Try our new research platform with insights from 80,000+ expert users

CrowdStrike Falcon Sandbox vs Microsoft Defender for Endpoint comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

CrowdStrike Falcon Sandbox
Ranking in Anti-Malware Tools
27th
Average Rating
8.0
Number of Reviews
4
Ranking in other categories
No ranking in other categories
Microsoft Defender for Endp...
Ranking in Anti-Malware Tools
1st
Average Rating
8.0
Reviews Sentiment
7.3
Number of Reviews
186
Ranking in other categories
Endpoint Protection Platform (EPP) (1st), Advanced Threat Protection (ATP) (2nd), Endpoint Detection and Response (EDR) (2nd), Microsoft Security Suite (6th)
 

Mindshare comparison

As of November 2024, in the Anti-Malware Tools category, the mindshare of CrowdStrike Falcon Sandbox is 1.3%, up from 0.2% compared to the previous year. The mindshare of Microsoft Defender for Endpoint is 19.9%, down from 24.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Anti-Malware Tools
 

Featured Reviews

Valarie - PeerSpot reviewer
Jun 24, 2024
Provides a safe way to analyze and review documents that may have sensitive information without uploading them to a public platform
It provides a safe way to analyze and review documents that may have sensitive information without uploading them to a public platform. Additionally, provides an easy way to spin up a VM without requiring additional resources and patching of personal or team-managed virtualization. This empowers analysts to fully analyze and understand the behaviors of varying executables and sites. This has enabled our team to provide a better experience to our users by identifying any false positives from our email gateway and promoting security hygiene by reporting phishing emails. An analyst will personally reply to the report with their findings after sandboxing the artifacts.
Sudhen Swami - PeerSpot reviewer
Jun 26, 2024
Easy to update with good protection and a useful cloud portal
We've mainly used it for endpoints. However, we've also used it for DLP as well. We're also in the process of implementing it for cloud and identity as well. However, it's very good for endpoints, and that's our main focus. The malware protection is good. The visibility it provides is very useful. We can combine visibility with wider security features and alerts around malware, misconfiguration, or any other kinds of threats. The cloud portal is quite good. From there, we are able to see alerts and have colleagues review issues and monitor to see if any patterns arise. It's serving us quite well overall. It allows us to look at other items, like application and browser control. It helps us prioritize threats. We have a process in place now where we can review issues and remediate them effectively. We have been able to integrate a variety of Microsoft security products together. We use Azure AD, for example, and we've begun to implement DLP, among other items. We're looking at labeling and tagging and will expand into that soon. Defender has more stringent system requirements than, for example, Check Point. So when we implemented the Check Point Endpoint agent, that solution didn't mind what version of Windows you were using. When we moved to Defender, Defender had certain system prerequisites that had to be met. So we had to make sure that we're on a minimum version of Windows when we're utilizing Office, and Office has to be a particular version as well. It has more stringent system requirements that have to be met before you can implement it. It works natively together with other Microsoft solutions. Once you get more and more of those different components across the environment, then you start to get better visibility. So, rather than having lots of different solutions, you have fewer solutions and a single vendor solution. That way, you start getting into a position where you get better visibility and integration as well. The standardization is good. It's important. It's helping me with monitoring and learning. Updates and upgrades are quite smooth and seamless. Defender helps us automate routine tasks. Quite a lot of Microsoft is straightforward for us now. Previously, we didn't have enough resources and were unable to look at the alerts. Having this in place makes things a lot more straightforward for us. We have both the technology and the people in place now, alongside the process. We do see the benefits in that, and that's why we're continuing our adoption across the estate in terms of client and server as well. It's helping us avoid looking at multiple dashboards and centralized monitoring. We're not fully there yet. We're getting there. While we haven't witnessed time saving yet, once it's fully deployed, it will. By then, we'll have standardized processes across a single solution. We have saved money, however, as we continue to reduce non-Mircosft systems. Since we won't be using various competing technologies, we can save on licensing costs. We've likely so far saved 15%. While it's hard to estimate exactly how much, the solution has helped us decrease time to detection and time to respond.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The tool helps to obtain information about potential company breaches. The malware analysis capability is very effective. We check files from various sources, such as emails, USBs, and cloud drives."
"The most valuable features include malware detection, threat rating related to files, studying the metadata of the files, and providing threat feeds to the endpoint."
"It provides a safe way to analyze and review documents that may have sensitive information without uploading them to a public platform. Additionally, provides an easy way to spin up a VM without requiring additional resources and patching of personal or team-managed virtualization."
"I don't have any suggestions, because the solution is company-maintained and I believe the company is adopting every feature based on their needs and requirements."
"The most valuable feature of Microsoft Defender for Endpoint is that it is embedded into the Windows system. Additionally, the performance is good and simple to maintain."
"Because it has been integrated with the OS, we get the entire software inventories, and we even get access to the registries. Those are the primary features."
"It shows us the risky sign-ins, and if a user's password has been compromised."
"The main features of this solution are that it handles everything by itself and is well integrated."
"The comprehensiveness of Microsoft threat-protection products is great... Today, Microsoft Sentinel by itself is a leading Gartner SIEM tool. It has advantages over competitors because of the ability to integrate with Microsoft solutions and automate continuous monitoring of Microsoft AD and Office 365 data."
"This software is easy to use."
"The patch updates and version updates are very good. Those happen on an automated basis whenever I'm connecting to the organization network, either through LAN or through the VPN."
"The solution can scale as needed."
 

