

Find out in this report how the two Advanced Threat Protection (ATP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
Without detection and protection measures, organizations would face substantial payments and reputational damage, including the necessity to inform customers about data breaches, potentially leading to loss of business.
We have seen a return on investment when using Microsoft Defender for Endpoint, as it saves labor by reducing the need for staff to focus on it.
The biggest return on investment for me when using Microsoft Defender for Endpoint is the time saving.
A reduction in remediation time has been seen because it is finding things before they happen.
Being able to find them because there have been no eyes on that particular section so far ever, and fixing those potentially prevented those companies from getting breached.
So far, I have seen a return on investment with The NodeZero Platform by Horizon3.ai, as we managed to save a lot of time and effort with this because this is an autonomous tool, and our manual effort is significantly reduced because of a product of this type.
The Microsoft agent, who did not actually work for Microsoft, is one of the vendors that Microsoft uses for support, said, 'Just to set expectations, my lunch break is in an hour and I am going to go away then.'
The level-one support seems disconnected from subject matter experts.
I rate Microsoft support 10 out of 10.
Overall, when it comes to The NodeZero Platform's tech support, you can reach them via a chat message on their website, and they respond almost immediately.
Previously, with time-sensitive engagements, I would worry about resolving issues before deadlines. That concern has diminished as they've become more responsive and require less escalation to engineering.
The vast majority of times they are able to resolve the exact questions my team has on the first attempt, which is really good for customer or technical support.
We managed to scale it out in a short amount of time, with two months of planning and three months of implementation on 10,000 computers.
Microsoft Defender for Endpoint is scalable enough to handle various devices across environments, whether they are laptops, Android devices, or operating in hybrid environments.
Compatibility is its main feature.
We have conducted pen tests in environments with hundreds of thousands of IP addresses without any scalability issues.
We currently scan approximately 1,500-2,000 assets and haven't encountered any scaling or throughput issues.
The platform offers various insider threats, segmentation tests, phishing tests, and PCI DSS tests.
I haven't seen any outages with Microsoft.
I rate Defender 10 out of 10 for stability.
Defender for Endpoint is extremely stable.
We have not encountered any issues on the platform regarding accessibility, performance, or stability.
Regarding stability, it has never crashed, and there has not been any lagging from deployment or running.
I would rate the stability of The NodeZero Platform by Horizon3.ai as a ten.
Repeated interactions are necessary due to Level One's lack of tools and knowledge, hindering efficient problem-solving and negatively impacting our experience with Microsoft support.
In contrast, competing products offer reduced pricing for long-term commitments, which makes it difficult for us in that environment.
We use Microsoft partners to help govern the platform, and as part of an alliance, we want to gather data from each tenant and combine them for a complete view.
This service reveals which credentials and email addresses are available on the deep web, as well as which domains have been set up using typo-squatting techniques.
The one thing that is very much asked from us as a service provider is DAST testing, so when a company is building a software, they could see their current security status while they are building the application.
One of the areas where improvement is needed is in the visibility and reporting for large enterprises.
That has been the trend we have seen with Microsoft lately—it is just getting more and more expensive.
Given our extensive Microsoft licensing, transitioning to Defender for Endpoint did not affect licensing costs.
It costs $15 per VM for the P2 plan, which is seen as affordable for customers.
The pricing is much more affordable than traditional penetration tests.
It's a bit cheaper than manual penetration testing because manual testing typically allows you to scan only a few subnets.
Usually, manual penetration test scans take considerable time and money.
Defender for Endpoint's coverage across different platforms in our environment is pretty good. We have devices running Linux, Mac OS, Windows, iOS, and Android. It covers all of them.
Microsoft Defender for Endpoint provides a unified management interface allowing customers to manage their on-premises and hybrid infrastructures from a single pane.
One of the best features of Microsoft Defender for Endpoint is its database for identifying zero-day attacks or malware attacks.
When a new vulnerability, such as a zero-day exploit, is identified, they review your previous scans to determine if you might be vulnerable to it, and they proactively notify you.
The detailed reports not only list the vulnerabilities that matter, but they also include direct links to patches.
The NodeZero Platform's real attack capabilities help in identifying vulnerabilities on our on-prem systems because it provides actual vulnerabilities by attacking our systems.
| Product | Mindshare (%) |
|---|---|
| Microsoft Defender for Endpoint | 5.8% |
| The NodeZero Platform by Horizon3.ai | 1.1% |
| Other | 93.1% |


| Company Size | Count |
|---|---|
| Small Business | 82 |
| Midsize Enterprise | 45 |
| Large Enterprise | 96 |
| Company Size | Count |
|---|---|
| Small Business | 14 |
| Midsize Enterprise | 4 |
| Large Enterprise | 8 |
Microsoft Defender for Endpoint provides comprehensive threat protection that integrates well with current systems, offering proactive threat detection and automatic updates while reducing manual efforts.
The platform is designed for seamless integration with Microsoft products, facilitating efficient management and use. It offers proactive ransomware protection and valuable threat intelligence, crucial for timely response and increased visibility across devices. Users highlight its ability to secure endpoints from viruses and malware, integrating with Windows and Office 365 to enhance real-time detection capabilities in diverse environments, including hybrid and on-premises setups. However, enhancements are needed in Linux integration, detection accuracy, and policy implementations.
What are the key features of Microsoft Defender for Endpoint?Microsoft Defender for Endpoint is implemented across industries for securing endpoints, relying on its deep integration with Windows and Office 365 to protect against malware and viruses. Organizations benefit from its real-time detection and comprehensive management capabilities, particularly in hybrid environments where diverse digital infrastructures need safeguarding.
NodeZero by Horizon3.ai is an offensive security platform that enables users to adopt an attacker’s perspective, reveal vulnerabilities, and verify defense effectiveness with evidence-backed insights.
NodeZero provides autonomous pentesting, showing how attackers exploit misconfigurations, credentials, and exposures into attack paths. It helps focus on real risks rather than hypothetical ones, integrating seamlessly into existing IT and security workflows to streamline processes. The platform drives risk-based vulnerability management and CTEM by validating vulnerabilities and measuring resilience.
What standout features improve your security?NodeZero assists in automated penetration testing and vulnerability management in industries like finance and healthcare. It enhances security processes by complementing or replacing existing solutions, enabling efficient testing, feedback, and control validation.
We monitor all Advanced Threat Protection (ATP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.