Microsoft Defender XDR vs Splunk Enterprise Security comparison

The compared Microsoft and Splunk solutions aren't in the same category. Microsoft is ranked #5 in XDR , with an average rating of 8.4, and holds a 10.2% mindshare in the category. Splunk is ranked #1 in SIEM , with an average rating of 8.4, and holds a 10.9% mindshare. Additionally, 97% of Microsoft users are willing to recommend the solution, compared to 93% of Splunk users who would recommend it.

Microsoft Defender XDR

Read 89 Microsoft Defender XDR reviews

7,029 Views
5,340 Comparison Views

97% willing to recommend

Splunk Enterprise Security

Read 301 Splunk Enterprise Security reviews

17,426 Views
14,446 Comparison Views

93% willing to recommend

Microsoft Defender XDR

Splunk Enterprise Security

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Microsoft Defender XDR and Splunk Enterprise Security based on real PeerSpot user reviews.

Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Microsoft Defender XDR vs. Splunk Enterprise Security Report (Updated: May 2023).

Buyer's Guide

Microsoft Defender XDR vs. Splunk Enterprise Security

May 2023

Download the complete report

Helped 815,854 peers since 2012

Categories and Ranking

Microsoft Defender XDR

Average Rating

8.4

Number of Reviews

Ranking in other categories

Endpoint Detection and Response (EDR) (5th), Extended Detection and Response (XDR) (5th), Microsoft Security Suite (2nd)

Splunk Enterprise Security

Average Rating

8.4

Number of Reviews

301

Ranking in other categories

Log Management (1st), Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Microsoft Defender XDR is designed for Extended Detection and Response (XDR) and holds a mindshare of 10.2%, up 6.2% compared to last year.
Splunk Enterprise Security, on the other hand, focuses on Security Information and Event Management (SIEM), holds 10.9% mindshare, down 14.3% since last year.

Extended Detection and Response (XDR)

Security Information and Event Management (SIEM)

Featured Reviews

Desray Liu

Project Manager at Freedom Systems Inc.

Nov 28, 2023

A time-saving and easy-to-integrate product that needs to offer a control center to users

As a part of Microsoft's attempt to reduce costs, there has been a direct cut down of the local technical support team. Sometimes, you have to use the technical support offered by Microsoft from other countries, but at times, we speak different languages, just like how people speak in Chinese or Mandarin, but there are still some differences between them. The front-line support from Microsoft has only limited technical abilities or access to their internal system. Sometimes, my company cannot even escalate an issue to Microsoft's senior team members. The support team of Microsoft is nice as they attempt to solve the problems together with you, but I believe that due to some cost-related issues, they don't have enough permissions. Sometimes, users might feel blocked when trying to connect with the support team. I rate the technical support a seven out of ten.

Read full review

Avinash Gopu.

Associate VP & Cyber Security Specialist at US Bank

Feb 1, 2024

Offers good visibility into multiple environments, significantly reduces our alert volume, and speeds up our security investigations

There are limitations with Splunk not detecting all user activity, especially on mainframes and network devices. This is because Splunk relies on agents, which cannot access certain workstations. In these cases, we have to rely on application data. For example, with mainframes, manual reports are generated and sent to Splunk, limiting visibility to what's manually reported. This lack of automation for specific platforms needs improvement from Splunk. Additionally, API access is limited for other applications that rely on API calls and requests. This requires heavy customization on Splunk's end. These are the main challenges we've encountered. Monitoring multiple cloud platforms, like Azure, GCP, and AWS, with Splunk Enterprise Security presents some challenges. While Splunk provides different connectors for each provider, consolidating data from two domains across distinct cloud environments can be complex. However, leveraging pre-built templates and Splunk's data collation capabilities can help overcome these hurdles. Despite initial difficulties, I believe Splunk can effectively address this task, earning it an eight out of ten rating for its multi-cloud monitoring capabilities. While Splunk Enterprise Security offers insider threat detection capabilities, its effectiveness could be enhanced by integrating with additional tools, such as endpoint security solutions. This integrated approach is particularly crucial for financial institutions, which often require dedicated endpoint security teams. While using multiple tools is valuable, further improvements within Splunk itself are also necessary. Considering both external integration and internal development, I would rate its current insider threat detection capabilities as three out of ten. Threat detection is where Splunk falls behind. While it offers tools, other use cases require additional work. PAM is an enterprise tool that centralizes information about users, servers, and everything else. It needs real-time monitoring, which I haven't seen in any of the companies I've worked for. They only rely on Splunk for alerting, but real-time monitoring should be handled by the endpoint security team's tools. This means there's no detection or analysis at the machine or endpoint level. Additionally, threat analysis reporting is also absent.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"It has great stability."

"Email protection is the most valuable feature of Microsoft Defender XDR."

"The solution is well integrated with applications. It is easy to maintain and administer."

"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."

"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."

"The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging."

