We performed a comparison between CrowdStrike Falcon and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The EDR features are valuable. By getting the EDR features, we have more control over the device. We have information about events in real-time and more protection against zero-day threats and zero-day vulnerabilities. We can monitor every event or action that a device is going through. We can get an idea if it is something malicious or if we have to take any actions."
"The most valuable features are spam filtering, attachment filtering, and antivirus protection."
"The most valuable feature of all is the full integration with the rest of the software in the operating system and Office 365, as well as Microsoft SCCM. It is quite easy for us to work with the whole instance of Microsoft products. This integration improves the benefits of the whole suite of products."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"The solution is well integrated with applications. It is easy to maintain and administer."
"We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."
"The most valuable feature of CrowdStrike Falcon is crowdsourcing intelligence."
"CrowdStrike enables the infrastructure managers to visualize all the events and get information about the network."
"Regarding features, I appreciate its integration capabilities with identity providers...Stability-wise, I rate the solution a ten out of ten."
"Everything we've done with CrowdStrike is due to Arctic Wolf. We don't even need to get alerts from CrowdStrike anymore. It'll send those to Arctic Wolf, and then Arctic Wolf analyzes those and let us know if there's a major issue."
"It's ability to do threat hunting is really great, quite robust, and even allows you to do hygiene stuff."
"The EDR is amazing and ease of integration with Splunk is a big plus. Integration with BigQuery is also a plus for me and workflow creation is easy. Overall, CrowdStrike Falcon is a great product."
"The CS falcon agent is a lightweight agent compared with other agents of EDR products."
"The solution can scale easily."
"I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"It is a stable solution."
"Good for monitoring, active response, and for vulnerabilities."
"Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"The main thing I like about it is that it has an EDR."
"The most valuable features are the modules and metrics."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"The user interface of Microsoft 365 Defender could improve. They could make it simpler."
"Customers say they want absolutely seamless integration between other Microsoft solutions and Defender XDR, including the ability to change device settings within the Defender portal. They need to contact the IT team responsible for the device management tools to change some settings. They would prefer that those changes be initiated directly from the Defender portal or applied from Intune without involving the IT operations team."
"There could be a way to proactively monitor unusual activity ."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"We should be able to use the product on devices like Apple, Linux, etc."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"The ability to receive text alerts natively in the console would be kind of cool."
"Support, particularly related to after-sales and after deployment, could be improved a bit. If you need to connect to support, it takes at least a day to reach the support team and get a proper reply."
"The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool."
"CS Falcon sensing capabilities for non-domain machines should be enhanced since the agent doesn't detect the neighbor's IP Address and/or any anomaly which was identified in the network for the non-domain machine."
"The installation process for this software needs to be simplified."
"To simplify the budgeting process for our clients, CrowdStrike should consider offering bundled packages that include essential features."
"In a future release, I would like to see more integrations for data breaches and security features."
"As the company has grown, the technical support has felt less personal."
"We would like to see more improvements on the cloud."
"Its configuration process is time-consuming."
"The computing resources are consuming and do not make sense."
"It would be great if there could be customization for the decoder portion."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
"They could include flexibility and customization capabilities by modifying for customers based on partner agreements."
"There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
CrowdStrike Falcon is ranked 1st in Extended Detection and Response (XDR) with 107 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. CrowdStrike Falcon is rated 8.8, while Wazuh is rated 7.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and Trellix Endpoint Security, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Cortex XDR by Palo Alto Networks. See our CrowdStrike Falcon vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.