We performed a comparison between CrowdStrike Falcon and Elastic Security based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"The most valuable feature is the network security."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"I have found the ability to delete unwanted threats beneficial."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an attack is performed anywhere within the organization, you can isolate that instance from the network. This is what I can figure out for it. When integrated with Sentinel, you can set up playbooks to automate all the alerts gathered on Sentinel from different Microsoft solutions. Sentinel has a wider range of capabilities than XDR."
"The EDR is amazing and ease of integration with Splunk is a big plus. Integration with BigQuery is also a plus for me and workflow creation is easy. Overall, CrowdStrike Falcon is a great product."
"Overall, what I found most valuable in CrowdStrike Falcon is its good mechanism. It also has a good reporting feature. CrowdStrike Falcon is an invaluable tool because, through it, you can take quick action, for example, when an OS is missing specific patches."
"The features we showcase to potential customers are prevention, malware protection, zero-day protection, and application scripting. Vulnerability assessment is another valuable feature."
"I like the detection rates of mobile threats."
"The solution offers great stability."
"The most valuable feature of CrowdStrike Falcon is its accuracy."
"The threat intelligence is the most valuable feature."
"Everything we've done with CrowdStrike is due to Arctic Wolf. We don't even need to get alerts from CrowdStrike anymore. It'll send those to Arctic Wolf, and then Arctic Wolf analyzes those and let us know if there's a major issue."
"The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology."
"The most valuable features are the speed, detail, and visualization. It has the latest standards."
"I like the indexing of the logs."
"Enables monitoring of application performance and the ability to predict behaviors."
"It is scalable."
"The scalability is good. It can be scaled easily in the production environment."
"The feature that we have found the most valuable is scalability."
"It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"In the Microsoft Azure Portal, in Active Directory, if there is anything on the user it will provide you with the information, but you still have to go through it a bit. And sometimes, I have experienced difficulties in understanding the information, especially because the synchronization between Microsoft Intune and the devices that are connected to the user in Azure Active Directory takes a lot of time."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises."
"Falcon could be improved with more function on the mobile end of things and better optimization with mobile devices."
"Falcon could include more integrative features."
"Too many false positives."
"The current database schema presents challenges and has potential for improvement."
"I would like to see a more accurate integration and an option to check the local machine."
"The detection time has room for improvement."
"The portal can be clunky to navigate at times and has room for improvement."
"There are some aspects of the UI that could use some improvement, e.g., working in groups. I build a group, then I have to manually assign prevention policies, update policies, etc., but there is no function to copy that group. So, if I wanted to make a subgroup for troubleshooting or divide workstations into groups of laptops and desktops, then I have to manually build a brand new group. I can't just copy a build from one to another. Additionally, in order to do any work within a group, I have to first do the work on the respective prevention policy page or individual policy page, then remove the group if the group is assigned to a different prevention policy, remove the prevention policy, and then add the new one in. So, it can get a little hectic. It would be easier if I could add and remove things from the group page rather than having to go into the policy pages to do it."
"Elastic Security could improve the documentation. It would help if they were more simple and clean."
"It could use maybe a little more on the Linux side."
"Upgrades currently released as stacks when it should be a plugin or an extension to save removal and reinstallation."
"The tool should improve its scalability."
"There is room for improvement in the Kibana dashboard and in the asset management for the program."
"Email notification should be done the same way as Logentries does it."
"The solution could also use better dashboards. They need to be more graphical, more matrix-like."
"Elastic has one problem. In the past, Elastic Security was free. Now, they currently only offer the basic license or a certain period of time."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 105 reviews while Elastic Security is ranked 16th in Endpoint Detection and Response (EDR) with 58 reviews. CrowdStrike Falcon is rated 8.8, while Elastic Security is rated 7.6. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Trend Vision One, whereas Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and AlienVault OSSIM. See our CrowdStrike Falcon vs. Elastic Security report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.