Try our new research platform with insights from 80,000+ expert users

Cisco SecureX [EOL] vs Microsoft Defender XDR comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 20, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cisco SecureX [EOL]
Average Rating
9.0
Reviews Sentiment
8.2
Number of Reviews
13
Ranking in other categories
No ranking in other categories
Microsoft Defender XDR
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
101
Ranking in other categories
Endpoint Detection and Response (EDR) (5th), Extended Detection and Response (XDR) (3rd), Microsoft Security Suite (3rd)
 

Featured Reviews

Alon K - PeerSpot reviewer
Gives our customers visibility and they don't have to go multiple management consoles anymore
One of the examples is related to forensics. The forensics are amazing because when you have enrichment, and the solutions talk with each other, when you need it, you have the ability to know everything in the organization: when, why, whatever. With just one click you have information from email, from the endpoint, from the web. Let's say that tomorrow morning, you have a ransom[ware] attack in your organization and you would like to know from which email it came, or where the customer saved the file, even though the incident didn't occur at the same moment. With SecureX, you have Cisco Threat Response inside. [With] one click, you get all of the flow. That's amazing value. That also releases resources for our customers. The customers don't have to connect many systems and try to register the event on each system, or to go to the SIEM and do a correlation. That's the one-stop shop for the customers, and that's amazing.
Gabor Nyerd - PeerSpot reviewer
Includes four services and four products, which can help organizations a lot
We found that sometimes integrations work, but testing them can take some time. Sometimes, configurations take much longer than expected. We have a configuration in place that needs to be synchronized with another server. However, the servers are four hours apart, so this can cause delays. In general, I believe that the time it takes to configure and test a service should be shorter. Sometimes, it can take a couple of hours to test a single configuration setting. Other times, it is only ten or fifteen minutes, which is normal. However, sometimes, even immediate actions can be triggered by configuration changes, and some settings can take up to eight hours to complete. I believe that this time can be improved. Microsoft is making a lot of improvements to its services in a short period of time. This is a good thing, as it means that the services are constantly being updated and improved. However, it can be challenging for customers to keep up with the changes. For example, a customer may read about an update, understand it, and share it with their colleagues and boss. However, it may take days or weeks to test the update and get the necessary approvals. This can be especially challenging for large customers with many users or machines. In some cases, Microsoft may change a service before the customer has had a chance to implement the previous update. This can be frustrating for customers, as it means that they have to constantly learn new things and adjust their workflows. On the one hand, it is important for Microsoft to keep updating and improving its services. This helps to ensure that the services are meeting the customers' needs and that they are staying ahead of the competition. Microsoft should also be mindful of the challenges that these changes can create for customers. One way to address this challenge is to provide customers with more time to implement changes. Microsoft could also provide more information about upcoming changes so that customers can plan ahead. Ultimately, Microsoft needs to strike a balance between keeping its services up-to-date and providing customers with a smooth transition to new features.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The ability to create firewalls online has been most valuable including the ability to create rules."
"Our customers find the product's third-party integrations valuable. Our customers are also impressed with the tool's capability to pick up third-party threat feeds and use that as part of the decision-making process."
"The most beneficial feature of Cisco SecureX for cybersecurity efforts is its integration with other Cisco solutions and the environment. This sets it apart, as its APIs and overall integration capabilities are very strong. Additionally, its detection capabilities are commendable."
"It has evolved a lot, just that monitoring piece to the current Orchestrator piece. The additional analytics are there. They now have something called Insight, which can basically take data from Microsoft Azure AD and Intune to give us information about our endpoints. This is detailed information about the endpoints, from Secure Endpoint and all these different products. So, it is just constantly evolving. Every time that it evolves, we have more information with more visibility. There are more features that we have that just make everything so much easier, and it is in one place. I don't have to keep going back and forth. I don't have to go to Secure Endpoint and ISE to get the data. I don't have to go to Intune on Microsoft to get the information. It is all in one place."
"SecureX takes all the separate pieces of security within your company, adds in intelligence from different sites and services on the internet, and makes them work together."
"Using SecureX, a tool provided by Cisco, we can easily integrate it with many of our other Cisco products such as Cisco ISE and many networking devices."
"The forensics are amazing because when you have enrichment, and the solutions talk with each other, when you need it, you have the ability to know everything in the organization: when, why, whatever."
"The automation and orchestration tools are the most valuable features."
"We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence."
"Microsoft 365 Defender is a stable solution."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"There is also one dashboard that shows us the status of many controls at once and the details I can get... It gives a great overview of many areas, such as files, emails, chats, and links. Even with the apps, it gives you a great overview. In one place you can see where you should look into things more deeply..."
"I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"The best feature is probably the alert generation. When I do a security reset, the other session triggers instantly from the Defender console, and I can work on it. The policies are three times, but they are also ready to install it."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
 

