Try our new research platform with insights from 80,000+ expert users

Microsoft Defender XDR vs Wazuh comparison

Microsoft and Wazuh are both solutions in the Extended Detection and Response (XDR) category. Microsoft is ranked #5 with an average rating of 8.4, while Wazuh is ranked #4 with an average rating of 7.7. Microsoft holds a 10.2% mindshare in XDR, compared to Wazuh’s 11.2% mindshare. Additionally, 97% of Microsoft users are willing to recommend the solution, compared to 78% of Wazuh users who would recommend it.
Microsoft Defender XDR
Read 89 Microsoft Defender XDR reviews
  • 7,029 Views
  • 5,340 Comparison Views
97% willing to recommend
Wazuh
Read 44 Wazuh reviews
  • 15,448 Views
  • 8,999 Comparison Views
78% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 8, 2024

Microsoft Defender XDR and Wazuh compete in the cybersecurity solution category. Wazuh seems to have the upper hand due to its robust features and cost-effective nature, despite Microsoft Defender XDR's strong user support.

Features: Microsoft Defender XDR offers integration capabilities with a focus on threat intelligence, providing enhanced protection. It leverages its defensive machine learning to address potential threats effectively. Wazuh, being open-source, allows for customizable security configurations which cater to specific needs. It provides comprehensive log data analysis and a significant degree of adaptability, enhancing its functionality for personalized setups.

Room for Improvement: Microsoft Defender XDR needs enhancements in the initial setup process, which can be complex. Its system resource usage is perceived as high, impacting performance. Users also desire more customization options for specific industry requirements. Wazuh users call for better documentation to aid in troubleshooting and improvements in support response times. They also wish for a more streamlined integration process for various systems.

Ease of Deployment and Customer Service: Microsoft Defender XDR offers seamless integration with Microsoft products, facilitating an easier deployment process. Its customer service is acknowledged for substantial assistance. Wazuh’s adaptability across platforms is well-regarded, although users find the need for enhanced support services to match their deployment capabilities.

Pricing and ROI: Microsoft Defender XDR faces criticism for higher setup costs, though its comprehensive protection offers a promising return on investment. Wazuh provides a cost-effective setup due to its open-source nature, yielding satisfactory ROI through detailed security insights and reduced initial expenditure.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Microsoft Defender XDR vs. Wazuh Report (Updated: October 2024).
Buyer's Guide
Microsoft Defender XDR vs. Wazuh
October 2024
Download the complete report
Helped 815,854 peers since 2012
 

Categories and Ranking

Microsoft Defender XDR
Ranking in Extended Detection and Response (XDR)
5th
Average Rating
8.4
Number of Reviews
89
Ranking in other categories
Endpoint Detection and Response (EDR) (5th), Microsoft Security Suite (2nd)
Wazuh
Ranking in Extended Detection and Response (XDR)
4th
Average Rating
7.4
Reviews Sentiment
6.5
Number of Reviews
44
Ranking in other categories
Log Management (2nd), Security Information and Event Management (SIEM) (3rd)
 

Mindshare comparison

As of November 2024, in the Extended Detection and Response (XDR) category, the mindshare of Microsoft Defender XDR is 10.2%, up from 6.2% compared to the previous year. The mindshare of Wazuh is 11.2%, up from 3.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR)
 

Featured Reviews

Desray Liu - PeerSpot reviewer
Nov 28, 2023
A time-saving and easy-to-integrate product that needs to offer a control center to users
As a part of Microsoft's attempt to reduce costs, there has been a direct cut down of the local technical support team. Sometimes, you have to use the technical support offered by Microsoft from other countries, but at times, we speak different languages, just like how people speak in Chinese or Mandarin, but there are still some differences between them. The front-line support from Microsoft has only limited technical abilities or access to their internal system. Sometimes, my company cannot even escalate an issue to Microsoft's senior team members. The support team of Microsoft is nice as they attempt to solve the problems together with you, but I believe that due to some cost-related issues, they don't have enough permissions. Sometimes, users might feel blocked when trying to connect with the support team. I rate the technical support a seven out of ten.
Read full review
Vikrant Puranik - PeerSpot reviewer
Aug 1, 2022
It integrates seamlessly with AWS cloud-native services
I worked with Splunk, Curator, ArcSight, and some legacy solutions that no longer exist. They became obsolete or transitioned to a different product. Cost-effectiveness was one reason we switched. We had to decide whether to spend $500,000 on a commercial product or rely on our skills to deploy an open-source solution. The big difference between Wazuh and other solutions is maturity and customization. Wazuh's scalability and out-of-the-box functionality are slightly lagging behind, but Wazuh has improved a lot since the first time we saw it. Others have more search capabilities, whereas Wazuh depends on Elasticsearch. Searching is a bit slower in Wazuh.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"I like how Microsoft XDR and the other Microsoft products are integrated into a single unified security stack covering identity access management, endpoint protection, email, cloud applications, etc."
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"Its most significant advantage lies in its affordability."
"Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."
"The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging."
More Microsoft Defender XDR pros
"The solution is easy to maintain."
"Regarding Wazuh, I find the SCA (Security Configuration Assessment) features most valuable. It's crucial for asset management and inventory, allowing us to monitorendpoints and servers' changes easily. This is particularly important for my customers, who aren't heavily focused on incident response but rely on asset management and inventories. Wazuh's compliance management features are very supportive, especially in regions like the Americas and Europe. However, it's less effective in the ANZ (Australia and New Zealand) region since Wazuh doesn't cater to the specific compliance standards there, such as those required in Australia. I appreciate that Wazuh fully complies with PCI DSS and GDPR standards, allowing us to generate necessary reports."
"Wazuh is simple to use for PCI compliance."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms."
"The product’s interface is intuitive."
"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions."
"Its cost-effectiveness is the most valuable aspect."
More Wazuh pros
 

