No more typing reviews! Try our Samantha, our new voice AI agent.

Kaspersky Anti Targeted Attack vs Microsoft Defender for Endpoint comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 9, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Kaspersky Anti Targeted Attack
Average Rating
6.6
Reviews Sentiment
6.1
Number of Reviews
6
Ranking in other categories
Network Traffic Analysis (NTA) (24th), Network Detection and Response (NDR) (27th)
Microsoft Defender for Endp...
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
212
Ranking in other categories
Endpoint Protection Platform (EPP) (1st), Advanced Threat Protection (ATP) (5th), Anti-Malware Tools (1st), Endpoint Detection and Response (EDR) (3rd), Microsoft Security Suite (3rd)
 

Mindshare comparison

While both are Network Security Systems solutions, they serve different purposes. Kaspersky Anti Targeted Attack is designed for Network Traffic Analysis (NTA) and holds a mindshare of 1.3%, up 0.6% compared to last year.
Microsoft Defender for Endpoint, on the other hand, focuses on Endpoint Protection Platform (EPP), holds 6.8% mindshare, down 10.5% since last year.
Network Traffic Analysis (NTA) Mindshare Distribution
ProductMindshare (%)
Kaspersky Anti Targeted Attack1.3%
Darktrace15.6%
Cisco Secure Network Analytics8.8%
Other74.3%
Network Traffic Analysis (NTA)
Endpoint Protection Platform (EPP) Mindshare Distribution
ProductMindshare (%)
Microsoft Defender for Endpoint6.8%
CrowdStrike Falcon5.9%
SentinelOne Singularity Endpoint4.7%
Other82.6%
Endpoint Protection Platform (EPP)
 

Featured Reviews

FarkhundAbbas - PeerSpot reviewer
Security Engineer at adcb
The tool provides excellent sandboxing and email security features, but the backup and recovery features are not good
If my primary solution is down, no backup solution is available to restore it. It is one of the biggest weaknesses of the platform. If I need to update the solution, there is no option to pick the events and the logs from it and deploy it in another solution. The backup and recovery features of the product are not good. I need backup. If the tool is down for some time, I cannot get the logs at that particular time.
Robert Arbuckle - PeerSpot reviewer
Security Analyst III at a healthcare company with 10,001+ employees
Automatically isolates threats and integrates with logging to reduce response time
Overall, I would evaluate the Microsoft support level that I receive at probably about a seven, but that depends on the day. It has been spotty. We have had issues where the urgency level of the Microsoft support is not as high as ours, especially during a data breach or potential data breach situation. We have had issues with some of the offshore support being lackluster. One specific thing that comes to mind is we were on a support call with our CISO on the call, and the Microsoft agent, who did not actually work for Microsoft, is one of the vendors that Microsoft uses for support, said, "Just to set expectations, my lunch break is in an hour and I am going to go away then." For us, it was already ten o'clock at night and we had been working on this for a couple of hours, trying to get a security engineer on with us. For him to tell us that he was going to go away and have lunch, it was, "Okay, but go find somebody else if you need to." It was just the lackluster approach, and it seemed like he did not really care. We seem to get a lot of this when we get non-Microsoft support. I can identify areas for improvement with Microsoft Defender for Endpoint, as it is kind of a convoluted mess to try to take care of false positives. Especially when they have been identified as false positives but they keep going off over and over again. It is great for my pocketbook because it generates a lot of on-call action, but I would really prefer more sleep at two o'clock in the morning than dealing with false positives. I would say that the unified portal for managing Microsoft Defender for Endpoint is suitable for both teams as they are all in there. It would be great if they would stop moving things around and renaming things, which makes sense. The new XDR portal is pretty nice. Being able to have it central again inside of the regular Security Center without having to open up two windows is helpful. Overall, I think it is pretty good. There is always going to be something that could be improved, such as alerting and the ability to modify alerts would be a little bit helpful to have. Being able to add more data into the alerts and turn off alerts that are not as useful would be beneficial. It is hard to say what the quantitative impact the security exposure management feature has had on our company's security, because a lot of it is kind of subjective. I think we are sitting at around a fifty percent score still, and a lot of it is just kind of unusual circumstances that we cannot really implement without breaking the organization.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution is very easy to use. Its interface is very simple, and you can build IOC's indicators. You can use your rules to detect these attacks because you can leverage threat intelligence. Y"
"The product's deployment phase is easy."
"I feel the anti-ransomware update is one of the tool's valuable features."
"The Kaspersky Anti-Targeted Attack Platform provides visibility into telemetry data, enabling comprehensive monitoring of environmental activities."
"Kaspersky Anti-Targeted Attack Platform is stable and runs all the time."
"The most valuable use is detailing metadata collection from the endpoint and network."
"The email security feature is really good."
"It speeds up our process of detecting vulnerabilities and threats, has significantly reduced the amount of time to respond to threats and manage threats, has definitely improved our security, and also helped us in reducing management costs."
"The most important and the most relevant features of Defender for Endpoint are the malware and ransomware protection."
"Microsoft Defender for Endpoint has changed significantly for the better."
"Since we started using this product, we have not had any breaches."
"There is no licensing fee, as Microsoft Defender for Endpoint comes included with the Windows license."
"One of the main features is the solution is very light on resources and we do not have any problems with it."
"You get what you pay for, it's an integrated solution, and there isn't a better one on the market."
"I enjoy using the live response feature, which allows me to remotely access different endpoints and investigate malicious files, such as malware that people may have downloaded, and other related issues."
 

