CrowdStrike Falcon and Microsoft Defender XDR are both Extended Detection and Response (XDR) solutions that offer endpoint protection and threat detection capabilities. CrowdStrike Falcon is a standalone platform, whereas Defender XDR integrates seamlessly with Microsoft security products. CrowdStrike Falcon offers customizable alert settings and machine-learning algorithms for proactive threat hunting. Microsoft Defender is highlighted for its efficient incident response system. Both products have flexible pricing options, with users noting positive ROI from both solutions.
The summary above is based on 207 interviews we conducted recently with CrowdStrike Falcon and Microsoft 365 Defender users. To access the review's full transcripts, download our report.
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"This is stable and scalable."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"Forensics is a valuable feature of Fortinet FortiEDR."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"It is stable and scalable."
"The product detects and blocks threats and is more proactive than firewalls."
"It has an extremely low footprint, so it has got minimum impact on the user end points in terms of CPU and memory usage."
"CrowdStrike Falcon is effortless to use, and it's a cloud-specific platform. You only need to deploy the light agents on the licensed endpoints, and you're ready to work. Your dashboards will tell you the number of the endpoints being protected and the incidents. There are also incident dashboards with alerts that will tell you about the details."
"The DLP is the most valuable feature of CrowdStrike Falcon."
"The CS falcon agent is a lightweight agent compared with other agents of EDR products."
"Scalability hasn't been an issue for us."
"The most valuable feature is the machine learning that they use to check certain patterns in the endpoint devices. It checks the whole ecosystem or entire environment."
"The most valuable feature is the indicator of compromise, which show you what file was either quarantined or removed."
"The most valuable feature is its threat analysis."
"I like how Microsoft XDR and the other Microsoft products are integrated into a single unified security stack covering identity access management, endpoint protection, email, cloud applications, etc."
"The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"The most valuable features are spam filtering, attachment filtering, and antivirus protection."
"Microsoft 365 Defender is a good solution and easy to use."
"I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an attack is performed anywhere within the organization, you can isolate that instance from the network. This is what I can figure out for it. When integrated with Sentinel, you can set up playbooks to automate all the alerts gathered on Sentinel from different Microsoft solutions. Sentinel has a wider range of capabilities than XDR."
"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
"ZTNA can improve latency."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"Detections could be improved."
"Making the portal mobile friendly would be helpful when I am out of office."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"The SIEM could be improved."
"It can be expensive depending on the features you select."
"The technical support team often just replies to an issue with a link to an article rather than actually calling back and talking to someone and making sure the problem is solved. To me, that's kind of weak."
"It is cloud-based, and this does make some weary of the data being held on the cloud. Privacy requirements must be taken into account."
"Crowdstrike Falcon XDR can improve the integration. There are some locks on the cloud to on-premise integrations."
"I would like to see the machine learning feature enhanced."
"There are some areas where some customers would prefer a different service."
"The pricing structure should allow for some flexibility."
"Some of Falcon's features are a bit pricey."
"Customers say they want absolutely seamless integration between other Microsoft solutions and Defender XDR, including the ability to change device settings within the Defender portal. They need to contact the IT team responsible for the device management tools to change some settings. They would prefer that those changes be initiated directly from the Defender portal or applied from Intune without involving the IT operations team."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it."
"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."
"The data recovery and backup could be improved."
"We should be able to use the product on devices like Apple, Linux, etc."
CrowdStrike Falcon is ranked 1st in Extended Detection and Response (XDR) with 107 reviews while Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 78 reviews. CrowdStrike Falcon is rated 8.8, while Microsoft Defender XDR is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and VMware Carbon Black Endpoint, whereas Microsoft Defender XDR is most compared with Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh, Trend Vision One and Microsoft Entra ID. See our CrowdStrike Falcon vs. Microsoft Defender XDR report.
See our list of best Extended Detection and Response (XDR) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.