We performed a comparison between Forescout Platform and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging."
"Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"It's a very scalable tool that can be used in a very small environment or in a very large environment. Everything can be managed from a simple dashboard and can be scaled up or down depending on the customer's environment."
"Defender is easy to use. It has a nice console, and everything is all in one place."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"The most valuable features are remote access and administration scripts."
"Being able to sort on device types or devices with open ports is helpful when narrowing down assets of possible misconfigured devices that may be vulnerable on the network. We can take action on those devices based off of corporate policy."
"The threat prevention feature provides complete visibility."
"The user interface is quite simple."
"It allows for good detection of all the vendor products we have on-site."
"Forescout Platform's best feature is plug-in integration."
"Obtaining visibility into the network and connected devices is very simple with this tool. It takes me three minutes to do a base deployment when all the parameters are available."
"Vulnerability remediation is valuable. We can narrow down a system and its properties. We can go granular on the properties of each endpoint, such as which operating system you're using."
"Wazuh has very flexible and robust features."
"If they support a solution, it is easy to do an integration."
"I like that the solution is on top of the Kubernetes stack."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"The MITRE ATT&CK correlation is most valuable."
"The tool is stable."
"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."
"The product is easy to customize."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"A simple dashboard without having to use MS Sentinel would be a welcome improvement."
"The web filtering solution needs to be improved because currently, it is very simple."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"Stability could be improved by avoiding frequent changes to the interface."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"Regarding pricing, there is room for improvement to enhance competitiveness with other vendors and solutions."
"As a product, there is nothing to complain about. However, they should improve their overall support. You need that level of knowledge, that level of information is clearly not available. First and foremost, that information is not accessible. The second point to mention is that once you purchase the later support and services. That is, they will continue to charge you for every service."
"The solution could always improve by adding more features to make it more robust."
"The reporting feature needs improvement."
"The fact that Forescout Platform doesn't have a presence in the South African region is a weakness because of which you can't ask for help from them if you have any problems."
"The licensing costs are quite high. With the amount of hardware we have, we need too many licenses to make the product effective and it's ultimately just too costly."
"Forescout Platform isn't flexible with connections to devices like printers and forces you to re-enter details like the MAC address after any breakdowns."
"For the user, the policy that they have implemented sometimes needs adjustments. Sometimes the features that the customer asks for aren't involved in the main installation, and I need to bolt an add-on in. However, I never know if this policy is the right one when I do this."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"The only challenge we faced with Wazuh was the lack of direct support."
"The support team could be more responsive and provide quicker replies during our working hours in Indonesia, which would be a significant improvement."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
"Wazuh is missing many things that a typical SIEM should have."
"Since it's an open-source tool, scalability is the main issue."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
Forescout Platform is ranked 12th in Extended Detection and Response (XDR) with 69 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. Forescout Platform is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Forescout Platform writes "We can go granular on each endpoint, quarantine non-compliant machines, and target vulnerabilities through scripting". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Forescout Platform is most compared with Cisco ISE (Identity Services Engine), Aruba ClearPass, Fortinet FortiNAC, Nozomi Networks and Armis, whereas Wazuh is most compared with Elastic Security, Security Onion, AlienVault OSSIM, Splunk Enterprise Security and SentinelOne Singularity Complete. See our Forescout Platform vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.