We performed a comparison between CrowdStrike Falcon and Microsoft Defender for Cloud based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: CrowdStrike Falcon stands out for its minimal impact on system performance, optimal resource utilization, and precise detection of threats. Microsoft Defender for Cloud is highly regarded for its automated processes, advanced threat analysis, and extensive security measures, including protection against ransomware and access controls. CrowdStrike Falcon could benefit from adding a sandbox feature and more detailed firewall management options. Microsoft Defender for Cloud could use enhancements in automation and ease of use.
Service and Support: CrowdStrike Falcon's customer service has been commended for its promptness and assistance. Some Defender for Cloud users reported positive experiences with Microsoft, while others complained that the solution's outsourced support lacked technical knowledge.
Ease of Deployment: CrowdStrike Falcon's setup is considered to be simple and efficient, with varying deployment times ranging from a few days to a month. While there may be some challenges during installation, they are generally manageable. The initial setup of Microsoft Defender for Cloud is described as straightforward, but the deployment time may vary depending on specific requirements.
Pricing: Some users find CrowdStrike Falcon costly and think the price should be lowered to make it more competitive. Microsoft Defender for Cloud is in the mid-to-high pricing tier. While some users find it expensive, others believe it offers good value.
ROI: CrowdStrike Falcon offers cost savings by decreasing the required number of engineers and eliminating the necessity for onsite servers. Microsoft Defender for Cloud streamlines security tasks and saves users money by consolidating various solutions.
Comparison Results: Users prefer CrowdStrike Falcon over Microsoft Defender for Cloud. Users like CrowdStrike Falcon's effortless setup process and lightweight design. It provides an in-depth analysis of endpoint devices, precise threat detection, and robust defense against cyberattacks.
"Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"The product detects and blocks threats and is more proactive than firewalls."
"The stability is very good."
"The setup is pretty simple."
"The price is low and quite competitive with others."
"It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"The detection is very reliable. Also, OverWatch is a great feature."
"Cyberattack detection is very good. We use it for detecting different vulnerabilities, such as ransomware, virus, and malware. It is a good product today when compared to Symantec that we used previously."
"CrowdStrike Falcon is effortless to use, and it's a cloud-specific platform. You only need to deploy the light agents on the licensed endpoints, and you're ready to work. Your dashboards will tell you the number of the endpoints being protected and the incidents. There are also incident dashboards with alerts that will tell you about the details."
"We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur."
"The threat intelligence is the most valuable feature."
"The feature I like the most is the solution's detection."
"I value the overall behavior analysis of CrowdStrike. The engine of this product is what drew us to this solution."
"The stability is good; we haven't experienced any glitches or bugs."
"When we started out, our secure score was pretty low. We adopted some of the recommendations that Security Center set out and we were able to make good progress on improving it. It had been in the low thirties and is now in the upper eighties."
"The most valuable features of this solution are the remote workforce capabilities and the general experience of the remote workforce."
"Defender for Cloud is a plug-and-play solution that provides continuous posture management once enabled."
"The most valuable features of this solution are the vulnerability assessments and the glossary of compliance."
"The solution's robust security posture is the most valuable feature."
"This is a platform as a service provided by Azure. We don't need to install or maintain Azure Security Center. It is a ready-made service available in Azure. This is one of the main things that we like. If you look at similar tools, we have to install, maintain, and update services. Whereas, Azure Security Center manages what we are using. This is a good feature that has helped us a lot."
"We can create alerts that trigger if there is any malicious activity happening in the workflow and these alerts can be retrieved using the query language."
"Microsoft Defender has a lot of features including regulatory compliance and attaching workbooks but the most valuable is the recommendations it provides for each and every resource when we open Microsoft Defender."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"We find the solution to be a bit expensive."
"It takes about two business days for initial support, which is too slow in urgent situations."
"The only minor concern is occasional interference with desired programs."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"The SIEM could be improved."
"CrowdStrike Falcon could improve the EDR functionality. Once the functionality of the solution improves, it will be even better in the market and able to compete with Carbon Black."
"Some of Falcon's features are a bit pricey."
"I would like to see the machine learning feature enhanced."
"CrowdStrike Falcon could improve by adding manual scanning or serverless scanning. It is not available at this time."
"It would be nice if the dashboard had some more information upfront, and looked a little better."
"We can't do scanning audits or device blocking or application control."
"The management of the solution could improve."
"An improvement would be to extend support to legacy and unsupported servers."
"One of the main challenges that we have been facing with Azure Security Center is the cost. The costs are really a complex calculation, e.g., to calculate the monthly costs. Azure is calculating on an hourly basis for use of the resource. Because of this, we found it really complex to promote what will be our costs for the next couple of months. I think if Azure could reduce the complex calculation and come up with straightforward cost mapping that would be very useful from a product point of view."
"From a compliance standpoint, they can include some more metrics and some specific compliances such as GDPR."
"The solution could improve by being more intuitive and easier to use requiring less technical knowledge."
"The documentation and implementation guides could be improved."
"Azure Security Center takes a long time to update, compared to the on-premises version of Microsoft Defender."
"For Kubernetes, I was using Azure Kubernetes Service (AKS). To see that whatever is getting deployed into AKS goes through the correct checks and balances in terms of affinities and other similar aspects and follows all the policies, we had to use a product called Stackrox. At a granular level, the built-in policies were good for Kubernetes, but to protect our containers from a coding point of view, we had to use a few other products. For example, from a programming point of view, we were using Checkmarx for static code analysis. For CIS compliance, there are no CIS benchmarks for AKS. So, we had to use other plugins to see that the CIS benchmarks are compliant. There are CIS benchmarks for Kubernetes on AWS and GCP, but there are no CIS benchmarks for AKS. So, Azure Security Center fell short from the regulatory compliance point of view, and we had to use one more product. We ended up with two different dashboards. We had Azure Security Center, and we had Stackrox that had its own dashboard. The operations team and the security team had to look at two dashboards, and they couldn't get an integrated piece. That's a drawback of Azure Security Center. Azure Security Center should provide APIs so that we can integrate its dashboard within other enterprise dashboards, such as the PowerBI dashboard. We couldn't get through these aspects, and we ended up giving Reader security permission to too many people, which was okay to some extent, but when we had to administer the users for the Stackrox portal and Azure Security Center, it became painful."
"After getting a recommendation, it takes time for the solution to refresh properly to show that the problem has been eliminated."
"Most of the time, when we log into the support, we don't get a chance to interact with Microsoft employees directly, except having it go to outsource employees of Microsoft. The initial interaction has not been that great because outsourced companies cannot provide the kind of quality or technical expertise that we look for. We have a technical manager from Microsoft, but they are kind of average unless we make noise and ask them to escalate. We then can get the right people and the right solution, but it definitely takes time."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 105 reviews while Microsoft Defender for Cloud is ranked 2nd in Cloud Workload Protection Platforms (CWPP) with 46 reviews. CrowdStrike Falcon is rated 8.8, while Microsoft Defender for Cloud is rated 8.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Microsoft Defender for Cloud writes "Provides multi-cloud capability, is plug-and-play, and improves our security posture". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security and VMware Carbon Black Endpoint, whereas Microsoft Defender for Cloud is most compared with AWS GuardDuty, Prisma Cloud by Palo Alto Networks, Microsoft Defender XDR, Wiz and AWS Security Hub. See our CrowdStrike Falcon vs. Microsoft Defender for Cloud report.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
