We performed a comparison between Microsoft 365 Defender and Netsurion based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Microsoft 365 Defender offers effortless integration with other Microsoft solutions. Users praised its flexibility and comprehensive protection against multiple threat types. Netsurion delivers thorough and informative notifications and effectively identifies threats. Users praise its seamless incorporation of endpoint security measures. Microsoft 365 Defender could upgrade its machine learning and AI capabilities. Some users suggested adopting Zero Trust features. Netsurion should focus on enhancing weekly reporting, utilizing internet options for enhanced security, and strengthening threat detection and response.
Service and Support: Some of our reviewers were satisfied with Microsoft support, but others complained about slow responses and lackluster problem-solving capabilities. Netsurion's customer service has received mixed reviews, with some users expressing concerns about technical planning and the installation process.
Ease of Deployment: Setting up Microsoft 365 Defender is potentially complex and may involve integrating with existing policies. Some users reported longer deployment times. Netsurion's initial setup was described as easy, with clear instructions and packages provided. Reviewers appreciated the support and assistance from Netsurion. Netsurion guided the setup discussion based on business needs, making it easier to understand and implement.
Pricing: Some users say that Microsoft 365 Defender is good value, but others perceive it as more expensive than similar competing products. Netsurion is considered a good value for the money and competitive. Users say the solution’s pricing is transparent.
ROI: Microsoft 365 Defender offers savings, attack prevention, consolidation of security measures, and proactive threat detection. Netsurion offers actionable intelligence and eliminates the requirement for specialized staff, saving time and costs. Its managed SOC component also delivered substantial benefits to organizations.
Comparison Results: Our users prefer Microsoft 365 Defender over Netsurion. Microsoft 365 Defender has a simpler initial setup process, lower maintenance needs, and a higher return on investment. Users appreciate its seamless integration with other Microsoft tools and comprehensive threat protection. While the customer service for both products has received mixed feedback, Microsoft 365 Defender has a more positive overall perception.
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"Its most significant advantage lies in its affordability."
"Having a single pane of glass for all Microsoft security services makes everything much easier. A security analyst can go to a single portal and see everything in one view. The integration of everything into one portal is a huge benefit."
"Advanced hunting is good. I like that. We can drill down to lots of details."
"The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"It has great stability."
"The most valuable feature is the network security."
"The product is very easy to use."
"I like EventTracker's dashboard. I see it every time I log in because it's the first thing you get to. We have our own widgets that we use. For the sake of transparency, there are a few widgets that we look at there and then we move out from there... Among the particularly helpful widgets, the not-reporting widget is a big one. The number-of-logs-processed is also a good one."
"If I were to look at logs manually, there's no way I could do that. As an example, they are 48 million logs processed a day. There is no way I could look at all 48 million of those. So, it gives me a good structure to be able to look at the different incidents which are created and do different searches."
"They have what they call Elasticsearch which is very quick, although that's only available for the last seven days' worth of data. It used to be that, if I wanted to do a search from three days ago, it might take me 10 to 15 minutes because it had to actually unzip some archive files. So I really like that feature. It's almost instantaneous for anything within the last seven days."
"We have also integrated our endpoint security into the Netsurion SIEM. That's important because we have all the events in one place; we don't have to manage them in multiple places. In addition, the embedded MITRE ATT&CK Framework was paramount in our decision to choose Managed Threat Protection because the MITRE Framework is the industry standard for threats."
"Netsurion has its own security operations center, where it tracks information that comes across our telemetry."
"We don't have the eyeballs available to stare and watch for things, or even have the capability of building internal alert systems. So, the managed SOC has been huge for freeing up staff to work on other responsibilities. We are saving on at least one full-time employee."
"If we need to do a search for user lockouts, we can go, search, and find locations where they have been locked out, then keep track of those events, historically."
"When it comes to threat detection and response, it does a very good job detecting and blocking on its own. And the SOC is a nice added value because they're doing analysis on things that aren't as obvious, on things that you can't just detect with a signature or behavior. Also, any SIEM will come with a lot of noise, so having them do a lot of the initial analysis to find out what's critical and what issues are false alarms is very good."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"Sometimes, configurations take much longer than expected."
"The management features could be improved, particularly in terms of better integration with Intune, Microsoft's cloud-based management solution."
"The management and automation of the cloud apps have room for improvement."
"Where there is an opportunity for improvement is in the interface used for performing the searches. You have to understand Elasticsearch search too well for the security team to be able to take really full advantage of that part of the product. It's not as intuitive as I would like it to be for new staff coming in. The general query capability is a little bit challenging."
"I'd like to see improvement in the ease of generating reports. It seems fairly cumbersome whenever you decide to start tracking new categories of events. It seems a little kludgy when trying to generate those reports."
"We get a report generated on a particular day of the week and we go through it, trying to mitigate problems and make sure we're seeing everything that's happening. It would be helpful if the SOC spent a little more time with us going through some of those reports."
"It would be great if they had a client for phones by which they could push a notification to us, as opposed to via email."
"I would also like to have a dashboard that I can access anytime to review the real-time data from their website."
"With version 8, there are quite a few things. The query tool was one of the big ones, and the query speed was one of the big ones, but they've made some great strides between versions 8 and 9. There were also issues in version 8 around the ability to get the data back out. It's one thing to collect data, but it's a whole other thing to be able to present it or run it in a timely manner. The old tool, depending on how far back I was looking, might even time out and I would have to run it again."
"Communication is always something that can be improved, but I feel that any time we've had a communication issue, it's quickly addressed when we bring those up at the monthly meetings. Usually, it's an individual that wasn't clear in the communication, it's not the process per se. You always have to be able to segregate if the process didn't work or an individual either didn't say the right thing or my people didn't understand what they were being told."
"The weekly reporting could use some improvement. For example, when we handed them our landscape document, it took longer than I would have liked for those details to become noticeable within the reports."
Microsoft Defender XDR is ranked 6th in Extended Detection and Response (XDR) with 76 reviews while Netsurion is ranked 15th in Extended Detection and Response (XDR) with 24 reviews. Microsoft Defender XDR is rated 8.4, while Netsurion is rated 8.4. The top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". On the other hand, the top reviewer of Netsurion writes "The SOC center monitors, hunts, and notifies us of threats around the clock". Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Trend Vision One, whereas Netsurion is most compared with Arctic Wolf Managed Detection and Response, CyberHat CYREBRO and Wazuh. See our Microsoft Defender XDR vs. Netsurion report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.