Try our new research platform with insights from 80,000+ expert users

Darktrace vs Microsoft Defender for Endpoint comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 20, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.3
Users of Darktrace experience high returns and savings, enhanced system visibility, threat detection, and improved cybersecurity cost-effectiveness.
Sentiment score
7.3
Organizations achieve financial gains and efficiency by using Microsoft Defender, eliminating third-party solutions, and enhancing security management.
Using this solution provides financial benefits by securing from server attacks, which offers indirect savings.
Without detection and protection measures, organizations would face substantial payments and reputational damage, including the necessity to inform customers about data breaches, potentially leading to loss of business.
We have seen a return on investment when using Microsoft Defender for Endpoint, as it saves labor by reducing the need for staff to focus on it.
The biggest return on investment for me when using Microsoft Defender for Endpoint is the time saving.
 

Customer Service

Sentiment score
7.7
Darktrace's customer support is highly rated for responsiveness and proficiency, with minor improvements suggested for complex deployments and specific regions.
Sentiment score
6.6
Microsoft's Defender for Endpoint support is generally effective but experiences vary; premium options offer swift, knowledgeable assistance.
The technical support from Darktrace is of high quality.
Darktrace provides excellent technical support with a monthly meeting to review platform incidents, ensuring the system functions as expected.
The challenge lies in waiting for a response after logging a ticket.
The level-one support seems disconnected from subject matter experts.
I rate Microsoft support 10 out of 10.
Due to our size, we don't have access to direct technical support, but the knowledge base, Microsoft Learn, and the articles available are really good.
 

Scalability Issues

Sentiment score
7.6
Darktrace is highly scalable, adaptable to enterprise environments, and supports both cloud-based and on-premise expansion with careful management.
Sentiment score
7.6
Microsoft Defender for Endpoint efficiently scales with diverse enterprises, integrates seamlessly with Microsoft products, supporting growth effectively.
Darktrace has high scalability, and I would rate it a nine out of ten.
Since it's cloud-based, it expands easily.
For scalability, I would rate it an eight out of ten because they integrate with many technologies.
We managed to scale it out in a short amount of time, with two months of planning and three months of implementation on 10,000 computers.
Microsoft Defender for Endpoint is scalable enough to handle various devices across environments, whether they are laptops, Android devices, or operating in hybrid environments.
Compatibility is its main feature.
 

Stability Issues

Sentiment score
8.5
Darktrace is highly stable, reliable, with 99.9% uptime, efficient performance, and excellent monitoring, rated favorably by users.
Sentiment score
7.9
Microsoft Defender for Endpoint is praised for stability, efficiency, and low resource impact, despite minor occasional bugs.
The stability of Darktrace is excellent, rated ten out of ten.
The appliance itself has never let me down.
For stability, I would rate Darktrace an eight out of ten.
I haven't seen any outages with Microsoft.
I rate Defender 10 out of 10 for stability.
Defender for Endpoint is extremely stable.
 

Room For Improvement

Darktrace needs better integration, interface, pricing, reporting, user-friendliness, automation, documentation, and collaboration to reduce false positives and improve protection.
Microsoft Defender for Endpoint struggles with support, integration, UI, performance issues, and lacks essential features and platform support.
There is no dedicated salesperson in Egypt, and having one would help to improve focus on this market.
They say they can integrate with most firewalls, but when we did an integration with Meraki MX firewalls, that integration didn't work and still doesn't work to this day.
Darktrace could improve by integrating with email security gateways like Mimecast or Ironscales.
Repeated interactions are necessary due to Level One's lack of tools and knowledge, hindering efficient problem-solving and negatively impacting our experience with Microsoft support.
We use Microsoft partners to help govern the platform, and as part of an alliance, we want to gather data from each tenant and combine them for a complete view.
Providing more detailed information on how Microsoft Defender for Endpoint detects vulnerabilities.
 

Setup Cost

Enterprise buyers have mixed pricing perceptions of Darktrace, with costs up to $350,000 annually and flexible payment options.
Microsoft Defender for Endpoint offers cost-effective, flexible pricing options integrated with Microsoft services, including discounts for education and volume.
The product is considered expensive compared to others.
The pricing is costly in USD, and they charge based on device counts.
The licensing cost is approximately eight dollars a year.
Given our extensive Microsoft licensing, transitioning to Defender for Endpoint did not affect licensing costs.
It costs $15 per VM for the P2 plan, which is seen as affordable for customers.
The pricing, setup, and licensing were very easy and simple.
 

