We performed a comparison between Microsoft Defender XDR and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft 365 Defender is a stable solution."
"I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
"The comprehensiveness of Microsoft's threat detection is good."
"I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender."
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"It provides a single pane of glass within the 365 admin interface, streamlining our experience by consolidating information in one place and eliminating the need to navigate through multiple interfaces."
"Splunk has improved our operations by giving us access to more information and allowing us to deploy more use cases."
"Out-of-the-box, it seems very powerful."
"The ability to analyze huge amounts of sales data and accurate prediction of sales forecasting is the most valuable feature."
"We are using Microsoft 365 and we're using the Exchange Mail Service. It's good for monitoring that in particular."
"The ability to digest any information and then correlate it in accordance with what you need is valuable. The ability to connect to pretty much everything and bring the information in the same format is also valuable. On top of that, we can use their language in order to create and customize the dashboards, correlations, or analytics that we want to incorporate."
"The search function for spam is like a google search. You just enter and it will quickly show you the results."
"The most valuable features of Splunk Enterprise Security are its high-performance data collection, flexible query language, and its versatility across the organization."
"The most valuable features are how stable and easy to use Splunk is."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
"We should be able to use the product on devices like Apple, Linux, etc."
"The solution does not offer a unified response and standard data."
"A simple dashboard without having to use MS Sentinel would be a welcome improvement."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."
"Their technical support sucks."
"The monitoring aspect of Splunk could be improved. We have to do some queries to get as much information as CrowdStrike or other solutions provide. If you run a big query, you will see a delay. That is the only concern we have because it will take some time if you query large data sets."
"It needs to improve the way to install third-party apps and enable installation without logging into splunk.com."
"Sometimes the communication with support happens with multiple staff. They should reduce the time to resolution."
"A problem that we had recently had was we licensed it based on how much data you upload to them every day. Something changed in one our applications, and it started generating three to four times as many logs and. So now, we are trying to assemble something with parts of the Splunk API to warn ourselves, then turn it off and throttle it back more. However it would be better if they had something systematically built into the product that if you're getting close to your license, then to shut things down."
"Better directions on search head clusters."
"Splunk does not build apps. They only go back and validate the apps that somebody has already built. They should have remote consulting support. They have a wonderful solution. They have 24/7 security. Nobody needs to depend on any third party and will therefore just buy Splunk on the cloud."
"It is a hugely complicated product."
Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 78 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Microsoft Defender XDR is rated 8.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Trend Vision One, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Microsoft Sentinel. See our Microsoft Defender XDR vs. Splunk Enterprise Security report.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.