Mandiant Advantage vs Microsoft 365 Defender comparison

You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Mandiant Advantage and Microsoft 365 Defender based on real PeerSpot user reviews.

Find out what your peers are saying about CrowdStrike, SentinelOne, Palo Alto Networks and others in Extended Detection and Response (XDR).
To learn more, read our detailed Extended Detection and Response (XDR) Report (Updated: March 2023).
687,256 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"The feature I have found most valuable is directory monitoring. We experienced an instance of threat actors trying to ensure a complex and massive attack against our customer's infrastructure on the forum. That is, they were animating people on a formum. The solution alerted us to this two days ahead of the attack, which gave us plenty of time to prepare for it.""The advantage of the solution is being able to go look up threat actors and get a lot of detailed information about different attacks and different tactics and general information about threats.""It is so valuable to have someone performing these functions outside of our business hours when we don't have staff in the building. We've seen a lot of solid metrics on the amount of malware that it's detecting and resolving. We're pleased with it so far."

More Mandiant Advantage Pros →

"Microsoft 365 Defender is a good solution and easy to use.""It gives a lot of flexibility in terms of configuration and customization as per the business requirements.""I like that it's fully integrated with Windows, Microsoft 365 Exchange Online, and Outlook. It is better than other antivirus solutions because it's fully integrated with all Microsoft products. It's easy to integrate them and onboard all Windows devices from SCCM.""The EDR features are valuable. By getting the EDR features, we have more control over the device. We have information about events in real-time and more protection against zero-day threats and zero-day vulnerabilities. We can monitor every event or action that a device is going through. We can get an idea if it is something malicious or if we have to take any actions.""The most valuable feature of all is the full integration with the rest of the software in the operating system and Office 365, as well as Microsoft SCCM. It is quite easy for us to work with the whole instance of Microsoft products. This integration improves the benefits of the whole suite of products.""The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it.""We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks.""Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."

More Microsoft 365 Defender Pros →

"Mandiant's on-prem client is too processor-intensive, so it's putting a strain on the local device's CPU. When a scan is running on the device, the other processing tasks slow to a crawl. We're still trying to figure out the correct settings for the client.""They could have better support. Now that they've merged, they are moving towards a portal system, which isn't very helpful.""I think that the data query that is used for data cloud language should be improved. It's really hard to query actual data from the platform."

More Mandiant Advantage Cons →

"The price could be better. It'll also help if they can continuously update and upgrade the solution. Every day there's a new virus uploaded into the network, and we have to keep updating it to identify all these things.""Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed.""The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there.""This solution could be improved if it included features such as those offered by Malwarebytes.""The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category.""I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses.""The logs could be better.""Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."

More Microsoft 365 Defender Cons →

Pricing and Cost Advice
Information Not Available
  • "The solutions price is fair for what they offer."
  • "The price could be better. Normally, the costs depend on the country you're located in for the license. When we were in the initial stage, we went with the E5 license they call premium standard. It cost us around $5.20 per month for four users."
  • "The price of the solution is high compared to others and we have lost some customers because of it."
  • "Microsoft is not competitive with the pricing of the solution. The competitors are able to offer lower discounts. The price of the solution is higher."
  • "We have a lot of problems in Latin America regarding the price of Microsoft 365 Defender, because the relationship between dollars and the money of the different countries, it's is a lot. Many customers that have small businesses say that they would like the solution but it is too expensive. However, large companies do not find the cost an issue."
  • "The most valuable licensing option is expensive, so pricing could be improved. Licensing options for this solution also need to be consolidated, because they frequently change."
  • "Microsoft should provide lower-level licensing options. They should do it in such a way that even an individual could purchase a license, and it should be entirely flexible."
  • "They have moved from a licensing model to pay-per-use... The question is: What happens if, for any reason, there's not enough budget to accept this model? That could be a great problem."
  • More Microsoft 365 Defender Pricing and Cost Advice →

    Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
    687,256 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:The advantage of the solution is being able to go look up threat actors and get a lot of detailed information about different attacks and different tactics and general information about threats.
    Top Answer:I don't use the solution very often, and therefore it is hard to say if areas are lacking. They could have better support. Now that they've merged, they are moving towards a portal system, which isn't… more »
    Top Answer:They're in the process of rebranding with Google. I get access to Mandiant Advantage as well as Manage Defense with our subscription. What they do is they go over, and they grab all the events out of… more »
    Top Answer:The solution is well integrated with applications. It is easy to maintain and administer.
    Top Answer:The data recovery and backup could be improved.
    Average Words per Review
    Average Words per Review
    Also Known As
    Mandiant Threat Intelligence
    Microsoft Threat Protection, MS 365 Defender
    Learn More

    Mandiant Advantage is a multi-vendor XDR platform that provides security teams of all sizes with frontline intelligence. Mandiant Advantage aims to speed up operational as well as strategic security and risk decision making. Mandiant Advantage provides security teams with an early knowledge advantage through the Mandiant Intel Grid, which provides platform modules with current and relevant threat data and analysis capabilities. Organizations are better protected from cyber attacks and more confident in their readiness when they have access to continuous security validation, detection, and response.

