CrowdStrike Falcon vs Microsoft Defender XDR comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Apr 23, 2023

We performed a comparison between Microsoft 365 Defender and CrowdStrike Falcon based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Microsoft 365 Defender’s setup is described as challenging at points, with users noting the need for more flexibility during the process. CrowdStrike Falcon’s deployment is described as very straightforward.
  • Features: Microsoft 365 Defender features an advanced threat hunting tab, allows for real-time threat management, and has an informative compliance dashboard. However, its limited integration abilities with third-party applications and vulnerability management need improvement. CrowdStrike Falcon has always-running real-time threat response capabilities, a self-explanatory UI, and endpoint monitoring. Its offline scanning ability, as well as the correlation of data in the search algorithms, need to be improved.
  • Pricing: The pricing of both solutions is described as reasonable and worthwhile, with users of CrowdStrike Falcon noting that its modular licensing can potentially be a bit expensive for smaller enterprises.
  • Service and Support: While the support teams of both solutions are generally highly rated, some users noted that the services can occasionally be subpar, depending on the agent their ticket is assigned to.
  • ROI: Users of both solutions see an ROI due to decreased detection time and reduced man-hours in incident resolving.

Comparison results: Based on the parameters we compared, CrowdStrike Falcon comes out ahead of Microsoft 365 Defender. While both offer threat-hunting and response features, 365 Defender’s inflexible third-party integration, as well as its lack of support at times leave room for improvement.

To learn more, read our detailed CrowdStrike Falcon vs. Microsoft Defender XDR Report (Updated: January 2024).
757,198 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration.""Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution.""It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward.""I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks.""Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture.""Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great.""The setup is pretty simple.""The product detects and blocks threats and is more proactive than firewalls."

More Fortinet FortiEDR Pros →

"All the features are beneficial.""I value the overall behavior analysis of CrowdStrike. The engine of this product is what drew us to this solution.""The most valuable features of Crowdstrike Falcon XDR are Spotlight and Discovery, they are helpful. Additionally, the console is user-friendly, with fewer false positives than other solutions.""The CrowdStrike Falcon agent is very lightweight. Users never complain about their PCs getting stuck and things like that.""The ability to execute real-time response, or, that you can connect to the agent and see exactly what processes are operating, is the most important feature of this solution.""Regarding features, I appreciate its integration capabilities with identity providers...Stability-wise, I rate the solution a ten out of ten.""Enables us to understand what processes are running on the system, what registry keys have been enabled.""The UI is simple and self-explanatory. Everything is easy to understand."

More CrowdStrike Falcon Pros →

"It's a very scalable tool that can be used in a very small environment or in a very large environment. Everything can be managed from a simple dashboard and can be scaled up or down depending on the customer's environment.""Defender is easy to use. It has a nice console, and everything is all in one place.""I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there.""Microsoft 365 Defender is a stable solution.""Having a single pane of glass for all Microsoft security services makes everything much easier. A security analyst can go to a single portal and see everything in one view. The integration of everything into one portal is a huge benefit.""I like that it's fully integrated with Windows, Microsoft 365 Exchange Online, and Outlook. It is better than other antivirus solutions because it's fully integrated with all Microsoft products. It's easy to integrate them and onboard all Windows devices from SCCM.""The common and advanced security policies for threat hunting and blocking attacks are valuable.""Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."

More Microsoft Defender XDR Pros →

Cons
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components.""They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller.""Cannot be used on mobile devices with a secure connection.""We'd like to see more one-to-one product presentations for the distribution channels.""FortiEDR can be improved by providing more detailed reporting.""The only minor concern is occasional interference with desired programs.""FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things.""The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."

More Fortinet FortiEDR Cons →

"I would like to see the machine learning feature enhanced.""CrowdStrike Falcon could improve by having an easier way to search and use the interface for extracting queries from the data. The interface could improve.""CrowdStrike costs a little more than its competitors.""The management of log aggregation is in need of improvement.""Technical support could be better than what is currently offered.""Support, particularly related to after-sales and after deployment, could be improved a bit. If you need to connect to support, it takes at least a day to reach the support team and get a proper reply.""The biggest issue with Falcon as a standalone product is it doesn't have very much reporting.""I think there's an opportunity to enhance the AI or at least the traps to say, if something changes from this baseline, let us know and flag it."

