Try our new research platform with insights from 80,000+ expert users

Microsoft Defender XDR vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.0
Microsoft Defender XDR offers cost savings, enhanced security, and efficiency by consolidating measures, reducing cyberattack losses, and streamlining processes.
Sentiment score
7.2
Splunk Enterprise Security enhances visibility, streamlines operations, and supports real-time decisions, improving efficiency and security in large-scale environments.
Ever since we turned on the M5 feature set back in June, we have seen a reduced number of potentially malicious clicks and faster alerting when incidents occur.
Splunk's cost is justified for large environments with extensive assets.
 

Customer Service

Sentiment score
6.3
Microsoft Defender XDR support varies; larger organizations benefit more, with issues in responsiveness and knowledge sharing for smaller companies.
Sentiment score
6.7
Splunk Enterprise Security support is mixed: knowledgeable at higher levels but variable with first-tier responses, praised online.
You get stuck in low-level support for way longer than you should, instead of them escalating the issue up the chain.
It's critical to escalate SEV B issues immediately to a domestic engineer.
The technical support from Microsoft Defender XDR has been disappointingly slow.
If you want to write your own correlation rules, it is very difficult to do, and you need Splunk's support to write new correlation rules for the SIEM tool.
The technical support for Splunk met my expectations.
 

Scalability Issues

Sentiment score
7.8
Microsoft Defender XDR offers scalable solutions for diverse organizations, with strengths in cloud setups and dashboard management despite some challenges.
Sentiment score
7.7
Splunk Enterprise Security is scalable and effective for large deployments, though costs and planning are essential considerations.
Microsoft Defender XDR shows tremendous scalability, much more so than on-premises solutions.
It is suitable for enterprise-level deployment but has room for improvement.
They struggle a bit with pure virtual environments, but in terms of how much they can handle, it is pretty good.
It is easy to scale.
 

Stability Issues

Sentiment score
7.8
Microsoft Defender XDR is praised for stability and reliability, with minor issues quickly resolved and high user satisfaction.
Sentiment score
7.9
Splunk Enterprise Security is reliable and adaptable, handling large data volumes with minimal downtime and robust performance.
The service has remained consistently online, with any issues isolated to specific components, suggesting a well-designed and modular architecture.
The services within our ecosystem have been reliable, meeting their SLAs.
It provides a stable environment but needs to integrate with ITSM platforms to achieve better visibility.
It is very stable.
 

Room For Improvement

Microsoft Defender XDR needs faster scanning, better integration, simpler licensing, and improved automation for user-friendly threat management.
Splunk Enterprise Security needs improved setup, GUI, user control, pricing, machine learning, and intuitive dashboards for better accessibility.
The licensing process needs improvement and clarification.
Improvements are needed in automated response capabilities.
Some inconsistencies exist between blades, which could be improved for a more seamless user and UI experience.
What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel.
Splunk Enterprise Security would benefit from a more robust rule engine to reduce false positives.
Splunk could enhance its offerings by incorporating modules for network detection and response and fraud management.
 

Setup Cost

Microsoft Defender XDR is cost-effective with an E5 bundle but costly separately, influenced by complex licensing and geographic factors.
Splunk Enterprise Security is costly but valued for features and scalability, offering significant ROI with careful data management.
I would rate the pricing as eight out of ten, indicating it is a reasonable cost for the product.
Microsoft purposefully obfuscates this through marketing ploys to hide costs.
There are no issues with pricing, but sometimes, the clarity in licensing is a concern.
I saw clients spend two million dollars a year just feeding data into the Splunk solution.
The platform requires significant financial investment and resources, making it expensive despite its comprehensive features.
Splunk is priced higher than other solutions.
 

Valuable Features

Microsoft Defender XDR offers seamless integration, advanced threat hunting, and AI protection, streamlining operations and reducing costs.
Splunk Enterprise Security enhances threat detection with fast data retrieval, customizable visualizations, and seamless third-party integration for efficient operations.
With Microsoft threat intelligence information, it detects various types of threats, including insider attacks, malicious content, and data exfiltration.
It's because endpoint management is my primary focus, and this feature integrates well with my other skills.
The Email Explorer feature has proven invaluable, offering a broader perspective than automated alerts and incidents alone.
This capability is useful for performance monitoring and issue identification.
They have approximately 50,000 predefined correlation rules.
The Splunk Enterprise Security's threat-hunting capabilities have been particularly useful in later releases.
 

Categories and Ranking

Microsoft Defender XDR
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
96
Ranking in other categories
Endpoint Detection and Response (EDR) (5th), Extended Detection and Response (XDR) (4th), Microsoft Security Suite (3rd)
Splunk Enterprise Security
Average Rating
8.4
Reviews Sentiment
7.6
Number of Reviews
305
Ranking in other categories
Log Management (2nd), Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Microsoft Defender XDR is designed for Extended Detection and Response (XDR) and holds a mindshare of 7.0%, up 6.9% compared to last year.
Splunk Enterprise Security, on the other hand, focuses on Security Information and Event Management (SIEM), holds 9.5% mindshare, down 12.8% since last year.
Extended Detection and Response (XDR)
Security Information and Event Management (SIEM)
 

Featured Reviews

Gabor Nyerd - PeerSpot reviewer
Includes four services and four products, which can help organizations a lot
We found that sometimes integrations work, but testing them can take some time. Sometimes, configurations take much longer than expected. We have a configuration in place that needs to be synchronized with another server. However, the servers are four hours apart, so this can cause delays. In general, I believe that the time it takes to configure and test a service should be shorter. Sometimes, it can take a couple of hours to test a single configuration setting. Other times, it is only ten or fifteen minutes, which is normal. However, sometimes, even immediate actions can be triggered by configuration changes, and some settings can take up to eight hours to complete. I believe that this time can be improved. Microsoft is making a lot of improvements to its services in a short period of time. This is a good thing, as it means that the services are constantly being updated and improved. However, it can be challenging for customers to keep up with the changes. For example, a customer may read about an update, understand it, and share it with their colleagues and boss. However, it may take days or weeks to test the update and get the necessary approvals. This can be especially challenging for large customers with many users or machines. In some cases, Microsoft may change a service before the customer has had a chance to implement the previous update. This can be frustrating for customers, as it means that they have to constantly learn new things and adjust their workflows. On the one hand, it is important for Microsoft to keep updating and improving its services. This helps to ensure that the services are meeting the customers' needs and that they are staying ahead of the competition. Microsoft should also be mindful of the challenges that these changes can create for customers. One way to address this challenge is to provide customers with more time to implement changes. Microsoft could also provide more information about upcoming changes so that customers can plan ahead. Ultimately, Microsoft needs to strike a balance between keeping its services up-to-date and providing customers with a smooth transition to new features.
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
844,944 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
10%
Manufacturing Company
8%
Government
8%
Financial Services Firm
15%
Computer Software Company
14%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Microsoft 365 Defender?
Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise.
What is your experience regarding pricing and costs for Microsoft 365 Defender?
Licensing is somewhat confusing, particularly when presenting our pitch decks to stakeholders and leveraging key features in premium SKUs, but we managed with some assistance from Microsoft.
What needs improvement with Microsoft 365 Defender?
It would be beneficial to reduce the number of clicks required to navigate between blades, as the current navigation and breadcrumb system can be a bit confusing. Some inconsistencies exist between...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Also Known As

Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
No data available
 

Overview

 

Sample Customers

Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about Microsoft Defender XDR vs. Splunk Enterprise Security and other solutions. Updated: May 2023.
844,944 professionals have used our research since 2012.