We performed a comparison between Cybereason XDR and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft Defender XDR is scalable."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"The threat intelligence is excellent."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience with the integrations, it was just a click of a button and things were integrated. It's just a button."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"Cybereason XDR's most useful feature is the investigation."
"The solution has an investigation feature, which is useful for building storylines."
"The configuration assessment and Pile integrity monitoring features are decent."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring."
"Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work."
"The deployment is easy and they provide very good documentation."
"The MITRE ATT&CK correlation is most valuable."
"Its cost-effectiveness is the most valuable aspect."
"I like that the solution is on top of the Kubernetes stack."
"Support is hit or miss. Microsoft wants you to buy premium support contracts. Though they call themselves professional support, it's almost like throwing questions into a black hole. You get an answer, but it's never helpful."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"Microsoft Defender XDR is not a full-fledged EDR or XDR."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
"From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it."
"Cybereason's customer support could be better."
"The one thing we sometimes have issues with is its integration with other security applications like antiviruses."
"The support team could be more responsive and provide quicker replies during our working hours in Indonesia, which would be a significant improvement."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
"A more structured approach, perhaps with modular UI components, to facilitate easier integration and navigation within the Wazuh platform for custom integrations would be beneficial."
"Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage."
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"We would like to see more improvements on the cloud."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
Cybereason XDR is ranked 19th in Extended Detection and Response (XDR) with 2 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. Cybereason XDR is rated 8.6, while Wazuh is rated 7.4. The top reviewer of Cybereason XDR writes "Provides effective incident response and investigation features". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Cybereason XDR is most compared with Cortex XDR by Palo Alto Networks, Cynet and Trend Vision One, whereas Wazuh is most compared with Elastic Security, Security Onion, AlienVault OSSIM, Splunk Enterprise Security and SentinelOne Singularity Complete. See our Cybereason XDR vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.