We performed a comparison between Crowdstrike Falcon and Microsoft Defender for Endpoint based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: All other things being equal, Crowdstrike Falcon is the favorite when it comes to both ease of deployment and customer service and support.
"The setup is pretty simple."
"We have FortiEDR installed on all our systems. This protects them from any threats."
"The stability is very good."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"Ability to get forensics details and also memory exfiltration."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"The features we showcase to potential customers are prevention, malware protection, zero-day protection, and application scripting. Vulnerability assessment is another valuable feature."
"It helps us to identify the threats according to the behavior of any process that is running on any particular system. It helps immensely to identify any malicious behavior on any endpoints."
"The solution has improved my organization by automating the detection and reporting of unwanted applications so we're aware of them and can respond appropriately."
"The most valuable features of CrowdStrike Falcon are the AI in detecting and real-time detections."
"CrowdStrike Falcon is a very light solution. It does not use too much processor or RAM."
"The stability is very good."
"The EDR is amazing and ease of integration with Splunk is a big plus. Integration with BigQuery is also a plus for me and workflow creation is easy. Overall, CrowdStrike Falcon is a great product."
"The detection is very reliable. Also, OverWatch is a great feature."
"It is already integrated with Windows 10, so you don't need to worry about that."
"The solution has good performance, I have not seen a problem."
"It's one of the best antiviruses on the market."
"The most valuable feature is that we can use the solution right out of the box without too much configuration."
"The ransomware and malware protection is the most valuable feature."
"It is a straightforward setup."
"The solution's main antivirus capabilities are okay. So far, they have kept us safe."
"It's a Microsoft product; it's easier to deploy this product than other options."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"The only minor concern is occasional interference with desired programs."
"The solution should address emerging threats like SQL injection."
"We'd like to see more one-to-one product presentations for the distribution channels."
"Cannot be used on mobile devices with a secure connection."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"The dashboard isn't easy to access and manage."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"In the future release of CrowdStrike Falcon, they should add a sandbox feature."
"Too many false positives."
"The Integration with tools, SOC tools, could be better."
"The management reporting functionality needs to be improved."
"CrowdStrike Falcon could improve by having an easier way to search and use the interface for extracting queries from the data. The interface could improve."
"We encounter occasional issues, such as when disabling network access for a host that uses CrowdStrike."
"I would like to see equal support across all versions. Aside from that, I would say most of the features are there."
"The dashboard area must be improved. We have integration with Splunk, and we are creating a dashboard there. Their dashboard area must be up to date. It should have more details and more options to create the reports and things like that."
"There's scanning going on that occasionally topples the memory, causing everything to freeze. This should be fixed."
"They're in the process of pulling more things together. They can continue with the integrations and provide a better way of seeing the impact of security changes, especially on the endpoint side. Before we actually flip the switch, we should be able to see the impact of security changes on the business or business applications. It would prevent breaking any business applications."
"Lacks some additional integration."
"I would like to have additional features such as DNS lookup, which would help for detecting malicious sites."
"Microsoft Defender for Endpoint is effective for validating work, but not ideal for investigations."
"Its user interface (UI) can be improved. Currently, in the console, you have to dig down for certain things. They've got many different layers to get to things instead of having it all on the surface. You have to go three folds lower to get to specific functionality or click a particular option. It would be good if we can manage the console through menus and instead of three clicks, we can do things in one click. They need to change the UI and work on it in terms of a better user experience."
"It can get a bit laggy sometimes. Other than that, we don't have any issues. They constantly tweak it and fix it up based on users' feedback. It has improved a lot over the past four years. Defender for Endpoint never really used to be a good endpoint security solution, but over the past couple of years, Microsoft has invested heavily in it. So, it has come a long way in all aspects of endpoint security. If they want to make it better, they should just continue investing in the current path of what they've been doing over the past couple of years."
"From an audit point of view, our auditors would like to have more reports on how things are used, if things go wrong, and how they went wrong. For example, if something got a warning, "Why?" So, we would like more versatility for tracing and reporting. That would improve the product, as long as the user interface doesn't get bogged down."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 105 reviews while Microsoft Defender for Endpoint is ranked 1st in Endpoint Protection Platform (EPP) with 182 reviews. CrowdStrike Falcon is rated 8.8, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Darktrace, Trend Micro Deep Security, Trend Vision One and VMware Carbon Black Endpoint, whereas Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks and ESET Endpoint Protection Platform. See our CrowdStrike Falcon vs. Microsoft Defender for Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature but on the platform, you can drill down the events to find the starter of a blocked event.
It does have basic features to whitelist programs and paths, does show you information about what kind of threat was blocked, gives you information about user logged, machine details (SO, version, serial, Mac Address, Local and WAN IP,...) and grants you with the time, the file that executed the event, allows you to group devices and define exclusion, detection, response policies based on them.
It does allow you to create specific profiles for each type of user like helpdesk analysts, managers, etc (with different access, etc).
The solution is pretty good, actually and I'm pretty happy with it. I don't have experience with Microsoft Defender for Endpoint but will do in a couple of months to update this. =]
Depends on your budget and on the conditions of a Microsoft license. If you have an M365 license (like E3 or E5), Microsoft is cheaper.
In terms of functionality, CrowdStrike is better.