We performed a comparison between Elastic Security and Microsoft Defender XDR based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"Ability to get forensics details and also memory exfiltration."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"The setup is pretty simple."
"The cost is reasonable. It's not overly pricey."
"It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader."
"The performance is good and it is faster than IBM QRadar."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"It's very customizable, which is quite helpful."
"It's not very complicated to install Elastic."
"The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients."
"Elastic Security is very easy to adapt."
"Microsoft 365 Defender is a stable solution."
"The EDR features are valuable. By getting the EDR features, we have more control over the device. We have information about events in real-time and more protection against zero-day threats and zero-day vulnerabilities. We can monitor every event or action that a device is going through. We can get an idea if it is something malicious or if we have to take any actions."
"Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"Microsoft 365 Defender is simple to upgrade."
"The attack simulation is excellent; initially, this feature wasn't very robust, but Microsoft improved what we could achieve with it. We can now customize our practice phishing emails and include our company logo, for example. Attack simulation also helps integrate with third-party solutions where applicable and provides an overview of our security architecture through testing. The summary includes areas for improvement in our protection and what steps we need to take to get there."
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an attack is performed anywhere within the organization, you can isolate that instance from the network. This is what I can figure out for it. When integrated with Sentinel, you can set up playbooks to automate all the alerts gathered on Sentinel from different Microsoft solutions. Sentinel has a wider range of capabilities than XDR."
"The most valuable feature is the network security."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"Detections could be improved."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"We find the solution to be a bit expensive."
"The SIEM could be improved."
"The dashboard isn't easy to access and manage."
"Making the portal mobile friendly would be helpful when I am out of office."
"Cannot be used on mobile devices with a secure connection."
"This solution is very hard to implement."
"The solution could also use better dashboards. They need to be more graphical, more matrix-like."
"There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"In terms of improvement, there could be more automation in responding to and evaluating detections."
"If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."
"Improvements in Elastic Security could include refining and normalizing queries to make them more user-friendly, enhancing the user experience with better documentation, and addressing any latency issues."
"We'd like better premium support."
"The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging."
"The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense."
"It would be helpful if the solution could scan faster when it comes to scanning attachments to emails."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"Customers say they want absolutely seamless integration between other Microsoft solutions and Defender XDR, including the ability to change device settings within the Defender portal. They need to contact the IT team responsible for the device management tools to change some settings. They would prefer that those changes be initiated directly from the Defender portal or applied from Intune without involving the IT operations team."
"The support could be more knowledgable to improve their offering."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"I'd like to see a wider solution that includes not only desktop devices but also other devices, such as servers, storage cabinets, switching equipment, et cetera."
Elastic Security is ranked 7th in Extended Detection and Response (XDR) with 59 reviews while Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 78 reviews. Elastic Security is rated 7.6, while Microsoft Defender XDR is rated 8.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Microsoft Entra ID. See our Elastic Security vs. Microsoft Defender XDR report.
See our list of best Extended Detection and Response (XDR) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.