We performed a comparison between Crowdstrike Falcon and Microsoft Defender for Endpoint based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: All other things being equal, Crowdstrike Falcon is the favorite when it comes to both ease of deployment and customer service and support.
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"Fortinet is very user-friendly for customers."
"The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"We have FortiEDR installed on all our systems. This protects them from any threats."
"This is stable and scalable."
"The product detects and blocks threats and is more proactive than firewalls."
"The most valuable aspects of CrowdStrike Falcon for me are its device observability, identification, and software and OS recognition."
"The initial setup is a very fast process."
"We are now able to find the root cause analysis on any threat. We can figure out where the issue came in versus just dealing with where it is at the moment."
"CrowdStrike Falcon is a very light solution. It does not use too much processor or RAM."
"CrowdStrike Falcon is effortless to use, and it's a cloud-specific platform. You only need to deploy the light agents on the licensed endpoints, and you're ready to work. Your dashboards will tell you the number of the endpoints being protected and the incidents. There are also incident dashboards with alerts that will tell you about the details."
"The OverWatch is the most valuable feature to me. It's a 24x7 monitoring service, and when they see anything suspicious in my environment, they will investigate."
"The most valuable feature is the indicator of compromise, which show you what file was either quarantined or removed."
"As an EDR tool, we can integrate log management and event management. The solution deals with threats automatically, that's the advantage."
"Ensures that I'm working with a product that gets updated regularly without me having to remember to do it. Since it's a Microsoft product, I'm confident that it requires a low use of system resources. The benefit of that being that my computer isn't constantly being drained."
"Microsoft Defender for Endpoint is extremely stable."
"The performance of Microsoft Defender for Endpoint has been a valuable feature."
"The solution has an easy-to-use interface, is always updated, and is user-friendly."
"The most valuable feature is that it comes with the package, so there is no additional installation of third-party software. It's also easy to use."
"The attack surface reduction rules are the most valuable. We're able to have unattended remediation actions when the solution works side by side with a local antivirus like Microsoft Defender or Kaspersky. The attack surface reduction rules help us to proactively block and stop threats."
"It's absolutely free to use."
"We use Microsoft Defender for the antivirus."
"The solution is not stable."
"The solution should address emerging threats like SQL injection."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"It takes about two business days for initial support, which is too slow in urgent situations."
"The support needs improvement."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"They need to strengthen the forensic capabilities of this product, for e-discovery."
"Falcon could include more integrative features."
"I would like to see equal support across all versions. Aside from that, I would say most of the features are there."
"CrowdStrike Falcon could improve if it became an XDR. When we look only to an end-point, we lost the context of the environment. I know it's another line of design of the product. However, if CrowdStrike becomes an XDR, it could be very good."
"On the firewall management side, there should be more granularity. There should also be more granularity for device control. Everything else is brilliant."
"The management of log aggregation is in need of improvement."
"The overall cost of CrowdStrike Falcon could be reduced."
"Support, particularly related to after-sales and after deployment, could be improved a bit. If you need to connect to support, it takes at least a day to reach the support team and get a proper reply."
"At times, the other antivirus products are now doing AI, in terms of understanding the behavior of the system and determining when there's an anomaly. This is something that Defender can improve on."
"Defender is free for one year. Once that year is over, we will switch to Kaspersky."
"A concern is ransomware, whether people can penetrate and encrypt my data or steal my credit card/banking information."
"It needs to improve the cybersecurity for lateral movements. For example, when a hacker tries to enter a machine, they try to get the password by doing a lateral movement."
"Microsoft Defender for Endpoint can use more advertising to promote their features."
"The dashboard customization could be improved."
"It makes your Surface devices hot. It is resource-intensive. It strains your CPU, not more than other file scanners around, but it also does a lot more. When you are transmitting files or data, it is continuously scanning the traffic and analyzing it bit by bit to see what's going on, and that, of course, is costly in terms of CPU. It is CPU intensive, and if you are on battery, it drains your battery fast. That's the only drawback that it has."
"Microsoft Windows Defender doesn't have a game mode."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 105 reviews while Microsoft Defender for Endpoint is ranked 1st in Endpoint Protection Platform (EPP) with 182 reviews. CrowdStrike Falcon is rated 8.8, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Darktrace, Trend Micro Deep Security, SentinelOne Singularity Complete and VMware Carbon Black Endpoint, whereas Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks and Fortinet FortiClient. See our CrowdStrike Falcon vs. Microsoft Defender for Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature but on the platform, you can drill down the events to find the starter of a blocked event.
It does have basic features to whitelist programs and paths, does show you information about what kind of threat was blocked, gives you information about user logged, machine details (SO, version, serial, Mac Address, Local and WAN IP,...) and grants you with the time, the file that executed the event, allows you to group devices and define exclusion, detection, response policies based on them.
It does allow you to create specific profiles for each type of user like helpdesk analysts, managers, etc (with different access, etc).
The solution is pretty good, actually and I'm pretty happy with it. I don't have experience with Microsoft Defender for Endpoint but will do in a couple of months to update this. =]
Depends on your budget and on the conditions of a Microsoft license. If you have an M365 license (like E3 or E5), Microsoft is cheaper.
In terms of functionality, CrowdStrike is better.