We performed a comparison between Microsoft Defender XDR and Trellix Active Response based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, SentinelOne, CrowdStrike and others in Endpoint Detection and Response (EDR)."The stability is very good."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"The solution was relatively easy to deploy."
"The product detects and blocks threats and is more proactive than firewalls."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"The setup is pretty simple."
"Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"I have found the ability to delete unwanted threats beneficial."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"Defender is easy to use. It has a nice console, and everything is all in one place."
"There is also one dashboard that shows us the status of many controls at once and the details I can get... It gives a great overview of many areas, such as files, emails, chats, and links. Even with the apps, it gives you a great overview. In one place you can see where you should look into things more deeply..."
"Microsoft 365 Defender is simple to upgrade."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence."
"The solution is scalable."
"It's a little lighter compared to the older version, which was mostly signature-based."
"We are hoping to automate detection and response and take advantage of user behavior analytics, given that we are working from home. About half of our workers are still remote, so Active Response gives us that visibility and lets us automate a number of those events."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"We find the solution to be a bit expensive."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"We'd like to see more one-to-one product presentations for the distribution channels."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"It takes about two business days for initial support, which is too slow in urgent situations."
"The solution is not stable."
"At times, there may be delays in the execution of certain actions and their effects."
"Stability could be improved by avoiding frequent changes to the interface."
"Advanced attacks could use an improvement."
"The mobile app support for Android and iOS is difficult and needs improvement."
"One of the biggest downsides of Microsoft products, in general, is that the menus are often difficult to find, as they tend to move from place to place between versions."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"I also expected Active Response 's user interface to be much more analytical."
"There are some components on the cloud that should also reside in the on-prem deployment models but don't."
"While the product is good, we are currently facing support issues."
Earn 20 points
Microsoft Defender XDR is ranked 7th in Endpoint Detection and Response (EDR) with 79 reviews while Trellix Active Response is ranked 57th in Endpoint Detection and Response (EDR). Microsoft Defender XDR is rated 8.4, while Trellix Active Response is rated 6.4. The top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". On the other hand, the top reviewer of Trellix Active Response writes "Lighter with good stability and pretty good technical support". Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Microsoft Entra ID, whereas Trellix Active Response is most compared with Trellix Endpoint Detection and Response (EDR) and Trellix Endpoint Security (ENS).
See our list of best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.