Cons

"The documentation can be improved and the on-prem integration. The set of applications that it was integrated with wasn't comprehensive."
"I would like it to integrate with another solution, e.g., DNA. I would like it to connect to that solution, but not the security aspect."
"One of the improvements the product needs is more integration with collaboration platforms."
"If they could make the Cisco Umbrella piece a little bit more advanced or easier to manage, that would help. We use it for filtering and when you compare it to a normal content filter, it lacks some functionality."
"The playbooks provided with the product are great, although I would appreciate having more playbooks available. Threats are constantly evolving, so having access to updated playbooks is crucial."
"The automation and orchestration could be simpler. It could be that all the other parts are that easy to use so that these stick out as a negative, but that's the trickiest part for us. The workflows within the orchestration are just a bit more difficult."
"I'm not sure that I would call it a bug, but sometimes the solution is a little slow."
"Remediation stuff could be integrated into the product's automation."
"The initial time spent setting up and configuring Defender XDR is a bit longer than the other solutions. If everything were on one portal, the platforms for managing policies or alerts would be simpler. We must automate and manage policies on Intune rather than the same portal."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"The data recovery and backup could be improved."
"The tool gives inconsistent answers and crashes a lot."
"One of the biggest downsides of Microsoft products, in general, is that the menus are often difficult to find, as they tend to move from place to place between versions."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
 

Pricing and Cost Advice

"You can spend less money for another solution, but if you really want to have a good solution you have to pay. We are happy that we are getting such a good solution for what we are spending."
"It is free. It can't get any better than that."
"Cisco SecureX is more expensive than Trend Micro. However, considering the integration capabilities with other solutions and the quality of technical support, I believe there's justification for the price difference."
"For the value you get, the pricing of the solution is excellent."
"It would be nice if they had a different pricing model. Most of our budget for projects goes towards Cisco."
"The pricing is the best part of this solution. It is free if you buy Umbrella or Duo Security. It is also a good solution."
"It comes free with all Cisco products. So, it is a good price."
"The product is absolutely free to any customer. As such, the only thing one must keep in mind is that as long as he already has one Cisco security product, irregardless of what that product is, SecureX is available for free."
"On average, we pay around 55 euros per user for the services and features we receive."
"The product is fairly priced for what we get from it."
"Microsoft Defender XDR is expensive."
"Microsoft should provide lower-level licensing options. They should do it in such a way that even an individual could purchase a license, and it should be entirely flexible."
"Purchasing Microsoft Defender XDR as part of a Microsoft 365 bundle can be cost-effective, but acquiring it as a standalone product may be more expensive."
"The price could be better. Normally, the costs depend on the country you're located in for the license. When we were in the initial stage, we went with the E5 license they call premium standard. It cost us around $5.20 per month for four users."
"We have a lot of problems in Latin America regarding the price of Microsoft 365 Defender, because the relationship between dollars and the money of the different countries, it's is a lot. Many customers that have small businesses say that they would like the solution but it is too expensive. However, large companies do not find the cost an issue."
"365 Defender is billed per account. I don't know the exact price, but my supervisor told me that Microsoft Defender is cheaper than the alternatives. It's bundled, so you get all the features in one place."
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
860,632 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
37%
Financial Services Firm
6%
Manufacturing Company
6%
Government
6%
Computer Software Company
17%
Financial Services Firm
9%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Ask a question
Earn 20 points
What do you like most about Microsoft 365 Defender?
Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise.
What is your experience regarding pricing and costs for Microsoft 365 Defender?
The pricing for Microsoft Sentinel operates on a pay-as-you-go model based on data ingestion. I recall that Defender XDR pricing is based on the number of endpoints.
What needs improvement with Microsoft 365 Defender?
For Microsoft Defender XDR ( /categories/extended-detection-and-response-xdr ), there is currently no ability to reset passwords for on-premises accounts, which is a key challenge. Incident managem...
 

Also Known As

Kenna.AppSec, Kenna.VI
Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
 

Overview

 

Sample Customers

NHS, Rackspace, UNC Pembroke, University of North Carolina at Charlotte, Missing Piece
Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in Extended Detection and Response (XDR). Updated: June 2025.
860,632 professionals have used our research since 2012.