More CrowdStrike Falcon Cons →

"The logs could be better.""The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year.""I'd like to see a wider solution that includes not only desktop devices but also other devices, such as servers, storage cabinets, switching equipment, et cetera.""There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform.""The licensing is a nightmare and has room for improvement.""The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process.""In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals.""When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."

More Microsoft Defender XDR Cons →

Pricing and Cost Advice
  • "I know it is tough to get big budget additions up front, but I highly recommend deploying environment wide and adding the forensic service."
  • "There are no issues with the pricing."
  • "The price is comprable to other endpoint security solutions."
  • "The pricing is typical for enterprises and fairly priced."
  • "I'm not familiar with pricing, but it looks a bit costly compared to other vendors I think."
  • "The pricing is good."
  • "I would rate the solution's pricing an eight out of ten."
  • "The hardware costs about €100,000 and about €20,000 annually for access."
  • More Fortinet FortiEDR Pricing and Cost Advice →

  • "The pricing will depend upon your volume of usage."
  • "I would like them to further reduce the price, because it is quite pricey at the moment."
  • "Purchasing the product through the AWS Marketplace is just a click away. Since we were using the on-premise version of the product, we continued on the cloud by purchasing it through the AWS Marketplace."
  • "I do not have experience with the cost or licensing of the product."
  • "The other administrator and I can log in to check the exact details of what happened, what was running, and what caused the detection. We know exactly what was happening on the end users PC and we can tell if it's something that we actually need or something that's malicious."
  • "We are at about $60,000 per year."
  • "This solution has a very competitive price."
  • "Our company pays approximately US$ 65,000 annually for 900 machines."
  • More CrowdStrike Falcon Pricing and Cost Advice →

  • "The solutions price is fair for what they offer."
  • "The price could be better. Normally, the costs depend on the country you're located in for the license. When we were in the initial stage, we went with the E5 license they call premium standard. It cost us around $5.20 per month for four users."
  • "The price of the solution is high compared to others and we have lost some customers because of it."
  • "Microsoft is not competitive with the pricing of the solution. The competitors are able to offer lower discounts. The price of the solution is higher."
  • "We have a lot of problems in Latin America regarding the price of Microsoft 365 Defender, because the relationship between dollars and the money of the different countries, it's is a lot. Many customers that have small businesses say that they would like the solution but it is too expensive. However, large companies do not find the cost an issue."
  • "The most valuable licensing option is expensive, so pricing could be improved. Licensing options for this solution also need to be consolidated, because they frequently change."
  • "Microsoft should provide lower-level licensing options. They should do it in such a way that even an individual could purchase a license, and it should be entirely flexible."
  • "They have moved from a licensing model to pay-per-use... The question is: What happens if, for any reason, there's not enough budget to accept this model? That could be a great problem."
  • More Microsoft Defender XDR Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which EDR (Endpoint Detection and Response) solutions are best for your needs.
    757,198 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:I suggest Fortinet’s FortiEDR over FortiClient for several reasons. For starters, FortiEDR guarantees solid protection… more »
    Top Answer:Additionally, when it comes to EDR, there are more tools available to assist with client work.
    Top Answer:It is expensive and I would rate it an eight out of ten.
    Top Answer:Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that… more »
    Top Answer:Both of these products perform similarly and have many outstanding attributes CrowdStrike Falcon offers an amazing… more »
    Top Answer:The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push… more »
    Top Answer:The integration with other Microsoft solutions is the most valuable feature.
    Top Answer:The mobile app support for Android and iOS is difficult and needs improvement.
    Comparisons
    Also Known As
    enSilo, FortiEDR
    CrowdStrike Falcon, CrowdStrike Falcon XDR
    Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
    Learn More
    Fortinet
    Video Not Available
    CrowdStrike
    Video Not Available
    Microsoft
    Video Not Available
    Interactive Demo
    Fortinet
    Demo Not Available
    CrowdStrike
    Demo Not Available
    Overview

    Fortinet FortiEDR is a real-time endpoint protection, detection, and automated response solution. Its primary purpose is to detect advanced threats to stop breaches and ransomware damage. It is designed to do so in real time, even on an already compromised device, allowing you to respond and remediate incidents automatically so your data can remain protected.