Cons

"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"Stability could be improved by avoiding frequent changes to the interface."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"The solution can improve the rules and privileges it offers."
"The logs could be better."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
"The solution does not offer a unified response and standard data."
More Microsoft Defender XDR cons
"We would like to see more improvements on the cloud."
"The support channel is not optimal, and extensive research is required on our part to implement Wazuh effectively."
"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."
"The only challenge we faced with Wazuh was the lack of direct support."
"So far, the recent updates have addressed most challenges we previously faced."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
"While it is scalable, it can suffer from reduced latencies."
More Wazuh cons
 

Pricing and Cost Advice

"For Defender, they have Endpoint Plan 1 and Endpoint Plan 2, but I don't know on what basis they have classified Endpoint Plan 1 and Plan 2, but it has given me enough pain to pick and design Endpoint Plan 1 or Endpoint Plan 2 for my organization. In fact, we are still struggling with it. Too many SKUs are confusing. There should not be too many SKUs, and they shouldn't charge for every new feature."
"Defender XDR is included in the E5 license, but it's a bit too expensive."
"While the standalone price of Defender XDR might seem high, its value becomes clear when considering the ease of implementation and smooth integration with our existing Microsoft infrastructure, especially when bundled with other Microsoft products."
"On average, we pay around 55 euros per user for the services and features we receive."
"The product is fairly priced for what we get from it."
"The solution is affordable, and we haven't been hit with any hidden costs. The subscription model is straightforward, and it's easy to understand how much additional features cost. If we need to cancel a license or feature, we do that well in advance to avoid being charged for it, but overall, the pricing and licensing are simple and easy."
"Microsoft Defender XDR is expensive."
"They have moved from a licensing model to pay-per-use... The question is: What happens if, for any reason, there's not enough budget to accept this model? That could be a great problem."
More Microsoft Defender XDR pricing and cost advice
"They have a good pricing strategy for market expansion."
"The product price is neither too high nor too low."
"Wazuh is open-source, but you must consider the total cost of ownership. It may be free to acquire, but you spend a lot of time and effort supporting the product and getting it to a point where it's useful."
"The solution's cost is above the average."
"The solution's pricing is very competitive."
"Wazuh has a community edition, and I was using that. It's free and open source."
"It is an open-source product."
"When I contacted customer care, they mentioned bundling options, that I found to be overall affordable."
More Wazuh pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
See recommendations
815,854 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
10%
Manufacturing Company
8%
Government
8%
Computer Software Company
16%
University
7%
Government
7%
Comms Service Provider
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Microsoft 365 Defender?
Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise.
See all answers
What is your experience regarding pricing and costs for Microsoft 365 Defender?
The pricing is reasonable. It's cheaper than other options.
See all answers
What needs improvement with Microsoft 365 Defender?
The solution could enhance the threat Intelligence feature by making it more relevant to specific industries. Much of the threat intelligence information isn't directly applicable to our environmen...
See all answers
What do you like most about Wazuh?
Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases.
See all answers
What needs improvement with Wazuh?
The latest version, 4.9, has improved the interface significantly. I am yet to explore more about the update to identify further areas for improvement. So far, the recent updates have addressed mos...
See all answers
What is your primary use case for Wazuh?
We use Wazuh for our Security Information and Event Management (SIEM) needs. It serves as a log aggregator and provides us the capability to monitor our servers for brute force attacks and other se...
See all answers
 

