We performed a comparison between Darktrace and Microsoft Defender for Endpoint based on real PeerSpot user reviews.Find out what your peers are saying about Microsoft, Proofpoint, TitanHQ and others in Email Security.
"Microsoft Defender for Office 365 is a stable solution."
"Defender for 365 is a comprehensive cloud-based solution. The value of the cloud is that you aren't alone. Threat intelligence and analytics are shared in the cloud. We don't have to find the solution alone. If you face an unknown threat with traditional solutions like Trend Micro and Symantec, you need to open a case and send your information to them to analyze forensically and identify the source of the attack."
"I like its investigation capabilities, as that is what is most important to me. It is fairly simple with a user-friendly interface."
"It also gives me good visibility because, with Defender, I'm using a Microsoft product to defend Microsoft products. The integration was really seamless and I have wide visibility because it picks up almost everything. Literally, I can see almost every activity that happens, from the e-mail to the workstation itself."
"The most valuable feature is the integration. It's a single console, so we don't have to switch around between multiple products. Another valuable feature is the ease of operations and maintenance."
"The basic features are okay and I'm satisfied with the Defender."
"The initial setup was easy."
"Does a thorough job of examining email and URLs for malicious content."
"I have found the automation and AI features to be valuable. If someone were to come in to the office at midnight and log in, Darktrace would flag it."
"Provides great network protection."
"The most valuable feature of Darktrace is the AI that detects abnormal network activity."
"The initial setup is simple."
"The NDR is good in their solution and they have NTG for email."
"The most valuable feature is the solution's ability to trim out the false positives and point your attention to the real important stuff."
"The platform has many modules, and each module examines a different situation in the behavior."
"Technical support is helpful and responsive."
"The integration of Defender, Security Center, and the Microsoft compliance score, is the feature we use most to share the results with our clients and to create a roadmap together."
"It's great for investigating what's happening on a machine. They show a whole bunch of machine timeline events that are related to a security incident. They have quite good details on the things related to threat and vulnerability management, such as any weakness that has been disclosed publicly, assets that are exposed, and if there is an exploit active in the wild for that vulnerability. It can provide you with all such information, which is cool."
"You have endpoint security to keep your devices safe. That's the feature that we're interested in."
"The ransomware and malware protection is the most valuable feature."
"Because it has been integrated with the OS, we get the entire software inventories, and we even get access to the registries. Those are the primary features."
"This solution definitely increases our security posture. When you are reviewing your existing fleet or endpoints and based on the configuration that you put out of your Defender for Endpoint, you then receive a security score from Microsoft. Depending on what rules you have configured, what policies you have deployed, and what attack surface reduction rules that you have set up and deployed, it is almost gamifying information security in the sense that you are always trying to achieve a higher score. The more hardening you perform on your endpoints, the better score you receive. This generally tends to give you a better peace of mind, but also makes you secure at the same time."
"The performance of Microsoft Defender for Endpoint has been a valuable feature."
"In my opinion, the most valuable aspects are the reporting analytics and integration with Sentinel. Defender does an excellent job of correlating the different entities that comprise threat analysis, analytics data, and log analytics. It helps to piece together investigations into any exploit or malicious activity within a specific tenant. AI and analytics tools are probably the most valuable components."
"Microsoft security solutions work as expected. They are constantly updating the solutions to make them better. At the same time, the changes can impact a customer's environment, and we need to adjust settings. Sometimes we aren't aware of the changes, and nothing is pushed from the backend automatically."
"They can improve their security in a way where a customer can know if all their attachments are safe or not to open through a report. The solution does its job perfectly, but it never reports to the customer whether those attachments have been stopped before or not."
"Several simulation options are available within 365, and the phishing simulation could be better."
"The UI needs to be more user-friendly."
"There is room for improvement in terms of reporting."
"Too many false positives and lacks an accurate capability to detect malicious SharePoint sites."
"One area for improvement is support, in terms of being able to reach them and, especially, technical support for configuration."
"We noticed that from time to time, Microsoft's stability does have problems. Sometimes the service goes up and down. Sometimes they change without prior notice."
"The main portal needs improvement as it is difficult to use."
"It's quite expensive to have."
"I think there is some MSSP missing."
"It's a very complex platform."
