We performed a comparison between Elastic Security and Microsoft Defender XDR based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product detects and blocks threats and is more proactive than firewalls."
"The stability is very good."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"NGAV and EDR features are outstanding."
"This is stable and scalable."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"The setup is pretty simple."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"We chose the product based on the ability to scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as intensive."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"The most valuable features of the solution are the prevention methods and the incident alerts."
"The most valuable feature is the machine learning capability."
"The most valuable feature is the ability to collect authentication information from service providers."
"Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy."
"I like the indexing of the logs."
"Stability-wise, I rate the solution a ten out of ten."
"The comprehensiveness of Microsoft's threat detection is good."
"The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"Its most significant advantage lies in its affordability."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"The most valuable feature is the network security."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"I have found the ability to delete unwanted threats beneficial."
"I haven't seen the use of AI in the solution."
"It takes about two business days for initial support, which is too slow in urgent situations."
"The solution is not stable."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"Making the portal mobile friendly would be helpful when I am out of office."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"The solution should address emerging threats like SQL injection."
"The solution is not user-friendly."
"The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side."
"This solution cannot do predictive maintenance, so we have to build our own modules for doing it."
"The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming."
"In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready made, so you'll have to write some scripts."
"I would like more ways to manage permissions and restrict access to certain users."
"It is difficult to anticipate and understand the space utilization, so more clarity there would be great."
"Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution."
"I would like the process of retrieving archived data and viewing it in Kibana to be simplified."
"The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
"There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the road map, and we ware waiting for that feature."
"We should be able to use the product on devices like Apple, Linux, etc."
"The mobile app support for Android and iOS is difficult and needs improvement."
Elastic Security is ranked 7th in Extended Detection and Response (XDR) with 59 reviews while Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 80 reviews. Elastic Security is rated 7.6, while Microsoft Defender XDR is rated 8.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Cortex XDR by Palo Alto Networks. See our Elastic Security vs. Microsoft Defender XDR report.
See our list of best Extended Detection and Response (XDR) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.