We performed a comparison between Elastic Security and WatchGuard Threat Detection and Response based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The stability is very good."
"Ability to get forensics details and also memory exfiltration."
"The price is low and quite competitive with others."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"he solution is an anti-malware product that integrates well with other vendor products such as firewalls, SIEM, etc. It captures threat intelligence and gives you better visibility. The product also has sandboxing features."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"The setup is pretty simple."
"The solution is quite stable. The performance has been good."
"It's open-source and free to use."
"I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users."
"Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy."
"I use the stack every morning to check the errors and it's just so clear. I don't see any disadvantage to using Logstash."
"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
"The most valuable feature is the ability to collect authentication information from service providers."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"WatchGuard Threat Detection and Response is a reliable solution."
"When you download the executable file from the internet, it automatically sandboxes to make sure it's not doing anything incorrectly."
"I like WatchGuard's network segmentation features. It's easy to configure user policies."
"WatchGuard is very user-friendly. It provides us with all of the security services we need."
"The solution is very easy to use."
"The basic functionality is fantastic. It has been performing well. I generated a report on one machine, using that as the deployment machine. When scanning the network, it discovered machines on the network and deployed the same endpoint protection from that one machine I have on my network."
"The interface is very good."
"The most valuable feature, in my opinion, is the dimension logging platform and the network traffic filtering."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"The only minor concern is occasional interference with desired programs."
"I haven't seen the use of AI in the solution."
"The solution should address emerging threats like SQL injection."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."
"We find the solution to be a bit expensive."
"Detections could be improved."
"I think because we are a cybersecurity company, the thing that can be improved is the prebuilt tools, especially quality. Compared to its competitor, they still have fewer prebuilt security rules. Elastic Security, in terms of generating alerts, cannot group the same products into one another. Even though the alerts are the same, they still generate them one by one. So, it is very noisy in our dashboard. I would like the Elastic Security admin to group all the same alarms into one alarm so that our dashboard is not noisy."
"If you compare this with CrowdStrike or Carbon Black, they can improve."
"In terms of improvement, there could be more automation in responding to and evaluating detections."
"It could use maybe a little more on the Linux side."
"We had issues with scalability. Logstash was not scaling and aggregation was getting delayed. We moved to Fluentd making our stack from ELK to EFK."
"Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks."
"An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot."
"The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side."
"The administrative UI/UX could be significantly improved."
"The ease of detecting where an issue is should be improved."
"The reporting isn't so good. If they worked to improve this aspect of the solution, it would be much stronger."
"The website must provide more information on the product."
"When it comes to live-monitoring, the user-interface could be improved to make things easier."
"The solution is a bit confusing and there are unusual complications with setup."
"WatchGuard should offer more visibility into user activity. For example, we should have more details when WatchGuard denies a user access to a port."
"This product needs to be fully integrated with the firewall. Currently, it only sends logs to the cloud and asks the firewall to correlate them."
More WatchGuard Threat Detection and Response Pricing and Cost Advice →
Elastic Security is ranked 16th in Endpoint Detection and Response (EDR) with 58 reviews while WatchGuard Threat Detection and Response is ranked 27th in Endpoint Detection and Response (EDR) with 12 reviews. Elastic Security is rated 7.6, while WatchGuard Threat Detection and Response is rated 8.2. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of WatchGuard Threat Detection and Response writes "Offers deployment simplicity, especially for firewalls and firewall configuration and good documentation available ". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas WatchGuard Threat Detection and Response is most compared with CrowdStrike Falcon, Darktrace, SentinelOne Singularity Complete, Trend Vision One and VMware Carbon Black Endpoint. See our Elastic Security vs. WatchGuard Threat Detection and Response report.
See our list of best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