    Fortinet FortiEDR Features

    Fortinet FortiEDR has many valuable key features, including:

    • Easily customizable
    • Real-time proactive risk mitigation & IoT security
    • Pre-infection protection
    • Post-infection protection
    • Track applications and ratings
    • Reduce the attack surface with risk-based proactive policies
    • Achieve analysis of entire log history
    • Optional managed detection and response (MDR) service

    Fortinet FortiEDR Benefits

    Some of the key benefits of using Fortinet FortiEDR include:

    • Protection: Fortinet FortiEDR provides proactive, real-time, automated endpoint protection with the orchestrated incident response across platforms. It stops the breach with real-time postinfection blocking to protect data from exfiltration and ransomware encryption.

    • Single unified console: Fortinet FortiEDR has a single unified console with an intuitive interface, which makes management easier. The solution automates mundane endpoint security tasks so your employees don’t need to do it.

    • Cost savings: With Fortinet FortiEDR you can eliminate post-breach operational expenses and breach damage costs.

    • Flexibility: Fortinet FortiEDR can be deployed on premises or on a secure cloud instance. With Fortinet FortiEDR, endpoints are protected both on- and off-line.

    • Scalability: Because Fortinet can be deployed quickly and has a small footprint, it is easy to scale up to protect hundreds of thousand endpoints.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by Fortinet FortiEDR users.

    An Owner at a security firm says, "The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers. The customer has literally about 800 cash registers. That was the use case for Fortinet FortiEDR - to get that down into a tiny space. The only way to do that was to use this product because it had that ability to unbundle services that were a surplus.”

    Chandan M., Chief Technical Officer at Provision Technologies LLP, mentions, “The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration.” He also adds, “The security is also very good and the firewall response is good.”

    Harpreet S., Information Technology Support Specialist at Chemtrade Logistics, explains, "It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."

    DeAndre V., Senior Network Administrator at a financial services firm, states, “The dashboard is easy to follow and use. The deployment and uninstalling were easy. I like the detailed information about the path of a file that might be suspicious. Being able to check that out was easy to follow. Exceptions are easy to create and the interface is easy to follow with a nice appearance.

    CrowdStrike Falcon is a comprehensive endpoint protection platform, primarily designed to meet the evolving cybersecurity needs of modern enterprises. It employs machine learning, behavioral analytics, and integrated threat intelligence to combat a wide range of cyber threats. CrowdStrike Falcon stands out for its cloud-native architecture, ensuring real-time protection and threat intelligence, essential for safeguarding dynamic environments. Its lightweight agent architecture minimizes system performance impact while offering extensive network visibility.

    CrowdStrike Falcon offers robust, user-friendly cybersecurity measures that are crucial for protecting digital assets and minimizing the risk of data breaches and cyberattacks. Its proactive threat detection and mitigation help maintain business continuity and protect brand reputation. Additionally, its scalability and ease of use contribute to cost-effectiveness by reducing the need for extensive IT resources and training. The platform's seamless integration with existing IT infrastructures makes it a versatile choice for diverse IT environments.

    During our conversations with CrowdStrike's users, they highly regard CrowdStrike Falcon for its efficiency in detecting and responding to threats, ease of use, and minimal system impact. It's praised for its comprehensive coverage, extending beyond traditional antivirus solutions, with strong customer support and continuous improvements.

    General Feedback and Recommendations:

    • Strengths: Its lightweight agent, stability, scalability, positive technical support experience, and improvements over competitors are notable strengths.
    • Weaknesses: The extraction process did not effectively capture the weaknesses, indicating a need for more precise data analysis.
    • Implementation and Usage: Insights include scalability and stability, particularly in cloud solutions, and ease of implementation without external assistance.

    Key Features and Advantages:

    1. Advanced Threat Detection and Response - utilizes sophisticated algorithms and machine learning to identify and neutralize preemptively, crucial for mitigating risks from advanced persistent threats (APTs) and zero-day exploits.
    2. Comprehensive Visibility and Insight - provides deep endpoint activity visibility, enabling IT teams to detect anomalies and respond to incidents effectively.
    3. Cloud-Native Architecture - offers scalability and flexibility, adapting to changing business needs, beneficial for organizations scaling operations or transitioning to cloud infrastructures.
    4. Integrated Threat Intelligence - backed by CrowdStrike's threat intelligence database, the platform stays ahead of attackers with continuously updated information on emerging threats.
    5. Ease of Deployment and Management - Its lightweight agent and cloud-based management console simplify deployment and management, which is practical for businesses of all sizes.
    6. Compliance and Risk Management - aids in meeting compliance requirements with thorough reporting and audit trails, essential for regulatory scrutiny.
    7. User and Entity Behavior Analytics (UEBA) - Analyzing user behavior patterns enhances detection capabilities against insider threats and compromised accounts.