"Defender XDR can stop advanced attacks, like ransomware or business email compromise."

"The product integrates security into one tool instead of having third-party security tools."

More Microsoft Defender XDR pros

"Splunk is a user-friendly solution."

"With good domain knowledge, one can build almost anything. If you throw in Alert Manager or an integration with ServiceNow. Then, you have your own SIEM"

"Splunk can extract all kinds of data. There's no limitation on what kind of structured and unstructured data one needs to extract — it can access any kind of data, including machine-generated data."

"The log aggregation is great."

"The user interface is excellent, and since I'm using Splunk as a power user, it's easy to create dashboards."

"Being able to track impossible travel logins and things of that nature is valuable. We can track user logins from various IPs, various countries, and at various times to see if everything adds up."

"The most valuable features in Splunk Enterprise Security are the cluster capabilities."

"It definitely does help with both auditing and as well as regular monitoring. SOC does more monitoring, but ES also gives you other features that are auditing-related. The dashboards are also beneficial."

More Splunk Enterprise Security pros

Cons

"I'd like to see a wider solution that includes not only desktop devices but also other devices, such as servers, storage cabinets, switching equipment, et cetera."

"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."

"There are still some components, such as vulnerability management within the vendor product, where improved integration would be beneficial."

"Automated playbooks and automated dashboards would be preferable to the way the data is currently being presented."

"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."

"Defender XDR could provide recommendations for threat-hunting queries. Some people do not know how to write an advanced threat query, so we need to spend time training them."

"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."

"Stability could be improved by avoiding frequent changes to the interface."

More Microsoft Defender XDR cons

". Having a trial version or more training on Splunk would be helpful."

"Although the technical support is adequate, there is still room for improvement."

"The product must improve insider threat detection."

"We don't have SOAR products from Splunk. I believe that's an important piece."

"Splunk does not build apps. They only go back and validate the apps that somebody has already built. They should have remote consulting support. They have a wonderful solution. They have 24/7 security. Nobody needs to depend on any third party and will therefore just buy Splunk on the cloud."

"There is a learning curve in order to start using machine learning. We have been trying to do it for three years, and we have not managed anything. It is too complex."

"It needs to improve the way to install third-party apps and enable installation without logging into splunk.com."

"Their technical support sucks."

More Splunk Enterprise Security cons

Pricing and Cost Advice

"The most valuable licensing option is expensive, so pricing could be improved. Licensing options for this solution also need to be consolidated, because they frequently change."

"The price of the solution is high compared to others and we have lost some customers because of it."

"Microsoft Defender XDR is expensive."

"The solution is affordable, and we haven't been hit with any hidden costs. The subscription model is straightforward, and it's easy to understand how much additional features cost. If we need to cancel a license or feature, we do that well in advance to avoid being charged for it, but overall, the pricing and licensing are simple and easy."

"They have moved from a licensing model to pay-per-use... The question is: What happens if, for any reason, there's not enough budget to accept this model? That could be a great problem."

"365 Defender is billed per account. I don't know the exact price, but my supervisor told me that Microsoft Defender is cheaper than the alternatives. It's bundled, so you get all the features in one place."

"Microsoft Defender falls within a mid-tier price range compared to other security solutions."

"All I can say again is the E5 gives you all the capabilities that it offers. It also gives Office 365 and one terabyte of storage. All in all, the E5 license model makes sense. There are some people who say it's quite costly, but rather than paying different vendors, it makes sense to go all in with Microsoft if you've got that licensing. From that perspective, it's cost-effective, but I can't comment much on that."

More Microsoft Defender XDR pricing and cost advice

"Splunk Enterprise Security is an expensive solution."

"The tool's licensing is good and we haven't received any complaints from the team handling it."

"It can be cost-prohibitive when you start to scale and have terabytes of data. Its cost model is based on how much data it processes a day. If they're able to create scaled-down niche or custom package offerings, it may help with the cost. Instead of the full-blown features, if they can narrow the scope where it can only be used for a specific purpose, it would kind of create that market for the product, and it may help with the costing. When you start using it as a central aggregator and you're pumping tons of logs at it, pretty soon, you'll start hitting your cap on what it can process a day. Once you've got that, you're kind of defeating the purpose because you're going to have to scale back."

"The pricing model is based on the number of gigabytes that you ingest into the Splunk system. So it can be an expensive solution."

"Although Splunk is an expensive product, it is designed to be utilized across your organization in order to maximize your ROI and lower your TCO."

"Most people share the same thought that the ingestion rates can get pretty pricey. There is a lot of work we do to curate the data that we send to Splunk so that it is not too noisy or too expensive."

"Splunk Enterprise Security's pricing is pretty competitive."

"It can be expensive, especially the licensing costs. However, there is added value in what it can do, not just log aggregation."

More Splunk Enterprise Security pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.

