We performed a comparison between Elastic Security and Microsoft Defender XDR based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"NGAV and EDR features are outstanding."
"The setup is pretty simple."
"This is stable and scalable."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"The product has huge integration varieties available."
"Elastic Security is a highly flexible platform that can be implemented anywhere."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"It's simple and easy to use."
"ELK is open-source, and it will give you the framework you need to build everything from scratch."
"The scalability is good. It can be scaled easily in the production environment."
"The most valuable features of the solution are the prevention methods and the incident alerts."
"I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong."
"Having a single pane of glass for all Microsoft security services makes everything much easier. A security analyst can go to a single portal and see everything in one view. The integration of everything into one portal is a huge benefit."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"The attack simulation is excellent; initially, this feature wasn't very robust, but Microsoft improved what we could achieve with it. We can now customize our practice phishing emails and include our company logo, for example. Attack simulation also helps integrate with third-party solutions where applicable and provides an overview of our security architecture through testing. The summary includes areas for improvement in our protection and what steps we need to take to get there."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"I have found the ability to delete unwanted threats beneficial."
"The most valuable feature is the network security."
"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
"The integration, visibility, vulnerability management, and device identification are valuable."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"I haven't seen the use of AI in the solution."
"Detections could be improved."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"Their visuals and graphs need to be better."
"The solution's query building is not that intuitive compared to other solutions."
"Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them."
"It is difficult to anticipate and understand the space utilization, so more clarity there would be great."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"Improvements in Elastic Security could include refining and normalizing queries to make them more user-friendly, enhancing the user experience with better documentation, and addressing any latency issues."
"There isn't really a very good user experience. You need a lot of training."
"Technical support could respond faster."
"Advanced attacks could use an improvement."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
Elastic Security is ranked 16th in Endpoint Detection and Response (EDR) with 58 reviews while Microsoft Defender XDR is ranked 7th in Endpoint Detection and Response (EDR) with 79 reviews. Elastic Security is rated 7.6, while Microsoft Defender XDR is rated 8.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Microsoft Entra ID. See our Elastic Security vs. Microsoft Defender XDR report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.