Valuable Features

Darktrace provides AI-driven threat detection and autonomous response, offering real-time monitoring, high visibility, and minimal human intervention.
Microsoft Defender for Endpoint offers seamless integration, real-time protection, and automated response, ensuring robust security with minimal impact.
It is capable of responding to lateral movement and ransomware deployment within environments where there is data exfiltration.
I do not need to manually process incidents as Darktrace provides an incident summary, potential detection paths, and other details, all exportable with just a click.
If I am in a data center where I don't have layer two, it becomes an issue because the autonomous response is reliant on sending spoofed TCP resets to my core switch to block traffic, which is a major issue.
Defender for Endpoint's coverage across different platforms in our environment is pretty good. We have devices running Linux, Mac OS, Windows, iOS, and Android. It covers all of them.
Microsoft Defender for Endpoint provides a unified management interface allowing customers to manage their on-premises and hybrid infrastructures from a single pane.
One of the best features of Microsoft Defender for Endpoint is its database for identifying zero-day attacks or malware attacks.
 

Categories and Ranking

Darktrace
Average Rating
8.2
Reviews Sentiment
7.2
Number of Reviews
80
Ranking in other categories
Email Security (9th), Intrusion Detection and Prevention Software (IDPS) (1st), Network Traffic Analysis (NTA) (1st), Network Detection and Response (NDR) (1st), Extended Detection and Response (XDR) (6th), AI-Powered Chatbots (2nd), Cloud Security Posture Management (CSPM) (15th), Cloud-Native Application Protection Platforms (CNAPP) (11th), Attack Surface Management (ASM) (3rd), AI-Powered Cybersecurity Platforms (2nd)
Microsoft Defender for Endp...
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
197
Ranking in other categories
Endpoint Protection Platform (EPP) (1st), Advanced Threat Protection (ATP) (2nd), Anti-Malware Tools (1st), Endpoint Detection and Response (EDR) (3rd), Microsoft Security Suite (5th)
 

Mindshare comparison

While both are Network Security Systems solutions, they serve different purposes. Darktrace is designed for Extended Detection and Response (XDR) and holds a mindshare of 9.4%, down 10.0% compared to last year.
Microsoft Defender for Endpoint, on the other hand, focuses on Endpoint Protection Platform (EPP), holds 10.8% mindshare, down 14.4% since last year.
Extended Detection and Response (XDR)
Endpoint Protection Platform (EPP)
 

Featured Reviews

Malebo Lethoba Group - PeerSpot reviewer
Have found the AI analyst and detection functions highly valuable for network operations while managing complexity in initial setup
The functions I find most valuable in Darktrace ( /products/darktrace-reviews ) are the AI analyst as well as the detection.The autonomous response capabilities of Darktrace are not crucial for me because it doesn't work in a network where there are no core switches. In a modern network, the autonomous response doesn't work, especially when sitting in a shared data center.If I'm running a traditional network where I am not in a shared data center with a layer two dedicated for my resources, then it can work for me. However, if I am in a data center where I don't have layer two, it becomes an issue because the autonomous response is reliant on sending spoofed TCP resets to my core switch to block traffic, which is a major issue.
AnuragSrivastava - PeerSpot reviewer
Provides detailed visibility into threats but the ability to add exceptions needs improvement
One major item for improvement is the ability to add exceptions. We can add some exceptions, but not at the level we need to. The second major area for improvement involves enhanced capabilities for different operating systems or platforms. That is, even though we have coverage for different operating systems or platforms such as Linux, we don't get all of the controls and enhanced capabilities that are available with Windows devices. Reporting could also be improved because, at present, we get limited results at times. For example, in an environment with more than 100,000 devices, you may just get 10,000 results when you run a report.
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
851,471 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Manufacturing Company
8%
Financial Services Firm
8%
Government
7%
Educational Organization
24%
Computer Software Company
12%
Government
7%
Financial Services Firm
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a cl...
Which is better - SentinelOne or Darktrace?
Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for organ...
What do you like most about Darktrace?
A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time.
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
Which offers better endpoint security - Symantec or Microsoft Defender?
We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution. Microsoft Defender for Endpoint is a cloud-delivered endpoint security s...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...
 

Also Known As

No data available
Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol, Allianz, KKR, AIRBUS, dpd, Billabong, Mclaren Group.
Petrofrac, Metro CSG, Christus Health
Find out what your peers are saying about CrowdStrike, SentinelOne, Wazuh and others in Extended Detection and Response (XDR). Updated: May 2025.
851,471 professionals have used our research since 2012.