We performed a comparison between Forescout Platform and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft 365 Defender's most valuable feature is the ability to control the shadow IP."
"The attack simulation is excellent; initially, this feature wasn't very robust, but Microsoft improved what we could achieve with it. We can now customize our practice phishing emails and include our company logo, for example. Attack simulation also helps integrate with third-party solutions where applicable and provides an overview of our security architecture through testing. The summary includes areas for improvement in our protection and what steps we need to take to get there."
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"Microsoft Defender XDR is scalable."
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"The integration between all the Defender products is the most valuable feature."
"Forescout Platform is stable, it is great."
"The standout strength of this solution lies in its unique capability to effectively manage unmanaged switches."
"Being able to sort on device types or devices with open ports is helpful when narrowing down assets of possible misconfigured devices that may be vulnerable on the network. We can take action on those devices based off of corporate policy."
"The most valuable feature of the Forescout Platform it's highly customizable and flexible."
"Forescout Platform provides multiple features. They have a very effective device fingerprinting in their cloud. You do not need to add any devices manually, such as in Mac devices. Other solutions you have to add IoT devices and OT devices manually. This is one of the major areas that Forescout Platform is excelling in."
"This is clearly the best product for the NAC use cases in this field for Forescout."
"The initial setup is easy, taking no more than two or three weeks."
"Forescout Platform's best feature is plug-in integration."
"The most valuable features are the modules and metrics."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"The configuration assessment and Pile integrity monitoring features are decent."
"Wazuh is simple to use for PCI compliance."
"Wazuh has very flexible and robust features."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"It is a stable solution."
"One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."
"Support is hit or miss. Microsoft wants you to buy premium support contracts. Though they call themselves professional support, it's almost like throwing questions into a black hole. You get an answer, but it's never helpful."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"The tool gives inconsistent answers and crashes a lot."
"Customers say they want absolutely seamless integration between other Microsoft solutions and Defender XDR, including the ability to change device settings within the Defender portal. They need to contact the IT team responsible for the device management tools to change some settings. They would prefer that those changes be initiated directly from the Defender portal or applied from Intune without involving the IT operations team."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the road map, and we ware waiting for that feature."
"We have found that the agent-based authentication, available within this solution could be improved."
"Forescout needs to upgrade its development in the future."
"It's scalable, but not without a big investment. It doesn't do so well at the branch. At the home office, it does okay and not so well at the branch."
"The initial setup is a bit complex."
"The installation is not secure because it takes high admin privileges."
"The initial setup was complex."
"Forescout Platform isn't flexible with connections to devices like printers and forces you to re-enter details like the MAC address after any breakdowns."
"The fact that Forescout Platform doesn't have a presence in the South African region is a weakness because of which you can't ask for help from them if you have any problems."
"There could be a hardware monitoring tool for the solution."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
"It would be great if there could be customization for the decoder portion."
"The implementation is very complex."
"Since it's an open-source tool, scalability is the main issue."
"The tool does not provide CTI to monitor darknet."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
Forescout Platform is ranked 12th in Extended Detection and Response (XDR) with 69 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. Forescout Platform is rated 8.4, while Wazuh is rated 7.4. The top reviewer of Forescout Platform writes "We can go granular on each endpoint, quarantine non-compliant machines, and target vulnerabilities through scripting". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Forescout Platform is most compared with Cisco ISE (Identity Services Engine), Aruba ClearPass, Fortinet FortiNAC, Nozomi Networks and Armis, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Cortex XDR by Palo Alto Networks. See our Forescout Platform vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.