Comparisons

CrowdStrike Falcon vs Microsoft Defender XDR Logo
CrowdStrike Falcon vs Microsoft Defender XDR
Compared 37% of the time
Microsoft Defender for Cloud vs Microsoft Defender XDR Logo
Microsoft Defender for Cloud vs Microsoft Defender XDR
Compared 8% of the time
Trend Vision One vs Microsoft Defender XDR Logo
Trend Vision One vs Microsoft Defender XDR
Compared 5% of the time
Microsoft Purview Compliance Manager vs Microsoft Defender XDR Logo
Microsoft Purview Compliance Manager vs Microsoft Defender XDR
Compared 4% of the time
Fortinet FortiEDR vs Microsoft Defender XDR Logo
Fortinet FortiEDR vs Microsoft Defender XDR
Compared 3% of the time
More Microsoft Defender XDR Competitors
Security Onion vs Wazuh Logo
Security Onion vs Wazuh
Compared 17% of the time
AlienVault OSSIM vs Wazuh Logo
AlienVault OSSIM vs Wazuh
Compared 10% of the time
Elastic Security vs Wazuh Logo
Elastic Security vs Wazuh
Compared 9% of the time
Elastic Stack vs Wazuh Logo
Elastic Stack vs Wazuh
Compared 8% of the time
Datadog vs Wazuh Logo
Datadog vs Wazuh
Compared 2% of the time
More Wazuh Competitors
 

Product Reports

Buyer's Guide
Microsoft Defender XDR
November 2024
Microsoft Defender XDR reportDownload Microsoft Defender XDR product report
Buyer's Guide
Wazuh
October 2024
Wazuh reportDownload Wazuh product report
 

Also Known As

Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
No data available
 

Learn More

Microsoft
Wazuh
 

Overview

Microsoft Defender XDR is a comprehensive security solution designed to protect against threats in the Microsoft 365 environment. 

It offers robust security measures, comprehensive threat detection capabilities, and an efficient incident response system. With seamless integration with other Microsoft products and a user-friendly interface, it simplifies security management tasks. 

Users have found it effective in detecting and preventing various types of attacks, such as phishing attempts, malware infections, and data breaches.

Watch the Microsoft demo video here: Microsoft Defender XDR demo video.

Wazuh is an enterprise-ready platform used for security monitoring. It is a free and open-source platform that is used for threat detection, incident response and compliance, and integrity monitoring. Wazuh is capable of protecting workloads across virtualized, on-premises, containerized, and cloud-based environments.

It consists of an endpoint security agent and a management server. Additionally, Wazuh is fully integrated with the Elastic Stack, allowing users the ability to navigate through security alerts via a data visualization tool.

  • Wazuh’s agent can run on many different platforms, and is lightweight. It can successfully perform the tasks needed to detect threats in order to trigger responses automatically.
  • Wazuh manages the agents, can analyze agent data, and can scale horizontally.
  • Elastic Stack is where alerts are indexed and stored.

Wazuh Capabilities

Some of Wazuh’s most notable capabilities include:

  • Intrusion detection: Wazuh’s agents can detect hidden files, cloaked processes, or unregistered network listeners, as well as inconsistencies in system call responses. Wazuh’s server component uses a signature-based approach to intrusion detection, using its regular expression engine to analyze collected log data and look for indicators of compromise.

  • Log data analysis: Wazuh can read operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage.

  • Integrity monitoring: File integrity monitoring can help identify changes in content, ownership, permissions, and attribute of files. Wazuh’s file integrity monitoring can be used in conjunction with threat intelligence.

  • Vulnerability detection: Wazuh agents can identify well-known vulnerable software so you can see where your weak spots are and take action before an attack can exploit them.

  • Configuration assessment: System and application configurations are monitored to make sure they are compliant with security policies. Periodic scans are used to detect applications that are known to be vulnerable, insecurely configured, or unpatched.
  • Incident response: Wazuh responds actively when active threats need to be addressed. It can perform countermeasures like blocking access to a system when a threat source is identified.

  • Regulatory compliance: Wazuh includes the security controls required to be compliant with industry regulations and standards.

  • Cloud security: Wazuh’s light-weight and multi-platform agents are commonly used to monitor cloud environments at the instance level. In addition, Wazuh helps monitor cloud infrastructure at an API level.

  • Security for containers: With Wazuh, you have increased security visibility into hosts and containers, allowing for easier detection of threats, anomalies, and vulnerabilities.

Wazuh Benefits

Some of the most valued benefits of Wazuh include:

  • No vendor lock-in
  • No license costs
  • Uses lightweight, multi-platform agents
  • Free community support

Wazuh Offers

  • Annual support and maintenance
  • Assistance with deployment and configuration
  • Training and instructional hands-on courses

Reviews From Real Users

"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions." - Robert C., IT Security Consultant at Microlan Kenya Limited

The MITRE ATT&CK correlation is most valuable.” - Chief Information Security Officer at a financial services firm

 

Sample Customers

Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
Information Not Available
Buyer's Guide
Microsoft Defender XDR vs. Wazuh
October 2024
Free Report: Microsoft Defender XDR vs. Wazuh
Find out what your peers are saying about Microsoft Defender XDR vs. Wazuh and other solutions. Updated: October 2024.
DOWNLOAD NOW
815,854 professionals have used our research since 2012.
See our Microsoft Defender XDR vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.

We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.