We performed a comparison between CrowdStrike Falcon and Mandiant Advantage based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Defender is easy to use. It has a nice console, and everything is all in one place."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats."
"We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."
"Microsoft Defender XDR is scalable."
"Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing."
"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"The most valuable feature is that we don't need to re-image machines as much as we had to."
"Easy to use, intelligent, and stable threat detection software."
"The Protect functionality on the laptops provides great visibility into what's occurring, and the cloud management of the platform is what we needed."
"The scalability is good."
"The initial setup is very simple."
"Enables us to understand what processes are running on the system, what registry keys have been enabled."
"One of the most valuable features of CrowdStrike Falcon is when there are upgrades there are no additional fees."
"The stability is good; we haven't experienced any glitches or bugs."
"It is so valuable to have someone performing these functions outside of our business hours when we don't have staff in the building. We've seen a lot of solid metrics on the amount of malware that it's detecting and resolving. We're pleased with it so far."
"The feature I have found most valuable is directory monitoring. We experienced an instance of threat actors trying to ensure a complex and massive attack against our customer's infrastructure on the forum. That is, they were animating people on a formum. The solution alerted us to this two days ahead of the attack, which gave us plenty of time to prepare for it."
"The advantage of the solution is being able to go look up threat actors and get a lot of detailed information about different attacks and different tactics and general information about threats."
"Microsoft Defender XDR is not a full-fledged EDR or XDR."
"There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use."
"In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals."
"There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the road map, and we ware waiting for that feature."
"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"The technical support could improve because I am in India and the support I receive is from the UK or Australia. It is difficult to manage the time difference. The service could be faster. However, when we do have the support they are knowledgeable."
"Whenever there is a feature release (upgrade) where we push to all the endpoints, it causes something to be blocked without us knowing."
"Too many false positives."
"In a future release, I would like to see more integrations for data breaches and security features."
"The console is a little cluttered and at times, finding what you're looking for is not intuitive."
"On the firewall management side, there should be more granularity. There should also be more granularity for device control. Everything else is brilliant."
"We'd like to see more integration capabilities."
"It would be nice if they did have some sort of Active Directory tie-in, whether that be Azure or on-prem. Sometimes, it is difficult for us to determine if we are missing any endpoints or servers in CrowdStrike. We honestly don't have a great inventory, but it would be nice if CrowdStrike had a way to say this is everything in your environment, Active Directory-wise, and this is what doesn't have sensors. They try to do that now with a function that they have built-in, but I have been unsuccessful in having it help us identify what needs a sensor. So, better visibility of what doesn't have a sensor in our environment would be helpful."
"They could have better support. Now that they've merged, they are moving towards a portal system, which isn't very helpful."
"I think that the data query that is used for data cloud language should be improved. It's really hard to query actual data from the platform."
"Mandiant's on-prem client is too processor-intensive, so it's putting a strain on the local device's CPU. When a scan is running on the device, the other processing tasks slow to a crawl. We're still trying to figure out the correct settings for the client."
CrowdStrike Falcon is ranked 1st in Extended Detection and Response (XDR) with 107 reviews while Mandiant Advantage is ranked 21st in Extended Detection and Response (XDR) with 3 reviews. CrowdStrike Falcon is rated 8.8, while Mandiant Advantage is rated 8.6. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Mandiant Advantage writes "It gives us peace of mind that issues can be addressed when our core IT team isn't working". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and SentinelOne Singularity Complete, whereas Mandiant Advantage is most compared with Cortex Xpanse, Microsoft Defender External Attack Surface Management, Cymulate, Tenable Attack Surface Management and Cortex XDR by Palo Alto Networks. See our CrowdStrike Falcon vs. Mandiant Advantage report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
