We performed a comparison between CrowdStrike Falcon and Forescout XDR based on real PeerSpot user reviews.
Find out what your peers are saying about CrowdStrike, SentinelOne, Wazuh and others in Extended Detection and Response (XDR)."Microsoft 365 Defender is a stable solution."
"Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."
"The product is very easy to use."
"The most valuable features are spam filtering, attachment filtering, and antivirus protection."
"The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats."
"The UI is simple and self-explanatory. Everything is easy to understand."
"The ability to execute real-time response, or, that you can connect to the agent and see exactly what processes are operating, is the most important feature of this solution."
"Enables us to understand what processes are running on the system, what registry keys have been enabled."
"The initial setup is very simple."
"The CrowdStrike Falcon dashboard is good, and we haven't had any problems with it."
"I like the detection rates of mobile threats."
"CrowdStrike Falcon is a very light solution. It does not use too much processor or RAM."
"I like the Overwatch feature the most."
"The product has valuable features for cloud IoT device enhancement, intelligent threat detection, etc."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"The data recovery and backup could be improved."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"As the company has grown, the technical support has felt less personal."
"It would be nice if the dashboard had some more information upfront, and looked a little better."
"They don't really have anything when it comes to scanning attachments."
"It is cloud-based, and this does make some weary of the data being held on the cloud. Privacy requirements must be taken into account."
"The installation process for this software needs to be simplified."
"We have had to open a case with the technical support to get some issues and bugs resolved."
"CrowdStrike should provide better visibility in its reporting. There should be more forensic details about detected threats."
"We can't do scanning audits or device blocking or application control."
"The product is more expensive than other vendors in terms of features."
CrowdStrike Falcon is ranked 1st in Extended Detection and Response (XDR) with 107 reviews while Forescout XDR is ranked 29th in Extended Detection and Response (XDR) with 1 review. CrowdStrike Falcon is rated 8.8, while Forescout XDR is rated 6.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Forescout XDR writes "Provides efficient network access control, but its support services need improvement". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and SentinelOne Singularity Complete, whereas Forescout XDR is most compared with Arctic Wolf Managed Detection and Response.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.