Elastic Security and Microsoft Defender XDR are robust security solutions with distinct strengths. Elastic Security is renowned for its analytics and open-source model, while Microsoft Defender XDR excels in integration with Microsoft products and advanced threat detection.
Features: Elastic Security stands out in data analysis, flexibility, and integration with various data sources. Microsoft Defender XDR is noted for its seamless integration with Microsoft products, advanced threat detection, and automated response features.
Room for Improvement: Elastic Security users suggest improvements in documentation, a more intuitive learning curve, and better user accessibility. Microsoft Defender XDR users indicate a need for enhanced cross-platform visibility, a more streamlined investigation process, and improved multi-platform integration.
Ease of Deployment and Customer Service: Elastic Security's deployment can be complex and requires significant expertise, but it offers responsive customer support. Microsoft Defender XDR is generally easier to deploy, especially within environments already using Microsoft services, and has robust customer service support.
Pricing and ROI: Elastic Security is seen as cost-effective due to its open-source model but can entail higher operational costs. Microsoft Defender XDR, while potentially more expensive, is valued for providing strong ROI through its advanced features and integration capabilities.
It does not require hefty security budgets and can be deployed for enterprise security effectively.
We can quarantine and isolate a device within minutes.
Microsoft Defender XDR has saved me at least 50% of my time.
Ever since we turned on the M5 feature set back in June, we have seen a reduced number of potentially malicious clicks and faster alerting when incidents occur.
Support is prompt and helpful.
Most of the time when my team encounters issues, they receive responses within 24 hours.
You get stuck in low-level support for way longer than you should, instead of them escalating the issue up the chain.
It's critical to escalate SEV B issues immediately to a domestic engineer.
Once issues are escalated to the second or third layer, the support is much better.
It allows us to think about specific use cases, such as gathering malicious IPs in a single view and analyzing threats based on geolocation.
Microsoft Defender XDR shows tremendous scalability, much more so than on-premises solutions.
Microsoft Defender XDR scales pretty well.
It is suitable for enterprise-level deployment but has room for improvement.
In terms of stability, I would rate Elastic a solid eight out of ten.
The service has remained consistently online, with any issues isolated to specific components, suggesting a well-designed and modular architecture.
The services within our ecosystem have been reliable, meeting their SLAs.
It provides high-fidelity signals.
CrowdStrike and Defender have more established threat intelligence integration due to having a larger client base.
My security testing team continuously reports vulnerabilities, and we have to fix and update the versions frequently.
Elastic Security consumes a lot of resources, requiring a substantial deployment setup.
The licensing process needs improvement and clarification.
Improvements are needed in automated response capabilities.
Some inconsistencies exist between blades, which could be improved for a more seamless user and UI experience.
The pricing is reasonable, especially for Small Medium Enterprises (SMEs), making it a viable option for businesses building their security infrastructure.
This is beneficial for SMEs as they do not need extensive budgets for security solutions.
Elastic Security is considered cost-effective, especially at lower EPS levels.
There are certainly savings when using Microsoft Defender XDR, which can range from 30%, 40%, and even up to 50%.
I would rate the pricing as eight out of ten, indicating it is a reasonable cost for the product.
Microsoft purposefully obfuscates this through marketing ploys to hide costs.
Elastic Security offers good insight regarding alerts, reports, and cases.
Elastic Security offers advanced features such as machine learning and integration with ChatGPT.
We require rapid processing speed for alerts and event data, and Elastic Security is very efficient at handling this level of data.
With Microsoft threat intelligence information, it detects various types of threats, including insider attacks, malicious content, and data exfiltration.
This allows us to secure our systems in advance and proactively improve security, rather than waiting for incidents to occur.
Once we have it on the security dashboard, we can see a real-time storyline.
Elastic Security combines the features of a security information and event management (SIEM) system with endpoint protection, allowing organizations to detect, investigate, and respond to threats in real time. This unified approach helps reduce complexity and improve the efficiency of security operations.
Additional offerings and benefits:
Finally, Elastic Security benefits from a global community of users who contribute to its threat intelligence, helping to enhance its detection capabilities. This collaborative approach ensures that the solution remains on the cutting edge of cybersecurity, with up-to-date information on the latest threats and vulnerabilities.
Microsoft Defender XDR is a comprehensive security solution designed to protect against threats in the Microsoft 365 environment.
It offers robust security measures, comprehensive threat detection capabilities, and an efficient incident response system. With seamless integration with other Microsoft products and a user-friendly interface, it simplifies security management tasks.
Users have found it effective in detecting and preventing various types of attacks, such as phishing attempts, malware infections, and data breaches.
Watch the Microsoft demo video here: Microsoft Defender XDR demo video.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
