We compared Darktrace and Microsoft Defender for Endpoint across several parameters based on our user's reviews. After reading the collected data, you can find our conclusion below:
Darktrace is preferred over Microsoft Defender for Endpoint due to its advanced machine-learning capabilities and ability to detect and respond to threats in real time. Users praise Darktrace for its unparalleled threat visibility and proactive approach, while Microsoft Defender is reported to lack some of the advanced features and responsiveness of Darktrace.
"The initial setup was easy."
"Does a thorough job of examining email and URLs for malicious content."
"Microsoft Defender for Office 365 helps people to work remotely. It is a secure solution. We don't need to use our company's computers or get VPN connections to the networks. I can control how they share screens and what they send to the devices. It keeps our organizations confidential and sensitive information safe."
"It also gives me good visibility because, with Defender, I'm using a Microsoft product to defend Microsoft products. The integration was really seamless and I have wide visibility because it picks up almost everything. Literally, I can see almost every activity that happens, from the e-mail to the workstation itself."
"The deployment capability is a great feature."
"Microsoft Defender for Office 365 has improved my organization's security. It makes it easier to manage the infrastructure without the help of third-party applications."
"The initial setup is straightforward. You just add the license, click it, and then you can set up the rules. It is quite simple."
"Safe attachments, safe links, policies, and the ability to protect from zero-day threats are the most valuable features."
"The most valuable feature is the solution's ability to trim out the false positives and point your attention to the real important stuff."
"Darktrace is very useful for us because it has a large number of models for detecting threats."
"The platform has many modules, and each module examines a different situation in the behavior."
"It has helped the organization to detect any malware affecting the machines...The network monitoring and the email monitoring features are very valuable for us."
"The product can scale."
"The most valuable feature is the alerts. The alerts are meaningful. The event rolls up into meaningful and actionable alerts rather than just being noise."
"I am impressed with the product's ability to give insights into network traffic."
"It is a very simple product to use."
"We can run the virus scan across our entire environment."
"In my opinion, the most valuable aspects are the reporting analytics and integration with Sentinel. Defender does an excellent job of correlating the different entities that comprise threat analysis, analytics data, and log analytics. It helps to piece together investigations into any exploit or malicious activity within a specific tenant. AI and analytics tools are probably the most valuable components."
"The most valuable aspect lies in its automation capabilities, particularly within security automation."
"Provides good vulnerability assessment."
"Real-time detection and cloud-based delivery of detections are highly efficient."
"The most important feature is the way it monitors the threats and blocks them. About 10 days ago, we were implementing SOC for a particular client. The SOC was not yet implemented, but they had Microsoft Defender. That organization was hit by some ransomware, but the hacker could not succeed. Because of the EDR, the hacker could not install the hacking tools. They were trying to do that, but Microsoft Defender completely blocked that. The hacker could log into the system, but they could not install anything."
"The most valuable feature is that we can use the solution right out of the box without too much configuration."
"Defender's analytics are much better than CrowdStrike's."
"You should be able to deploy Defender for every subscription without the need to add servers."
"The visibility for the weaknesses in the system and unauthorized access can be improved."
"The company should focus on adding threats that the solution is currently unable to detect."
"There is room for improvement with the UI."
"Microsoft wants its well-paying customers to finish testing some of its half-baked products, find bugs, and report bugs back to Microsoft's team, which is a little frustrating for those who have to manage it and roll it up to thousands of people across the organization."
"The custom alerts have to improve a lot."
"The UI needs to be more user-friendly."
"One area for improvement is support, in terms of being able to reach them and, especially, technical support for configuration."
"Darktrace requires numerous configurations. It would be beneficial if the configuration could be made simpler."
"The interface is too mathematical and it should be simplified."
"It can have more integration with orchestration or event management solutions. They can provide more knowledge or research information for analysts for investigating cases and detecting anomalies in networks."
"The interface and dashboards could be improved for ease-of-use."
"The solution could be easier to use."
"There aren't so many third-party vendor platforms natively integrated with the platform."
"The module can improve so that every time it's more intelligent."
"The main portal needs improvement as it is difficult to use."
"I would like to see improvement from a management perspective. We have had to depend on Intune for certain tasks."
"If the solution could be integrated more with Defender for Cloud, to be more unified, that would help. It is good now, but even more integration could be done with Defender for Cloud. We see two different portals. If Defender for Endpoint could be ported to the CSPM, Defender for Cloud, that would make things even easier for us."
"Notifications are always popping up — I hate that."
"If you have multi-cloud like Google and AWS, the native solutions are better for those particular cases."
"There is a lot of information to take in, and the portals tend to change quickly due to the fast-paced nature of the industry."
"The deployment of Microsoft Defender for Endpoint on Windows 10 is not quite so straightforward. This could be made easier."
"Alerts need to be sent immediately because as it is now, you see some of them without delay and others arrive perhaps 30 minutes later, and it leaves important gaps in terms of information gathering."
"Other vendors provide a lot of customization when it comes to integration, which every big organization requires. No big organization depends on one particular tool. Defender lacks that at this point."
More Microsoft Defender for Office 365 Pricing and Cost Advice →
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Darktrace is ranked 11th in Email Security with 65 reviews while Microsoft Defender for Endpoint is ranked 1st in Endpoint Protection Platform (EPP) with 182 reviews. Darktrace is rated 8.2, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of Darktrace writes "Great autonomous support, offers an easy setup, and has responsive support". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". Darktrace is most compared with CrowdStrike Falcon, Vectra AI, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks and Cisco Secure Network Analytics, whereas Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, SentinelOne Singularity Complete, CrowdStrike Falcon and Cortex XDR by Palo Alto Networks.
We monitor all Email Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.