"They just need to work on their price. In terms of features, we are trying to understand all the features that we have. We're still exploring everything that we have so that we can fully utilize it. At this point in time, it is not about the features. It is more about utilization. We're just trying to utilize everything to full capacity."
"There aren't so many third-party vendor platforms natively integrated with the platform."
"I was under impression that Darktrace's automatic blocking would be an out-of-the-box feature, but we had to integrate it with our firewall to get it to block automatically. The salesperson should be upfront and explain that you need to integrate it with your network. I would also like to see more reporting on risk. Banks in my region want to see at a glance the risk level of various assets."
"The initial setup is more complex and time-consuming than some solutions."
"Microsoft Defender for Endpoint could provide us with a more holistic approach, such as collaboration. They can provide us with an environment from where we can manage all the endpoints from one central location, such as overall management."
"If there were more template queries in the library, that would make it much easier. They could have basic things, like, "Where's the IP for this user?" or, "What file was downloaded from this user?" If there were more of those basic queries that would help."
"I have accounts for administrators and corporate employees, but I also have accounts for students. I can't split these types of accounts. I need a separate configuration for both... I need to research how I can get alerts for only the administrative machines."
"The time it takes to implement policies has room for improvement."
"The integration and effectiveness of email security could be better. It's already built-in to the solution and checks emails, scans the links they contain etc."
"The UI for Microsoft Defender for Endpoint needs to be better. Integration with client dashboards is also lacking in this product, e.g. client dashboards shouldn't just be viewable from the cloud, because when the client's computer is offline, you won't be able to see the client dashboard."
"If the solution could be integrated more with Defender for Cloud, to be more unified, that would help. It is good now, but even more integration could be done with Defender for Cloud. We see two different portals. If Defender for Endpoint could be ported to the CSPM, Defender for Cloud, that would make things even easier for us."
"I want Microsoft Defender to have the ability to deal with some issues automatically, so I don't need to address that issue manually."
Microsoft Defender for Office 365 is a comprehensive security solution designed to protect organizations against advanced threats in their email, collaboration, and productivity environments. It combines the power of Microsoft's threat intelligence, machine learning, and behavioral analytics to provide real-time protection against phishing, malware, ransomware, and other malicious attacks.
With Microsoft Defender for Office 365, organizations can safeguard their email communication by detecting and blocking malicious links, attachments, and unsafe email content. It employs advanced anti-phishing capabilities to identify and prevent sophisticated phishing attacks that attempt to steal sensitive information or compromise user credentials.
This solution also offers robust protection against malware and ransomware. It leverages machine learning algorithms to analyze email attachments and URLs in real-time, identifying and blocking malicious content before it reaches users' inboxes. Additionally, it provides advanced threat-hunting capabilities, allowing security teams to proactively investigate and respond to potential threats.
Microsoft Defender for Office 365 goes beyond email protection and extends its security features to other collaboration tools like SharePoint, OneDrive, and Teams. It scans files and documents stored in these platforms, ensuring that they are free from malware and other malicious content. It also provides visibility into user activities, helping organizations detect and mitigate insider threats.
Furthermore, this solution offers rich reporting and analytics capabilities, providing organizations with insights into their security posture and threat landscape. It enables security administrators to monitor and manage security incidents, track trends, and take proactive measures to enhance their overall security posture.
Darktrace (DARK.L), a global leader in cyber security artificial intelligence, delivers complete AI-powered solutions in its mission to free the world of cyber disruption. Breakthrough innovations from the Darktrace Cyber AI Research Centre in Cambridge, UK and its R&D centre in The Hague, The Netherlands have resulted in over 135 patent applications filed and significant research published to contribute to the cyber security community. Darktrace’s technology continuously learns and updates its knowledge of 'you' for an organization and applies that understanding to achieve an optimal state of cyber security. It is delivering the first ever Cyber AI Loop, fuelling a continuous end-to-end security capability that can autonomously prevent, detect, and respond to novel, in-progress threats in real time. Darktrace employs over 2,200 people around the world and protects over 8,400 organizations globally from advanced cyber-threats. It was named one of TIME magazine’s ‘Most Influential Companies’ in 2021.
LOOP overview - PREVENT, DETECT & RESPOND, HEAL
Darktrace Cyber AI Loop™
The first-ever, adaptive feedback system with a deep, interconnected understanding of the enterprise. The Darktrace Cyber AI Loop represents a first-mover innovation, creating a virtuous cycle in which each capability interacts to strengthen and harden the entire security ecosystem. It allows organizations to not just prevent, detect, respond, and heal from cyber-attacks – but to do all of these all at once.
