We performed a comparison between CrowdStrike Falcon and Microsoft Defender for Cloud based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: CrowdStrike Falcon stands out for its minimal impact on system performance, optimal resource utilization, and precise detection of threats. Microsoft Defender for Cloud is highly regarded for its automated processes, advanced threat analysis, and extensive security measures, including protection against ransomware and access controls. CrowdStrike Falcon could benefit from adding a sandbox feature and more detailed firewall management options. Microsoft Defender for Cloud could use enhancements in automation and ease of use.
Service and Support: CrowdStrike Falcon's customer service has been commended for its promptness and assistance. Some Defender for Cloud users reported positive experiences with Microsoft, while others complained that the solution's outsourced support lacked technical knowledge.
Ease of Deployment: CrowdStrike Falcon's setup is considered to be simple and efficient, with varying deployment times ranging from a few days to a month. While there may be some challenges during installation, they are generally manageable. The initial setup of Microsoft Defender for Cloud is described as straightforward, but the deployment time may vary depending on specific requirements.
Pricing: Some users find CrowdStrike Falcon costly and think the price should be lowered to make it more competitive. Microsoft Defender for Cloud is in the mid-to-high pricing tier. While some users find it expensive, others believe it offers good value.
ROI: CrowdStrike Falcon offers cost savings by decreasing the required number of engineers and eliminating the necessity for onsite servers. Microsoft Defender for Cloud streamlines security tasks and saves users money by consolidating various solutions.
Comparison Results: Users prefer CrowdStrike Falcon over Microsoft Defender for Cloud. Users like CrowdStrike Falcon's effortless setup process and lightweight design. It provides an in-depth analysis of endpoint devices, precise threat detection, and robust defense against cyberattacks.
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"It is stable and scalable."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"Forensics is a valuable feature of Fortinet FortiEDR."
"NGAV and EDR features are outstanding."
"The setup is pretty simple."
"We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur."
"We haven't had any infections or down time."
"The ability to execute real-time response, or, that you can connect to the agent and see exactly what processes are operating, is the most important feature of this solution."
"It helps us to identify the threats according to the behavior of any process that is running on any particular system. It helps immensely to identify any malicious behavior on any endpoints."
"It provides very good protection and the ability to crosscheck environments."
"The most valuable feature of CrowdStrike Falcon is its accuracy."
"The initial setup was straightforward."
"The EDR is amazing and ease of integration with Splunk is a big plus. Integration with BigQuery is also a plus for me and workflow creation is easy. Overall, CrowdStrike Falcon is a great product."
"The most valuable features of this solution are the remote workforce capabilities and the general experience of the remote workforce."
"With respect to improving our security posture, it helps us to understand where we are in terms of compliance. We can easily know when we are below the standard because of the scores it calculates."
"The solution's robust security posture is the most valuable feature."
"The most valuable features are ransomware protection and access controls. The solution has helped us secure some folders on our systems from unauthorized modifications."
"The security policy is the most valuable feature for us. We can go into the environment settings and attach any globally recognized framework like ISO or any benchmark."
"The entire Defender Suite is tightly coupled, integrated, and collaborative."
"The integration with Logic Apps allows for automated responses to incidents."
"One important security feature is the incident alerts. Now, with all these cyberattacks, there are a lot of incident alerts that get triggered. It is very difficult to keep monitoring everything automatically, instead our organization is utilizing the automated use case that we get from Microsoft. That has helped bring down the manual work for a lot of things."
"I haven't seen the use of AI in the solution."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"It takes about two business days for initial support, which is too slow in urgent situations."
"The dashboard isn't easy to access and manage."
"We can do a threat analysis of any machine at any time, but that threat analysis is very limited."
"I think there's an opportunity to enhance the AI or at least the traps to say, if something changes from this baseline, let us know and flag it."
"Any kind of integration that you want to do, such as using the API to connect to a SIEM, is complex and it will be expensive to do."
"The ability to receive text alerts natively in the console would be kind of cool."
"I have worked with their technical support on several problems that were never fully resolved."
"The GUI can use improvement, it's cloud-based so sometimes the interface can be a bit slow. The interface could use a little bit more speed."
"Tighter integration around XDR could be included."
"CrowdStrike Falcon could improve if it became an XDR. When we look only to an end-point, we lost the context of the environment. I know it's another line of design of the product. However, if CrowdStrike becomes an XDR, it could be very good."
"One of the main challenges that we have been facing with Azure Security Center is the cost. The costs are really a complex calculation, e.g., to calculate the monthly costs. Azure is calculating on an hourly basis for use of the resource. Because of this, we found it really complex to promote what will be our costs for the next couple of months. I think if Azure could reduce the complex calculation and come up with straightforward cost mapping that would be very useful from a product point of view."
"Microsoft sources most of their threat intelligence internally, but I think they should open themselves up to bodies that provide feel intelligence to build a better engine. There may be threats out there that they don't report because their team is not doing anything on that and they don't have arrangements with another party that is involved in that research."
"The solution could extend its capabilities to other cloud providers. Right now, if you want to monitor a virtual machine on another cloud, you can do that. However, this cannot be done with other cloud platform services. I hope once that is available then Defender for Cloud will be a unified solution for all cloud platform services."
"Azure Security Center takes a long time to update, compared to the on-premises version of Microsoft Defender."
"The product must improve its UI."
"The solution is quite complex. A lot of the different policies that actually get applied don't pertain to every client. If you need to have something open for a client application to work, then you get dinged for having a port open or having an older version of TLS available."
"You cannot create custom use cases."
"Customizing some of the compliance requirements based on individual needs seems like the biggest area of improvement. There should be an option to turn specific controls on and off based on how your solution is configured."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 107 reviews while Microsoft Defender for Cloud is ranked 3rd in Cloud Workload Protection Platforms (CWPP) with 46 reviews. CrowdStrike Falcon is rated 8.8, while Microsoft Defender for Cloud is rated 8.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Microsoft Defender for Cloud writes "Provides multi-cloud capability, is plug-and-play, and improves our security posture". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security and VMware Carbon Black Endpoint, whereas Microsoft Defender for Cloud is most compared with AWS GuardDuty, Prisma Cloud by Palo Alto Networks, Microsoft Defender XDR, Wiz and AWS Security Hub. See our CrowdStrike Falcon vs. Microsoft Defender for Cloud report.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.