We performed a comparison between Microsoft Defender XDR and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"Microsoft Defender's most critical component is its CASB solution. It has many built-in policies that can improve your organization's cloud security posture. It's effective regardless of where your users are, which is critical because most users are working from home. It's cloud-based, so nothing is on-premise."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"Aggregation searches have reduced time and difficulty of identifying trends and conditions which need to reviewed."
"The UI of Splunk makes it easier for our analysts to move around and see what they need to see."
"Search language is easy to understand and teach to new users."
"Positive features include replication capabilities, software development kits, and the architecture."
"Splunk is extremely flexible, which allows us to create custom visualizations along with other customizations."
"Splunk helps us be more proactive. We can take predictive action to identify and block threats so that nothing harmful gets into the system."
"The solution's newly developed dashboard is pretty amazing."
"Our clients use the solution to find any threats or vulnerabilities inside their environment."
"The management and automation of the cloud apps have room for improvement."
"The web filtering solution needs to be improved because currently, it is very simple."
"There are still some components, such as vulnerability management within the vendor product, where improved integration would be beneficial."
"There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the road map, and we ware waiting for that feature."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
"The support team is not competent or responsive."
"The only problem I find is that the use cases are built-in. There is no template available that you can modify according to your organization's standards. What they give is very generic, the market standard, but that might not be applicable to every organization."
"The mobile app support for Android and iOS is difficult and needs improvement."
"We had some connections issues with the solution at the beginning."
"There is a definite learning curve to starting out."
"This is a costly solution."
"We were inundated with the amount of alerts and alarms that we could get out of it. It is also a resource hog and we didn't have the resources to support it on-prem so we're taking it offline now."
"Splunk's implementation process for managing multiple indexes can be complex, especially when dealing with a large number of components."
"The biggest problem is data compression. Splunk is an outstanding product, but it is a resource hog. There should be better data compression for being able to maintain our data repositories. We end up having to buy lots of additional storage just to house our Splunk data. This is my only complaint about it."
"It is a hugely complicated product."
"It needs to improve the way to install third-party apps and enable installation without logging into splunk.com."
Microsoft Defender XDR is ranked 5th in Extended Detection and Response (XDR) with 78 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. Microsoft Defender XDR is rated 8.4, while Splunk Enterprise Security is rated 8.4. The top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Trend Vision One, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Microsoft Sentinel. See our Microsoft Defender XDR vs. Splunk Enterprise Security report.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.