Try our new research platform with insights from 80,000+ expert users

CrowdStrike Falcon vs Microsoft Defender XDR comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Nov 24, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.5
CrowdStrike Falcon enhances efficiency, reduces costs, and boosts productivity with improved security, providing a valuable return on investment.
Sentiment score
7.0
Microsoft Defender XDR offers cost savings, enhanced security, and efficiency by consolidating measures, reducing cyberattack losses, and streamlining processes.
Ever since we turned on the M5 feature set back in June, we have seen a reduced number of potentially malicious clicks and faster alerting when incidents occur.
 

Customer Service

Sentiment score
7.1
CrowdStrike Falcon offers responsive support, though improvements in response time and personalization are noted; premium support is highly praised.
Sentiment score
6.3
Microsoft Defender XDR support varies; larger organizations benefit more, with issues in responsiveness and knowledge sharing for smaller companies.
The CrowdStrike team is very efficient; I would rate them ten out of ten.
You get stuck in low-level support for way longer than you should, instead of them escalating the issue up the chain.
It's critical to escalate SEV B issues immediately to a domestic engineer.
The technical support from Microsoft Defender XDR has been disappointingly slow.
 

Scalability Issues

Sentiment score
7.9
CrowdStrike Falcon is highly scalable, supporting thousands of endpoints with easy deployment, catering to diverse business environments effectively.
Sentiment score
7.8
Microsoft Defender XDR offers scalable solutions for diverse organizations, with strengths in cloud setups and dashboard management despite some challenges.
When it comes to scalability, it is entirely based on premium models according to demand.
Microsoft Defender XDR shows tremendous scalability, much more so than on-premises solutions.
It is suitable for enterprise-level deployment but has room for improvement.
 

Stability Issues

Sentiment score
8.2
Users praise CrowdStrike Falcon's stability, performance, and reliability, noting minimal issues and high stability ratings despite occasional integration hiccups.
Sentiment score
7.8
Microsoft Defender XDR is praised for stability and reliability, with minor issues quickly resolved and high user satisfaction.
I have never seen instability in the CrowdStrike tool.
The service has remained consistently online, with any issues isolated to specific components, suggesting a well-designed and modular architecture.
The services within our ecosystem have been reliable, meeting their SLAs.
 

Room For Improvement

CrowdStrike Falcon needs system integration, UI, reporting improvements, and enhanced compatibility, addressing false positives, support, and pricing concerns.
Microsoft Defender XDR needs faster scanning, better integration, simpler licensing, and improved automation for user-friendly threat management.
False positive reductions are needed.
Simplifying the querying process, such as using double quote queries or directly obtaining logs based on IP addresses or usernames, would be beneficial.
It would be helpful if there were cost-cutting measures.
Improvements are needed in automated response capabilities.
The licensing process needs improvement and clarification.
Microsoft could improve on threat hunting and build more on threat detection and handling.
 

Setup Cost

CrowdStrike Falcon's pricing, typically $50,000 to $100,000 annually, is competitive with customizable options and offers free trials.
Microsoft Defender XDR is cost-effective with an E5 bundle but costly separately, influenced by complex licensing and geographic factors.
I would rate the pricing as eight out of ten, indicating it is a reasonable cost for the product.
Microsoft purposefully obfuscates this through marketing ploys to hide costs.
There are no issues with pricing, but sometimes, the clarity in licensing is a concern.
 

Valuable Features

CrowdStrike Falcon offers robust threat detection and prevention with user-friendly interface, AI-driven analysis, and excellent integration features.
Microsoft Defender XDR offers seamless integration, advanced threat hunting, and AI protection, streamlining operations and reducing costs.
I can investigate by accessing the customer's host based on the RTR environment and utilize host search to know details for the past seven days, including logins, processes, file installations, malicious processes, and network connections.
CrowdStrike has improved our incident response capabilities.
CrowdStrike provides a lot of visibility in their tool.
With Microsoft threat intelligence information, it detects various types of threats, including insider attacks, malicious content, and data exfiltration.
The alerts are all in one central location.
The email protection feature is the most valuable because our risks primarily lie there, and it seems to be the most popular target.
 

