We performed a comparison between Crowdstrike Falcon and Microsoft Defender for Endpoint based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: All other things being equal, Crowdstrike Falcon is the favorite when it comes to both ease of deployment and customer service and support.
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"The price is low and quite competitive with others."
"The most valuable feature is the analysis, because of the beta structure."
"he solution is an anti-malware product that integrates well with other vendor products such as firewalls, SIEM, etc. It captures threat intelligence and gives you better visibility. The product also has sandboxing features."
"NGAV and EDR features are outstanding."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"CrowdStrike Falcon is a very light solution. It does not use too much processor or RAM."
"It's very easy to set up."
"The most valuable feature is the indicator of compromise, which show you what file was either quarantined or removed."
"The feature that I find to be the most valuable, is being able to look at the system analysis and being able to baseline what is installed on the system."
"I like the Overwatch feature the most."
"As an EDR tool, we can integrate log management and event management. The solution deals with threats automatically, that's the advantage."
"The stability is good; we haven't experienced any glitches or bugs."
"We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur."
"I like that it's easy to deploy because it already comes with Windows 10. Overall, it has all the features that we need. Easy to deploy, comes with updates, and comes with Windows updates. You don't have to really manage or update the signature."
"The most valuable features are that it's easy to use and the updates are very simple."
"Real-time detection and cloud-based delivery of detections are highly efficient."
"The most important and the most relevant features of Defender for Endpoint are the malware and ransomware protection."
"There are a couple of features, such as isolating the devices or connecting the device and connecting live response."
"User-friendly, offering safety and security."
"Microsoft's technical support is fantastic."
"We have liked the fact that it comes with Microsoft Windows 10 and it is constantly updated with all new virus definitions. It is also updated with new security features on a regular basis."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."
"We find the solution to be a bit expensive."
"Detections could be improved."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"We'd like to see more one-to-one product presentations for the distribution channels."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"The management of the solution could improve."
"It does take more time to scan than other solutions."
"They should provide us with good visibility for everything."
"CrowdStrike should provide better visibility in its reporting. There should be more forensic details about detected threats."
"An improvement would be to extend support to legacy and unsupported servers."
"The malware analysis could be improved, as that's what we use the solution for the most and that change would make it a better EDR tool."
"Too many false positives."
"CrowdStrike Falcon could improve the logs by making them free to the API."
"A challenge is that it is not a multi-tenant solution. Microsoft's tenant is a licensed tenant. I'm an MSSP. So, I have multiple customers. In Microsoft's world, that means that I can't just buy an E5 license and give that out to all my customers. That won't work because all of the customer data resides within a single tenant in Microsoft's world. Other products—such as SentinelOne, Palo Alto Cortex, CrowdStrike, et cetera—are multi-tenant. So, I can have it at the top of the pyramid for my analyst to look into it and see all the customers, but each customer's data is separate. If the customer wants to look at what we see, they would only see their data, whereas in the Microsoft world, if I've got multiple customers connected to the same Microsoft tenant, they would see everybody else's data, which is a privacy problem in Europe. It is not possible to share the data, and it is a breach of privacy."
"It's not quite a mature solution just yet. It needs more time to grow and develop."
"The time to generate certain alerts on our dashboard can take between 45 minutes to an hour, and I am unsure of the factors that influence this duration."
"The system can always be simplified and have a better integration check. More detailed reports would be good. When it does the integrated check, it just shows if the system is okay but I want to know what happened."
"With increase of cyber threats and cybersecurity issues, I would recommend that the product be developed like an AI product with more features which can counter any threat in the coming eras."
"This solution is not secure, which is why I have moved to Linux."
"Defender is free for one year. Once that year is over, we will switch to Kaspersky."
"The documentation could be better. When they update their manuals, sometimes they refer to products by their old names, so it is a little confusing. For example, the documentation might still say "Advanced Threat Protection" instead of Defender for Endpoint."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Protect your organization from all threats - not just malware - even when computers and servers aren’t connected to the internet. Start your free trial and deploy CrowdStrike Falcon within minutes to start receiving full threat protection.
CrowdStrike Falcon is ranked 3rd in EPP (Endpoint Protection for Business) with 101 reviews while Microsoft Defender for Endpoint is ranked 1st in EPP (Endpoint Protection for Business) with 182 reviews. CrowdStrike Falcon is rated 8.6, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Darktrace, Trend Micro Deep Security, SentinelOne Singularity Complete and Trend Vision One, whereas Microsoft Defender for Endpoint is most compared with Intercept X Endpoint, Symantec Endpoint Security, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks and Fortinet FortiClient. See our CrowdStrike Falcon vs. Microsoft Defender for Endpoint report.
See our list of best EPP (Endpoint Protection for Business) vendors and best EDR (Endpoint Detection and Response) vendors.
We monitor all EPP (Endpoint Protection for Business) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature but on the platform, you can drill down the events to find the starter of a blocked event.
It does have basic features to whitelist programs and paths, does show you information about what kind of threat was blocked, gives you information about user logged, machine details (SO, version, serial, Mac Address, Local and WAN IP,...) and grants you with the time, the file that executed the event, allows you to group devices and define exclusion, detection, response policies based on them.
It does allow you to create specific profiles for each type of user like helpdesk analysts, managers, etc (with different access, etc).
The solution is pretty good, actually and I'm pretty happy with it. I don't have experience with Microsoft Defender for Endpoint but will do in a couple of months to update this. =]
Depends on your budget and on the conditions of a Microsoft license. If you have an M365 license (like E3 or E5), Microsoft is cheaper.
In terms of functionality, CrowdStrike is better.