Exabeam Fusion vs. Huntress vs. Microsoft Defender for Identity

As a SIEM tool for investigations, Exabeam is the best in class. The AI assigns numeric values to observed logs them presents high scores to the analyst in a simple dashboard. We can see what is a real threat and ignore so many false positives. Exabeam is the best SIEM was used from an alert fatigue perspective. The simple interface allows other teams not just InfoSec to utilize the tool; helpdesk for asset diagnoses, HR for staffing questions, etc.

Incentivized

Huntress is great for a managed service provider to provide a better cybersecurity stack to their endpoints/customers. Some smaller clients cannot afford high-priced SOC services but require SOC-level protection. Along with a couple of other layers of security, Huntress provides peace of mind for the MSP that if a threat were to arise, they would be notified with specific instructions for dealing with that threat.

Incentivized

Microsoft Defender for Identity is a great solution for each company that has an Active Directory. It fills in the blanks for Identity related incidents that are being missed in the XDR platform. To get a full view on identity risks it is an essential component

• Fast search times, unlike other competing solutions.
• The ability for engineers to obtain access to the command line interface for troubleshooting, at least for on-premise deployments.
• License is suitable for organisations with lots of logs to ingest.
• Hardware required for on premise deployments is well supported.

Incentivized

• Using the latest industry knowledge of threats that have been ongoing, but not previously known and projecting it back in time against their installed endpoints to identify machines that are vulnerable or breached and when it these events occurred
• Very quiet. If they alert, it is a thing.
• Very good at remediation.
• They communicate extremely well when it matters.
• While there are the most extensive products more often than not they are the first to alert us to a threat.

Incentivized

• detect threats and suspicious activities
• pro-active measurements on possible breaches
• identity security posture

• More and better drop-down menus, some items in threat hunter require you know subsets.
• Less dashboards, combine AA and DL without having separate logins.
• More complete playbooks are already built out. You have the structure set up for templates like malware and phishing, go further and completely build them out from start to finish, most companies would just use them and not personalize their configurations.
• Quarterly health checkup diagnostics of systems sent out to users.

Incentivized

• Now that they have EDR capability, they need to fully participate in MITRE testing for direct comparison against other EDR products.
• Now that they are going into Managed Antivirus and EDR with isolation capabilities they need to update their SLA comparative to other vendors
• Support for non-Windows OSes for consistency in a network
• It would be nice to seed canary files in custom shares on servers.

Incentivized

• setup can be complicated, with AD complexity
• Sometimes the load on DCs is pretty high, leading to performance issues
• Better tuning options for preventing false-positive/bening alerts

Exabeam is very good at processing lots of logs without excessive licensing costs. It has a professional support team that's very quick to resolve any issues and provides custom parsers quickly and enables our analysts to search vast data sets without having to wait long for results to be returned. The product is getting more mature with new features every major release.

Incentivized

We dropped SentinelOne in favor of Huntress because the UI was much more simplistic for the tier 1 techs to maintain. It beats the old web design model of three clicks to where you want to go. It is very intuitive. No one needs training to figure out how to navigate its console.

Incentivized

Exabeam Fusion has so many diffferent out reach meetings, webinars, community virtual coffees, and events that you can always stay abreast of what if happening and get new ideas for use cases. Their support actually answers their phones and can respond in chat instantly. With our cloud deployment Exabeam support teams can instantly see our systems and help us.

Incentivized

Firstly from a business model, [VMware] Carbon Black [Cloud Managed Detection] was not outfitted for the MSP where Huntress is very MSP-friendly from an affordably easy point to entry to value for money licensing. Carbon Black TS is not bad in anyway, well, that we found, but Huntress is a new layer of security that fits between the OS and AV layers to provide additional information, monitoring, and detection. With Huntress backing the MSP, [it] sure does help as well.

Microsoft Defender for Identity is more specialized on the Identity platform, it is a single solution compared to a multi-solution. The integration is better when using the XDR suite in combination with Sentinel. Microsoft Defender for Identity gives a better overview of the security posture

• Reduced time to triage alerts.
• Reduced number of alerts which need escalation to senior tiers.
• The ability for analysts to quickly run playbooks for additional information and enrichment.
• Ability to retain data for longer periods for forensics purposes.
• Improved search performance compared with other SIEM solutions.

Incentivized

• We have been able to lower operational costs by shifting to Huntress.
• We've been able to cut costs to our clients by utilizing Huntress over competing products.
• In spite of inflation, we've been able to keep our managed service prices at a steady, below market rate, because of Huntress.

Incentivized

• Cost impact was pretty high
• Learning curve, needed time (money) for training
• Greatly improved detections and gives more insights