We performed a comparison between CrowdStrike Falcon and LogRhythm UEBA based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"Advanced hunting is good. I like that. We can drill down to lots of details."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"The ability to integrate and observe a more cohesive narrative across the products is crucial."
"The most valuable feature depends on the scenario. For compliance, I like Microsoft Purview Information Protection and Data Loss Prevention. Sentinel is the most helpful feature for security. 365 Defender helps us prioritize threats across an enterprise. It's a crucial feature for the managed services team."
"The product is very easy to use."
"The most valuable feature is the machine learning that they use to check certain patterns in the endpoint devices. It checks the whole ecosystem or entire environment."
"The solution is silent and sits on your system as one single agent."
"It provides very good protection and the ability to crosscheck environments."
"The most valuable feature of CrowdStrike Falcon is its accuracy. That's very important for me. False-positive are very bad for everyone. As we are a financial institution, it's even worse. I like Falcon because it's very accurate."
"The ability to execute real-time response, or, that you can connect to the agent and see exactly what processes are operating, is the most important feature of this solution."
"The features we showcase to potential customers are prevention, malware protection, zero-day protection, and application scripting. Vulnerability assessment is another valuable feature."
"This solution has made the lives of the IT staff much easier, compared to the previous one."
"The OverWatch is the most valuable feature to me. It's a 24x7 monitoring service, and when they see anything suspicious in my environment, they will investigate."
"What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."
"The solution's most valuable features are the graphical user interface and the reporting."
"LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs."
"The most valuable features are file activity monitoring and registry activity monitoring."
"It has a lot of features. It has file integration monitoring."
"The tool's most valuable feature is server threat hunting."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"It is easy to monitor users and that is how the solution is adding value to our firm."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"The price could be better. It'll also help if they can continuously update and upgrade the solution. Every day there's a new virus uploaded into the network, and we have to keep updating it to identify all these things."
"Stability could be improved by avoiding frequent changes to the interface."
"The web filtering solution needs to be improved because currently, it is very simple."
"At times, there may be delays in the execution of certain actions and their effects."
"This solution is relatively expensive."
"Technical support could be better than what is currently offered."
"The ability to receive text alerts natively in the console would be kind of cool."
"The performance could be better."
"As the company has grown, the technical support has felt less personal."
"I would like to see the machine learning feature enhanced."
"I would love to see more investment in Insight because CrowdStrike have an opportunity to potentially displace some of the vulnerability management vendors with the visibility they can see over time. I want to see them continue to evolve, e.g., what other things can they disrupt which are operational things we have to continue to do as an organization."
"The installation process for this software needs to be simplified."
"The search feature needs to be improved."
"LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users."
"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."
"What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"It would be helpful if there were more guidance provided for integrating with unsupported devices."
"The cloud version is lacking and not up to par."
"It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved."
CrowdStrike Falcon is ranked 1st in Extended Detection and Response (XDR) with 107 reviews while LogRhythm UEBA is ranked 22nd in Extended Detection and Response (XDR) with 10 reviews. CrowdStrike Falcon is rated 8.8, while LogRhythm UEBA is rated 7.2. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of LogRhythm UEBA writes "Detects unusual logins but dashboards need improvement ". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and SentinelOne Singularity Complete, whereas LogRhythm UEBA is most compared with Wazuh, Darktrace, Trend Micro Deep Discovery, Aruba IntroSpect and Microsoft Purview Insider Risk Management. See our CrowdStrike Falcon vs. LogRhythm UEBA report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
