We performed a comparison between CrowdStrike Falcon and LogRhythm UEBA based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The common and advanced security policies for threat hunting and blocking attacks are valuable."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging."
"I have found the ability to delete unwanted threats beneficial."
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"The most valuable feature is the network security."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"CrowdStrike Falcon's scalability is good. We have thousands of students using this solution."
"The CrowdStrike Falcon agent is very lightweight. Users never complain about their PCs getting stuck and things like that."
"At this point what is most valuable is the interface, which is easy to navigate."
"The most valuable feature of CrowdStrike Falcon is its accuracy. That's very important for me. False-positive are very bad for everyone. As we are a financial institution, it's even worse. I like Falcon because it's very accurate."
"The most useful feature is that we do not need to install or keep signature files. Regular scanning that consumes a lot of computer resources is not needed."
"Probably the most valuable thing to me is the real-time response piece. The fact that I can connect to an endpoint as long as it is on the Internet, no matter where it is globally. I can remove files from the endpoint, drop files on the endpoint, stop processes, reboot it, run custom scripts, and deploy software. Pretty much no other tool can do all that."
"I like the feature called RTC, the remote time connector."
"The automatic alert feature is the most important feature of the solution."
"The most valuable features are file activity monitoring and registry activity monitoring."
"It is easy to monitor users and that is how the solution is adding value to our firm."
"What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"The tool's most valuable feature is server threat hunting."
"LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs."
"It has a lot of features. It has file integration monitoring."
"Good capability pinpointing specific cyber incidents."
"The logs could be better."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"A simple dashboard without having to use MS Sentinel would be a welcome improvement."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"The management and automation of the cloud apps have room for improvement."
"I would like to see a more accurate integration and an option to check the local machine."
"CrowdStrike Suites and the way that it bundles things can be a bit challenging. It should be easier to integrate with the other stuff that they sell or be included with what they sell. We have one piece, then they are talking about another piece on vulnerability management all of the sudden, and we don't own that piece. We can see it in the console, but nothing shows up. It simply appears within the tool as an option, but we can't use it without purchasing it."
"It would be nice if the dashboard had some more information upfront, and looked a little better."
"The management reporting functionality needs to be improved."
"The portal can be clunky to navigate at times and has room for improvement."
"The dashboard does not have the facility to export the reports in a PDF format, which I can quickly share with internal stakeholders."
"We can do a threat analysis of any machine at any time, but that threat analysis is very limited."
"This solution could be improved with greater scope for admins to make changes to the solution."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users."
"The UI could be improved a little bit."
"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."
"It would be helpful if there were more guidance provided for integrating with unsupported devices."
"The cloud version is lacking and not up to par."
"What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product."
"It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved."
CrowdStrike Falcon is ranked 1st in Extended Detection and Response (XDR) with 107 reviews while LogRhythm UEBA is ranked 22nd in Extended Detection and Response (XDR) with 10 reviews. CrowdStrike Falcon is rated 8.8, while LogRhythm UEBA is rated 7.2. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of LogRhythm UEBA writes "Detects unusual logins but dashboards need improvement ". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and SentinelOne Singularity Complete, whereas LogRhythm UEBA is most compared with Wazuh, Darktrace, Trend Micro Deep Discovery, Aruba IntroSpect and Microsoft Purview Insider Risk Management. See our CrowdStrike Falcon vs. LogRhythm UEBA report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
