We performed a comparison between Microsoft Defender for Identity and Splunk User Behavior Analytics based on real PeerSpot user reviews.
Find out in this report how the two Identity Threat Detection and Response (ITDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence."
"The basic security monitoring at its core feature is the most valuable aspect. But also the investigative parts, the historical logging of events over the network are extremely interesting because it gives an in-depth insight into the history of account activity that is really easy to read, easy to follow, and easy to export."
"The best feature is security monitoring, which detects and investigates suspicious user activities. It can easily detect advanced attacks based on the behavior. The credentials are securely stored, so it reduces the risk of compromise. It will monitor user behavior based on artificial intelligence to protect the identities in your organization. It will even help secure the on-premise Active Directory. It syncs from the cloud to on-premise, and on-premise modifications will be reflected in the cloud."
"This solution has advanced a lot over the last few years."
"The solution offers excellent visibility into threats."
"One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password."
"The most valuable aspect is its connection to Microsoft Sentinel and Defender for Endpoint, and giving exact timelines for incidents and when certain events occured during an incident."
"Defender for Identity has not affected the end-user experience."
"This intelligent user behavior analytics package is easy to configure and use while remaining feature filled."
"Because of some of the visualizations that we utilize, we are able to understand strange, unusual traffic on our networks."
"We are really pleased with Splunk and its features. It would be practically impossible to function without it. To provide a general overview of the system, it's important to note that the standard log files are currently around 250 gigabytes per day. It would be impossible to manually walk through these logs by hand, which is why automation is essential."
"The most valuable feature is the ability to search through a large amount of data."
"The solution is definitely scalable."
"The solution's most valuable feature is Splunk queries, which allow us to query the logs and analyze the attack vectors."
"It's straightforward in terms of configuration and troubleshooting and log management and monitoring as well. These are the edge points in addition to it being a modular solution where you can capitalize on your current licenses with extra licensing models, which can match the customer's business requirement and it can help the customer to design or to actually plan for their own roadmap."
"This is a good security product."
"Microsoft should look at what competing vendors like CrowdStrike and Broadcom are doing and incorporate those features into Sentinel and Defender. At the same time, I think the intelligence inside the product is improving fast. They should incorporate more zero-trust and hybrid trust approaches. They need to build up threat intelligence based on threats and methods used in attacks on other companies."
"When the data leaves the cloud, there are security issues."
"We observe a lot of false positives. Sometimes, when we go for a coffee break, we lock our screens. Locking the screen has a separate Windows event ID and sometimes I see it is detected as a failed login."
"And when you are working in a priority IP address, Identity is not able to know that those IPs are from the company. It sees that the IPs are from Taiwan or from Hong Kong or from India, even though they are internal IPs, resulting in a lot of false positives."
"An area for improvement is the administrative interface. It's basic compared to other administrative centers. They could make it more user-friendly and easier to navigate."
"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."
"The technical support needs significant improvement. Documentation for more minor issues in the form of guides or walkthroughs could help to resolve this issue. The number of tickets raised would decrease, removing some pressure from the support team and making it easier to clear the remaining tickets."
"Defender for Identity gives us visibility, but we often get false positives from Azure that take us down the garden path. We go through 30 incidents each day and most of those are false positives or benign positive alerts. Occasionally, we get true positive alerts."
"We want to have an automated system for bot hunting that enables us to detect anomalies predictively based on historical data. It would be helpful if Splunk included process mining as an alternative option. We have a threat workflow, but it would be useful if we could supplement that with some process mining capabilities over time."
"The ability to do more complicated data investigation would be a welcome addition for pros, though the functionality now gives most people what they need."
"In the future I would like to see simplified statistics and analytical threats."
"It would be good if the solution had an analytics tool that allowed us to analyze the data without writing specific queries."
"The initial setup was complex because some of the configurations that we required needed customization."
"They should work to add more built-in correlation searches and more use cases based on worldwide customer experiences. They need more ready-made use cases."
"The correlation engine should have persistent and definable rules."
"If the price was lowered and the setup process was less complex, I would consider rating it higher."
More Microsoft Defender for Identity Pricing and Cost Advice →
More Splunk User Behavior Analytics Pricing and Cost Advice →
Microsoft Defender for Identity is ranked 1st in Identity Threat Detection and Response (ITDR) with 13 reviews while Splunk User Behavior Analytics is ranked 2nd in User Entity Behavior Analytics (UEBA) with 18 reviews. Microsoft Defender for Identity is rated 9.0, while Splunk User Behavior Analytics is rated 8.2. The top reviewer of Microsoft Defender for Identity writes "Offers robust protection from insider threats, but the customer support is poor". On the other hand, the top reviewer of Splunk User Behavior Analytics writes "Easy to configure and easy to use solution that integrates with many applications and scripts ". Microsoft Defender for Identity is most compared with Microsoft Entra ID Protection, Microsoft Defender for Office 365, Microsoft Entra Verified ID, Microsoft Defender for Endpoint and Microsoft Entra ID, whereas Splunk User Behavior Analytics is most compared with Darktrace, IBM Security QRadar, Cynet, Exabeam Fusion SIEM and Varonis Datalert. See our Microsoft Defender for Identity vs. Splunk User Behavior Analytics report.
We monitor all Identity Threat Detection and Response (ITDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.