Code42 Incydr vs Microsoft Defender for Endpoint comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Code42 Incydr and Microsoft Defender for Endpoint based on real PeerSpot user reviews.

Find out in this report how the two EDR (Endpoint Detection and Response) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Code42 Incydr vs. Microsoft Defender for Endpoint Report (Updated: November 2022).
656,862 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Definitely, the best feature for Cisco Secure Endpoint is the integration with Talos. On the backend, Talos checks all the signatures, all the malware, and for any attacks going on around the world... Because Secure Endpoint has a connection to it, we get protected by it right then and there.""Device Trajectory is one of the most valuable features. We're able to dig in and really understand how things came to be and where to focus our efforts.""The integration with other Cisco products seemed to be really effective. We had Umbrella in place and we were using AnyConnect as well as Firepower. Once a threat was detected, being able to do the threat lookups and the live tracking was really useful.""The biggest lesson that I have learned from using this product is that there is a lot more malware slipping through my email filters than I expected.""appreciate the File Trajectory feature, as it's excellent for an analyst or mobile analyst. I can track everything that happens on our server from my PC or device. Integration with SecureX is a welcome feature because it connects Cisco's integrated security portfolio with our complete infrastructure. Sandboxing is helpful, and integration with the Cisco environment is excellent as we use many of their products, and that's very valuable for us.""It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it.""Among the most valuable features are the exclusions. And on the scalability side, we can integrate well with the SIEM orchestration engine and a number of applications that are proprietary or open source.""The most valuable feature is its threat protection and data privacy, including its cyber attack and data protection, as we need to cover and protect data on user devices."

More Cisco Secure Endpoint Pros →

"There are a couple of things. One of them is that they have what they call Incydr. Their detection and response solution to the insider threat area is called Incydr. That gives visibility to the clients that have widely dispersed employee bases due to work from home, or that had a dispersed workforce predating any of the work from home requirements. Even though they might not be inside the organization physically, they're inside the organization. It allows us to get some visibility into what people are doing, what the context is, and how to control what might be the potential for intellectual property theft or file exposure.""Code42 Next-Gen DLP is scalable."

More Code42 Incydr Pros →

"The investigation aspect is the most useful. It's user friendly and has a good user interface.""It depends on the licensing. Most of the customers have got at least a 365 E3 license, and they can use most of the features of Windows 10 Defender. So, anyone who has got an enterprise license can start using those features. Some of the customers have got E5 licenses, and they can use all advanced features. Customers with E5 licenses use the advanced site protection (ATP) features and web content filtering without going via a proxy, which gives the benefit of replacing the proxy. They can get the benefit of MCAS and integration with Intune and the endpoint manager. It is a kind of single platform for all 365 technologies. It helps customers in managing everything through a unified portal.""It's great for investigating what's happening on a machine. They show a whole bunch of machine timeline events that are related to a security incident. They have quite good details on the things related to threat and vulnerability management, such as any weakness that has been disclosed publicly, assets that are exposed, and if there is an exploit active in the wild for that vulnerability. It can provide you with all such information, which is cool.""This solution definitely increases our security posture. When you are reviewing your existing fleet or endpoints and based on the configuration that you put out of your Defender for Endpoint, you then receive a security score from Microsoft. Depending on what rules you have configured, what policies you have deployed, and what attack surface reduction rules that you have set up and deployed, it is almost gamifying information security in the sense that you are always trying to achieve a higher score. The more hardening you perform on your endpoints, the better score you receive. This generally tends to give you a better peace of mind, but also makes you secure at the same time.""The solution provides protections and reports about strange behavior and automatically blocks some of it. I love the way that statuses are represented.""The scalability is good.""Provides good security features and you can view it in the central console.""I like the simplicity of the portal and the integration with Microsoft Intune. Microsoft Defender for Endpoint is easy to use and implement."

