Try our new research platform with insights from 80,000+ expert users

Microsoft Defender for Endpoint vs SonicWall Capture Advanced Threat Protection comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 1, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Defender for Endp...
Ranking in Advanced Threat Protection (ATP)
4th
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
197
Ranking in other categories
Endpoint Protection Platform (EPP) (1st), Anti-Malware Tools (1st), Endpoint Detection and Response (EDR) (3rd), Microsoft Security Suite (4th)
SonicWall Capture Advanced ...
Ranking in Advanced Threat Protection (ATP)
30th
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
8
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Advanced Threat Protection (ATP) category, the mindshare of Microsoft Defender for Endpoint is 8.9%, down from 11.0% compared to the previous year. The mindshare of SonicWall Capture Advanced Threat Protection is 1.2%, up from 1.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Advanced Threat Protection (ATP)
 

Featured Reviews

Sudhen Swami - PeerSpot reviewer
Easy to update with good protection and a useful cloud portal
We've mainly used it for endpoints. However, we've also used it for DLP as well. We're also in the process of implementing it for cloud and identity as well. However, it's very good for endpoints, and that's our main focus. The malware protection is good. The visibility it provides is very useful. We can combine visibility with wider security features and alerts around malware, misconfiguration, or any other kinds of threats. The cloud portal is quite good. From there, we are able to see alerts and have colleagues review issues and monitor to see if any patterns arise. It's serving us quite well overall. It allows us to look at other items, like application and browser control. It helps us prioritize threats. We have a process in place now where we can review issues and remediate them effectively. We have been able to integrate a variety of Microsoft security products together. We use Azure AD, for example, and we've begun to implement DLP, among other items. We're looking at labeling and tagging and will expand into that soon. Defender has more stringent system requirements than, for example, Check Point. So when we implemented the Check Point Endpoint agent, that solution didn't mind what version of Windows you were using. When we moved to Defender, Defender had certain system prerequisites that had to be met. So we had to make sure that we're on a minimum version of Windows when we're utilizing Office, and Office has to be a particular version as well. It has more stringent system requirements that have to be met before you can implement it. It works natively together with other Microsoft solutions. Once you get more and more of those different components across the environment, then you start to get better visibility. So, rather than having lots of different solutions, you have fewer solutions and a single vendor solution. That way, you start getting into a position where you get better visibility and integration as well. The standardization is good. It's important. It's helping me with monitoring and learning. Updates and upgrades are quite smooth and seamless. Defender helps us automate routine tasks. Quite a lot of Microsoft is straightforward for us now. Previously, we didn't have enough resources and were unable to look at the alerts. Having this in place makes things a lot more straightforward for us. We have both the technology and the people in place now, alongside the process. We do see the benefits in that, and that's why we're continuing our adoption across the estate in terms of client and server as well. It's helping us avoid looking at multiple dashboards and centralized monitoring. We're not fully there yet. We're getting there. While we haven't witnessed time saving yet, once it's fully deployed, it will. By then, we'll have standardized processes across a single solution. We have saved money, however, as we continue to reduce non-Mircosft systems. Since we won't be using various competing technologies, we can save on licensing costs. We've likely so far saved 15%. While it's hard to estimate exactly how much, the solution has helped us decrease time to detection and time to respond.
MA
Has a good configuration but the price should be more competitive
Our primary use case of this solution is for security.  It's a good solution but the price is high. It also has an easy configuration. The feedback that we get from our customers is that it's a good product. Our customers are mostly smaller enterprises.  The price should be more competitive.  I…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It is a straightforward setup."
"The best part is that it is built into Windows, whether it is a server base or a desktop base, which gives more control over the operating system. Because Defender, the operating system, and the Office solution are by Microsoft, everything is working like hand-in-glove. Its administrative overhead is less because a desktop user has already got some experience of how to handle a Microsoft Defender notification or administer it."
"In my opinion, the most valuable aspects are the reporting analytics and integration with Sentinel. Defender does an excellent job of correlating the different entities that comprise threat analysis, analytics data, and log analytics. It helps to piece together investigations into any exploit or malicious activity within a specific tenant. AI and analytics tools are probably the most valuable components."
"Microsoft Defender for Endpoint is a robust platform."
"Microsoft Defender for Endpoint has been secure and there is zero maintenance required because it updates with Microsoft Windows."
"You can query and access useful information from logs and events, which is powerful and efficient."
"It's great for investigating what's happening on a machine. They show a whole bunch of machine timeline events that are related to a security incident. They have quite good details on the things related to threat and vulnerability management, such as any weakness that has been disclosed publicly, assets that are exposed, and if there is an exploit active in the wild for that vulnerability. It can provide you with all such information, which is cool."
"The solution integrates very well with Windows applications and Microsoft endpoint products."
"We get alert messages whenever there is a new threat. We are notified at the firewall level that things are blocked, which keeps us in our comfort zone."
"I like this setup for a firewall. You can set things up very easily and you can automate items as well. It's a very robust firewall solution for enterprise as well as small businesses."
"It also has an easy configuration. The feedback that we get from our customers is that it's a good product."
"The stability of the solution is good. We haven't had any breaches or crashes. It's been very stable for us."
"They have a large database of commonly known things that they can catch automatically, then they have anything which is questionable go to the sandbox and be examined there before going into our network."
"We use it for protection against viruses and ransomware attacks."
"The reporting that you get from it is the most valuable feature. You can see it via the appliance itself, and also via the MySonicWall account for the registered device. You are able to select the file if it's malicious, and you can select it in the reporting and see what triggered it, and things like that. I found that to be quite useful."
"The ATP (Advanced Threat Protection) on scanning is the most valuable feature."
 

