We performed a comparison between CrowdStrike Falcon and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"The solution is well integrated with applications. It is easy to maintain and administer."
"It provides a single pane of glass within the 365 admin interface, streamlining our experience by consolidating information in one place and eliminating the need to navigate through multiple interfaces."
"The comprehensiveness of Microsoft's threat detection is good."
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"The most valuable feature is the machine learning that they use to check certain patterns in the endpoint devices. It checks the whole ecosystem or entire environment."
"The stability is good; we haven't experienced any glitches or bugs."
"It's ability to do threat hunting is really great, quite robust, and even allows you to do hygiene stuff."
"The EDR is amazing and ease of integration with Splunk is a big plus. Integration with BigQuery is also a plus for me and workflow creation is easy. Overall, CrowdStrike Falcon is a great product."
"The detection and response console is the most valuable feature."
"The solution has improved my organization by automating the detection and reporting of unwanted applications so we're aware of them and can respond appropriately."
"Probably the most valuable thing to me is the real-time response piece. The fact that I can connect to an endpoint as long as it is on the Internet, no matter where it is globally. I can remove files from the endpoint, drop files on the endpoint, stop processes, reboot it, run custom scripts, and deploy software. Pretty much no other tool can do all that."
"It's very easy to set up."
"It offers built-in modules for file integrity and vulnerability management."
"The product’s interface is intuitive."
"It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"I like that the solution is on top of the Kubernetes stack."
"Wazuh has very flexible and robust features."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"The deployment is easy and they provide very good documentation."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"The support team is not competent or responsive."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"A simple dashboard without having to use MS Sentinel would be a welcome improvement."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"The mobile app support for Android and iOS is difficult and needs improvement."
"CrowdStrike Suites and the way that it bundles things can be a bit challenging. It should be easier to integrate with the other stuff that they sell or be included with what they sell. We have one piece, then they are talking about another piece on vulnerability management all of the sudden, and we don't own that piece. We can see it in the console, but nothing shows up. It simply appears within the tool as an option, but we can't use it without purchasing it."
"The ability to receive text alerts natively in the console would be kind of cool."
"The overall cost of CrowdStrike Falcon could be reduced."
"Falcon could include more integrative features."
"To simplify the budgeting process for our clients, CrowdStrike should consider offering bundled packages that include essential features."
"I would also like to see the endpoint firewall component produce some level of logging and feedback."
"A year and a half ago or more, if you put in a support request by email, then it wasn't timely addressed. It could be a day to three days before you received a response, which was a bit frustrating. There was a lot of customer feedback around this issue, which has been greatly refined."
"They respond quickly on the weekdays, but the weekend response times are slower."
"The deployment is a bit complex."
"The tool doesn't detect anomalies or new environments."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
"The implementation is very complex."
"The only challenge we faced with Wazuh was the lack of direct support."
"The tool does not provide CTI to monitor darknet."
"Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions."
"Wazuh is missing many things that a typical SIEM should have."
CrowdStrike Falcon is ranked 1st in Extended Detection and Response (XDR) with 107 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. CrowdStrike Falcon is rated 8.8, while Wazuh is rated 7.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and Trellix Endpoint Security, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Cortex XDR by Palo Alto Networks. See our CrowdStrike Falcon vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.