We performed a comparison between Microsoft Defender XDR and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing."
"The product is very easy to use."
"I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"The comprehensiveness of Microsoft's threat detection is good."
"I like how Microsoft XDR and the other Microsoft products are integrated into a single unified security stack covering identity access management, endpoint protection, email, cloud applications, etc."
"It's a very scalable tool that can be used in a very small environment or in a very large environment. Everything can be managed from a simple dashboard and can be scaled up or down depending on the customer's environment."
"Its most significant advantage lies in its affordability."
"Defender is easy to use. It has a nice console, and everything is all in one place."
"Splunk allows us to find insights that we were not able to with traditional BI tools using ETL. It allows us to dig into raw events."
"UBA, User Behavior Analytics, is a key feature."
"It gives us the liberty to do more in terms of use cases."
"We can ingest and correlate data from virtually any type of system."
"The ability to ingest any data and display it in a way that anyone can understand."
"The initial setup is really straightforward. It's one of the easiest installations."
"The Splunk queries are valuable."
"It is a one stop shop as a full monitoring and alerting solution for operations and application analysis for most of our back-end systems."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"The licensing is a nightmare and has room for improvement."
"The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"The price should be adjustable by region."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"Microsoft Defender XDR is not a full-fledged EDR or XDR."
"I would like to get visibility into the data pipelines on heavy forwarders and indexers to see exactly their source and the cause of saturation when it occurs. This would help us learn even more about our high use applications."
"On the technical side, it would be nice to see aspects of the recent acquisition of Phantom make it into the core Splunk Enterprise, not just become a part of the premium Enterprise Security."
"Queries are not always as easy or straightforward as they might be, so it can be difficult to figure out what you need to look for."
"Splunk is query-based, which is not the case with most cybersecurity tools. It is based on search queries and can be difficult to use. It would be good if they can make it easier to understand how to create search queries. They can improve the knowledge base for better understanding. To create your dashboard, you need to have a search query. We have multiple firewalls in our company, and we need a dashboard for them. It would be helpful if a default firewall dashboard is included in Splunk to make monitoring easier. If a dashboard is available for a security device, the operation part will be more efficient. We won't have to follow a manual process for this."
"We are waiting for Dashboard Studio to mature a little bit more. There are some things that we are using with Classic Dashboards which have not yet made it to Dashboard Studio. We are waiting for that."
"I love the solution, but I would like to see more accessibility to the machine-learning capabilities that are sprinkled around Splunk."
"The threat detection library needs to increase the frequency at which the playbooks are updated."
"Splunk could improve its default machine-learning models. Also, Splunk Enterprise's native threat intelligence isn't that good. I prefer a custom threat intelligence model."
Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 80 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 246 reviews. Microsoft Defender XDR is rated 8.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Trend Vision One, whereas Splunk Enterprise Security is most compared with Wazuh, IBM Security QRadar, Dynatrace, Elastic Security and Microsoft Sentinel. See our Microsoft Defender XDR vs. Splunk Enterprise Security report.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.