We performed a comparison between Microsoft Defender XDR and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics."
"The attack simulation is excellent; initially, this feature wasn't very robust, but Microsoft improved what we could achieve with it. We can now customize our practice phishing emails and include our company logo, for example. Attack simulation also helps integrate with third-party solutions where applicable and provides an overview of our security architecture through testing. The summary includes areas for improvement in our protection and what steps we need to take to get there."
"The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"Advanced hunting is good. I like that. We can drill down to lots of details."
"The solution is well integrated with applications. It is easy to maintain and administer."
"Microsoft 365 Defender is a stable solution."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"I am satisfied with the support."
"The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly."
"The ability to rapidly diagnose problems in production and non-production, across hundreds of log files, is the most valuable feature."
"The solution has made us more secure."
"The data analysis part is good in Splunk, which is something that I like the most. It is also quite easy to use. Its dashboards, visualizations, and analytics are good."
"The indexing and data collection are valuable."
"The most valuable feature of Splunk is the management and built-in workflows."
"The solution has plenty of features that are good."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"Microsoft Defender XDR is not a full-fledged EDR or XDR."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"Stability could be improved by avoiding frequent changes to the interface."
"The web filtering solution needs to be improved because currently, it is very simple."
"It would be helpful if the solution could scan faster when it comes to scanning attachments to emails."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"We had an instance when Splunk failed and it took us a couple of days to recover."
"Sometimes, there is latency in the logs."
"Over time I will have more requirements and I can foresee the solution could improve the search algorithm to run and output the data faster."
"There are a lot of competitive products that are doing better than what Splunk is doing on the analytics side."
"The product could be cheaper."
"Its pricing is extremely high. There are other tools out in the market that are competitive. They do not necessarily have all the functionality, but they are competitive. The professional services we have used have been high as well in comparison to the market."
"Configuring a few apps is complex, not straightforward."
"Custom visualizations are real hard. While the default visualizations are good, creating enhanced visualizations are complex."
Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 79 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 230 reviews. Microsoft Defender XDR is rated 8.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Trend Vision One, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Microsoft Sentinel. See our Microsoft Defender XDR vs. Splunk Enterprise Security report.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.