We performed a comparison between CrowdStrike Falcon and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Defender is easy to use. It has a nice console, and everything is all in one place."
"Microsoft Defender's most critical component is its CASB solution. It has many built-in policies that can improve your organization's cloud security posture. It's effective regardless of where your users are, which is critical because most users are working from home. It's cloud-based, so nothing is on-premise."
"The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"Its most significant advantage lies in its affordability."
"Scanning, vulnerability reporting, and the dashboard are the most valuable features."
"The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
"It provides a single pane of glass within the 365 admin interface, streamlining our experience by consolidating information in one place and eliminating the need to navigate through multiple interfaces."
"It provides very good protection and the ability to crosscheck environments."
"Scalability is good. We have had no issues with it."
"It has definitely minimized resources. When everything was on-prem, there was a lot more work maintaining it. One of the big value tickets: I don't have lists of hundreds of exceptions for certain applications that I have to maintain, add, delete, and move. The very nature of the product has lessened my workload considerably."
"The solution is silent and sits on your system as one single agent."
"The stability is good; we haven't experienced any glitches or bugs."
"We are happy with CloudStrike's ease of use and touch notification."
"The managed services are distinguished, responsive, dynamic, flexible, and assertive when taking action."
"It's given me a level of confidence that my network is secure."
"The MITRE ATT&CK correlation is most valuable."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"If they support a solution, it is easy to do an integration."
"The configuration assessment and Pile integrity monitoring features are decent."
"Its cost-effectiveness is the most valuable aspect."
"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."
"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"Generally, antivirus products provide a central control to manage every device in terms of who is installing it or who is trying to disable it, but Microsoft doesn't have such a control center for the antivirus product it provides."
"The patching capability should be there. Patching is something that you cannot do even though you see the vulnerabilities present in your environment. For patching, you have to depend on another solution."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"The logs could be better."
"The management and automation of the cloud apps have room for improvement."
"The web filtering solution needs to be improved because currently, it is very simple."
"The malware analysis could be improved, as that's what we use the solution for the most and that change would make it a better EDR tool."
"The product could be more accurate in terms of performance."
"We encounter occasional issues, such as when disabling network access for a host that uses CrowdStrike."
"CrowdStrike Falcon could improve by having an easier way to search and use the interface for extracting queries from the data. The interface could improve."
"It can be expensive depending on the features you select."
"The ability to receive text alerts natively in the console would be kind of cool."
"The price is too high."
"The overall cost of CrowdStrike Falcon could be reduced."
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"Some features, like alerting, are complex with Wazuh."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
"The technical support can be improved. Wazuh has some bugs that need to be fixed. It would be good if we can have automation with respect to incidence responses."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."
"The tool does not provide CTI to monitor darknet."
"Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality."
CrowdStrike Falcon is ranked 1st in Extended Detection and Response (XDR) with 107 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. CrowdStrike Falcon is rated 8.8, while Wazuh is rated 7.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and Trellix Endpoint Security, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Cortex XDR by Palo Alto Networks. See our CrowdStrike Falcon vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.