See recommendations

815,854 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at Deloitte & Touche

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

Read full review

Top Industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

10%

Manufacturing Company

Government

Financial Services Firm

16%

Computer Software Company

14%

Government

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Microsoft 365 Defender?

Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise.

See all answers

What is your experience regarding pricing and costs for Microsoft 365 Defender?

The pricing is reasonable. It's cheaper than other options.

See all answers

What needs improvement with Microsoft 365 Defender?

The solution could enhance the threat Intelligence feature by making it more relevant to specific industries. Much of the threat intelligence information isn't directly applicable to our environmen...

See all answers

What SOC product do you recommend?

For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...

See all answers

What is a better choice, Splunk or Azure Sentinel?

It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...

See all answers

How does Splunk compare with Azure Monitor?

Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...

See all answers

Comparisons

CrowdStrike Falcon vs Microsoft Defender XDR

Compared 37% of the time

Wazuh vs Microsoft Defender XDR

Compared 8% of the time

Microsoft Defender for Cloud vs Microsoft Defender XDR

Compared 8% of the time

Trend Vision One vs Microsoft Defender XDR

Compared 5% of the time

Microsoft Purview Compliance Manager vs Microsoft Defender XDR

Compared 4% of the time

More Microsoft Defender XDR Competitors

Wazuh vs Splunk Enterprise Security

Compared 11% of the time

IBM Security QRadar vs Splunk Enterprise Security

Compared 9% of the time

Dynatrace vs Splunk Enterprise Security

Compared 8% of the time

Datadog vs Splunk Enterprise Security

Compared 4% of the time

AppDynamics vs Splunk Enterprise Security

Compared 4% of the time

More Splunk Enterprise Security Competitors

Product Reports

Buyer's Guide

Microsoft Defender XDR

November 2024

Download Microsoft Defender XDR product report

Buyer's Guide

Splunk Enterprise Security

October 2024

Download Splunk Enterprise Security product report

Also Known As

Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender

No data available

Learn More

Microsoft

Splunk

Overview

Microsoft Defender XDR is a comprehensive security solution designed to protect against threats in the Microsoft 365 environment.

It offers robust security measures, comprehensive threat detection capabilities, and an efficient incident response system. With seamless integration with other Microsoft products and a user-friendly interface, it simplifies security management tasks.

Users have found it effective in detecting and preventing various types of attacks, such as phishing attempts, malware infections, and data breaches.

Watch the Microsoft demo video here: Microsoft Defender XDR demo video.

Splunk Enterprise Security is widely used for security operations, including threat detection, incident response, and log monitoring. It centralizes log management, offers security analytics, and ensures compliance, enhancing the overall security posture of organizations.

Companies leverage Splunk Enterprise Security to monitor endpoints, networks, and users, detecting anomalies, brute force attacks, and unauthorized access. They use it for fraud detection, machine learning, and real-time alerts within their SOCs. The platform enhances visibility and correlates data from multiple sources to identify security threats efficiently. Key features include comprehensive dashboards, excellent reporting capabilities, robust log aggregation, and flexible data ingestion. Users appreciate its SIEM capabilities, threat intelligence, risk-based alerting, and correlation searches. Highly scalable and stable, it suits multi-cloud environments, reducing alert volumes and speeding up investigations.

What are the key features?

Comprehensive Dashboards: Provide a holistic view of security operations.
Flexible Data Ingestion: Supports various data sources for better analysis.
Robust Log Aggregation: Centralizes log management for easier monitoring.
Machine Learning Toolkit: Enhances threat detection and prediction capabilities.
SIEM Capabilities: Integrates security information and event management.
Threat Intelligence: Utilizes external information to improve security measures.
Risk-Based Alerting: Prioritizes alerts based on the risk they pose.
Correlation Searches: Identifies and correlates security events effectively.

What benefits or ROI should users look for?

Enhanced Visibility: Improves monitoring across endpoints, networks, and users.
Faster Incident Response: Speeds up identification and resolution of security issues.
Reduced Alert Volumes: Lowers false positives and enhances signal-to-noise ratio.
Scalability: Adapts to growing and changing security needs.
Improved Security Operations: Integrates multiple security facets into one platform.

Splunk Enterprise Security is implemented across industries like finance, healthcare, and retail. Financial institutions use it for fraud detection and compliance, while healthcare organizations leverage its capabilities to safeguard patient data. Retailers deploy it to protect customer information and ensure secure transactions.

Sample Customers

Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.

Buyer's Guide

Microsoft Defender XDR vs. Splunk Enterprise Security

May 2023

Free Report: Microsoft Defender XDR vs. Splunk Enterprise Security

Find out what your peers are saying about Microsoft Defender XDR vs. Splunk Enterprise Security and other solutions. Updated: May 2023.

DOWNLOAD NOW

815,854 professionals have used our research since 2012.

See our Microsoft Defender XDR vs. Splunk Enterprise Security report.

We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.