We performed a comparison between CrowdStrike Falcon and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, SentinelOne, CrowdStrike and others in Endpoint Detection and Response (EDR)."It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"Ability to get forensics details and also memory exfiltration."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"This is stable and scalable."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"The product detects and blocks threats and is more proactive than firewalls."
"The most valuable feature of CrowdStrike Falcon for me is its unified sensor, applicable across all models."
"CrowdStrike Falcon's most valuable features are the lightweight agent which has absolutely zero performance issues. There is no performance deterioration on the laptop on the network. It is a signature-less antivirus and anti-malware solution, it doesn't depend on signatures which better protects the systems."
"The features I like the most are the response time and the dashboard are both excellent."
"Everything is automatic. I install the sensor and renew the service. Periodically, I get a notice that they've shut something down."
"The CrowdStrike Falcon dashboard is good, and we haven't had any problems with it."
"It has definitely minimized resources. When everything was on-prem, there was a lot more work maintaining it. One of the big value tickets: I don't have lists of hundreds of exceptions for certain applications that I have to maintain, add, delete, and move. The very nature of the product has lessened my workload considerably."
"The detection is very reliable. Also, OverWatch is a great feature."
"I value the overall behavior analysis of CrowdStrike. The engine of this product is what drew us to this solution."
"We saw the granularity that we could get from Splunk far exceeded what we already had. We had the ability to have our security team really focus on the platform and stay within the platform, but they could correlate with a variety of other stakeholders, and our stakeholders were growing."
"The indexing and data collection are valuable."
"It's extremely scalable. It's a very robust solution and certainly has the capability of handling far bigger data requirements than a lot of the other tools. Generally what ends up happening with me is that my clients tend, for the most part, to be mid-tier organizations where the cost of that solutions would be accompanying requirements for people just becomes way too prohibitive. Especially considering the model that they use for costing, which is based on the volume of data. Of course, they're going to put everything including the Coke machine as the ability to collect data off of it, because of course the more they can put through the tool the more money they make."
"The solution's most valuable feature is that it helps with our use cases to detect anomalies in our data and it is important to my company since we have a lot of data on different logs on the systems."
"I like the ease with which dashboards can be created."
"The solution has plenty of features that are good."
"The data representation options in the dashboards are excellent."
"Splunk incorporates a lot of elements that help to reduce security risks. For it to reach certain compliance, we need to have some security insight. Splunk is a very good SIEM, it’s a top solution, but the best feature is its cost of visibility. We have all the most important features to detect vulnerabilities or risks."
"FortiEDR can be improved by providing more detailed reporting."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"ZTNA can improve latency."
"I haven't seen the use of AI in the solution."
"We find the solution to be a bit expensive."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"It takes about two business days for initial support, which is too slow in urgent situations."
"The solution could improve by providing more types of reports because it's in the detection span you cannot re-export anything. If it could be exported to a CSV file directly there it would help a lot. I currently need to do this by API to get what I need."
"CrowdStrike should add support for ransomware protection."
"If CrowdStrike can further expand its support for XDR compatibility, that would give it an edge over all the other competing new products."
"They need to strengthen the forensic capabilities of this product, for e-discovery."
"Support, particularly related to after-sales and after deployment, could be improved a bit. If you need to connect to support, it takes at least a day to reach the support team and get a proper reply."
"CrowdStrike Falcon could improve by adding manual scanning or serverless scanning. It is not available at this time."
"We encounter occasional issues, such as when disabling network access for a host that uses CrowdStrike."
"In the future release of CrowdStrike Falcon, they should add a sandbox feature."
"Adding custom visualization in Splunk has been improved over the years but can still be made better by integrating more and more JavaScript visualization sources."
"The solution could improve by giving more email details."
"Some of the search functions can be better. There has been a lot of talk at the conference about the update of SPL before each iteration. That will be a lot of help."
"They should make data onboarding easier."
"On-premises scaling of the solution is a bit more limited than it is on the cloud."
"Its search or filtering capability is nice, but it can be improved. It is currently a bit complicated, and it should be simplified. If we can write the search filter in a more simplified way, it would be better."
"The support and the pricing can be better"
"The support that is included with the standard licensing fee is very bad."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 107 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. CrowdStrike Falcon is rated 8.8, while Splunk Enterprise Security is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security and VMware Carbon Black Endpoint, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Microsoft Sentinel.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.