More Microsoft Defender for Endpoint Pros →

Cons
"In terms of the user experience, if the UX design could be much simpler [that would improve things]... if they could make it more intuitive for someone who is not an engineer so that they still can read what's going on in their webpage and understand, that would be something.""It could be improved in connection with artificial intelligence and IoT.""We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints.""The GUI needs improvement, it's not good.""In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through.""This product has issues with the number of false positives that it reports.""An easier way to do deduplication of machines, or be alerted to the fact that there's more than one instance of a machine, would be useful... That way you could get a more accurate device count, so you're not having an inflated number.""They could improve the main dashboard to more clearly show me the things that I want to see. When I open the dashboard right now, I see a million things and they are not always the things that I need."

More Cisco Secure Endpoint Cons →

"What I think could be improved is how I get support.""In a couple of instances, we had a little bit of trouble in getting it distributed throughout the organization. We ultimately managed to do it, but they talk about it being a pretty simple process, and it became a little laborious. It would just turn away. The agents were not being distributed. It was just churning and churning and churning. When we were looking for specific categories of data, it was getting bogged down, but that was not even so much Code42, although some of it was their issue."

More Code42 Incydr Cons →

"The interface could be improved.""The dashboard customization could be improved.""In terms of the architecture of the management infrastructure, we found that other technologies are more simple. Microsoft Defender could be simpler too.""There are likely some technical improvements or features that could be added, however, I cannot say, off the top of my head, what they would be.""If there were more template queries in the library, that would make it much easier. They could have basic things, like, "Where's the IP for this user?" or, "What file was downloaded from this user?" If there were more of those basic queries that would help.""Phishing and Malware detection could be better.""I personally haven't experienced any pain points, but some of my coworkers feel that it isn't secure enough.""There are some areas in the proactive threats that are just overwhelming the SOC, so we've had to turn those off until we can figure out how to filter out the false positives."

More Microsoft Defender for Endpoint Cons →

Pricing and Cost Advice
  • "Licensing fees are on a yearly basis and I am happy with the pricing."
  • "We have a license for 3,000 users and if we get up to 3,100 users, it doesn't stop working, but on the next renewal date you're supposed to go in there and add that extra 100 licenses. It's really good that they let you grow and expand and then pay for it. Sometimes, with other products, you overuse a license and they just don't work."
  • "Cisco Secure Endpoint is not too expensive and it's not cheap. It's quite fair."
  • "The price is very fair to the customer."
  • "...the licensing needs to be improved. All the product features we need are there. It's just a matter of the complexity and the different offerings and trying to figure things out."
  • "The pricing and licensing fees are okay."
  • "Because we do see the value of what it's bringing, I think they have priced it well."
  • "The solution is highly affordable; I believe we pay $2 or $3 per endpoint. It's significantly cheaper than the competitors on the market."
  • More Cisco Secure Endpoint Pricing and Cost Advice →

  • "It was expensive. It was more expensive than Eureka, and it was more expensive than Barracuda Backup, but what we got was a full team. They didn't come in and nickel and dime us. They provided the assistance we needed. They didn't say that they need to charge us for something or it is going to take another statement of work. It was all bundled into it... We pay for the software maintenance. It is probably 18% or 20% of the license fee for rev releases."
  • More Code42 Incydr Pricing and Cost Advice →

  • "It is within the same range as other products. It is not too expensive, and it is also not cheap. Its price can be better, but, well, it is Microsoft."
  • "Currently, for us, Windows Defender is free with the purchase of Windows Server. Pricing is an important point for us when we are looking at the competitors of this solution. If we choose to go with another vendor, we will have to pay some license fees."
  • "The solution is an open source version and was free with a paid version of Windows 10."
  • "This is an expensive product and licensing for all Microsoft products is a big issue."
  • "Licensing options vary. Some customers buy it as an enterprise agreement and pay yearly. Others buy it as a CSP, so they pay per month. It completely depends on the customer's needs."
  • "It's included with the Windows Operating System, I don't pay for any licensing fees."
  • "You need a license to use this solution."
  • "We have a bundle where the price includes all Microsoft products."
  • More Microsoft Defender for Endpoint Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which EDR (Endpoint Detection and Response) solutions are best for your needs.
    656,862 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:The most valuable feature is signature-based malware detection.
    Top Answer:Licensing fees are on a yearly basis and I am happy with the pricing.
    Top Answer:The GUI needs improvement, it's not good. There are false positives in emails. At times, the emails are blocked and… more »
    Top Answer:There are a couple of things. One of them is that they have what they call Incydr. Their detection and response solution… more »
    Top Answer:It was expensive. It was more expensive than Eureka, and it was more expensive than Barracuda Backup, but what we got… more »
    Top Answer:The very first thing you should do is make sure that you know exactly what you're looking for. There's a whole bunch of… more »
    Top Answer:Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface… more »
    Top Answer:We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior… more »
    Top Answer:The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push… more »
    Comparisons
    Also Known As
    Cisco AMP for Endpoints
    Code42 Next-Gen DLP, Code42 Next-Gen Data Loss Protection, Code42 Forensic File Search, Code42 Backup + Restore
    Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
    Learn More
    Overview

