We performed a comparison between Microsoft Defender for Endpoint and Symantec Endpoint Detection and Response based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"This is stable and scalable."
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"It is stable and scalable."
"It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"he solution is an anti-malware product that integrates well with other vendor products such as firewalls, SIEM, etc. It captures threat intelligence and gives you better visibility. The product also has sandboxing features."
"The whole bundle of the product, which is similar to other Microsoft products, is valuable. Ten years ago, you had third-party stuff for different things. You had one solution for email archiving and another third-party one for something else. Nowadays, Microsoft Office covers all the stuff that was formerly covered by third-party solutions. It is the same with antivirus. The functionality is just basic. You have the scanning, and then you also have a kind of cloud-based protection and reporting about your environment. With Microsoft Security Center, you have a complete overview of your environment. You know the software inventory, and you have security recommendations. You can not only see that the antivirus is up to date; you can also see where are the vulnerabilities in your system. Microsoft Security Center tells you where you have old, deprecated software and what kind of CVEs are addressed. It's really cool stuff."
"We apply the DLP policies across a range of endpoints and it is very accurate when reporting vulnerabilities, including those in email attachments."
"The most valuable feature is its ability to effectively detect threats. It has the EDR feature, endpoint detection and response, and that is very good."
"The most valuable aspect lies in its automation capabilities, particularly within security automation."
"The protection that it provides is quite good."
"The performance of Microsoft Defender for Endpoint has been good."
"Microsoft Defender for Endpoint is free and part of the licensing stack of other Microsoft products."
"The most valuable features are that it's easy to use and the updates are very simple."
"The security is good."
"The interface is quite easy to use."
"In Symantec, we have found that the most important feature is Application and Device Control."
"The most valuable features of this product include network isolation for machines and the ability to work with a consistent and defined set of virtual machines."
"The pricing is good."
"The most valuable feature of Symantec Endpoint Detection and Response is its ability to conduct large scans on the endpoints without affecting the network."
"The solution has great blocking features."
"I like Symantec EDR's device control and USB security features."
"The support needs improvement."
"FortiEDR can be improved by providing more detailed reporting."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"I haven't seen the use of AI in the solution."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"Something that is unique to Microsoft is its licensing model. When you go out and you buy McAfee or Symantec, you know what you're getting out of the box, but with Microsoft, often, when you're looking to achieve a certain set of capabilities, those capabilities are spread across different products. You might try to do something you could do with CrowdStrike, but then find out that you also need to purchase Microsoft Defender for Identity or Microsoft Defender for Azure. You realize that when they talk about what they can offer within the Microsoft platform, it's really the suite of investments. So, sometimes, you may find yourself buying Defender for Endpoint thinking that it matches CrowdStrike, but then you find that Microsoft really needs to sell you something else. One plus one will equal three, but when you have a very concise platform, such as CrowdStrike, you know what you're going to get."
"Lowering the price would be an improvement."
"Threat intelligence has the potential for improvement, particularly by integrating more sources."
"Where we stand right now, compared to other products that are there in the market, they still have to work on their threat intelligence and the overall maturity of detecting the malware."
"They're in the process of pulling more things together. They can continue with the integrations and provide a better way of seeing the impact of security changes, especially on the endpoint side. Before we actually flip the switch, we should be able to see the impact of security changes on the business or business applications. It would prevent breaking any business applications."
"I would like MDE to have the ability to isolate a certain amount of time on the timeline."
"Its detection is not as quick. There should also be more frequent updates."
"I would like Microsoft to have some kind of direct integration for USB controls. They have GPO and other controls to control the access of the USB drives on devices, but if there is something that can be directly implemented into the portal, it would be good. There should be a way to control via a cloud portal or something like that in a dynamic way. USB control for data exfiltration would be a good feature to implement. Currently, there are ways to do it, but it involves too many different things. You have to implement it via GPOs and other stuff, and then you move or copy those big files via Defender ATP. If there is a simple way of implementing those features, it would be great."
"It would be beneficial to have more integration and compatibility with other platforms."
"It should be easier to deploy Symantec's client for end-users."
"While they are quite dynamic, they need to ensure they are detecting threats faster in the future to keep people safer."
"Reporting is a major issue, as it is not user friendly."
"The interface is very complicated."
"They do need to minimize the number of agents installed on a server."
"Its UI could be more user-friendly."
"The interface has many issues."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
More Symantec Endpoint Detection and Response Pricing and Cost Advice →
Microsoft Defender for Endpoint is ranked 1st in Endpoint Detection and Response (EDR) with 182 reviews while Symantec Endpoint Detection and Response is ranked 25th in Endpoint Detection and Response (EDR) with 28 reviews. Microsoft Defender for Endpoint is rated 8.0, while Symantec Endpoint Detection and Response is rated 7.6. The top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". On the other hand, the top reviewer of Symantec Endpoint Detection and Response writes "A highly stable and affordable solution for detecting and preventing security threats". Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, SentinelOne Singularity Complete, CrowdStrike Falcon and Microsoft Intune, whereas Symantec Endpoint Detection and Response is most compared with Trend Vision One, Kaspersky Endpoint Detection and Response Expert, Bitdefender GravityZone EDR, CrowdStrike Falcon and Trellix Endpoint Security (ENS). See our Microsoft Defender for Endpoint vs. Symantec Endpoint Detection and Response report.
See our list of best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.