No more typing reviews! Try our Samantha, our new voice AI agent.

Microsoft Defender for Endpoint vs SonicWall Capture Advanced Threat Protection comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 1, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Defender for Endp...
Ranking in Advanced Threat Protection (ATP)
5th
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
212
Ranking in other categories
Endpoint Protection Platform (EPP) (1st), Anti-Malware Tools (1st), Endpoint Detection and Response (EDR) (3rd), Microsoft Security Suite (3rd)
SonicWall Capture Advanced ...
Ranking in Advanced Threat Protection (ATP)
28th
Average Rating
7.8
Reviews Sentiment
7.4
Number of Reviews
8
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Advanced Threat Protection (ATP) category, the mindshare of Microsoft Defender for Endpoint is 5.8%, down from 7.6% compared to the previous year. The mindshare of SonicWall Capture Advanced Threat Protection is 2.1%, up from 1.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Advanced Threat Protection (ATP) Mindshare Distribution
ProductMindshare (%)
Microsoft Defender for Endpoint5.8%
SonicWall Capture Advanced Threat Protection2.1%
Other92.1%
Advanced Threat Protection (ATP)
 

Featured Reviews

Robert Arbuckle - PeerSpot reviewer
Security Analyst III at a healthcare company with 10,001+ employees
Automatically isolates threats and integrates with logging to reduce response time
Overall, I would evaluate the Microsoft support level that I receive at probably about a seven, but that depends on the day. It has been spotty. We have had issues where the urgency level of the Microsoft support is not as high as ours, especially during a data breach or potential data breach situation. We have had issues with some of the offshore support being lackluster. One specific thing that comes to mind is we were on a support call with our CISO on the call, and the Microsoft agent, who did not actually work for Microsoft, is one of the vendors that Microsoft uses for support, said, "Just to set expectations, my lunch break is in an hour and I am going to go away then." For us, it was already ten o'clock at night and we had been working on this for a couple of hours, trying to get a security engineer on with us. For him to tell us that he was going to go away and have lunch, it was, "Okay, but go find somebody else if you need to." It was just the lackluster approach, and it seemed like he did not really care. We seem to get a lot of this when we get non-Microsoft support. I can identify areas for improvement with Microsoft Defender for Endpoint, as it is kind of a convoluted mess to try to take care of false positives. Especially when they have been identified as false positives but they keep going off over and over again. It is great for my pocketbook because it generates a lot of on-call action, but I would really prefer more sleep at two o'clock in the morning than dealing with false positives. I would say that the unified portal for managing Microsoft Defender for Endpoint is suitable for both teams as they are all in there. It would be great if they would stop moving things around and renaming things, which makes sense. The new XDR portal is pretty nice. Being able to have it central again inside of the regular Security Center without having to open up two windows is helpful. Overall, I think it is pretty good. There is always going to be something that could be improved, such as alerting and the ability to modify alerts would be a little bit helpful to have. Being able to add more data into the alerts and turn off alerts that are not as useful would be beneficial. It is hard to say what the quantitative impact the security exposure management feature has had on our company's security, because a lot of it is kind of subjective. I think we are sitting at around a fifty percent score still, and a lot of it is just kind of unusual circumstances that we cannot really implement without breaking the organization.
MA
Technical Manager, NOC at TEXUM JORDAN
Has a good configuration but the price should be more competitive
Our primary use case of this solution is for security.  It's a good solution but the price is high. It also has an easy configuration. The feedback that we get from our customers is that it's a good product. Our customers are mostly smaller enterprises.  The price should be more competitive.  I…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Auto-remediation: When the product sees malware, it resolves the issue immediately. This protects the machine."
"The performance of Microsoft Defender for Endpoint has been good."
"I would recommend using this solution, as I haven't had any issues and it's been working fine for me."
"Updates and upgrades are quite smooth and seamless."
"The features of Microsoft Defender for Endpoint that I like the most are that it is not a very intrusive product, so it is not using up a lot of compute."
"Endpoint's most valuable feature is deep analysis."
"This product offers cost-effective threat protection, which integrates with Office 365 and has unified endpoint management features."
"It's very easy to scale because it comes built-in with Windows 10, and you just need to enable it. This can be done on scale using group policies or through Endpoint Manager on cloud or Intune."
"The stability of the solution is good. We haven't had any breaches or crashes. It's been very stable for us."
"SonicWall came out with a new add-on; it was inexpensive to add on to the existing product that we already owned, so we added it."
"Provides good protection and security."
"The most valuable features of the product are the application filters, application policies, that block certain websites and allow bandwidth for others, those kinds of things."
"The reporting that you get from it is the most valuable feature. You can see it via the appliance itself, and also via the MySonicWall account for the registered device. You are able to select the file if it's malicious, and you can select it in the reporting and see what triggered it, and things like that. I found that to be quite useful."
"I would recommend this solution, as a firewall product solution that has a similar sandboxing type of thing has become quite an essential part of a security footprint."
"The most valuable feature is the alerting system."
"For the past four and a half years, we haven't had any breaches or issues of any kind."
 

