We performed a comparison between CrowdStrike Falcon and Elastic Security based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"I have found the ability to delete unwanted threats beneficial."
"All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"I like that it's fully integrated with Windows, Microsoft 365 Exchange Online, and Outlook. It is better than other antivirus solutions because it's fully integrated with all Microsoft products. It's easy to integrate them and onboard all Windows devices from SCCM."
"The product integrates security into one tool instead of having third-party security tools."
"The Protect functionality on the laptops provides great visibility into what's occurring, and the cloud management of the platform is what we needed."
"The most valuable aspects of CrowdStrike Falcon for me are its device observability, identification, and software and OS recognition."
"This solution has made the lives of the IT staff much easier, compared to the previous one."
"Because it is security product and acts like an AIML smart product, not merely based on daily/weekly updates and signatures."
"The most valuable feature is its threat analysis."
"Cyberattack detection is very good. We use it for detecting different vulnerabilities, such as ransomware, virus, and malware. It is a good product today when compared to Symantec that we used previously."
"The anomaly detection is the most valuable feature."
"It seems to do a pretty good job of protecting the host. It offers good insights that it gives you when it has a detection. It's pretty incredible."
"It's very customizable, which is quite helpful."
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
"ELK documentation is very good, so never needed to contact technical support."
"It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast."
"The most valuable feature is the ability to collect authentication information from service providers."
"Stability-wise, I rate the solution a ten out of ten."
"ELK Logstash is easy and fast, at least for the initial setup with the out of box uses."
"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"The support team is not competent or responsive."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"There could be a way to proactively monitor unusual activity ."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"The price should be adjustable by region."
"The pricing structure should allow for some flexibility."
"The console is a little cluttered and at times, finding what you're looking for is not intuitive."
"The current database schema presents challenges and has potential for improvement."
"CrowdStrike Falcon could improve by having an easier way to search and use the interface for extracting queries from the data. The interface could improve."
"In the six months that I have been using CrowdStrike, it has not been able to detect anything."
"The performance could be better."
"Some of Falcon's features are a bit pricey."
"The portal can be clunky to navigate at times and has room for improvement."
"Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks."
"I would like the process of retrieving archived data and viewing it in Kibana to be simplified."
"Elastic Security could improve the documentation. It would help if they were more simple and clean."
"The biggest challenge has been related to the implementation."
"It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security."
"Elastic has one problem. In the past, Elastic Security was free. Now, they currently only offer the basic license or a certain period of time."
"There is room for improvement in the Kibana dashboard and in the asset management for the program."
"The training that is offered for Elastic is in need of improvement because there is no depth to it."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 105 reviews while Elastic Security is ranked 16th in Endpoint Detection and Response (EDR) with 58 reviews. CrowdStrike Falcon is rated 8.8, while Elastic Security is rated 7.6. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and SentinelOne Singularity Complete, whereas Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and AlienVault OSSIM. See our CrowdStrike Falcon vs. Elastic Security report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