Cons

"The technical support is medium - they could improve, as communication is sometimes slow or late. There are missing detections that other tools catch. For improvements, we need easier ways to view full incident information and better presentation of data. Adding risk indicators for incidents would help decide on immediate actions. The platform should provide more information about incident risks to help less knowledgeable staff make decisions."
"The product needs integration with SOAR products to add more integration points, which is important for various clients."
"The detailed report is very valuable, but not always accurate. This is a great resource to share amongst team members and stakeholders after analysis."
"One of the valuable features of the solution is to impressively detect threats without any impact on the end point performance. The solution ensures that the end users have a seamless experience."
"The solution can be more user-friendly."
"The scanning is slow when it is working with incoming emails."
"It's not quite a mature solution just yet. It needs more time to grow and develop."
"I'm not too sure of its current capabilities, but I'm pretty sure they are doing a good job on Windows and Mac. However, I'm not sure whether they covered Linux. If I remember correctly, Microsoft Defender didn't have anything proper on Linux back then, but if they have improved it from that aspect, it would already be ticking all the boxes."
"The detection of viruses could be a little bit better."
"The interface isn't necessarily intuitive to a nontechnical person. You can get stuck in the little endpoint security portal. Sometimes, if you uninstall a competitive product, the end user doesn't always know if it's running or if they're protected even though it's silently running. There could be a notification, widget, or something that's resident on the screen for at least a bit, especially if you're doing remote support. You want to talk them through it, but sometimes, we're not allowed to look at the PCs we support."
"More integration with different platforms is an area for improvement for this product, and should be included in its next release."
"The solution could be even more secure and provide an even higher level of security."
 

Pricing and Cost Advice

"CrowdStrike Falcon Sandbox is not cheap; however, whether it should be more affordable is a decision best left to the company."
"Price-wise, the tool is a bit above mid-range, maybe 7 out of 10, where 10 is the most expensive."
"The solutions price could be cheaper."
"I don't know the standalone costs. It is my understanding that the M365 E5 is $56 a month or something close to that pricing. That would be for the full suite. Just Defender might be $8 a month. I can't say for sure."
"It is affordable and comes in the Office 365 bundle."
"The solution comes free with Microsoft Windows 10."
"There is no license needed, the solution comes with Microsoft Windows."
"We sell this product as part of Office 365 and it is not expensive."
"The solution is free and comes with Windows."
"Everybody would like to see a lower price on everything. The Slovenian market is basically an SME market with clients having up to 100 seat licenses, comprising 90% of the company. They're very price sensitive. So, the price could be cheaper."
report
Use our free recommendation engine to learn which Anti-Malware Tools solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Comms Service Provider
14%
Government
11%
Media Company
8%
Educational Organization
26%
Computer Software Company
12%
Government
7%
Financial Services Firm
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about CrowdStrike Falcon Sandbox?
I don't have any suggestions, because the solution is company-maintained and I believe the company is adopting every feature based on their needs and requirements.
What is your experience regarding pricing and costs for CrowdStrike Falcon Sandbox?
CrowdStrike is generally considered a bit expensive compared to other vendors. Falcon Sandbox is one of the modules of CrowdStrike, and the overall product's pricing is rated seven out of ten.
What needs improvement with CrowdStrike Falcon Sandbox?
The product needs integration with SOAR products to add more integration points, which is important for various clients. Additionally, integrating behavior detection alongside IOCs and threat detec...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
Which offers better endpoint security - Symantec or Microsoft Defender?
We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution. Microsoft Defender for Endpoint is a cloud-delivered endpoint security s...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...
 

Also Known As

No data available
Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Information Not Available
Petrofrac, Metro CSG, Christus Health
Find out what your peers are saying about CrowdStrike Falcon Sandbox vs. Microsoft Defender for Endpoint and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.