Cons

"Microsoft Windows Defender doesn't have a game mode."
"More integration with different platforms is an area for improvement for this product, and should be included in its next release."
"Phishing and Malware detection could be better."
"I am not sure if I will be using this product in the future because of the price."
"The GUI is very complex and could be more user friendly."
"The biggest issue I had with Microsoft Defender for Endpoint was the antivirus and ransomware. I wanted central visibility over all the machines that we operate."
"It needs to improve the cybersecurity for lateral movements. For example, when a hacker tries to enter a machine, they try to get the password by doing a lateral movement."
"Notifications are always popping up — I hate that."
"We would like to get immediate alerts from the alerting system without using third-parties."
"If anything at all, it would be some very minor updates that need to be done, but in terms of changes, nothing comes to mind."
"I would like to have better documentation before starting with deployment because the deployment is a bit complex."
"I would say the solution needs a much simpler user interface, but the functionality of the firewall is quite extensive. You need the user interface to be that way. However, if there was a way to make the user interface a little easier, that would be great."
"Could provide online training to allow customers to learn more about the product."
"SonicWall should promote their roadmap and improve their marketing to customers."
"SonicWall had a recent layoff. This is a concern for us, because now we are missing the local presence from both the engineering and sales side."
"The setup needs improvement. It needs to be made more user-friendly."
 

Pricing and Cost Advice

"We have seen ROI. Most of the other competing alternatives will cost up to around $30 per user device. We average 400 devices. Therefore, the amount that we save each year is 400 times $30."
"The normal, standalone model, is not expensive, but the enterprise model that includes the bundle with email and some web protection, is a bit more expensive."
"Its price is fair. It has approximately the same price as the other products such as Kaspersky. It is much cheaper than Malwarebytes."
"Licensing fees are paid annually through a partner."
"Given our extensive Microsoft licensing, transitioning to Defender for Endpoint did not affect licensing costs."
"We have been using the free version."
"The price for Microsoft Defender for Endpoint is about three euros, which is considered reasonably priced."
"They are now doing it on an endpoint basis. It is based on the number of endpoints, which is good."
"It's thirty dollars per user and we have 30 users."
"The best deal from SonicWall is to buy the HA pair. When you buy the initial one, you receive the second one at a significant discount. If there is an event and something happens to one firewall, then you have the second firewall to roll into. For the price, it's pretty to tough to beat and not a lot of other firewall vendors offer it. You battle for a discount on both. Where with SonicWall, if you buy one, the second one is at half price. It's pretty straightforward."
"We get our value for our money."
"When you compare it with other solutions, they are cheaper and more economical."
report
Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.
860,711 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
13%
Educational Organization
13%
Financial Services Firm
8%
Government
8%
Real Estate/Law Firm
17%
Computer Software Company
13%
Manufacturing Company
10%
Financial Services Firm
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
Which offers better endpoint security - Symantec or Microsoft Defender?
We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution. Microsoft Defender for Endpoint is a cloud-delivered endpoint security s...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...
Ask a question
Earn 20 points
 

Also Known As

Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
No data available
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Petrofrac, Metro CSG, Christus Health
Wonder Cement, Foster Clark Products
Find out what your peers are saying about Microsoft Defender for Endpoint vs. SonicWall Capture Advanced Threat Protection and other solutions. Updated: June 2025.
860,711 professionals have used our research since 2012.