We performed a comparison between Microsoft Defender XDR and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Defender is easy to use. It has a nice console, and everything is all in one place."
"The integration between all the Defender products is the most valuable feature."
"Advanced hunting is good. I like that. We can drill down to lots of details."
"I like that it's fully integrated with Windows, Microsoft 365 Exchange Online, and Outlook. It is better than other antivirus solutions because it's fully integrated with all Microsoft products. It's easy to integrate them and onboard all Windows devices from SCCM."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"Its most significant advantage lies in its affordability."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"It gives us the liberty to do more in terms of use cases."
"The scalability of the solution is amazing because it can collect a lot of data and you can have your own structure to monitor this data."
"Splunk Enterprise Security offers valuable features like seamless integration and a SQL-standard Structured Query Language for easy searching."
"It has the ability to correlate data, analyze and review it."
"It has a rapid response search environment in the event of an incident."
"The solution is stable and reliable."
"The most valuable feature of Splunk Enterprise Security is the comprehensive logging capabilities it provides."
"It gives us good visibility into multiple environments, including cloud, on-premises, and hybrid; irrespective of platform."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"The logs could be better."
"The management features could be improved, particularly in terms of better integration with Intune, Microsoft's cloud-based management solution."
"The management and automation of the cloud apps have room for improvement."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"I'd like to see a wider solution that includes not only desktop devices but also other devices, such as servers, storage cabinets, switching equipment, et cetera."
"Its interface could be improved."
"This solution could be improved by better pricing in general and by easier installation."
"The Web Application Firewall will send you too much information because it's more dedicated to security than a normal firewall."
"Their technical support sucks."
"The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement."
"It needs integration with a configuration management solution."
"Its pricing model and integration with third-party services can be improved. We had faced an issue with integration. The alerting feature is currently not available with Splunk, but it is definitely available with Datadog and PagerDuty. They should include this feature. A few dashboards in Splunk look quite old and are not that modern. They aren't bad, but improving these dashboards will definitely make Splunk more attractive and usable. I read in a few blog posts that there were a few security incidents related to Splunk agents. So, it can be made more secure."
"Splunk is more expensive than other solutions."
Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 78 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Microsoft Defender XDR is rated 8.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Trend Vision One, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Microsoft Sentinel. See our Microsoft Defender XDR vs. Splunk Enterprise Security report.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.