Try our new research platform with insights from 80,000+ expert users

Crowdstrike Falcon Endpoint Security and XDR vs Microsoft Defender for Endpoint comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Nov 24, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.5
CrowdStrike Falcon enhances efficiency, reduces costs, and boosts productivity with improved security, providing a valuable return on investment.
Sentiment score
7.2
Users report positive ROI from Microsoft Defender for Endpoint, citing cost savings, improved security, and effective system integration.
The return on investment is primarily in time savings and better observability of what's happening.
 

Customer Service

Sentiment score
7.1
CrowdStrike Falcon offers responsive support, though improvements in response time and personalization are noted; premium support is highly praised.
Sentiment score
6.6
Microsoft Defender for Endpoint's support is generally reliable, with mixed reviews on response time and resolution quality.
The CrowdStrike team is very efficient; I would rate them ten out of ten.
Due to our size, we don't have access to direct technical support, but the knowledge base, Microsoft Learn, and the articles available are really good.
I rate Microsoft support 10 out of 10.
The level-one support seems disconnected from subject matter experts.
 

Scalability Issues

Sentiment score
7.9
CrowdStrike Falcon is highly scalable, supporting thousands of endpoints with easy deployment, catering to diverse business environments effectively.
Sentiment score
7.6
Microsoft Defender for Endpoint offers scalable integration and cloud-based management, but customization may need extra tools in complex settings.
When it comes to scalability, it is entirely based on premium models according to demand.
We managed to scale it out in a short amount of time, with two months of planning and three months of implementation on 10,000 computers.
It's pretty easy to scale with Microsoft, as they make it easy if you look into the documentation.
Defender's scalability is phenomenal, and it's going to be one of the keys to resolving issues for the SOC.
 

Stability Issues

Sentiment score
8.2
Users praise CrowdStrike Falcon's stability, performance, and reliability, noting minimal issues and high stability ratings despite occasional integration hiccups.
Sentiment score
7.9
Microsoft Defender for Endpoint is stable, integrates well with Windows, but occasionally has configuration and memory issues.
I have never seen instability in the CrowdStrike tool.
Defender for Endpoint is extremely stable.
I rate Defender 10 out of 10 for stability.
I haven't seen any outages with Microsoft.
 

Room For Improvement

CrowdStrike Falcon needs system integration, UI, reporting improvements, and enhanced compatibility, addressing false positives, support, and pricing concerns.
Users criticize Microsoft Defender for Endpoint's complex interface, limited integration, and request enhancements in analytics, protection, and support.
Threat prevention should be their first priority.
Simplifying the querying process, such as using double quote queries or directly obtaining logs based on IP addresses or usernames, would be beneficial.
It would be helpful if there were cost-cutting measures.
Repeated interactions are necessary due to Level One's lack of tools and knowledge, hindering efficient problem-solving and negatively impacting our experience with Microsoft support.
We have multiple endpoints, and we want to look for signals across tenants.
You have to go through tons of documentation to find what you want.
 

Setup Cost

CrowdStrike Falcon's pricing, typically $50,000 to $100,000 annually, is competitive with customizable options and offers free trials.
Microsoft Defender for Endpoint offers flexible, cost-effective pricing, especially in E5 bundles, adapting to various enterprise licensing needs.
Given our extensive Microsoft licensing, transitioning to Defender for Endpoint did not affect licensing costs.
The pricing, setup, and licensing were very easy and simple.
 

Valuable Features

CrowdStrike Falcon offers robust threat detection and prevention with user-friendly interface, AI-driven analysis, and excellent integration features.
Microsoft Defender for Endpoint provides comprehensive cybersecurity with seamless integration, robust threat analytics, and efficient management across platforms without performance impact.
I can investigate by accessing the customer's host based on the RTR environment and utilize host search to know details for the past seven days, including logins, processes, file installations, malicious processes, and network connections.
CrowdStrike has improved our incident response capabilities.
Real-time response (RTR) is a feature of EDR.
Defender for Endpoint's coverage across different platforms in our environment is pretty good. We have devices running Linux, Mac OS, Windows, iOS, and Android. It covers all of them.
Web filtering is the most valuable feature of Microsoft Defender for Endpoint because it effectively maintains security for website access.
The notification and reporting features are most valuable because we are part of a compliance project, and maintaining SOC 2 compliance is critical.
 

