CrowdStrike Falcon and Microsoft Defender XDR are both Extended Detection and Response (XDR) solutions that offer endpoint protection and threat detection capabilities. CrowdStrike Falcon is a standalone platform, whereas Defender XDR integrates seamlessly with Microsoft security products. CrowdStrike Falcon offers customizable alert settings and machine-learning algorithms for proactive threat hunting. Microsoft Defender is highlighted for its efficient incident response system. Both products have flexible pricing options, with users noting positive ROI from both solutions.
The summary above is based on 207 interviews we conducted recently with CrowdStrike Falcon and Microsoft 365 Defender users. To access the review's full transcripts, download our report.
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"Fortinet is very user-friendly for customers."
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"he solution is an anti-malware product that integrates well with other vendor products such as firewalls, SIEM, etc. It captures threat intelligence and gives you better visibility. The product also has sandboxing features."
"Ability to get forensics details and also memory exfiltration."
"At this point what is most valuable is the interface, which is easy to navigate."
"CrowdStrike Falcon has done an excellent job at detecting breaches. It has allowed us to stay in business and keep our systems up."
"The EDR and XDR features have been most valuable."
"The most valuable feature is the activity dashboard because it gives you a holistic view of your environment from a security standpoint."
"The detection is very reliable. Also, OverWatch is a great feature."
"The scalability is good."
"The threat intelligence is the most valuable feature."
"The stability is good; we haven't experienced any glitches or bugs."
"In Microsoft 365 vendor products, monitoring and connectivity across all Microsoft and third-party connectors enable viewing of all activity within those environments."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"The most valuable aspect is undoubtedly the exploration capability"
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"The common and advanced security policies for threat hunting and blocking attacks are valuable."
"I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"The integration, visibility, vulnerability management, and device identification are valuable."
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"The support needs improvement."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"It takes about two business days for initial support, which is too slow in urgent situations."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"We'd like to see more one-to-one product presentations for the distribution channels."
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."
"We find the solution to be a bit expensive."
"The management of the solution could improve."
"CrowdStrike should provide better visibility in its reporting. There should be more forensic details about detected threats."
"CrowdStrike should add support for ransomware protection."
"I've found that CrowdStrike's technical support could benefit from increased technical expertise."
"Falcon could be improved with more function on the mobile end of things and better optimization with mobile devices."
"CrowdStrike Falcon could improve the logs by making them free to the API."
"We sometimes get false positives."
"Basically, they don't cover legacy OS or applications. That's the only issue we're concerned about"
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"The support team is not competent or responsive."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"I'd like to see a wider solution that includes not only desktop devices but also other devices, such as servers, storage cabinets, switching equipment, et cetera."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 105 reviews while Microsoft Defender XDR is ranked 7th in Endpoint Detection and Response (EDR) with 79 reviews. CrowdStrike Falcon is rated 8.8, while Microsoft Defender XDR is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and VMware Carbon Black Endpoint, whereas Microsoft Defender XDR is most compared with Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh, Trend Vision One and Microsoft Entra ID. See our CrowdStrike Falcon vs. Microsoft Defender XDR report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.