We performed a comparison between ExtraHop Reveal(x) 360 and Forescout Platform based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like that it's fully integrated with Windows, Microsoft 365 Exchange Online, and Outlook. It is better than other antivirus solutions because it's fully integrated with all Microsoft products. It's easy to integrate them and onboard all Windows devices from SCCM."
"Defender is easy to use. It has a nice console, and everything is all in one place."
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"Its most significant advantage lies in its affordability."
"Microsoft 365 Defender is a stable solution."
"The threat intelligence is excellent."
"The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"It is scalable."
"It is very easy to collect and handle data in ExtraHop Reveal(X) Cloud. Integration with Big Data is also easy. Many of our customers integrate it with Big Data platforms like Splunk or Elastic. It is also easy to handle and easy to understand."
"It stands out for its intuitive and efficient user interface, robust detection capabilities with minimal false positives, and the ability to handle encrypted traffic, making it a valuable asset for network security and management."
"Vulnerability remediation is valuable. We can narrow down a system and its properties. We can go granular on the properties of each endpoint, such as which operating system you're using."
"I can integrate Forescout with products from multiple vendors in my environment, and also, the integration is searchable. It can be used with 802.1X and non-802.1X to integrate with my existing network. I don't need to upgrade any existing networks in my system, and I don't need to replace existing devices to integrate with Forescout. I find value in not having to spend money upgrading existing devices and networks."
"The product is very easy to work with and easy to deploy."
"The initial setup is easy, taking no more than two or three weeks."
"The 802.1X compliance authentication feature of this solution is very good."
"This solution can be used to organize guest portals, integrate switches, and create policies. Some of its standard use cases also include completing key process upgrades and anti-virus of Windows OS."
"The actions that the agentless visibility, allow us to perform on the endpoint, are really amazing, especially in the way that it is done."
"Forescout Platform is stable, it is great."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"Microsoft Defender XDR is not a full-fledged EDR or XDR."
"They can include integration with SAP. Currently, no vendor provides network performance monitoring in the SAP market. It is a very big market. We have around 400 customers for SAP in Korea. In the USA, there are more than 10,000 customers."
"A drawback includes bucket storage limitations for payload data, necessitating timely extraction for thorough investigations."
"There needs to be more support."
"The cost is too high."
"The solution does have a bit of complexity, and there's some complexity in the deployment. Users need to be trained before undertaking an initial setup."
"When adding what is in scope to a policy, it would be nice if you could select multiple policies instead of one policy at a time to add what is in the scope for network segmentation. I have found that during the install and configuration of the policies that if you want to modify multiple policies or enable multiple policies that you need to define what is in the scope (IP range or segments) one rule at a time. This caused some slow downs when implementing policies."
"Forescout needs to upgrade its development in the future."
"The reporting feature needs improvement."
"We experienced some detection issues when checking compliance for the Sophos agent."
"Multitenancy should be included in the next version so it could be used as a managed service provider."
"Two things can be improved in the Forescout Platform. First of all, the support for some certain proprietary protocols from other vendors, but they are very widely used. If the TechEx from Cisco, was added to Forescout, then it will be a full solution for me."
ExtraHop Reveal(x) 360 is ranked 23rd in Extended Detection and Response (XDR) with 3 reviews while Forescout Platform is ranked 12th in Extended Detection and Response (XDR) with 69 reviews. ExtraHop Reveal(x) 360 is rated 8.6, while Forescout Platform is rated 8.4. The top reviewer of ExtraHop Reveal(x) 360 writes "A competitive choice for network detection and response with exceptional user interface, ease of implementation and minimal false positives". On the other hand, the top reviewer of Forescout Platform writes "We can go granular on each endpoint, quarantine non-compliant machines, and target vulnerabilities through scripting". ExtraHop Reveal(x) 360 is most compared with ExtraHop Reveal(x) and Corelight, whereas Forescout Platform is most compared with Cisco ISE (Identity Services Engine), Aruba ClearPass, Fortinet FortiNAC, Nozomi Networks and Armis. See our ExtraHop Reveal(x) 360 vs. Forescout Platform report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.