We performed a comparison between Cynet and Elastic Security based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The threat intelligence is excellent."
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"Microsoft 365 Defender is a stable solution."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"The most valuable feature of this solution is the network part of it because most of the endpoint products in XDS products we find Cynet has networking user behavior analysis and network analysis, for the whole team."
"If some unusual activity happens on the network, such as I open administrator sessions in a short duration of an hour on many computers in the lab, it sends me an alert about my network saying that one user opened three, four, or five sessions in one hour. Similarly, if I try to play with the disk size on a computer, it will send me an alert, and it will also stop the operation."
"It's transparent, so it's not something where every user has to press a button to download or do the thing. It is centralized, in fact. Personally, I use Malwarebytes and other tools, which are fine for home use. Cynet is also relatively silent in terms of operation, except when it's required to act."
"I like the Cynet Correlator™ feature."
"The level of automation is very good because the majority of the time, it blocks the attacks without requiring anything from our side. The technicians don't have to do anything. They are just alerted about what happened. So, the user intelligence works quite well."
"In terms of incident response, Cynet can contain attacks, offer a trial period to customers, and uninstall if not continued. The most valuable aspect is its integration capabilities, covering endpoints and network data for a comprehensive view of threats."
"The interface is exceptionally clear and easy to understand."
"I have found the continued support and pretty much all the features to be valuable. They all stand out as being positive. It continues to detect unusual activity when it's supposed to, and so far we haven't had any issues."
"We chose the product based on the ability to scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as intensive."
"The cost is reasonable. It's not overly pricey."
"The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology."
"It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader."
"The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients."
"I like the indexing of the logs."
"It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast."
"ELK Logstash is easy and fast, at least for the initial setup with the out of box uses."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
"The solution does not offer a unified response and standard data."
"The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."
"From an integration standpoint, it is always improving overall. With Security Copilot coming out, as partners, we are waiting for the GDAP support so that we can actually see Security Copilot on behalf of customers if they subscribe to it."
"I would like to see more emphasis on building the data lake and storing all endpoint data in the enterprise data lake so that data mining can be performed"
"Automation could be improved, and orchestration could be added to the features."
"They have automated response capability, and they're moving more and more into SOAR capability. They have built-in deception technology with host-file users, phantoms, etc. We used to call them honeypots. So, they're on target. They're doing a really good job, and they should continue to improve with SOAR."
"Sometimes, it is necessary for me to make important changes to a hard drive of a computer, and because Cynet does not allow me to do that, I have to go to the console and remove the computer from the security group just for Cynet. After that, I have to wait for 10 or 15 minutes for that to take effect. I would like to be able to disable Cynet locally. I shouldn’t have to go to the console to find the PC and then take it out of the group and then add it again to the group. I should locally be able to disable Cynet on a computer with a password or something like that, but it is currently not possible."
"I think the technical support could be better."
"Most of their times are in Greenwich Mean Time. I would like to see more local time zones."
"I cannot provide more details about Cynet's automation features. While Cynet claims to be automated, the specifics of this automation are unclear. They claim to have a high capability to detect and block attacks, but I am cautious about companies that claim to solve every problem without limitations. It does help in identifying malware on the network but doesn't specifically identify vulnerabilities."
"A support center in Asia is needed."
"The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated."
"The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming."
"The training that is offered for Elastic is in need of improvement because there is no depth to it."
"I would like the process of retrieving archived data and viewing it in Kibana to be simplified."
"There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits."
"It would be better if Elastic Security had less storage for data. My customers do not like this. Other vendors have local support in different countries, but Elastic Security doesn't. I would like to have Operational Technology (OT) security in the next release."
"The solution's query building is not that intuitive compared to other solutions."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
Cynet is ranked 14th in Endpoint Detection and Response (EDR) with 35 reviews while Elastic Security is ranked 16th in Endpoint Detection and Response (EDR) with 58 reviews. Cynet is rated 8.8, while Elastic Security is rated 7.6. The top reviewer of Cynet writes "Provides memory protection, device control, and vulnerability management". On the other hand, the top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". Cynet is most compared with CrowdStrike Falcon, SentinelOne Singularity Complete, Microsoft Defender for Endpoint, ESET Endpoint Protection Platform and Cortex XDR by Palo Alto Networks, whereas Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint. See our Cynet vs. Elastic Security report.
See our list of best Endpoint Detection and Response (EDR) vendors, best Extended Detection and Response (XDR) vendors, and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.