We performed a comparison between CrowdStrike Falcon and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, SentinelOne, CrowdStrike and others in Endpoint Detection and Response (EDR)."The most valuable feature is the analysis, because of the beta structure."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"It is stable and scalable."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"One of the most valuable features of CrowdStrike Falcon is when there are upgrades there are no additional fees."
"The initial setup is very simple."
"We like Falcon's network visibility. We can see how threats are evolving on PCS or in the company network. The solution's real-time incident response is very fast."
"The most valuable features of CrowdStrike Falcon include Falcon Fusion workflows and endpoint detection capabilities."
"Among CrowdStrike Falcon's most valuable capabilities are its UEBA and SOAR functionalities, along with its seamless integration with any other SIEM solution."
"The most valuable feature is the activity dashboard because it gives you a holistic view of your environment from a security standpoint."
"It's very easy to set up."
"The most valuable feature of CrowdStrike Falcon is crowdsourcing intelligence."
"I like the ease with which dashboards can be created."
"Its compatibility with other SIEMS is very useful."
"Splunk's visualizations make it easy for users to understand the data."
"It has virtual visualization, and other products do not."
"The most valuable features are the logs, which allow us to identify what happened and who interacted with the web repository."
"There are lots of free learning materials on their website."
"Splunk setup is easy and straightforward. "
"The ability to rapidly diagnose problems in production and non-production, across hundreds of log files, is the most valuable feature."
"The support needs improvement."
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"ZTNA can improve latency."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"We'd like to see more one-to-one product presentations for the distribution channels."
"We find the solution to be a bit expensive."
"They need to strengthen the forensic capabilities of this product, for e-discovery."
"Tighter integration around XDR could be included."
"It would be nice if they did have some sort of Active Directory tie-in, whether that be Azure or on-prem. Sometimes, it is difficult for us to determine if we are missing any endpoints or servers in CrowdStrike. We honestly don't have a great inventory, but it would be nice if CrowdStrike had a way to say this is everything in your environment, Active Directory-wise, and this is what doesn't have sensors. They try to do that now with a function that they have built-in, but I have been unsuccessful in having it help us identify what needs a sensor. So, better visibility of what doesn't have a sensor in our environment would be helpful."
"In terms of features, I would like them to add detailed logging functionality in CrowdStrike. Currently, CrowdStrike detects the threats immediately based on the IOCs and the signature-based policies or many threat behaviors, but in terms of logging those threats, it is not very good. The information that they provide in the logs is very little. They can build more analytics into it."
"Too many false positives."
"I've found that CrowdStrike's technical support could benefit from increased technical expertise."
"The price is too high."
"CrowdStrike Suites and the way that it bundles things can be a bit challenging. It should be easier to integrate with the other stuff that they sell or be included with what they sell. We have one piece, then they are talking about another piece on vulnerability management all of the sudden, and we don't own that piece. We can see it in the console, but nothing shows up. It simply appears within the tool as an option, but we can't use it without purchasing it."
"I find that the learning curve for Splunk is relatively lengthy."
"I would like some additional AI capabilities to provide additional information about things going wrong and things going well."
"The solution could improve by increasing the performance. We have run into problems when large amounts of data are processed."
"Our two main complaints are about the difficulty of the initial setup and the licensing model."
"Some of the terminology can be confusing, even for seasoned vets. Renaming components at this point would be a serious undertaking. However, it might be beneficial in the long run."
"This is a costly solution."
"Make it easier to include roles and user controls, as it is horrible now."
"This solution could be improved by better pricing in general and by easier installation."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 105 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 230 reviews. CrowdStrike Falcon is rated 8.8, while Splunk Enterprise Security is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security and VMware Carbon Black Endpoint, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Microsoft Sentinel.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.