We performed a comparison between Microsoft Defender for Endpoint and Symantec Endpoint Detection and Response based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"Fortinet is very user-friendly for customers."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"The most valuable feature is the analysis, because of the beta structure."
"It is stable and scalable."
"The stability is very good."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"Forensics is a valuable feature of Fortinet FortiEDR."
"Defender is stable, I haven't had any problems with viruses when using it, and it's easy to update."
"In my opinion, the most valuable aspects are the reporting analytics and integration with Sentinel. Defender does an excellent job of correlating the different entities that comprise threat analysis, analytics data, and log analytics. It helps to piece together investigations into any exploit or malicious activity within a specific tenant. AI and analytics tools are probably the most valuable components."
"Auto-remediation: When the product sees malware, it resolves the issue immediately. This protects the machine."
"The scalability is good."
"It performs well. The stability is seamless."
"It can reach our applications and PC activities in the cloud."
"Microsoft Defender for Endpoint is scalable. Currently, we have 600,000 users in our organization."
"The visibility into threats that the solution provides is pretty awesome... This is something that makes me think, "Wow, okay. If I had my own organization, I would probably get this too." It stops the threat before an employee gets phished or something gets downloaded to their computer."
"IPS and the user interface are good features."
"The most valuable features of Symantec Endpoint Detection and Response are its immediate response and investigation."
"It is very simple to use."
"I have had absolutely no problem with using this solution, it really works well."
"The Detection vulnerability is very effective."
"It is mostly used for malware detection and antivirus purposes."
"The interface is quite easy to use."
"The solution does its job with no issues."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"The SIEM could be improved."
"Making the portal mobile friendly would be helpful when I am out of office."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"I haven't seen the use of AI in the solution."
"Detections could be improved."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"Defender's cloud integration could be improved."
"I would like Microsoft to have some kind of direct integration for USB controls. They have GPO and other controls to control the access of the USB drives on devices, but if there is something that can be directly implemented into the portal, it would be good. There should be a way to control via a cloud portal or something like that in a dynamic way. USB control for data exfiltration would be a good feature to implement. Currently, there are ways to do it, but it involves too many different things. You have to implement it via GPOs and other stuff, and then you move or copy those big files via Defender ATP. If there is a simple way of implementing those features, it would be great."
"There are some areas in the proactive threats that are just overwhelming the SOC, so we've had to turn those off until we can figure out how to filter out the false positives."
"Localization is always a challenge, especially with new products you typically want. Solutions are designed to be deployed where the most licenses are being consumed, such as in the United States. They focus on US products, devices, and networks. Specialized deployments for other countries would allow for a smoother experience in transition."
"It is currently more suitable for end-users rather than enterprises with lots of other processes and third-party tools. It needs improvement on that front. We had many issues while integrating it with our enterprise solutions, such as Splunk, and third-party tools. It provides everything via APIs. Other vendors provide integration with third-party tools, but Microsoft doesn't do that. It is also logging too much and is not serialized from the process aspect. It has all the data, but it is not in a proper format or not properly indexed, which doesn't make it easier for enterprises to use this data. Other vendors provide troubleshooting information that can be used to troubleshoot issues, but Microsoft doesn't provide anything like that."
"The end-user also cannot do some advanced actions on it. It's a little bit complicated for our end-user, so it needs to be simplified."
"If the solution could be integrated more with Defender for Cloud, to be more unified, that would help. It is good now, but even more integration could be done with Defender for Cloud. We see two different portals. If Defender for Endpoint could be ported to the CSPM, Defender for Cloud, that would make things even easier for us."
"We encountered some misbehavior between Microsoft Office Suite and Defender. We had issues of old macros being blocked and some stuff going around the usage of Win32 APIs. There is some improvement between the Office products and Defender, and there is a bunch of stuff that you can configure in your antivirus solutions, but you have several baselines, such as security baselines for Edge, security baselines for Defender, and security baselines for MDM. You have configuration profiles as well. So, there a lot of parts where we can configure our antivirus solution, and we're getting conflicting configurations. This is the major part with which we're struggling in this solution. We are having calls and calls with Microsoft for getting rid of all configuration conflicts that we have. That's really the part that needs to be improved."
"It is not possible to buy it from the company itself, or resellers in other countries. If it is available, I see that it is offered as part of a larger service. For me, this was not suitable."
"It would be nice to see more granular timeline analysis."
"Its UI could be more user-friendly."
"The network forensics feature could be improved."
"Reporting is a major issue, as it is not user friendly."
"I think we have experienced some technical issues because the company focuses mainly on bigger clients. Also, sometimes the solution fails to detect zero-day attacks, so that feature needs some enhancement because it is lacking compared to other solutions."
"The solution can always be more stable and more secure."
"Symantec Endpoint Detection and Response could improve the reporting. It is very difficult to create reports from the user interface."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
More Symantec Endpoint Detection and Response Pricing and Cost Advice →
Microsoft Defender for Endpoint is ranked 1st in Endpoint Detection and Response (EDR) with 182 reviews while Symantec Endpoint Detection and Response is ranked 25th in Endpoint Detection and Response (EDR) with 28 reviews. Microsoft Defender for Endpoint is rated 8.0, while Symantec Endpoint Detection and Response is rated 7.6. The top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". On the other hand, the top reviewer of Symantec Endpoint Detection and Response writes "A highly stable and affordable solution for detecting and preventing security threats". Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, SentinelOne Singularity Complete, CrowdStrike Falcon and Microsoft Intune, whereas Symantec Endpoint Detection and Response is most compared with Trend Vision One, Kaspersky Endpoint Detection and Response Expert, Bitdefender GravityZone EDR, CrowdStrike Falcon and Trellix Endpoint Security (ENS). See our Microsoft Defender for Endpoint vs. Symantec Endpoint Detection and Response report.
See our list of best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
