We performed a comparison between CrowdStrike Falcon and LogRhythm UEBA based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."
"Microsoft 365 Defender's most valuable feature is the ability to control the shadow IP."
"The most valuable feature of all is the full integration with the rest of the software in the operating system and Office 365, as well as Microsoft SCCM. It is quite easy for us to work with the whole instance of Microsoft products. This integration improves the benefits of the whole suite of products."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"The most valuable aspect is undoubtedly the exploration capability"
"Email protection is the most valuable feature of Microsoft Defender XDR."
"I have found the ability to delete unwanted threats beneficial."
"We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence."
"The most valuable features in CrowdStrike Falcon are the full EDR with antivirus, hunting, reporting, and RTR remote control."
"CrowdStrike Falcon's most valuable features are the lightweight agent which has absolutely zero performance issues. There is no performance deterioration on the laptop on the network. It is a signature-less antivirus and anti-malware solution, it doesn't depend on signatures which better protects the systems."
"I like Falcon's threat detection and endpoint investigation features. It's a user-friendly solution."
"The detection and response console is the most valuable feature."
"It has an extremely low footprint, so it has got minimum impact on the user end points in terms of CPU and memory usage."
"Enables us to understand what processes are running on the system, what registry keys have been enabled."
"The most valuable feature is the indicator of compromise, which show you what file was either quarantined or removed."
"I like the overall reports of this solution. They are crisp, and to the point."
"LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs."
"It is easy to monitor users and that is how the solution is adding value to our firm."
"It has a lot of features. It has file integration monitoring."
"The tool's most valuable feature is server threat hunting."
"The most valuable features are file activity monitoring and registry activity monitoring."
"Good capability pinpointing specific cyber incidents."
"The solution's most valuable features are the graphical user interface and the reporting."
"What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it."
"The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"We should be able to use the product on devices like Apple, Linux, etc."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"There could be a way to proactively monitor unusual activity ."
"The support for different OS versions needs improvement because sometimes due to business conditions, updating our OS is impossible."
"CrowdStrike Falcon could improve if it became an XDR. When we look only to an end-point, we lost the context of the environment. I know it's another line of design of the product. However, if CrowdStrike becomes an XDR, it could be very good."
"The management of the solution could improve."
"We encounter occasional issues, such as when disabling network access for a host that uses CrowdStrike."
"There is room for improvement in managing multiple customer IDs."
"If CrowdStrike can further expand its support for XDR compatibility, that would give it an edge over all the other competing new products."
"The content-filtering features for children could be improved. We have young grandchildren aged 12 and 8. My daughter, their mother, wants to keep them from getting in trouble on the net. She looked at all these other solutions from Google, Microsoft, etc., and she couldn't figure out how to make any of those work. I told her that I bet CrowdStrike could handle this. Sure enough, CrowdStrike can do exactly that. It's the same solution that the Defense Department gets. It works, but it's a little complicated to implement. It could be simpler to set the policies."
"We can do a threat analysis of any machine at any time, but that threat analysis is very limited."
"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."
"The search feature needs to be improved."
"It would be helpful if there were more guidance provided for integrating with unsupported devices."
"LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"The cloud version is lacking and not up to par."
"It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved."
"What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product."
CrowdStrike Falcon is ranked 1st in Extended Detection and Response (XDR) with 107 reviews while LogRhythm UEBA is ranked 22nd in Extended Detection and Response (XDR) with 10 reviews. CrowdStrike Falcon is rated 8.8, while LogRhythm UEBA is rated 7.2. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of LogRhythm UEBA writes "Detects unusual logins but dashboards need improvement ". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and SentinelOne Singularity Complete, whereas LogRhythm UEBA is most compared with Wazuh, Darktrace, Trend Micro Deep Discovery, Aruba IntroSpect and Microsoft Purview Insider Risk Management. See our CrowdStrike Falcon vs. LogRhythm UEBA report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.