We compared Elastic Security and Microsoft Defender for Endpoint based on our user's reviews in several parameters.
Overall, users appreciate both Elastic Security and Microsoft Defender for Endpoint for their comprehensive threat protection, user-friendly interfaces, and effective incident response capabilities. Elastic Security stands out for its strong threat hunting functionalities and log management, while Microsoft Defender for Endpoint is praised for its efficient system management and reporting. Elastic Security users value its affordability and flexible licensing, while Microsoft Defender for Endpoint users highlight its reasonable pricing and seamless integration with other Microsoft products. However, Elastic Security users feel it could improve its threat monitoring capabilities and incident response system, while Microsoft Defender for Endpoint users suggest areas for enhancement such as easier navigation and improved integration with other security tools.
Features: Elastic Security is valued for its strong threat hunting functionalities, efficient log management, and seamless integration with other Elastic solutions. Microsoft Defender for Endpoint is praised for its real-time monitoring and detection, efficient system management and reporting, and seamless integration with other Microsoft products.
Pricing and ROI: The setup cost for Elastic Security is regarded positively by users, who appreciate its minimal associated costs and hassle-free experience. On the other hand, Microsoft Defender for Endpoint is also praised for its reasonable pricing, straightforward setup process, and flexible licensing options., Elastic Security's positive ROI is attributed to its tangible benefits and delivered results, while Microsoft Defender for Endpoint's success lies in its performance, effectiveness, ease of use, and real-time insights.
Room for Improvement: Elastic Security product has room for improvement in its threat monitoring capabilities, incident response system, integration with other security tools, navigation, user interface, and customizable features. Microsoft Defender for Endpoint also has areas that could be enhanced.
Deployment and customer support: The feedback on the duration to establish a new tech solution for Elastic Security varies, with users having different timeframes for deployment, setup, and implementation phases. In contrast, Microsoft Defender for Endpoint also has mixed feedback, with some users spending longer on deployment compared to others who completed both deployment and setup within a week. Looking at the context of the terms used is crucial., Customers have found Elastic Security's customer service to be helpful and supportive, while Microsoft Defender for Endpoint is praised for its efficiency, promptness, and ability to address concerns.
The summary above is based on 114 interviews we conducted recently with Elastic Security and Microsoft Defender for Endpoint users. To access the review's full transcripts, download our report.
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"Forensics is a valuable feature of Fortinet FortiEDR."
"The product's initial setup phase is very easy."
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"NGAV and EDR features are outstanding."
"The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong."
"It's not very complicated to install Elastic."
"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"ELK documentation is very good, so never needed to contact technical support."
"I like the indexing of the logs."
"The most valuable feature for me is Discover."
"It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast."
"Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy."
"I like the fact that it has the ransomware solution in there. I'm glad that the ransomware solution is built into it. That's probably the biggest thing that I see in Microsoft Defender."
"The stability keeps getting better and better."
"The fact that it's from Microsoft, you don't have many false positives, unlike products from other vendors might have."
"It's a very solid security system, and the advanced hunting and everything really lets you dive deep into things."
"The whole bundle of the product, which is similar to other Microsoft products, is valuable. Ten years ago, you had third-party stuff for different things. You had one solution for email archiving and another third-party one for something else. Nowadays, Microsoft Office covers all the stuff that was formerly covered by third-party solutions. It is the same with antivirus. The functionality is just basic. You have the scanning, and then you also have a kind of cloud-based protection and reporting about your environment. With Microsoft Security Center, you have a complete overview of your environment. You know the software inventory, and you have security recommendations. You can not only see that the antivirus is up to date; you can also see where are the vulnerabilities in your system. Microsoft Security Center tells you where you have old, deprecated software and what kind of CVEs are addressed. It's really cool stuff."
"Microsoft Defender for Endpoint is a robust platform."
"The integration of Defender, Security Center, and the Microsoft compliance score, is the feature we use most to share the results with our clients and to create a roadmap together."
"Defender is stable. The performance is good."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"The SIEM could be improved."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"It takes about two business days for initial support, which is too slow in urgent situations."
"The only minor concern is occasional interference with desired programs."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"Detections could be improved."
"The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side."
"There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits."
"Authentication is not a default in Kibana. We need to have another tool to have authentication and authorization. These two should be part of Kibana."
"Improvements in Elastic Security could include refining and normalizing queries to make them more user-friendly, enhancing the user experience with better documentation, and addressing any latency issues."
"The solution could also use better dashboards. They need to be more graphical, more matrix-like."
"Elastic Security has a steep learning curve, so it takes some time to tune it and set it up for your environment. There are some costs associated with logging things that don't have value. So you need to be cautious to only log things that make sense and keep them around for as long as you need. You shouldn't hold onto things just because you think you might need them."
"The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"Its price could be better."
"I personally haven't experienced any pain points, but some of my coworkers feel that it isn't secure enough."
"There is room to improve the security of the solution."
"They should bring back the feature of a dedicated proxy device for communication to the cloud. As of now, all the agents are required to send the logs directly to the cloud. There should be a solution where you can put a proxy and all the logs are consolidated, like a forwarder."
"The scanning is slow when it is working with incoming emails."
"The solution could improve by providing more integration."
"It can be more secure."
"My main issue with the tool is that there are too many menus. This causes a steep learning curve for those without training or unfamiliar with Defender for Endpoint. From an end-user perspective, the solution is there on the machine and does its job; it works seamlessly. However, as a security professional dealing with it behind the scenes, the learning curve can be steep, but not too steep. Still, it has taken some of my analysts up to a month to get familiar with the product."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Elastic Security is ranked 16th in Endpoint Detection and Response (EDR) with 58 reviews while Microsoft Defender for Endpoint is ranked 1st in Endpoint Detection and Response (EDR) with 182 reviews. Elastic Security is rated 7.6, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and CrowdStrike Falcon, whereas Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, CrowdStrike Falcon, SentinelOne Singularity Complete and Fortinet FortiClient. See our Elastic Security vs. Microsoft Defender for Endpoint report.
See our list of best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.