Cons

"I think the tool is still not really good enough for integration compared to other products."
"The solution lacks cloud integrations."
"The blind spot or gap in the platform is network analysis functionality."
"The backup and recovery features of the product are not good."
"Kaspersky Anti-Targeted Attack Platform is not a good product. We had problems with endpoints and the solution did not detect it. We didn't get any alerts about the attack."
"In some of the places I have come across, even though they use Kaspersky, the ransomware enters their system."
"Microsoft Defender for Endpoint does not offer default templates for alerts, requiring us to configure everything ourselves to avoid numerous false positives."
"The solution has minimal customization options, especially compared to Mandiant, so we want to see more scope for customization. A single portal for customization would also be a welcome addition."
"They should bring back the feature of a dedicated proxy device for communication to the cloud. As of now, all the agents are required to send the logs directly to the cloud. There should be a solution where you can put a proxy and all the logs are consolidated, like a forwarder."
"The pricing could be a bit better."
"Other vendors provide a lot of customization when it comes to integration, which every big organization requires. No big organization depends on one particular tool. Defender lacks that at this point."
"Something that is unique to Microsoft is its licensing model. When you go out and you buy McAfee or Symantec, you know what you're getting out of the box, but with Microsoft, often, when you're looking to achieve a certain set of capabilities, those capabilities are spread across different products. You might try to do something you could do with CrowdStrike, but then find out that you also need to purchase Microsoft Defender for Identity or Microsoft Defender for Azure. You realize that when they talk about what they can offer within the Microsoft platform, it's really the suite of investments. So, sometimes, you may find yourself buying Defender for Endpoint thinking that it matches CrowdStrike, but then you find that Microsoft really needs to sell you something else. One plus one will equal three, but when you have a very concise platform, such as CrowdStrike, you know what you're going to get."
"It makes your Surface devices hot. It is resource-intensive. It strains your CPU, not more than other file scanners around, but it also does a lot more. When you are transmitting files or data, it is continuously scanning the traffic and analyzing it bit by bit to see what's going on, and that, of course, is costly in terms of CPU. It is CPU intensive, and if you are on battery, it drains your battery fast. That's the only drawback that it has."
"Localization is always a challenge, especially with new products you typically want."
 

Pricing and Cost Advice

"Kaspersky Anti-Targeted Attack Platform is cheap."
"Kaspersky is one of the cheaper solutions."
"The solution has competitive pricing."
"It is built into Windows 10. If our clients are using Microsoft Defender, the cost goes away for them."
"It isn't cheap, but it's reasonable and fair."
"The pricing is competitive."
"It is so expensive. It isn't cheaper than McAfee or other solutions."
"If we are acquiring everything in a single place, the front end becomes cost-effective."
"The normal, standalone model, is not expensive, but the enterprise model that includes the bundle with email and some web protection, is a bit more expensive."
"The solution comes as a part of Windows 10 and it is covered under its license."
"They are now doing it on an endpoint basis. It is based on the number of endpoints, which is good."
report
Use our free recommendation engine to learn which Network Traffic Analysis (NTA) solutions are best for your needs.
903,871 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Comms Service Provider
12%
Educational Organization
9%
Retailer
9%
Manufacturing Company
10%
Financial Services Firm
10%
Computer Software Company
9%
Comms Service Provider
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business82
Midsize Enterprise45
Large Enterprise96
 

Questions from the Community

What needs improvement with Kaspersky Anti-Targeted Attack Platform?
I think the tool is still not really good enough for integration compared to other products. If you need to integrate with the ecosystem of the Kaspersky primary, and if we are going to the third p...
What advice do you have for others considering Kaspersky Anti-Targeted Attack Platform?
I recommend the tool for enterprise customers. Previously, carry, like only antivirus products, was used by many. If you want to upsell a product, then you need to go with EDR and Kaspersky Anti-Ta...
What is your primary use case for Kaspersky Anti-Targeted Attack Platform?
I use the solution in my company since it has many good features, like sandbox features and other tech aspects. When I find other use cases or see feedback, I learn what the tool's strengths are fr...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
Which offers better endpoint security - Symantec or Microsoft Defender?
We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution. Microsoft Defender for Endpoint is a cloud-delivered endpoint security s...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...
 

Also Known As

Kaspersky Anti Targeted Attack
Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Republic of Serbia, Goods.ru, Tael, Insolar
Petrofrac, Metro CSG, Christus Health
Find out what your peers are saying about Darktrace, Auvik, SolarWinds and others in Network Traffic Analysis (NTA). Updated: June 2026.
903,871 professionals have used our research since 2012.