We performed a comparison between Elastic Security and Microsoft Defender XDR based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product's initial setup phase is very easy."
"Ability to get forensics details and also memory exfiltration."
"The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"The solution was relatively easy to deploy."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"The product detects and blocks threats and is more proactive than firewalls."
"The most valuable features of the solution are the prevention methods and the incident alerts."
"The most valuable feature is the machine learning capability."
"It is scalable."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"One of the most valuable features of this solution is that it is more flexible than AlienVault."
"ELK is open-source, and it will give you the framework you need to build everything from scratch."
"It is the best open-source product for people working in SO, managing and analyzing logs."
"The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
"We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."
"All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"Microsoft 365 Defender is a good solution and easy to use."
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"It has great stability."
"Microsoft 365 Defender is simple to upgrade."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"It takes about two business days for initial support, which is too slow in urgent situations."
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"The SIEM could be improved."
"I haven't seen the use of AI in the solution."
"The support needs improvement."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them."
"The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes."
"Their visuals and graphs need to be better."
"The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics."
"The solution could also use better dashboards. They need to be more graphical, more matrix-like."
"The interface could be more user friendly because it is sometimes hard to deal with."
"In terms of improvement, there could be more automation in responding to and evaluating detections."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging."
"There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use."
"Intrusion detection and prevention would be great to have with 365 Defender."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"One of the biggest downsides of Microsoft products, in general, is that the menus are often difficult to find, as they tend to move from place to place between versions."
"There are still some components, such as vulnerability management within the vendor product, where improved integration would be beneficial."
"The support could be more knowledgable to improve their offering."
Elastic Security is ranked 7th in Extended Detection and Response (XDR) with 59 reviews while Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 78 reviews. Elastic Security is rated 7.6, while Microsoft Defender XDR is rated 8.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Microsoft Entra ID. See our Elastic Security vs. Microsoft Defender XDR report.
See our list of best Extended Detection and Response (XDR) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.