We performed a comparison between Crowdstrike Falcon and Microsoft Defender for Endpoint based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: All other things being equal, Crowdstrike Falcon is the favorite when it comes to both ease of deployment and customer service and support.
"Fortinet is very user-friendly for customers."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"Forensics is a valuable feature of Fortinet FortiEDR."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"The stability is very good."
"The solution was relatively easy to deploy."
"The most valuable feature is the analysis, because of the beta structure."
"CrowdStrike enables the infrastructure managers to visualize all the events and get information about the network."
"The CS falcon agent is a lightweight agent compared with other agents of EDR products."
"Everything we've done with CrowdStrike is due to Arctic Wolf. We don't even need to get alerts from CrowdStrike anymore. It'll send those to Arctic Wolf, and then Arctic Wolf analyzes those and let us know if there's a major issue."
"The features I like the most are the response time and the dashboard are both excellent."
"The CrowdStrike Falcon dashboard is good, and we haven't had any problems with it."
"The stability is very good."
"I have found the connection to search the hosts for detections very useful in CrowdStrike Falcon."
"The initial setup was straightforward."
"We are a Microsoft shop, and Defender is a Microsoft solution that provides some security at a reasonable cost."
"Defender for Endpoint is a robust solution that works well out-of-the-box."
"Microsoft Defender for Endpoint has been secure and there is zero maintenance required because it updates with Microsoft Windows."
"Defender is stable, I haven't had any problems with viruses when using it, and it's easy to update."
"The solution's threat protection is mostly AI and machine-learning based. That is the most important feature of the product. It also offers centralized management so I can remotely manage devices."
"Its threat intelligence feature is beneficial. This solution smoothly integrates with SIEM."
"This solution definitely increases our security posture. When you are reviewing your existing fleet or endpoints and based on the configuration that you put out of your Defender for Endpoint, you then receive a security score from Microsoft. Depending on what rules you have configured, what policies you have deployed, and what attack surface reduction rules that you have set up and deployed, it is almost gamifying information security in the sense that you are always trying to achieve a higher score. The more hardening you perform on your endpoints, the better score you receive. This generally tends to give you a better peace of mind, but also makes you secure at the same time."
"One feature I like the most is vulnerability management, which shows any vulnerable software or OS present in my environment. Microsoft Defender for Endpoint provides a complete overview and also recommends the steps to mitigate the vulnerabilities or threats. Most of the other antivirus or EDR solutions generally don't provide vulnerability management. It is an add-on that Microsoft Defender for Endpoint provides."
"ZTNA can improve latency."
"Cannot be used on mobile devices with a secure connection."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"The only minor concern is occasional interference with desired programs."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"The solution is not stable."
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"Falcon could be improved with more function on the mobile end of things and better optimization with mobile devices."
"On the firewall management side, there should be more granularity. There should also be more granularity for device control. Everything else is brilliant."
"Dashboard creation is one of the areas for improvement in CrowdStrike Falcon. Sometimes, management asks for a custom dashboard, so my team has to collect data from CrowdStrike Falcon, integrate that in Splunk, then create the dashboard in Splunk. The Splunk dashboard is more elaborate, so the CrowdStrike Falcon dashboard needs improvement. Another area for improvement in the tool is the malware detection report, as it needs to be more detailed and include some graphics so that if you want to present that data in a nutshell, it's easier to do. For example, the report should consist of some graphical representation that shows a month's worth of data. In terms of an additional feature I'd like CrowdStrike Falcon to have, it's the device posture assessment feature that detects the device posture within the network. Whichever device connects to the corporate network, my company should be able to analyze the device posture. Then there should be communication with the network, which means that as soon as a device connects, CrowdStrike Falcon can assess the device posture, detect its corporate asset, and decide whether it should be allowed on the network."
"The malware analysis could be improved, as that's what we use the solution for the most and that change would make it a better EDR tool."
"Crowdstrike Falcon XDR can improve the integration. There are some locks on the cloud to on-premise integrations."
"Tighter integration around XDR could be included."
"I have experience with a product called SentinelOne, which has a feature that allows for the customization of query languages. I would like to see such a feature for CloudStrike."
"CrowdStrike costs a little more than its competitors."
"The profiling method currently in use is not very user-friendly and has ample scope for improvement."
"Reporting could be improved. I would like to see how many security incidents occurred in the last six months, how many devices were highly exposed to security risks, and how many devices were actually compromised."
"Our team's knowledge of the solution needs to be improved, and Microsoft could do a better job conveying the necessary information to users. We could proactively use the tool more and explore capabilities we are not yet utilizing."
"Sometimes the software doesn't work the way we expect it to, and in those cases, we can't communicate with a device because it may be infected."
"The solution can be more user-friendly."
"Microsoft Defender for Endpoint can improve by making the reporting faster. It takes some time to reflect back to the administration portal of what has been updated. For example, out of 100 Computers, approximately 90 computers received updates, but when you check the administration portal over one or two days, you will only see 75, even though 90 were updated."
"In terms of the architecture of the management infrastructure, we found that other technologies are more simple. Microsoft Defender could be simpler too."
"The management console is something that can be improved."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Protect your organization from all threats - not just malware - even when computers and servers aren’t connected to the internet. Start your free trial and deploy CrowdStrike Falcon within minutes to start receiving full threat protection.
CrowdStrike Falcon is ranked 3rd in EPP (Endpoint Protection for Business) with 50 reviews while Microsoft Defender for Endpoint is ranked 1st in EPP (Endpoint Protection for Business) with 96 reviews. CrowdStrike Falcon is rated 8.6, while Microsoft Defender for Endpoint is rated 8.2. The top reviewer of CrowdStrike Falcon writes "Robust threat hunting and great ability to do on-keyboard remote response and quarantining of devices". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "You can access all your security data and telemetry from a single pane of glass". CrowdStrike Falcon is most compared with Darktrace, Trend Micro Deep Security, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks and Kaspersky Endpoint Security for Business, whereas Microsoft Defender for Endpoint is most compared with Intercept X Endpoint, Symantec Endpoint Security, SentinelOne Singularity Complete and Cortex XDR by Palo Alto Networks. See our CrowdStrike Falcon vs. Microsoft Defender for Endpoint report.
See our list of best EPP (Endpoint Protection for Business) vendors and best EDR (Endpoint Detection and Response) vendors.
We monitor all EPP (Endpoint Protection for Business) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature but on the platform, you can drill down the events to find the starter of a blocked event.
It does have basic features to whitelist programs and paths, does show you information about what kind of threat was blocked, gives you information about user logged, machine details (SO, version, serial, Mac Address, Local and WAN IP,...) and grants you with the time, the file that executed the event, allows you to group devices and define exclusion, detection, response policies based on them.
It does allow you to create specific profiles for each type of user like helpdesk analysts, managers, etc (with different access, etc).
The solution is pretty good, actually and I'm pretty happy with it. I don't have experience with Microsoft Defender for Endpoint but will do in a couple of months to update this. =]
Depends on your budget and on the conditions of a Microsoft license. If you have an M365 license (like E3 or E5), Microsoft is cheaper.
In terms of functionality, CrowdStrike is better.