We performed a comparison between Cisco SecureX and CrowdStrike Falcon based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Cisco SecureX earns high marks for its automated utilities, comprehensive visibility, and seamless integration with external resources. CrowdStrike Falcon stands out for its minimal impact on system performance, optimal resource utilization, and precise detection of threats. Users say Cisco SecureX needs better documentation and integration with on-premises systems. It would also benefit by expanding its compatibility with third-party solutions. CrowdStrike Falcon could benefit from adding a sandbox feature and more detailed firewall management options.
Service and Support: Some users describe Cisco support as dependable and efficient, while others noted a decline in quality due to personnel changes. CrowdStrike Falcon's customer service is considered prompt and helpful.
Ease of Deployment: Setting up Cisco SecureX is generally considered to be straightforward in cloud environments, but it requires more effort to integrate the solution with on-premise products. CrowdStrike Falcon's setup is considered to be simple and efficient, with deployment times ranging from a few days to a month. While there may be some challenges during installation, they are generally manageable.
Pricing: A few users said Cisco SecureX’s price could be lower, given that it is included for free with certain Cisco products. Some users find CrowdStrike Falcon costly and think the price should be lowered to make it more competitive.
ROI: Cisco SecureX provides a positive ROI by speeding up detection and resolution. It also decreases workloads through automation and proactive information gathering. CrowdStrike Falcon offers cost savings by decreasing the required number of engineers and eliminating the need for onsite servers.
Comparison Results: Our users prefer CrowdStrike Falcon over Cisco SecureX. Users particularly commend CrowdStrike Falcon for its efficient resource utilization, accurate threat detection, and robust defense against cyberattacks. They also value its seamless integration capabilities and user-friendly interface. Cisco SecureX users reported challenges with on-prem integration and observed a need for more third-party integration.
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"The product integrates security into one tool instead of having third-party security tools."
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"It has evolved a lot, just that monitoring piece to the current Orchestrator piece. The additional analytics are there. They now have something called Insight, which can basically take data from Microsoft Azure AD and Intune to give us information about our endpoints. This is detailed information about the endpoints, from Secure Endpoint and all these different products. So, it is just constantly evolving. Every time that it evolves, we have more information with more visibility. There are more features that we have that just make everything so much easier, and it is in one place. I don't have to keep going back and forth. I don't have to go to Secure Endpoint and ISE to get the data. I don't have to go to Intune on Microsoft to get the information. It is all in one place."
"The most valuable feature is its ability to manage all the applications and visibility. For example, if there is malware, spam, or another component that wants to attack the company in my servers, network, or applications, then SecureX will react to the problem."
"One of the most valuable features is the simplicity of deploying SecureX. It's very easy to do that and then you gain very detailed visibility into everything that's going on in your network and, obviously, at the device level. There's just a wealth of information that you can pull from all of these products that are part of SecureX. You know exactly if you have an issue or not."
"The most beneficial feature of Cisco SecureX for cybersecurity efforts is its integration with other Cisco solutions and the environment. This sets it apart, as its APIs and overall integration capabilities are very strong. Additionally, its detection capabilities are commendable."
"The forensics are amazing because when you have enrichment, and the solutions talk with each other, when you need it, you have the ability to know everything in the organization: when, why, whatever."
"I like that I don't have to jump around to five different products and log into five different places to view the data that it returns."
"Using SecureX, a tool provided by Cisco, we can easily integrate it with many of our other Cisco products such as Cisco ISE and many networking devices."
"The automation and orchestration tools are the most valuable features."
"The feature that I find to be the most valuable, is being able to look at the system analysis and being able to baseline what is installed on the system."
"The most useful feature is that we do not need to install or keep signature files. Regular scanning that consumes a lot of computer resources is not needed."
"The features I like the most are the response time and the dashboard are both excellent."
"The CrowdStrike Falcon dashboard is good, and we haven't had any problems with it."
"The most valuable feature is the activity dashboard because it gives you a holistic view of your environment from a security standpoint."
"CrowdStrike Falcon is effortless to use, and it's a cloud-specific platform. You only need to deploy the light agents on the licensed endpoints, and you're ready to work. Your dashboards will tell you the number of the endpoints being protected and the incidents. There are also incident dashboards with alerts that will tell you about the details."
"Probably the most valuable thing to me is the real-time response piece. The fact that I can connect to an endpoint as long as it is on the Internet, no matter where it is globally. I can remove files from the endpoint, drop files on the endpoint, stop processes, reboot it, run custom scripts, and deploy software. Pretty much no other tool can do all that."
"CrowdStrike Falcon is a very light solution. It does not use too much processor or RAM."
"The only problem I find is that the use cases are built-in. There is no template available that you can modify according to your organization's standards. What they give is very generic, the market standard, but that might not be applicable to every organization."
"The data recovery and backup could be improved."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"Advanced attacks could use an improvement."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"They could expand into more areas. The more third-parties that we have tied into it, the better. The capabilities are there. As they just continue to involve the product, the more things that you can look into, then the more analytics that you can get. Also, the more data that we can get, then the better off we will be."
"Enhancing automation capabilities could further improve the product."
"I would like it to integrate with another solution, e.g., DNA. I would like it to connect to that solution, but not the security aspect."
"what's missing right now is the multi-tenant capability."
"They could put in more third-party [integrations]... also more playbooks, out-of-the-box, for automation [would be helpful]."
"If they could make the Cisco Umbrella piece a little bit more advanced or easier to manage, that would help. We use it for filtering and when you compare it to a normal content filter, it lacks some functionality."
"Remediation stuff could be integrated into the product's automation."
"One of the improvements the product needs is more integration with collaboration platforms."
"The technical support could improve because I am in India and the support I receive is from the UK or Australia. It is difficult to manage the time difference. The service could be faster. However, when we do have the support they are knowledgeable."
"The technical support team often just replies to an issue with a link to an article rather than actually calling back and talking to someone and making sure the problem is solved. To me, that's kind of weak."
"The price is too high."
"CrowdStrike should add support for ransomware protection."
"CrowdStrike Falcon could improve the logs by making them free to the API."
"Basically, they don't cover legacy OS or applications. That's the only issue we're concerned about"
"It does take more time to scan than other solutions."
"I think there's an opportunity to enhance the AI or at least the traps to say, if something changes from this baseline, let us know and flag it."
Cisco SecureX is ranked 14th in Extended Detection and Response (XDR) with 13 reviews while CrowdStrike Falcon is ranked 1st in Extended Detection and Response (XDR) with 107 reviews. Cisco SecureX is rated 9.0, while CrowdStrike Falcon is rated 8.8. The top reviewer of Cisco SecureX writes "Gives our customers visibility and they don't have to go multiple management consoles anymore". On the other hand, the top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". Cisco SecureX is most compared with Cortex XDR by Palo Alto Networks, Trend Vision One, Splunk SOAR, Cisco Secure Network Analytics and Fortinet FortiSOAR, whereas CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and SentinelOne Singularity Complete. See our Cisco SecureX vs. CrowdStrike Falcon report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.