CrowdStrike Falcon and Microsoft Defender XDR are both Extended Detection and Response (XDR) solutions that offer endpoint protection and threat detection capabilities. CrowdStrike Falcon is a standalone platform, whereas Defender XDR integrates seamlessly with Microsoft security products. CrowdStrike Falcon offers customizable alert settings and machine-learning algorithms for proactive threat hunting. Microsoft Defender is highlighted for its efficient incident response system. Both products have flexible pricing options, with users noting positive ROI from both solutions.
The summary above is based on 207 interviews we conducted recently with CrowdStrike Falcon and Microsoft 365 Defender users. To access the review's full transcripts, download our report.
"The product detects and blocks threats and is more proactive than firewalls."
"Forensics is a valuable feature of Fortinet FortiEDR."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"The product's initial setup phase is very easy."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"It is stable and scalable."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"Everything is automatic. I install the sensor and renew the service. Periodically, I get a notice that they've shut something down."
"Its integration capability is valuable. It integrates easily with any OS."
"The features I like the most are the response time and the dashboard are both excellent."
"Because it is security product and acts like an AIML smart product, not merely based on daily/weekly updates and signatures."
"The threat intelligence is the most valuable feature."
"The CS falcon agent is a lightweight agent compared with other agents of EDR products."
"The most valuable feature is the activity dashboard because it gives you a holistic view of your environment from a security standpoint."
"CrowdStrike Falcon offers a comprehensive dashboard that is highly effective in protecting against and blocking external infiltration attempts."
"Microsoft 365 Defender is a good solution and easy to use."
"It provides a single pane of glass within the 365 admin interface, streamlining our experience by consolidating information in one place and eliminating the need to navigate through multiple interfaces."
"The integration with other Microsoft solutions is the most valuable feature."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"The most valuable feature of all is the full integration with the rest of the software in the operating system and Office 365, as well as Microsoft SCCM. It is quite easy for us to work with the whole instance of Microsoft products. This integration improves the benefits of the whole suite of products."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"CrowdStrike Falcon needs to improve their host management system."
"The detection time has room for improvement."
"We sometimes get false positives."
"Unfortunately, native applications are not supported."
"The malware analysis could be improved, as that's what we use the solution for the most and that change would make it a better EDR tool."
"The current database schema presents challenges and has potential for improvement."
"They should provide us with good visibility for everything."
"CrowdStrike Falcon could improve by having an easier way to search and use the interface for extracting queries from the data. The interface could improve."
"The management features could be improved, particularly in terms of better integration with Intune, Microsoft's cloud-based management solution."
"The support team is not competent or responsive."
"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."
"The price could be better. It'll also help if they can continuously update and upgrade the solution. Every day there's a new virus uploaded into the network, and we have to keep updating it to identify all these things."
"One of the biggest downsides of Microsoft products, in general, is that the menus are often difficult to find, as they tend to move from place to place between versions."
"The mobile app support for Android and iOS is difficult and needs improvement."
"There are still some components, such as vulnerability management within the vendor product, where improved integration would be beneficial."
"Intrusion detection and prevention would be great to have with 365 Defender."
CrowdStrike Falcon is ranked 1st in Extended Detection and Response (XDR) with 107 reviews while Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 78 reviews. CrowdStrike Falcon is rated 8.8, while Microsoft Defender XDR is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and VMware Carbon Black Endpoint, whereas Microsoft Defender XDR is most compared with Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh, Trend Vision One and Microsoft Entra ID. See our CrowdStrike Falcon vs. Microsoft Defender XDR report.
See our list of best Extended Detection and Response (XDR) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.