We performed a comparison between Crowdstrike Falcon and Microsoft Defender for Endpoint based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: All other things being equal, Crowdstrike Falcon is the favorite when it comes to both ease of deployment and customer service and support.
"Fortinet is very user-friendly for customers."
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"he solution is an anti-malware product that integrates well with other vendor products such as firewalls, SIEM, etc. It captures threat intelligence and gives you better visibility. The product also has sandboxing features."
"The setup is pretty simple."
"Forensics is a valuable feature of Fortinet FortiEDR."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"Everything is automatic. I install the sensor and renew the service. Periodically, I get a notice that they've shut something down."
"It has an extremely low footprint, so it has got minimum impact on the user end points in terms of CPU and memory usage."
"I like the dashboard nature of it. Everything is clickable, linkable, and information is easy to obtain and find. How it presents that information is probably the biggest win as far as the information correlation aspect. The presentation of it is very good."
"CrowdStrike enables the infrastructure managers to visualize all the events and get information about the network."
"As long as the machine is connected to the Internet, and CrowdStrike is running, then it will be on and we will have visibility; no VPNing in or making some type of network connection. CrowdStrike always there and running in the background; for us, that is big. We wanted something that could give us data as long as the machines connected to the Internet and be almost invisible to the employees."
"The detection is very effective."
"The ability to execute real-time response, or, that you can connect to the agent and see exactly what processes are operating, is the most important feature of this solution."
"The 10 hours a week that we are freeing up from having to manage and monitor our AV solution has really allowed us to focus on other areas of the business. This has been a huge return on investment."
"Defender is stable, I haven't had any problems with viruses when using it, and it's easy to update."
"I enjoy using the live response feature, which allows me to remotely access different endpoints and investigate malicious files, such as malware that people may have downloaded, and other related issues."
"It is already integrated with Windows 10, so you don't need to worry about that."
"It is quite stable. We have not had any cases, i.e., viruses, that would require a reboot, etc. We have never had a situation where we needed to reinstall the tools as a result of the Defender application or a feature being corrupt."
"Microsoft Defender for Endpoint is different from other security tools because we can configure it to use multiple types of scanning or archiving."
"We can react to threats faster and stop them from spreading from one machine to another. It protects from suspicious email attachment downloads. It will lock down the SOC and the workstations."
"We use Microsoft Defender for the antivirus."
"The threat hunting service is very useful for a security professional."
"FortiEDR can be improved by providing more detailed reporting."
"Cannot be used on mobile devices with a secure connection."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"The only minor concern is occasional interference with desired programs."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"CrowdStrike should add support for ransomware protection."
"We'd like to see more integration capabilities."
"Tighter integration around XDR could be included."
"We have had to open a case with the technical support to get some issues and bugs resolved."
"CrowdStrike Falcon could be enhanced by extending its security capabilities to include NDR and XDR."
"We encounter occasional issues, such as when disabling network access for a host that uses CrowdStrike."
"The console is a little cluttered and at times, finding what you're looking for is not intuitive."
"CS Falcon sensing capabilities for non-domain machines should be enhanced since the agent doesn't detect the neighbor's IP Address and/or any anomaly which was identified in the network for the non-domain machine."
"More integration with different platforms is an area for improvement for this product, and should be included in its next release."
"The system can always be simplified and have a better integration check. More detailed reports would be good. When it does the integrated check, it just shows if the system is okay but I want to know what happened."
"Defender is free for one year. Once that year is over, we will switch to Kaspersky."
"I wish they would extend the use of the Security Central portal, even for the free option of Defender. Because, as companies grow, it is labor intensive to manage the AV and detection part of it. For companies already subscribed to Office 365, I think this would be a good enhancement."
"It should support non-Windows products better. Microsoft is now one of the leading vendors in the security area. So, they should be product-independent."
"The profiling method currently in use is not very user-friendly and has ample scope for improvement."
"In the next release, I would like to see better management reporting."
"Where we stand right now, compared to other products that are there in the market, they still have to work on their threat intelligence and the overall maturity of detecting the malware."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 105 reviews while Microsoft Defender for Endpoint is ranked 1st in Endpoint Protection Platform (EPP) with 182 reviews. CrowdStrike Falcon is rated 8.8, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Darktrace, Trend Micro Deep Security, SentinelOne Singularity Complete and VMware Carbon Black Endpoint, whereas Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks and Fortinet FortiClient. See our CrowdStrike Falcon vs. Microsoft Defender for Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature but on the platform, you can drill down the events to find the starter of a blocked event.
It does have basic features to whitelist programs and paths, does show you information about what kind of threat was blocked, gives you information about user logged, machine details (SO, version, serial, Mac Address, Local and WAN IP,...) and grants you with the time, the file that executed the event, allows you to group devices and define exclusion, detection, response policies based on them.
It does allow you to create specific profiles for each type of user like helpdesk analysts, managers, etc (with different access, etc).
The solution is pretty good, actually and I'm pretty happy with it. I don't have experience with Microsoft Defender for Endpoint but will do in a couple of months to update this. =]
Depends on your budget and on the conditions of a Microsoft license. If you have an M365 license (like E3 or E5), Microsoft is cheaper.
In terms of functionality, CrowdStrike is better.