We performed a comparison between CrowdStrike Falcon and Forescout XDR based on real PeerSpot user reviews.
Find out what your peers are saying about SentinelOne, CrowdStrike, Palo Alto Networks and others in Extended Detection and Response (XDR)."The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"The most valuable feature is the network security."
"The most valuable feature of all is the full integration with the rest of the software in the operating system and Office 365, as well as Microsoft SCCM. It is quite easy for us to work with the whole instance of Microsoft products. This integration improves the benefits of the whole suite of products."
"The ability to integrate and observe a more cohesive narrative across the products is crucial."
"The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"The product integrates security into one tool instead of having third-party security tools."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"Probably the most valuable thing to me is the real-time response piece. The fact that I can connect to an endpoint as long as it is on the Internet, no matter where it is globally. I can remove files from the endpoint, drop files on the endpoint, stop processes, reboot it, run custom scripts, and deploy software. Pretty much no other tool can do all that."
"Since we deployed CrowdStrike, the network has become much calmer, and we now understand the sources of infections, which helps us prevent them from spreading."
"We are now able to find the root cause analysis on any threat. We can figure out where the issue came in versus just dealing with where it is at the moment."
"The most valuable feature is the activity dashboard because it gives you a holistic view of your environment from a security standpoint."
"The solution is silent and sits on your system as one single agent."
"It's ability to do threat hunting is really great, quite robust, and even allows you to do hygiene stuff."
"As an EDR tool, we can integrate log management and event management. The solution deals with threats automatically, that's the advantage."
"The Protect functionality on the laptops provides great visibility into what's occurring, and the cloud management of the platform is what we needed."
"The product has valuable features for cloud IoT device enhancement, intelligent threat detection, etc."
"The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging."
"Intrusion detection and prevention would be great to have with 365 Defender."
"The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"On the firewall management side, there should be more granularity. There should also be more granularity for device control. Everything else is brilliant."
"CrowdStrike Falcon by itself does not supply in-depth reporting."
"The pricing is a bit too high."
"They respond quickly on the weekdays, but the weekend response times are slower."
"There is room for improvement in managing multiple customer IDs."
"The management reporting functionality needs to be improved."
"CrowdStrike should add support for ransomware protection."
"It is cloud-based, and this does make some weary of the data being held on the cloud. Privacy requirements must be taken into account."
"The product is more expensive than other vendors in terms of features."
CrowdStrike Falcon is ranked 2nd in Extended Detection and Response (XDR) with 105 reviews while Forescout XDR is ranked 29th in Extended Detection and Response (XDR) with 1 review. CrowdStrike Falcon is rated 8.8, while Forescout XDR is rated 6.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Forescout XDR writes "Provides efficient network access control, but its support services need improvement". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Trend Vision One, whereas Forescout XDR is most compared with Arctic Wolf Managed Detection and Response.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.