We performed a comparison between CrowdStrike Falcon and Microsoft Defender for Cloud based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: CrowdStrike Falcon stands out for its minimal impact on system performance, optimal resource utilization, and precise detection of threats. Microsoft Defender for Cloud is highly regarded for its automated processes, advanced threat analysis, and extensive security measures, including protection against ransomware and access controls. CrowdStrike Falcon could benefit from adding a sandbox feature and more detailed firewall management options. Microsoft Defender for Cloud could use enhancements in automation and ease of use.
Service and Support: CrowdStrike Falcon's customer service has been commended for its promptness and assistance. Some Defender for Cloud users reported positive experiences with Microsoft, while others complained that the solution's outsourced support lacked technical knowledge.
Ease of Deployment: CrowdStrike Falcon's setup is considered to be simple and efficient, with varying deployment times ranging from a few days to a month. While there may be some challenges during installation, they are generally manageable. The initial setup of Microsoft Defender for Cloud is described as straightforward, but the deployment time may vary depending on specific requirements.
Pricing: Some users find CrowdStrike Falcon costly and think the price should be lowered to make it more competitive. Microsoft Defender for Cloud is in the mid-to-high pricing tier. While some users find it expensive, others believe it offers good value.
ROI: CrowdStrike Falcon offers cost savings by decreasing the required number of engineers and eliminating the necessity for onsite servers. Microsoft Defender for Cloud streamlines security tasks and saves users money by consolidating various solutions.
Comparison Results: Users prefer CrowdStrike Falcon over Microsoft Defender for Cloud. Users like CrowdStrike Falcon's effortless setup process and lightweight design. It provides an in-depth analysis of endpoint devices, precise threat detection, and robust defense against cyberattacks.
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"The product detects and blocks threats and is more proactive than firewalls."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"We have FortiEDR installed on all our systems. This protects them from any threats."
"The product's initial setup phase is very easy."
"The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"It is an easy product to deploy."
"The most valuable feature of CrowdStrike Falcon is its accuracy."
"The most valuable feature is that we don't need to re-image machines as much as we had to."
"It helps us to identify the threats according to the behavior of any process that is running on any particular system. It helps immensely to identify any malicious behavior on any endpoints."
"The ability to execute real-time response, or, that you can connect to the agent and see exactly what processes are operating, is the most important feature of this solution."
"We have a small IT Team, and this allows us to get sleep at night, knowing that someone else is taking care of any incidents that occur."
"The DLP is the most valuable feature of CrowdStrike Falcon."
"The 10 hours a week that we are freeing up from having to manage and monitor our AV solution has really allowed us to focus on other areas of the business. This has been a huge return on investment."
"It's got a lot of great features."
"Defender lets you orchestrate the roll-out from a single pane. Using the Azure portal, you can roll it out over all the servers covered by the entire subscription."
"Defender is a robust platform for dealing with many kinds of threats. We're protected from various threats, like viruses. Attacks can be easily minimized with this solution defending our infrastructure."
"One important security feature is the incident alerts. Now, with all these cyberattacks, there are a lot of incident alerts that get triggered. It is very difficult to keep monitoring everything automatically, instead our organization is utilizing the automated use case that we get from Microsoft. That has helped bring down the manual work for a lot of things."
"It's quite a good product. It helps to understand the infections and issues you are facing."
"One of the features that I like about the solution is it is both a hybrid cloud and also multi-cloud. We never know what company we're going to buy, and therefore we are ready to go. If they have GCP or AWS, we have support for that as well. It offers a single-panel blast across multiple clouds."
"The security alerts and correlated alerts are most valuable. It correlates the logs and gives us correlated alerts, which can be fed into any security information and event management (SIEM) tool. It is an analyzed correlation tool for monitoring security. It gives us alerts when there is any kind of unauthorized access, or when there is any malfunctioning in multifactor authentication (MFA). If our Azure is connected with Azure Security Center, we get to know what types of authentication are happening in our infra."
"Provides a very good view of the entire security setup of your organization."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"I haven't seen the use of AI in the solution."
"FortiEDR can be improved by providing more detailed reporting."
"The SIEM could be improved."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"The solution is not stable."
