Try our new research platform with insights from 80,000+ expert users

Crowdstrike Falcon Endpoint Security and XDR vs Microsoft Defender for Endpoint comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Aug 11, 2024
 

Categories and Ranking

CrowdStrike Falcon
Ranking in Endpoint Protection Platform (EPP)
3rd
Ranking in Endpoint Detection and Response (EDR)
1st
Average Rating
8.6
Reviews Sentiment
8.3
Number of Reviews
122
Ranking in other categories
Identity Management (IM) (5th), Threat Intelligence Platforms (2nd), Active Directory Management (3rd), Extended Detection and Response (XDR) (1st), Attack Surface Management (ASM) (1st), Ransomware Protection (1st), Identity Threat Detection and Response (ITDR) (3rd), AI-Powered Cybersecurity Platforms (2nd)
Microsoft Defender for Endp...
Ranking in Endpoint Protection Platform (EPP)
1st
Ranking in Endpoint Detection and Response (EDR)
2nd
Average Rating
8.0
Reviews Sentiment
7.5
Number of Reviews
185
Ranking in other categories
Advanced Threat Protection (ATP) (2nd), Anti-Malware Tools (1st), Microsoft Security Suite (6th)
 

Mindshare comparison

As of October 2024, in the Endpoint Protection Platform (EPP) category, the mindshare of CrowdStrike Falcon is 10.8%, up from 9.3% compared to the previous year. The mindshare of Microsoft Defender for Endpoint is 12.1%, down from 16.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP)
 

Featured Reviews

Chintan-Vyas - PeerSpot reviewer
May 29, 2022
Easy to set up with good behavior-based analysis but needs a single-click recovery option
Most organizations are currently looking for a scheduled scan to meet their compliance needs. Other players like Symantec and Trend Micro, FireEye, et cetera, are still providing the signature-based regular scheduled scans also, which is not available in CrowdStrike. That is one parameter that we feel should be there in CrowdStrike. CrowdStrike is only working on the dynamic or the files under execution. CrowdStrike is not scanning the static files. The product could be more accurate in terms of performance. We'd like to have a single-click recovery option. With some machines getting corrupted by malware, we need an easy way to start with a blank slate if things happen. That one feature should be there in the EDR.
Sudhen Swami - PeerSpot reviewer
Jun 26, 2024
Easy to update with good protection and a useful cloud portal
We've mainly used it for endpoints. However, we've also used it for DLP as well. We're also in the process of implementing it for cloud and identity as well. However, it's very good for endpoints, and that's our main focus. The malware protection is good. The visibility it provides is very useful. We can combine visibility with wider security features and alerts around malware, misconfiguration, or any other kinds of threats. The cloud portal is quite good. From there, we are able to see alerts and have colleagues review issues and monitor to see if any patterns arise. It's serving us quite well overall. It allows us to look at other items, like application and browser control. It helps us prioritize threats. We have a process in place now where we can review issues and remediate them effectively. We have been able to integrate a variety of Microsoft security products together. We use Azure AD, for example, and we've begun to implement DLP, among other items. We're looking at labeling and tagging and will expand into that soon. Defender has more stringent system requirements than, for example, Check Point. So when we implemented the Check Point Endpoint agent, that solution didn't mind what version of Windows you were using. When we moved to Defender, Defender had certain system prerequisites that had to be met. So we had to make sure that we're on a minimum version of Windows when we're utilizing Office, and Office has to be a particular version as well. It has more stringent system requirements that have to be met before you can implement it. It works natively together with other Microsoft solutions. Once you get more and more of those different components across the environment, then you start to get better visibility. So, rather than having lots of different solutions, you have fewer solutions and a single vendor solution. That way, you start getting into a position where you get better visibility and integration as well. The standardization is good. It's important. It's helping me with monitoring and learning. Updates and upgrades are quite smooth and seamless. Defender helps us automate routine tasks. Quite a lot of Microsoft is straightforward for us now. Previously, we didn't have enough resources and were unable to look at the alerts. Having this in place makes things a lot more straightforward for us. We have both the technology and the people in place now, alongside the process. We do see the benefits in that, and that's why we're continuing our adoption across the estate in terms of client and server as well. It's helping us avoid looking at multiple dashboards and centralized monitoring. We're not fully there yet. We're getting there. While we haven't witnessed time saving yet, once it's fully deployed, it will. By then, we'll have standardized processes across a single solution. We have saved money, however, as we continue to reduce non-Mircosft systems. Since we won't be using various competing technologies, we can save on licensing costs. We've likely so far saved 15%. While it's hard to estimate exactly how much, the solution has helped us decrease time to detection and time to respond.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution can scale easily."
"It helps to prevent unauthorized access or identity theft from external sites. If your identity is stolen, you can ban it."
"The key aspect of CrowdStrike Falcon is its behavioral detection approach."
"The UI is simple and self-explanatory. Everything is easy to understand."
"The most valuable features of CrowdStrike Falcon are the AI in detecting and real-time detections."
"CrowdStrike is deployed on every workstation, so policy changes can be enforced on all of them. It lowers the manual work on each of the workstations. It has helped us manage device usage in our environment."
"The most valuable feature is that we don't need to re-image machines as much as we had to."
"The ability to execute real-time response, or, that you can connect to the agent and see exactly what processes are operating, is the most important feature of this solution."
"Its real-time security is the most valuable."
"This product is flexible, and it is very easy to get updates from the Microsoft website."
"We had certain compliance and usage issues. For example, our company wanted to go with CIS, but we didn't have a proper way of measuring whether the endpoints have the right standards in place or whether they were compliant with CIS. Microsoft Defender was like a one-stop for most things because it gave us the vulnerability and patching scores so that our vulnerability management teams can focus on covering up the vulnerabilities and the patching team can check the vulnerable versions and deploy the right versions."
"Defender has very little impact on the end-user and the agent works quite well with a minimal impact on the client and server."
"The endpoint detection of threats is valuable. The initial detection of things like ransomware and viruses and being able to shut down machines immediately and stop a threat is valuable. We can stop a threat at a source versus allow it to propagate it across the network."
"The solution is highly scalable."
"It is stable and easy to use. Everything is okay, and there are no performance issues."
"Defender should be fine for home use. It has all the basic functionality you need. I can't speak to how well it works as an enterprise solution because I'm not in the space."
 