    CrowdStrike Falcon offers various pricing plans based on endpoints and required features. The plans cater to different organizational sizes and needs, from basic endpoint protection to comprehensive protection with advanced capabilities. Additional features like DLP, UBA, Endpoint Sandboxing, and MDR are available, with pricing upon request.

    CrowdStrike Falcon emerges as a sophisticated solution for enterprise cybersecurity, offering advanced threat detection, scalability, and user-friendly design. It's well-suited for both IT professionals and business executives, protecting against current cyber threats and adaptable to future challenges in the cybersecurity landscape. For a more detailed understanding, especially concerning its use cases and weaknesses, a manual review of user feedback might be necessary.

    Microsoft Defender XDR is a comprehensive security solution designed to protect against threats in the Microsoft 365 environment. 

    It offers robust security measures, comprehensive threat detection capabilities, and an efficient incident response system. With seamless integration with other Microsoft products and a user-friendly interface, it simplifies security management tasks. 

    Users have found it effective in detecting and preventing various types of attacks, such as phishing attempts, malware infections, and data breaches.

    Watch the Microsoft demo video here: Microsoft Defender XDR demo video.

    Offer
    Learn more about Fortinet FortiEDR
    Get Fast and Easy Protection Against All Threats

    Protect your organization from all threats - not just malware - even when computers and servers aren’t connected to the internet. Start your free trial and deploy CrowdStrike Falcon within minutes to start receiving full threat protection.

    Learn more about Microsoft Defender XDR
    Sample Customers
    Financial, Healthcare, Legal, Technology, Enterprise, Manufacturing ... 
    Information Not Available
    Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Comms Service Provider11%
    Retailer6%
    Educational Organization6%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Government8%
    Manufacturing Company8%
    Financial Services Firm8%
    REVIEWERS
    Computer Software Company19%
    Financial Services Firm17%
    Comms Service Provider8%
    Energy/Utilities Company8%
    VISITORS READING REVIEWS
    Computer Software Company15%
    Financial Services Firm10%
    Manufacturing Company8%
    Government7%
    REVIEWERS
    Manufacturing Company15%
    Government12%
    Financial Services Firm12%
    Computer Software Company12%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm10%
    Government8%
    Manufacturing Company8%
    Company Size
    REVIEWERS
    Small Business48%
    Midsize Enterprise16%
    Large Enterprise35%
    VISITORS READING REVIEWS
    Small Business31%
    Midsize Enterprise19%
    Large Enterprise50%
    REVIEWERS
    Small Business33%
    Midsize Enterprise23%
    Large Enterprise44%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise19%
    Large Enterprise56%
    REVIEWERS
    Small Business43%
    Midsize Enterprise24%
    Large Enterprise33%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise17%
    Large Enterprise57%
    Buyer's Guide
    CrowdStrike Falcon vs. Microsoft Defender XDR
    January 2024
    Find out what your peers are saying about CrowdStrike Falcon vs. Microsoft Defender XDR and other solutions. Updated: January 2024.
    757,198 professionals have used our research since 2012.

    CrowdStrike Falcon is ranked 3rd in EDR (Endpoint Detection and Response) with 51 reviews while Microsoft Defender XDR is ranked 8th in EDR (Endpoint Detection and Response) with 62 reviews. CrowdStrike Falcon is rated 8.6, while Microsoft Defender XDR is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Robust threat hunting and great ability to do on-keyboard remote response and quarantining of devices". On the other hand, the top reviewer of Microsoft Defender XDR writes "Provides visibility, saves time, and helps with well-rounded investigations". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Cortex XDR by Palo Alto Networks, whereas Microsoft Defender XDR is most compared with Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Microsoft Sentinel, Trend Vision One and Wazuh. See our CrowdStrike Falcon vs. Microsoft Defender XDR report.

    See our list of best EDR (Endpoint Detection and Response) vendors and best Extended Detection and Response (XDR) vendors.

    We monitor all EDR (Endpoint Detection and Response) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.