    Cisco Secure Endpoint is a cloud-managed endpoint security solution that provides advanced protection against viruses, malware, and other cyber threats by detecting, preventing, and responding to threats. Cisco Secure Endpoint is managed online via a web-based management console and can be deployed on a variety of platforms. It protects endpoints, networks, emails, and web traffic.

    In a world of evolving threats, it’s necessary to put security above everything. Cisco Secure Endpoint provides you with the scope, scale, and capabilities to attain effective security with its integrated portfolio and industry-leading threat intelligence. Cisco Secure Endpoint continuously tracks and analyzes files and file activities across your systems - both remote and on premises - and compares these events to other events that occurred before or during past attacks. If a file exhibits malicious behavior, the tool sends an alert which enables you to stop a potential threat from succeeding.

    Key Capabilities of Cisco Secure Endpoint

    • Multi-layered protection: Cisco Secure Endpoint combines behavioral analytics, machine learning, and signature-based techniques to prevent threats from compromising your endpoints.

    • Powerful EDR capabilities: Reduce attack surface using advanced endpoint and extended detection and response, threat hunting, and endpoint isolation.

    • Dynamic malware analysis: Identify and block attacks in real time.

    • Simplified investigations: Advanced search capabilities help you get the information you need about your endpoints fast.

    Reviews from Real Users

    Cisco Secure Endpoint stands out among its competitors for a number of reasons. Two major ones are its ability to enable developers to easily secure their endpoints with one single operation using its management console and its advanced alerting techniques.

    Tim C., an IT manager at Van Der Meer Consulting, writes, "The solution makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform. It has the ability to block right down to the file and application level across all devices based on policies, such as, blacklisting and whitelisting of software and applications. This is good. Its strength is the ability to identify threats very quickly, then lock them and the network down and block the threats across the organization and all devices, which is what you want. You don't want to be spending time working out how to block something. You want to block something very quickly, letting that flow through to all the devices and avoiding the same scenario on different operating systems."

    Wouter H., a technical team lead network & security at Missing Piece BV, notes, "Any alert that we get is an actionable alert. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. We can then choose to take any manual actions, if we want, or start our investigation. We're no longer looking at digging into information or wading through hundreds of incidents. There's a list which says where the status is assigned, e.g., under investigation or investigation finished. That is all in the console. It has taken away a lot of the administration, which we would normally be doing, and integrated it into the console for us."

    Detect file exfiltration via web browsers, USB, cloud apps, email, file link sharing, Airdrop, and more. See how files are moved and shared across your entire organization – without the need for policies, proxies or plugins. Incydr automatically identifies when files move outside your trusted environment, allowing you to easily detect when files are sent to personal accounts and unmanaged devices.

    Incydr prioritizes file activity based on 120+ contextual Incydr Risk Indicators (IRIs). This prioritization works on day 1 without any configuration. Incydr’s risk scoring logic is use case-driven and transparent to administrators. Incydr uses Watchlists to programmatically protect data from employees who are most likely to leak or steal files, such as departing employees.

    Take action with appropriate responses to contain, resolve and educate on detected risk. Use Incydr Flows or SOAR integrations to initiate response controls that are proportionate to an activity’s risk severity. You’ll stop data leaks without getting in the way of employee collaboration and sanctioned file activity.