Cons

"Enhancements in reporting and forensic analysis could benefit the product."
"A year and a half ago or more, if you put in a support request by email, then it wasn't timely addressed. It could be a day to three days before you received a response, which was a bit frustrating. There was a lot of customer feedback around this issue, which has been greatly refined."
"CrowdStrike Falcon needs to improve their host management system."
"The solution needs to have integration with on-premises security devices and security facilities. That means all the security products, including the perimeter firewall, the DMZ."
"The management of the solution could improve."
"CrowdStrike Falcon's GUI requires improvement for user-friendliness."
"This solution is relatively expensive."
"The biggest issue with Falcon as a standalone product is it doesn't have very much reporting."
"More integration with different platforms is an area for improvement for this product, and should be included in its next release."
"The pricing could be a bit better."
"Microsoft Defender for Endpoint's licensing is confusing. It has conflicting information on the website. We also faced integration issues with other systems. It makes laptops slower than traditional antivirus systems."
"From an audit point of view, our auditors would like to have more reports on how things are used, if things go wrong, and how they went wrong. For example, if something got a warning, "Why?" So, we would like more versatility for tracing and reporting. That would improve the product, as long as the user interface doesn't get bogged down."
"The solution can be more user-friendly."
"The profiling method currently in use is not very user-friendly and has ample scope for improvement."
"I would like to be able to set up any kind of protection I want in the firewall, any IP address or any number."
"If they integrate with the EDR then it will benefit this solution."
 

