We performed a comparison between Cisco SecureX and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The attack simulation is excellent; initially, this feature wasn't very robust, but Microsoft improved what we could achieve with it. We can now customize our practice phishing emails and include our company logo, for example. Attack simulation also helps integrate with third-party solutions where applicable and provides an overview of our security architecture through testing. The summary includes areas for improvement in our protection and what steps we need to take to get there."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing."
"The most valuable aspect is undoubtedly the exploration capability"
"The integration, visibility, vulnerability management, and device identification are valuable."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"Microsoft Defender XDR is scalable."
"The ability to create firewalls online has been most valuable including the ability to create rules."
"Integrates well with our existing security infrastructure."
"SecureX enables us to have all the threat intelligence and threat event data in one place."
"Using SecureX, a tool provided by Cisco, we can easily integrate it with many of our other Cisco products such as Cisco ISE and many networking devices."
"It has evolved a lot, just that monitoring piece to the current Orchestrator piece. The additional analytics are there. They now have something called Insight, which can basically take data from Microsoft Azure AD and Intune to give us information about our endpoints. This is detailed information about the endpoints, from Secure Endpoint and all these different products. So, it is just constantly evolving. Every time that it evolves, we have more information with more visibility. There are more features that we have that just make everything so much easier, and it is in one place. I don't have to keep going back and forth. I don't have to go to Secure Endpoint and ISE to get the data. I don't have to go to Intune on Microsoft to get the information. It is all in one place."
"Our customers find the product's third-party integrations valuable. Our customers are also impressed with the tool's capability to pick up third-party threat feeds and use that as part of the decision-making process."
"The forensics are amazing because when you have enrichment, and the solutions talk with each other, when you need it, you have the ability to know everything in the organization: when, why, whatever."
"The most valuable feature is its ability to manage all the applications and visibility. For example, if there is malware, spam, or another component that wants to attack the company in my servers, network, or applications, then SecureX will react to the problem."
"The product’s interface is intuitive."
"If they support a solution, it is easy to do an integration."
"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."
"It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection."
"Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work."
"Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"Its cost-effectiveness is the most valuable aspect."
"Customers say they want absolutely seamless integration between other Microsoft solutions and Defender XDR, including the ability to change device settings within the Defender portal. They need to contact the IT team responsible for the device management tools to change some settings. They would prefer that those changes be initiated directly from the Defender portal or applied from Intune without involving the IT operations team."
"Sometimes, configurations take much longer than expected."
"The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"Just like in any solution, the price can always be cheaper."
"Generally, antivirus products provide a central control to manage every device in terms of who is installing it or who is trying to disable it, but Microsoft doesn't have such a control center for the antivirus product it provides."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
"The playbooks provided with the product are great, although I would appreciate having more playbooks available. Threats are constantly evolving, so having access to updated playbooks is crucial."
"Remediation stuff could be integrated into the product's automation."
"The automation and orchestration could be simpler. It could be that all the other parts are that easy to use so that these stick out as a negative, but that's the trickiest part for us. The workflows within the orchestration are just a bit more difficult."
"The documentation can be improved and the on-prem integration. The set of applications that it was integrated with wasn't comprehensive."
"For us, the biggest sticking point is that the product is not being designed for multi-tenancy use at present, from an MSP perspective."
"I'm not sure that I would call it a bug, but sometimes the solution is a little slow."
"They could expand into more areas. The more third-parties that we have tied into it, the better. The capabilities are there. As they just continue to involve the product, the more things that you can look into, then the more analytics that you can get. Also, the more data that we can get, then the better off we will be."
"If they could make the Cisco Umbrella piece a little bit more advanced or easier to manage, that would help. We use it for filtering and when you compare it to a normal content filter, it lacks some functionality."
"Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"Wazuh should come up with more in-built rules and integrations for the cloud."
"There could be a hardware monitoring tool for the solution."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
Cisco SecureX is ranked 14th in Extended Detection and Response (XDR) with 13 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. Cisco SecureX is rated 9.0, while Wazuh is rated 7.4. The top reviewer of Cisco SecureX writes "Gives our customers visibility and they don't have to go multiple management consoles anymore". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Cisco SecureX is most compared with Trend Vision One, Cortex XDR by Palo Alto Networks, Splunk SOAR, Cisco Secure Network Analytics and Fortinet FortiSOAR, whereas Wazuh is most compared with Elastic Security, Security Onion, AlienVault OSSIM, Splunk Enterprise Security and SentinelOne Singularity Complete. See our Cisco SecureX vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.