    Mandiant Advantage Features

    Mandiant Advantage has many valuable key features. Some of the most useful ones include:

    • Threat intelligence: Front-line intelligence that enables a defender to be aware of the strategies and tactics that opponents are employing at this moment. Organizations will be able to contextualize, prioritize, and implement the most pertinent new intelligence by fusing ASM and threat intelligence.
    • Security validation: This allows security teams to optimize, rationalize, and prioritize their security activities from a budget and manpower viewpoint. It measures the effectiveness of security controls applied within an organization. Controls can be evaluated against the most recent TTPs actively used by threat actors by incorporating information into the security validation procedure. Organizations can determine whether their security policies are successfully thwarting or detecting attacks against their external attack surface by integrating ASM and security validation.
    • Automated Defense: In order to fuel SOC event/alert correlation and triage, Automated Defense combines knowledge and intelligence with machine learning. This is similar to integrating a machine-based Mandiant analyst into your security program. By merging ASM and Automated Defense, more context is given to Automated Defense, enhancing the relevance and usefulness of alarms.
    • Attack surface management: ASM offers a continuous, scalable method for locating hundreds of different asset and exposure types within on-premises, cloud, and SaaS application environments. In addition to assets being found, technologies in use are also identified, and vulnerabilities are confirmed rather than just speculated. Cyber defenders are able to effectively and efficiently limit their external exposures by integrating the full Mandiant Advantage suite into ASM, which prioritizes and validates the information regarding the attack surface.

    Mandiant Advantage Benefits

    There are many benefits to implementing Mandiant Advantage. Some of the biggest advantages the solution offers include:

    • Boost your current security investments: No matter what security policies you have implemented, you may improve your security capabilities by automating Mandiant's expertise as a virtual extension of your team.
    • Improve your visibility and priority: View the threats Mandiant is continuously monitoring across your attack surface and internal controls in order to prioritize and drive focus.
    • Flexible deployment: Depending on your needs, Mandiant Advantage can be supplied as technology, along with support, or as a fully managed contract.
    • Scale efficiently: Without the need for time-consuming and expensive human labor, a SaaS-based strategy deploys in hours, scales with your environment, and provides constant expert analysis.

    Microsoft 365 Defender, part of Microsoft’s XDR solution, leverages the Microsoft 365 security portfolio to automatically analyze threat data across domains, building a complete picture of each attack in a single dashboard. With this breadth and depth of clarity defenders can now focus on critical threats and hunt for sophisticated breaches, trusting that the powerful automation in Microsoft 365 Defender detects and stops attacks anywhere in the kill chain and returns the organization to a secure state.

    - Reduce signal noise by viewing prioritized incidents in a single dashboard. 

    - Use the automated investigation capabilities to spend less time on detection and response.

    - Take care of routine and complex remediation with Microsoft 365 Defender by auto-healing affected assets.

    - Hunt across all your data, leveraging your organizational knowledge with custom queries. 

    - Develop custom detection and response tools for long-term protection and improved security posture.

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Learn more about Mandiant Advantage
    Learn more about Microsoft 365 Defender
    Sample Customers
    Stater Bros. Markets, Rush Copley, Blackboat, CapWealth
    Information Not Available
    Top Industries
    Financial Services Firm18%
    Computer Software Company14%
    Insurance Company7%
    Computer Software Company38%
    Manufacturing Company25%
    Comms Service Provider13%
    Aerospace/Defense Firm13%
    Computer Software Company18%
    Financial Services Firm10%
    Manufacturing Company6%
    Company Size
    Small Business14%
    Midsize Enterprise15%
    Large Enterprise72%
    Small Business44%
    Midsize Enterprise12%
    Large Enterprise44%
    Small Business21%
    Midsize Enterprise16%
    Large Enterprise62%
    Buyer's Guide
    Extended Detection and Response (XDR)
    March 2023
    Find out what your peers are saying about CrowdStrike, SentinelOne, Palo Alto Networks and others in Extended Detection and Response (XDR). Updated: March 2023.
    687,256 professionals have used our research since 2012.

    Mandiant Advantage is ranked 12th in Extended Detection and Response (XDR) with 3 reviews while Microsoft 365 Defender is ranked 6th in Extended Detection and Response (XDR) with 23 reviews. Mandiant Advantage is rated 8.6, while Microsoft 365 Defender is rated 8.0. The top reviewer of Mandiant Advantage writes "Lots of threat information, very reliable, and helps with mitigation". On the other hand, the top reviewer of Microsoft 365 Defender writes "The biggest impact is that we need fewer human resources to deal with a bigger attack surface". Mandiant Advantage is most compared with CrowdStrike Falcon, ThreatConnect Threat Intelligence Platform (TIP), Cymulate, Cortex Xpanse and Microsoft Defender External Attack Surface Management, whereas Microsoft 365 Defender is most compared with Microsoft Defender for Cloud, Cortex XDR by Palo Alto Networks, Cisco SecureX, Trend Micro XDR and Microsoft Sentinel.

    See our list of best Extended Detection and Response (XDR) vendors.

    We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.