Pricing and Cost Advice

"The price of CrowdStrike Falcon could be better. It is very expensive, we pay approximately $900 per month for the licenses. There are not any additional fees."
"I do not have experience with the cost or licensing of the product."
"There are approximately a hundred different modules you have to purchase, depending on what you want to do. I have most of the modules. How it works is you buy the portfolio, you have to decide all the components you want in it, and then they price out a bundle for you. I have almost all of the package features in my bundle. You only need to pay for the modules you want."
"The price is too high."
"The more endpoints an organization adds the cheaper the cost."
"When it comes to licensing, customers can choose a bundle or select licences based on the specific features they would like access to. This solution comes with premium pricing. It is approximately 20 to 30% more expensive than competing solutions."
"When comparing to Microsoft, CrowdStrike Falcon is more expensive."
"The pricing could be reduced. If it was more reasonable that would be great."
"The cost is competitive and reasonable because most of the expense is log analytics, storage, and data consumption and ingestion. These things can be throttled and controlled, so they are highly flexible. Defender has a lot of advantages over competing products."
"It came with Windows."
"Microsoft Defender for Endpoint can be costly as a standalone solution."
"The solution is included with Microsoft Windows."
"There are different licenses, such as E3 and E5."
"Microsoft Defender for Endpoint is more affordable compared to some other endpoint solutions."
"The price of Microsoft Defender for Endpoint is reasonable. Other solutions are more expensive, such as ClowdStrike."
"Licenses depend upon what you are looking for and what kind of security do you want to implement. There are costs in addition to the standard licensing fees. When we used to buy Symantec, we used to spend on 100 licenses. We used to spend approximately $2,700 for those many licenses, and they came in packs. To add one more license, I had to buy a pack with a minimum of 10 licenses. I had to spend on nine extra licenses because I can't get a single license, whereas when we go for Microsoft, we can get as many licenses as we want. If I have 100 users today, and tomorrow, I have 90 users, I can release my 10 licenses next month. With any other software vendor, you buy licenses for one year, and you have to stick with that. If today you have 100 licenses, and tomorrow, you have 50, you have already paid for one year's license. You can't go back and tell them that I don't require these 50 licenses because I have lost my 50 users, but with Microsoft Defender, licensing is on a monthly basis. It gives you both options. You can go yearly and save on it, or you can go monthly. You will, again, save on it. It is very fair everywhere."
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
814,325 professionals have used our research since 2012.
 

Answers from the Community

NC
Sep 13, 2021
Sep 13, 2021
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature but on the platform, you can drill down the events to find the starter of a blocked event. It does have basic features to whitelist programs and paths, does show you information about what kind of th...
See 2 answers
KM
Sep 7, 2021
Depends on your budget and on the conditions of a Microsoft license. If you have an M365 license (like E3 or E5), Microsoft is cheaper. In terms of functionality, CrowdStrike is better.
HB
Sep 13, 2021
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature but on the platform, you can drill down the events to find the starter of a blocked event.  It does have basic features to whitelist programs and paths, does show you information about what kind of threat was blocked, gives you information about user logged, machine details (SO, version, serial, Mac Address, Local and WAN IP,...) and grants you with the time, the file that executed the event, allows you to group devices and define exclusion, detection, response policies based on them.  It does allow you to create specific profiles for each type of user like helpdesk analysts, managers, etc (with different access, etc). The solution is pretty good, actually and I'm pretty happy with it. I don't have experience with Microsoft Defender for Endpoint but will do in a couple of months to update this. =]
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
10%
Manufacturing Company
9%
Government
7%
Educational Organization
25%
Computer Software Company
12%
Government
7%
Financial Services Firm
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that are very scalable, secure, and user-friendly. Cortex XDR by Palo Alto offers ...
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a cl...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
Which offers better endpoint security - Symantec or Microsoft Defender?
We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution. Microsoft Defender for Endpoint is a cloud-delivered endpoint security s...
What do you like most about Microsoft Defender for Endpoint?
The most valuable aspect lies in its automation capabilities, particularly within security automation.
 

Also Known As

CrowdStrike Falcon, CrowdStrike Falcon XDR, CrowdStrike Falcon Threat Intelligence, CrowdStrike Identity Protection, CrowdStrike Falcon Surface
Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Information Not Available
Petrofrac, Metro CSG, Christus Health
Find out what your peers are saying about CrowdStrike Falcon vs. Microsoft Defender for Endpoint and other solutions. Updated: October 2024.
814,325 professionals have used our research since 2012.