"Cannot be used on mobile devices with a secure connection."
"It takes about two business days for initial support, which is too slow in urgent situations."
"If CrowdStrike can further expand its support for XDR compatibility, that would give it an edge over all the other competing new products."
"The Integration with tools, SOC tools, could be better."
"CrowdStrike Falcon sometimes wrongly flags things as malicious. Let's say a user is active on Chrome only. Sometimes, our cross-segmenting will fetch from the backend data and show that it is malicious because of memory or CPU utilization."
"Support, particularly related to after-sales and after deployment, could be improved a bit. If you need to connect to support, it takes at least a day to reach the support team and get a proper reply."
"They respond quickly on the weekdays, but the weekend response times are slower."
"CrowdStrike Falcon could be enhanced by extending its security capabilities to include NDR and XDR."
"The technical support team often just replies to an issue with a link to an article rather than actually calling back and talking to someone and making sure the problem is solved. To me, that's kind of weak."
"Falcon could be improved with more function on the mobile end of things and better optimization with mobile devices."
"One of the main challenges that we have been facing with Azure Security Center is the cost. The costs are really a complex calculation, e.g., to calculate the monthly costs. Azure is calculating on an hourly basis for use of the resource. Because of this, we found it really complex to promote what will be our costs for the next couple of months. I think if Azure could reduce the complex calculation and come up with straightforward cost mapping that would be very useful from a product point of view."
"There is no perfect product in the world and there are always features that can be added."
"Pricing could be improved. There are limited options based on pricing for the government."
"For Kubernetes, I was using Azure Kubernetes Service (AKS). To see that whatever is getting deployed into AKS goes through the correct checks and balances in terms of affinities and other similar aspects and follows all the policies, we had to use a product called Stackrox. At a granular level, the built-in policies were good for Kubernetes, but to protect our containers from a coding point of view, we had to use a few other products. For example, from a programming point of view, we were using Checkmarx for static code analysis. For CIS compliance, there are no CIS benchmarks for AKS. So, we had to use other plugins to see that the CIS benchmarks are compliant. There are CIS benchmarks for Kubernetes on AWS and GCP, but there are no CIS benchmarks for AKS. So, Azure Security Center fell short from the regulatory compliance point of view, and we had to use one more product. We ended up with two different dashboards. We had Azure Security Center, and we had Stackrox that had its own dashboard. The operations team and the security team had to look at two dashboards, and they couldn't get an integrated piece. That's a drawback of Azure Security Center. Azure Security Center should provide APIs so that we can integrate its dashboard within other enterprise dashboards, such as the PowerBI dashboard. We couldn't get through these aspects, and we ended up giving Reader security permission to too many people, which was okay to some extent, but when we had to administer the users for the Stackrox portal and Azure Security Center, it became painful."
"The solution could extend its capabilities to other cloud providers. Right now, if you want to monitor a virtual machine on another cloud, you can do that. However, this cannot be done with other cloud platform services. I hope once that is available then Defender for Cloud will be a unified solution for all cloud platform services."
"The solution's portal is very easy to use, but there's one key component that is missing when it comes to managing policies. For example, if I've onboarded my server and I need to specify antivirus policies, there's no option to do that on the portal. I will have to go to Intune to deploy them. That is one main aspect that is missing and it's worrisome."
"I would like to have the ability to customize executive reporting."
"The overview provides you with good information, but if you want more details, there is a lot more customization to do, which requires knowledge of the other supporting solutions."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 107 reviews while Microsoft Defender for Cloud is ranked 3rd in Cloud Workload Protection Platforms (CWPP) with 46 reviews. CrowdStrike Falcon is rated 8.8, while Microsoft Defender for Cloud is rated 8.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Microsoft Defender for Cloud writes "Provides multi-cloud capability, is plug-and-play, and improves our security posture". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security and VMware Carbon Black Endpoint, whereas Microsoft Defender for Cloud is most compared with AWS GuardDuty, Prisma Cloud by Palo Alto Networks, Microsoft Defender XDR, Wiz and AWS Security Hub. See our CrowdStrike Falcon vs. Microsoft Defender for Cloud report.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.