We performed a comparison between CrowdStrike Falcon and Microsoft Defender for Business based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Protection Platform (EPP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"The product's initial setup phase is very easy."
"The most valuable feature is the analysis, because of the beta structure."
"Forensics is a valuable feature of Fortinet FortiEDR."
"It is stable and scalable."
"I get alerts when scripts are detected in the environment."
"The product detects and blocks threats and is more proactive than firewalls."
"Impressive detection capabilities"
"The DLP is the most valuable feature of CrowdStrike Falcon."
"The initial setup was straightforward."
"The most valuable feature is the indicator of compromise, which show you what file was either quarantined or removed."
"The malware protection is the most valuable feature of CrowdStrike Falcon."
"Falcon has the capacity to identify potential problems quickly. The administrator can deploy the agent, and the users cannot change it. This assures you that the agent remains on this device. Also, the agent can act preemptively to provide alerts about potential problems."
"The feature I like the most is the solution's detection."
"The ability to execute real-time response, or, that you can connect to the agent and see exactly what processes are operating, is the most important feature of this solution."
"The automatic alert feature is the most important feature of the solution."
"The interface is quite user-friendly."
"Microsoft Defender for Business is good for small and medium-sized businesses. It offers solid security flexibility and integration with tools like Microsoft Lighthouse and some other software. It takes some of the features of Defender for Endpoint EDR and provides those services for small and medium-sized business environments."
"A few things are valuable. One is the alerting we see when any kind of intrusion is happening, any kind of malware is being deployed across the endpoints, or any kind of suspicious activity is going on. We have a footprint across all of North America, Canada, and Mexico, so we want to make sure that all our endpoints are protected and we are able to look for any anomalous activity."
"It is scalable."
"If you're an Intune user, you can bring in certain capabilities like system-hardening policies, which further enhances the security."
"The solution should address emerging threats like SQL injection."
"The support needs improvement."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"The solution is not user-friendly."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"Forensic controls have room for improvement."
"There are some aspects of the UI that could use some improvement, e.g., working in groups. I build a group, then I have to manually assign prevention policies, update policies, etc., but there is no function to copy that group. So, if I wanted to make a subgroup for troubleshooting or divide workstations into groups of laptops and desktops, then I have to manually build a brand new group. I can't just copy a build from one to another. Additionally, in order to do any work within a group, I have to first do the work on the respective prevention policy page or individual policy page, then remove the group if the group is assigned to a different prevention policy, remove the prevention policy, and then add the new one in. So, it can get a little hectic. It would be easier if I could add and remove things from the group page rather than having to go into the policy pages to do it."
"The solution needs to have integration with on-premises security devices and security facilities. That means all the security products, including the perimeter firewall, the DMZ."
"In the six months that I have been using CrowdStrike, it has not been able to detect anything."
"The management of the solution could improve."
"They need to strengthen the forensic capabilities of this product, for e-discovery."
"Basically, they don't cover legacy OS or applications. That's the only issue we're concerned about"
"Technical support could be better than what is currently offered."
"The security could always be improved."
"Defender's threat protection should be fine-tuned to reduce false positives. It could be more targeted, reflecting a continuous evolution in detecting. Also, it could be easier to integrate into other environments."
"We faced some issues while running some applications on Mac."
"Defender's reporting is rather scattered, and its URL filtering mechanism doesn't really work."
"The biggest one is that Defender needs to be more proactive to the emerging threats. There can be tighter integration with email, especially how it integrates with our email system, which is the Microsoft Outlook suite. There should be the ability to react a lot quicker to emerging threats because sometimes, it takes a few days before some of these new threats are fully identified, and we need that to be a few hours."
More Microsoft Defender for Business Pricing and Cost Advice →
CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 112 reviews while Microsoft Defender for Business is ranked 45th in Endpoint Protection Platform (EPP) with 5 reviews. CrowdStrike Falcon is rated 8.6, while Microsoft Defender for Business is rated 8.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Microsoft Defender for Business writes "Quicker response time, improved security posture, and reduced alerts". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security and VMware Carbon Black Endpoint, whereas Microsoft Defender for Business is most compared with HP Wolf Security, Microsoft Defender for Office 365, Microsoft Intune, Microsoft Defender for Endpoint and SentinelOne Singularity Complete. See our CrowdStrike Falcon vs. Microsoft Defender for Business report.
See our list of best Endpoint Protection Platform (EPP) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.