    Improving your Insider Risk posture requires a change in employee behavior. Code42 Instructor provides bite-sized training to employees, delivered when they need it. Use Instructor in tandem with Incydr to send responsive video lessons when employees put data at risk. You’ll ensure appropriate data governance and compliance with security standards and corporate policies as well as report on the positive impact of your Insider Risk Management program.

    Founded in 2001, the company is headquartered in Minneapolis, Minnesota, and backed by Accel Partners, JMI Equity, NEA, and Split Rock Partners. For more information, visit code42.com.

    Microsoft Defender for Endpoint is a complete endpoint security solution that delivers preventative protection, post-breach detection, automated investigation, and response. With Defender for Endpoint, you have: 

    Agentless, cloud powered - No additional deployment or infrastructure. No delays or update compatibility issues. Always up to date. 

    Unparalleled optics - Built on the industry’s deepest insight into Windows threats and shared signals across devices, identities, and information. 

    Automated security - Take your security to a new level by going from alert to remediation in minutes—at scale. 

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.
    Offer
    Learn more about Cisco Secure Endpoint
    Learn more about Code42 Incydr
    Learn more about Microsoft Defender for Endpoint
    Sample Customers
    Heritage Bank, Mobile County Schools, NHL University, Thunder Bay Regional, Yokogawa Electric, Sam Houston State University, First Financial Bank
    Adobe, Okta, Samsung, Taylormade, Boston University, Lending Club, North Highland, Stanford University, Ping Identity, Qualcomm, Pandora.
    Petrofrac, Metro CSG, Christus Health
    Top Industries
    REVIEWERS
    Comms Service Provider16%
    Government11%
    Healthcare Company11%
    Manufacturing Company11%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Comms Service Provider13%
    Government8%
    Financial Services Firm7%
    REVIEWERS
    University19%
    Healthcare Company11%
    Non Profit8%
    Real Estate/Law Firm8%
    VISITORS READING REVIEWS
    Computer Software Company25%
    Comms Service Provider9%
    Financial Services Firm8%
    Government7%
    REVIEWERS
    Financial Services Firm20%
    Computer Software Company16%
    Energy/Utilities Company7%
    Manufacturing Company7%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Comms Service Provider10%
    Government9%
    Financial Services Firm8%
    Company Size
    REVIEWERS
    Small Business34%
    Midsize Enterprise23%
    Large Enterprise43%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise18%
    Large Enterprise56%
    REVIEWERS
    Small Business30%
    Midsize Enterprise32%
    Large Enterprise38%
    VISITORS READING REVIEWS
    Small Business29%
    Midsize Enterprise13%
    Large Enterprise58%
    REVIEWERS
    Small Business40%
    Midsize Enterprise17%
    Large Enterprise43%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise17%
    Large Enterprise57%
    Buyer's Guide
    Code42 Incydr vs. Microsoft Defender for Endpoint
    November 2022
    Find out what your peers are saying about Code42 Incydr vs. Microsoft Defender for Endpoint and other solutions. Updated: November 2022.
    656,862 professionals have used our research since 2012.

    Code42 Incydr is ranked 17th in EDR (Endpoint Detection and Response) with 2 reviews while Microsoft Defender for Endpoint is ranked 1st in EDR (Endpoint Detection and Response) with 122 reviews. Code42 Incydr is rated 9.6, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of Code42 Incydr writes "Provides comprehensive visibility and protection, helps in identifying the gaps in security, and comes with excellent onboarding support". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Enables ingestion of events directly into your SIEM/SOAR, but requires integration with all Defender products to work optimally". Code42 Incydr is most compared with CrowdStrike Falcon, Cortex XDR by Palo Alto Networks, Darktrace, Carbon Black CB Defense and FireEye Endpoint Security, whereas Microsoft Defender for Endpoint is most compared with Sophos Intercept X, CrowdStrike Falcon, Symantec Endpoint Security, Cortex XDR by Palo Alto Networks and Check Point Harmony Endpoint. See our Code42 Incydr vs. Microsoft Defender for Endpoint report.

    See our list of best EDR (Endpoint Detection and Response) vendors.

    We monitor all EDR (Endpoint Detection and Response) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.