Categories and Ranking

CrowdStrike Falcon
Ranking in Endpoint Protection Platform (EPP)
3rd
Ranking in Endpoint Detection and Response (EDR)
1st
Average Rating
8.6
Reviews Sentiment
7.4
Number of Reviews
125
Ranking in other categories
Security Information and Event Management (SIEM) (6th), Identity Management (IM) (6th), Threat Intelligence Platforms (2nd), Active Directory Management (2nd), Extended Detection and Response (XDR) (1st), Attack Surface Management (ASM) (1st), Ransomware Protection (1st), Identity Threat Detection and Response (ITDR) (3rd), AI-Powered Cybersecurity Platforms (1st)
Microsoft Defender for Endp...
Ranking in Endpoint Protection Platform (EPP)
1st
Ranking in Endpoint Detection and Response (EDR)
2nd
Average Rating
8.0
Reviews Sentiment
7.1
Number of Reviews
190
Ranking in other categories
Advanced Threat Protection (ATP) (2nd), Anti-Malware Tools (1st), Microsoft Security Suite (6th)
 

Mindshare comparison

As of February 2025, in the Endpoint Protection Platform (EPP) category, the mindshare of CrowdStrike Falcon is 11.1%, up from 8.7% compared to the previous year. The mindshare of Microsoft Defender for Endpoint is 11.2%, down from 15.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP)
 

Featured Reviews

Chintan-Vyas - PeerSpot reviewer
Easy to set up with good behavior-based analysis but needs a single-click recovery option
Most organizations are currently looking for a scheduled scan to meet their compliance needs. Other players like Symantec and Trend Micro, FireEye, et cetera, are still providing the signature-based regular scheduled scans also, which is not available in CrowdStrike. That is one parameter that we feel should be there in CrowdStrike. CrowdStrike is only working on the dynamic or the files under execution. CrowdStrike is not scanning the static files. The product could be more accurate in terms of performance. We'd like to have a single-click recovery option. With some machines getting corrupted by malware, we need an easy way to start with a blank slate if things happen. That one feature should be there in the EDR.
AnuragSrivastava - PeerSpot reviewer
Provides detailed visibility into threats but the ability to add exceptions needs improvement
One major item for improvement is the ability to add exceptions. We can add some exceptions, but not at the level we need to. The second major area for improvement involves enhanced capabilities for different operating systems or platforms. That is, even though we have coverage for different operating systems or platforms such as Linux, we don't get all of the controls and enhanced capabilities that are available with Windows devices. Reporting could also be improved because, at present, we get limited results at times. For example, in an environment with more than 100,000 devices, you may just get 10,000 results when you run a report.
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
838,640 professionals have used our research since 2012.
 

Answers from the Community

NC
Sep 13, 2021
Sep 13, 2021
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature but on the platform, you can drill down the events to find the starter of a blocked event. It does have basic features to whitelist programs and paths, does show you information about what kind of th...
See 2 answers
KM
Sep 7, 2021
Depends on your budget and on the conditions of a Microsoft license. If you have an M365 license (like E3 or E5), Microsoft is cheaper. In terms of functionality, CrowdStrike is better.
HB
Sep 13, 2021
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature but on the platform, you can drill down the events to find the starter of a blocked event.  It does have basic features to whitelist programs and paths, does show you information about what kind of threat was blocked, gives you information about user logged, machine details (SO, version, serial, Mac Address, Local and WAN IP,...) and grants you with the time, the file that executed the event, allows you to group devices and define exclusion, detection, response policies based on them.  It does allow you to create specific profiles for each type of user like helpdesk analysts, managers, etc (with different access, etc). The solution is pretty good, actually and I'm pretty happy with it. I don't have experience with Microsoft Defender for Endpoint but will do in a couple of months to update this. =]
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
10%
Manufacturing Company
9%
Government
7%
Educational Organization
28%
Computer Software Company
11%
Government
7%
Financial Services Firm
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that are very scalable, secure, and user-friendly. Cortex XDR by Palo Alto offers ...
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a cl...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
Which offers better endpoint security - Symantec or Microsoft Defender?
We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution. Microsoft Defender for Endpoint is a cloud-delivered endpoint security s...
What do you like most about Microsoft Defender for Endpoint?
The most valuable aspect lies in its automation capabilities, particularly within security automation.
 

Also Known As

CrowdStrike Falcon, CrowdStrike Falcon XDR, CrowdStrike Falcon Threat Intelligence, CrowdStrike Identity Protection, CrowdStrike Falcon Surface
Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Information Not Available
Petrofrac, Metro CSG, Christus Health
Find out what your peers are saying about CrowdStrike Falcon vs. Microsoft Defender for Endpoint and other solutions. Updated: February 2025.
838,640 professionals have used our research since 2012.