-day threats are the most valuable features."
"Provides great network protection."
"The most valuable feature of Darktrace is the AI that detects abnormal network activity."
"I have found the most valuable features to be artificial intelligence for cybersecurity, advanced machine learning capabilities, enterprise Immune System, Antigena Network, and Antigena Email. The way the solution detects the threat over the network before it spreads is very good. It notifies you of what the threat is exactly doing and gives you all the details about the execution of that application that had created the threat over your network."
"One thing I appreciate is Antigena Email, which is for email protection."
"I have used multiple solutions, but its graphical user interface is quite interesting and quite descriptive. There are a lot of video animations, and we can easily see how the data is transferred between various points. That's something really interesting. It is also quite easy to understand for a new user."
"The AI-based pattern is the most valuable feature."
"We are able to detect a lot of things, actually, and see what is happening in our network."
"The main valuable feature is that we don't need a lot of analysts. With few analysts, we have all the network monitored, 24/7."
"It doesn't cause the slowness of the system, which is one of the reasons why I like it."
"I like that Defender is integrated and doesn't have a third-party payload trying to advertise subscription renewal."
"What I like most is the protection against phishing emails and anti-spam."
"This is not an inventory solution, but it helps you take count of how many workstations you have, as well as what software is installed on each of them."
"Microsoft Defender for Endpoint is extremely stable."
"The best part is that it is built into Windows, whether it is a server base or a desktop base, which gives more control over the operating system. Because Defender, the operating system, and the Office solution are by Microsoft, everything is working like hand-in-glove. Its administrative overhead is less because a desktop user has already got some experience of how to handle a Microsoft Defender notification or administer it."
"The stability keeps getting better and better."
"The solution's main antivirus capabilities are okay. So far, they have kept us safe."
"We need to be able to whitelist data at the backend."
"Microsoft sometimes has downtime, and we'll get several incidents coming in back to back. We have a huge backlog of notifications, many of which may be false positives. However, there might be serious alerts, so we can't risk dismissing all of them at once."
"Microsoft security solutions work as expected. They are constantly updating the solutions to make them better. At the same time, the changes can impact a customer's environment, and we need to adjust settings. Sometimes we aren't aware of the changes, and nothing is pushed from the backend automatically."
"The product must provide better malware detection."
"Configuration requires going to a lot of places rather than just accessing one tab."
"The UI needs to be more user-friendly."
"The GUI is sometimes slow to fetch the device report and could be improved."
"The certification training for Defender for 365 needs to be deeper and incorporate Sentinel. I took all the security courses except one, and Sentinel isn't included."
"A reporting portal could be a great addition to help customize reports."
"The price point for the product was too high for what our possible use case could be."
"I believe their network monitoring device licensing module could use some improvement."
"It is expensive, but everything else has been great so far."
"Darktrace could improve by being more user-friendly."
"It should be easier to access the Darktrace portal and its documentation. Only the customer can access their portal and support. It could be cheaper."
"There is a high ratio of false positive information."
"The user interface and the configuration are a bit complex and should be improved or simplified."
"In active mode, it's great that it gives you so much information, but it does record every keystroke so you have a lot of logs... that amount of data logging started to add up in the cost."
"The solution could always be more secure."
"I would like to see online updates for patches for this solution. I would also like to see online information about what is trending in the market in terms of spams, viruses, or trojans. It takes some time to understand how this solution works. A few things are unclear at the beginning, such as whether it actually restricts the virus or spam at the initial stage, or when there is a security update, how will we come to know and how will it get synchronized. It would be really helpful if there is some kind of knowledge base in the form of video, audio, or document that can explain in a user-friendly way the setup, features, risks, and process to mitigate the risks. Currently, I have installed endpoint security for every individual system. I could not install it like other endpoint solutions where we have a server and a client. It would be really helpful if Microsoft Windows Defender has a server-client based model so that I can save some bandwidth when it downloads or uploads features. It will be helpful if we have a LAN-based or WAN-based controlling system."
"Microsoft Defender for Endpoint can improve by making the reporting faster. It takes some time to reflect back to the administration portal of what has been updated. For example, out of 100 Computers, approximately 90 computers received updates, but when you check the administration portal over one or two days, you will only see 75, even though 90 were updated."
"The time it takes to restore the application could be improved. It has a lot of dependencies. It's not like the Microsoft security that comes with the OS. Updating through the command prompt, most of the time, it takes some time to download some of these dependencies."
"Where we stand right now, compared to other products that are there in the market, they still have to work on their threat intelligence and the overall maturity of detecting the malware."
"Some of the integrations that Defender should include involve the use of the web app."
"Auto recovery is the most important feature that we would need from this solution. For decryption, similar to Malwarebytes, there should be something to be able to recover the data up to the last normal status. Its ability to recover data to the last normal copy must not exceed 5 to 10 minutes."
More Microsoft Defender for Office 365 Pricing and Cost Advice →
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Darktrace is ranked 11th in Email Security with 66 reviews while Microsoft Defender for Endpoint is ranked 1st in Endpoint Protection Platform (EPP) with 182 reviews. Darktrace is rated 8.2, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of Darktrace writes "Great autonomous support, offers an easy setup, and has responsive support". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". Darktrace is most compared with CrowdStrike Falcon, Vectra AI, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks and ExtraHop Reveal(x), whereas Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, Cortex XDR by Palo Alto Networks, Trellix Endpoint Security and SentinelOne Singularity Complete.
We monitor all Email Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.