● Empowers bespoke and continuously evolving security solutions based on mathematical models unique to each organization, regardless of size or complexity.
● Delivers an end-to-end solution accessing the core Self-Learning AI technology, which provides visibility into the entire, ever-changing digital ecosystem.
● Integrates AI engines in each product family to augment all others as the organization changes. The whole is at all times greater than the sum of the parts.
● Continually learns and updates its knowledge of how an organization operates, enabling it to spot zero days, insider threats, and novel threats that get through most defenses.
● Lifts up security teams by elevating decisions and delivering threat analysis as always-on solutions work autonomously in the background to deliver at the scale of the enterprise.
Proactive AI engine to predict and pre-empt the highest priority cyber-attacks, working inside the organization
and outside on the attack surface. Part of the Darktrace Cyber AI Loop™.
● Harden defenses proactively
● Identify and prioritize risks
● Conduct continuous around-the-clock testing
● Emulate attacks to test vulnerabilities
● Continuously communicate outcomes to the AI Loop
Darktrace DETECT™ + RESPOND™
Built on patented AI that learns you, using the unique footprints of your everyday operations to identify any unusual behavior that could indicate an attack. Responds instantly to contain any attacks detected. Part of the Darktrace Cyber AI Loop™.
● Works across entire digital ecosystem
● Protect from known and unknown attacks
● Gets stronger as it learns
● Feeds insight into the AI Loop
Darktrace/Email defends the network against malicious emails that evade the email gateway, introducing intelligent autonomous response into the flow of email traffic. Darktrace’s rich understanding of user relationships, communications, and network activity allows Darktrace/Email to quickly contextualize events, and respond only to genuine threats, stopping them before they reach the user.
Darktrace’s endpoint capability extends Darktrace Detect and Respond to those devices which have left the network, protecting them from known and novel attackers as well as mitigating the risk of accidental or intentional data theft, compliance issues, use of non-approved software etc.
Darktrace/Apps stops insider threats, account takeovers, and critical misconfigurations. As a cloud-native solution powered by AI, it can continuously analyse behaviours and relationships across diverse cloud platforms and services, from AWS and Azure, to Salesforce, Dropbox, and Office 365. This enterprise-wide context enables the system to only act on high-confidence threats as they emerge within ephemeral workloads and diverse multi-cloud environments.
Microsoft Defender for Endpoint is a comprehensive security solution that provides advanced threat protection for organizations. It offers real-time protection against various types of cyber threats, including malware, viruses, ransomware, and phishing attacks.
With its powerful machine-learning capabilities, it can detect and block sophisticated attacks before they can cause any harm. The solution also includes endpoint detection and response (EDR) capabilities, allowing organizations to quickly investigate and respond to security incidents. It provides detailed insights into the attack timeline, enabling security teams to understand the scope and impact of an incident.
Microsoft Defender for Endpoint also offers proactive threat hunting, allowing organizations to proactively search for and identify potential threats within their network. It integrates seamlessly with other Microsoft security solutions, such as Microsoft Defender XDR, to provide a unified and holistic security approach. With its centralized management console, organizations can easily deploy, configure, and monitor the security solution across their entire network.
Microsoft Defender for Endpoint is a robust and scalable security solution that helps organizations protect their endpoints and data from evolving cyber threats.
Darktrace is ranked 13th in Email Security with 39 reviews while Microsoft Defender for Endpoint is ranked 1st in EPP (Endpoint Protection for Business) with 92 reviews. Darktrace is rated 8.4, while Microsoft Defender for Endpoint is rated 8.2. The top reviewer of Darktrace writes "A stable, scalable, and valuable tool that provides excellent network monitoring". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "You can access all your security data and telemetry from a single pane of glass". Darktrace is most compared with CrowdStrike Falcon, Vectra AI, SentinelOne Singularity Complete, Cisco Secure Network Analytics and Cortex XDR by Palo Alto Networks, whereas Microsoft Defender for Endpoint is most compared with Intercept X Endpoint, Symantec Endpoint Security, CrowdStrike Falcon, SentinelOne Singularity Complete and Cortex XDR by Palo Alto Networks.
We monitor all Email Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.