We performed a comparison between Microsoft Defender XDR and Symantec XDR based on real PeerSpot user reviews.
Find out what your peers are saying about CrowdStrike, SentinelOne, Wazuh and others in Extended Detection and Response (XDR).
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"There is also one dashboard that shows us the status of many controls at once and the details I can get... It gives a great overview of many areas, such as files, emails, chats, and links. Even with the apps, it gives you a great overview. In one place you can see where you should look into things more deeply..."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an attack is performed anywhere within the organization, you can isolate that instance from the network. This is what I can figure out for it. When integrated with Sentinel, you can set up playbooks to automate all the alerts gathered on Sentinel from different Microsoft solutions. Sentinel has a wider range of capabilities than XDR."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"Defender is easy to use. It has a nice console, and everything is all in one place."
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"You can advise the solution and protect your environment."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"Customers say they want absolutely seamless integration between other Microsoft solutions and Defender XDR, including the ability to change device settings within the Defender portal. They need to contact the IT team responsible for the device management tools to change some settings. They would prefer that those changes be initiated directly from the Defender portal or applied from Intune without involving the IT operations team."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"The data recovery and backup could be improved."
"The licensing is a nightmare and has room for improvement."
"The solution should have better reporting."
Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 79 reviews while Symantec XDR is ranked 26th in Extended Detection and Response (XDR) with 1 review. Microsoft Defender XDR is rated 8.4, while Symantec XDR is rated 8.0. The top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". On the other hand, the top reviewer of Symantec XDR writes "A scalable and stable solution with straightforward deployment". Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Trend Vision One, whereas Symantec XDR is most compared with Wazuh.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