Cons

"I would like to see online updates for patches for this solution. I would also like to see online information about what is trending in the market in terms of spams, viruses, or trojans. It takes some time to understand how this solution works. A few things are unclear at the beginning, such as whether it actually restricts the virus or spam at the initial stage, or when there is a security update, how will we come to know and how will it get synchronized. It would be really helpful if there is some kind of knowledge base in the form of video, audio, or document that can explain in a user-friendly way the setup, features, risks, and process to mitigate the risks. Currently, I have installed endpoint security for every individual system. I could not install it like other endpoint solutions where we have a server and a client. It would be really helpful if Microsoft Windows Defender has a server-client based model so that I can save some bandwidth when it downloads or uploads features. It will be helpful if we have a LAN-based or WAN-based controlling system."
"Some executive reporting is inefficient, and we're looking into ways to improve it."
"There is some functionality that is not quite there yet."
"Phishing and Malware detection could be better."
"Integrating this with third-party systems has some complexity involved."
"Microsoft Defender for Endpoint is effective for validating work, but not ideal for investigations."
"I would like to have additional features such as DNS lookup, which would help for detecting malicious sites."
"Windows Firewall is integrated with Windows Defender. Over the last few days, I have had a problem with defining a wildcard on Windows Firewall."
"If anything at all, it would be some very minor updates that need to be done, but in terms of changes, nothing comes to mind."
"I would say the solution needs a much simpler user interface, but the functionality of the firewall is quite extensive. You need the user interface to be that way. However, if there was a way to make the user interface a little easier, that would be great."
"The setup needs improvement. It needs to be made more user-friendly."
"Having an on-premise solution as well would be an option for some people, but they'll want to use a cloud solution for their sandboxing. Certain sites would want to keep all the checks done on an on-premise appliance. All the checking, rather than sending that up into a cloud engine."
"Could provide online training to allow customers to learn more about the product."
"SonicWall should promote their roadmap and improve their marketing to customers."
"SonicWall had a recent layoff. This is a concern for us, because now we are missing the local presence from both the engineering and sales side."
"I would like to have better documentation before starting with deployment because the deployment is a bit complex."
 

Pricing and Cost Advice

"You need a license to use this solution."
"The licensing costs for Microsoft Defender for Endpoint are reasonable."
"Licensing options vary. Some customers buy it as an enterprise agreement and pay yearly. Others buy it as a CSP, so they pay per month. It completely depends on the customer's needs."
"I pay for it through the Windows Professional or Standard license. It is a one-time cost for me, and I use the same license."
"The cost is high for E5 licenses, but if we go with the E3 license, most of the features are not covered."
"This solution is part of Windows and comes included with it."
"The nice thing about Defender and Sentinel is that the cost is based on the data logs that you ingest from the Defender endpoints and data connectors. I don't have to buy a 25- or 50- or 1,000-user or enterprise license. I can buy one license at a time."
"The solution is free."
"It's thirty dollars per user and we have 30 users."
"The best deal from SonicWall is to buy the HA pair. When you buy the initial one, you receive the second one at a significant discount. If there is an event and something happens to one firewall, then you have the second firewall to roll into. For the price, it's pretty to tough to beat and not a lot of other firewall vendors offer it. You battle for a discount on both. Where with SonicWall, if you buy one, the second one is at half price. It's pretty straightforward."
"We get our value for our money."
"When you compare it with other solutions, they are cheaper and more economical."
report
Use our free recommendation engine to learn which Advanced Threat Protection (ATP) solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
10%
Financial Services Firm
10%
Computer Software Company
9%
Comms Service Provider
8%
Manufacturing Company
17%
Comms Service Provider
14%
Construction Company
14%
Media Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business82
Midsize Enterprise45
Large Enterprise96
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise3
 

Questions from the Community

How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
Which offers better endpoint security - Symantec or Microsoft Defender?
We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution. Microsoft Defender for Endpoint is a cloud-delivered endpoint security s...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...
What needs improvement with SonicWall Capture Advanced Threat Protection?
SonicWall Capture Advanced Threat Protection needs to reconsider the pricing, especially in the cloud environment. The product is good overall, but the GUI needs to be more stable. I chose nine out...
What is your primary use case for SonicWall Capture Advanced Threat Protection?
My main use case for SonicWall Capture Advanced Threat Protection is that it helps us with sandboxing for analyzing and inspecting unknown files and URLs. A quick specific example of how I've used ...
What advice do you have for others considering SonicWall Capture Advanced Threat Protection?
I advise others looking into using SonicWall Capture Advanced Threat Protection to consider that it is truly helpful and very important to have great sandboxing with advanced threat protection to s...
 

Also Known As

Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
No data available
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

Petrofrac, Metro CSG, Christus Health
Wonder Cement, Foster Clark Products
Find out what your peers are saying about Microsoft Defender for Endpoint vs. SonicWall Capture Advanced Threat Protection and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.