Categories and Ranking

CrowdStrike Falcon
Ranking in Endpoint Detection and Response (EDR)
1st
Ranking in Extended Detection and Response (XDR)
1st
Average Rating
8.6
Reviews Sentiment
7.4
Number of Reviews
125
Ranking in other categories
Security Information and Event Management (SIEM) (6th), Endpoint Protection Platform (EPP) (3rd), Identity Management (IM) (6th), Threat Intelligence Platforms (2nd), Active Directory Management (2nd), Attack Surface Management (ASM) (1st), Ransomware Protection (1st), Identity Threat Detection and Response (ITDR) (3rd), AI-Powered Cybersecurity Platforms (1st)
Microsoft Defender XDR
Ranking in Endpoint Detection and Response (EDR)
5th
Ranking in Extended Detection and Response (XDR)
4th
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
96
Ranking in other categories
Microsoft Security Suite (2nd)
 

Mindshare comparison

As of February 2025, in the Extended Detection and Response (XDR) category, the mindshare of CrowdStrike Falcon is 16.9%, down from 17.8% compared to the previous year. The mindshare of Microsoft Defender XDR is 7.4%, up from 6.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR)
 

Featured Reviews

Chintan-Vyas - PeerSpot reviewer
Easy to set up with good behavior-based analysis but needs a single-click recovery option
Most organizations are currently looking for a scheduled scan to meet their compliance needs. Other players like Symantec and Trend Micro, FireEye, et cetera, are still providing the signature-based regular scheduled scans also, which is not available in CrowdStrike. That is one parameter that we feel should be there in CrowdStrike. CrowdStrike is only working on the dynamic or the files under execution. CrowdStrike is not scanning the static files. The product could be more accurate in terms of performance. We'd like to have a single-click recovery option. With some machines getting corrupted by malware, we need an easy way to start with a blank slate if things happen. That one feature should be there in the EDR.
Gabor Nyerd - PeerSpot reviewer
Includes four services and four products, which can help organizations a lot
We found that sometimes integrations work, but testing them can take some time. Sometimes, configurations take much longer than expected. We have a configuration in place that needs to be synchronized with another server. However, the servers are four hours apart, so this can cause delays. In general, I believe that the time it takes to configure and test a service should be shorter. Sometimes, it can take a couple of hours to test a single configuration setting. Other times, it is only ten or fifteen minutes, which is normal. However, sometimes, even immediate actions can be triggered by configuration changes, and some settings can take up to eight hours to complete. I believe that this time can be improved. Microsoft is making a lot of improvements to its services in a short period of time. This is a good thing, as it means that the services are constantly being updated and improved. However, it can be challenging for customers to keep up with the changes. For example, a customer may read about an update, understand it, and share it with their colleagues and boss. However, it may take days or weeks to test the update and get the necessary approvals. This can be especially challenging for large customers with many users or machines. In some cases, Microsoft may change a service before the customer has had a chance to implement the previous update. This can be frustrating for customers, as it means that they have to constantly learn new things and adjust their workflows. On the one hand, it is important for Microsoft to keep updating and improving its services. This helps to ensure that the services are meeting the customers' needs and that they are staying ahead of the competition. Microsoft should also be mindful of the challenges that these changes can create for customers. One way to address this challenge is to provide customers with more time to implement changes. Microsoft could also provide more information about upcoming changes so that customers can plan ahead. Ultimately, Microsoft needs to strike a balance between keeping its services up-to-date and providing customers with a smooth transition to new features.
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
838,640 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
10%
Manufacturing Company
9%
Government
7%
Computer Software Company
17%
Financial Services Firm
10%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that are very scalable, secure, and user-friendly. Cortex XDR by Palo Alto offers ...
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a cl...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...
What do you like most about Microsoft 365 Defender?
Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise.
What is your experience regarding pricing and costs for Microsoft 365 Defender?
Licensing is somewhat confusing, particularly when presenting our pitch decks to stakeholders and leveraging key features in premium SKUs, but we managed with some assistance from Microsoft.
What needs improvement with Microsoft 365 Defender?
It would be beneficial to reduce the number of clicks required to navigate between blades, as the current navigation and breadcrumb system can be a bit confusing. Some inconsistencies exist between...
 

Also Known As

CrowdStrike Falcon, CrowdStrike Falcon XDR, CrowdStrike Falcon Threat Intelligence, CrowdStrike Identity Protection, CrowdStrike Falcon Surface
Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
 

Overview

 

Sample Customers

Information Not Available
Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
Find out what your peers are saying about CrowdStrike Falcon vs. Microsoft Defender XDR and other solutions. Updated: January 2025.
838,640 professionals have used our research since 2012.