We performed a comparison between Elastic Security and Microsoft Defender XDR based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Fortinet has helped free up around 20 percent of our staff's time to help us out."
"This is stable and scalable."
"The most valuable feature is the analysis, because of the beta structure."
"The product's initial setup phase is very easy."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"he solution is an anti-malware product that integrates well with other vendor products such as firewalls, SIEM, etc. It captures threat intelligence and gives you better visibility. The product also has sandboxing features."
"ELK Logstash is easy and fast, at least for the initial setup with the out of box uses."
"The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
"Elastic Security is very customizable, and the dashboards are very easy to build."
"It is scalable."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results."
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
"The comprehensiveness of Microsoft's threat detection is good."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"The most valuable feature depends on the scenario. For compliance, I like Microsoft Purview Information Protection and Data Loss Prevention. Sentinel is the most helpful feature for security. 365 Defender helps us prioritize threats across an enterprise. It's a crucial feature for the managed services team."
"The integration between all the Defender products is the most valuable feature."
"It provides a single pane of glass within the 365 admin interface, streamlining our experience by consolidating information in one place and eliminating the need to navigate through multiple interfaces."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"In Microsoft 365 vendor products, monitoring and connectivity across all Microsoft and third-party connectors enable viewing of all activity within those environments."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"It takes about two business days for initial support, which is too slow in urgent situations."
"The solution should address emerging threats like SQL injection."
"The dashboard isn't easy to access and manage."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"The tool should improve its scalability."
"Their visuals and graphs need to be better."
"The biggest challenge has been related to the implementation."
"We'd like to see some more artificial intelligence capabilities."
"There isn't really a very good user experience. You need a lot of training."
"They don't provide user authentication and authorisation features (Shield) as a part of their open-source version."
"Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"Customers say they want absolutely seamless integration between other Microsoft solutions and Defender XDR, including the ability to change device settings within the Defender portal. They need to contact the IT team responsible for the device management tools to change some settings. They would prefer that those changes be initiated directly from the Defender portal or applied from Intune without involving the IT operations team."
"The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense."
"The support could be more knowledgable to improve their offering."
"The support team is not competent or responsive."
"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."
"Stability could be improved by avoiding frequent changes to the interface."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
Elastic Security is ranked 16th in Endpoint Detection and Response (EDR) with 58 reviews while Microsoft Defender XDR is ranked 8th in Endpoint Detection and Response (EDR) with 76 reviews. Elastic Security is rated 7.6, while Microsoft Defender XDR is rated 8.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Secureworks Taegis XDR. See our Elastic Security vs. Microsoft Defender XDR report.
See our list of best Endpoint Detection and Response (EDR) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.