Graylog vs. Microsoft Defender for Endpoint

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Graylog
Score 8.4 out of 10
N/A
Graylog, headquartered in Houston, offers their eponymous platform for centralized log management that helps users find meaning in data faster so as to take action immediately. Graylog is available via Enterprise and Cloud plans, but also has a Small Business Plan, and an Open (free) plan with limited features.N/A
Microsoft Defender for Endpoint
Score 8.4 out of 10
N/A
Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation and remediation, managed hunting services, rich APIs, and unified security management.
$2.50
per user/per month
Pricing
GraylogMicrosoft Defender for Endpoint
Editions & Modules
No answers on this topic
Academic
$2.50
per user/per month
Standalone
$5.20
per user/per month
Offerings
Pricing Offerings
GraylogMicrosoft Defender for Endpoint
Free Trial
NoYes
Free/Freemium Version
YesNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Features
GraylogMicrosoft Defender for Endpoint
Endpoint Security
Comparison of Endpoint Security features of Product A and Product B
Graylog
-
Ratings
Microsoft Defender for Endpoint
8.3
55 Ratings
1% below category average
Anti-Exploit Technology00 Ratings8.152 Ratings
Endpoint Detection and Response (EDR)00 Ratings8.654 Ratings
Centralized Management00 Ratings8.154 Ratings
Hybrid Deployment Support00 Ratings7.810 Ratings
Infection Remediation00 Ratings8.353 Ratings
Vulnerability Management00 Ratings8.451 Ratings
Malware Detection00 Ratings8.654 Ratings
Best Alternatives
GraylogMicrosoft Defender for Endpoint
Small Businesses
SolarWinds Papertrail
SolarWinds Papertrail
Score 8.9 out of 10
Sophos Intercept X
Sophos Intercept X
Score 8.9 out of 10
Medium-sized Companies
LogicMonitor
LogicMonitor
Score 8.8 out of 10
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.2 out of 10
Enterprises
LogicMonitor
LogicMonitor
Score 8.8 out of 10
BeyondTrust Endpoint Privilege Management
BeyondTrust Endpoint Privilege Management
Score 9.0 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
GraylogMicrosoft Defender for Endpoint
Likelihood to Recommend
7.8
(7 ratings)
8.3
(85 ratings)
Likelihood to Renew
-
(0 ratings)
8.4
(8 ratings)
Support Rating
3.6
(3 ratings)
9.0
(5 ratings)
User Testimonials
GraylogMicrosoft Defender for Endpoint
Likelihood to Recommend
Graylog
For small companies, Graylog is the best solution possible. It's easy to configure and "just works." Above everything else, it's free. The only thing I hold against it is the fact that it's Linux-based. [This] makes sense because Elasticsearch is Linux-based. But Linux adds a layer of complexity that we don't need for something basic as a logging server. I'm pretty sure that we would have had a logging server years earlier if I had to convince quite a few decision-making people to go ahead with it anyway.
Read full review
Microsoft
Scenarios where it is Well-Suited Are Enterprise Environments with Microsoft Ecosystems, Organizations with Remote and Hybrid scenarios, Advanced Threat Protection Needs, and any company that needs to protect sensitive data. Scenarios where it is less appropriate are mixed Operating System Environments, Companies with Limited IT Resources, highly Specialized Security Needs, and Organizations needing extensive customizations.
Read full review
Pros
Graylog
  • Graylog does a great job of its core function: log aggregation, retention, and searching.
  • Graylog has a very flexible configuration. The backend for storage is Elasticsearch and MongoDB is used to store the configuration. You have to option to make your configuration as simple as possible by storing everything on one box, or you can scale everything out horizontally by using a cluster of Elasticsearch nodes and MongoDB servers with several Graylog servers pointed to all the necessary nodes.
  • Graylog does a good job of abstracting away a fair portion of Elasticsearch index management (sharding, creation, deletion, rotation, etc).
Read full review
Microsoft
  • It integrates perfectly with Azure Sentinel. I mean, that's great. We can have a single pane of class with other platforms, like Defender for Cloud, Defender for endpoints, and Defender for servers, which is awesome as well. The ease of deployment is because Microsoft made sure around a year ago that every single workstation with Microsoft Windows came with Defender for Endpoints embedded.
Read full review
Cons
Graylog
  • Support for more log sources
  • Event alerts/emails - Some cases where unable to separate data from multiple clients, and no easy fix
  • API - Limits results to 10,000 and can cause server to lockup on queries that exceed the limit
Read full review
Microsoft
  • While it's a very good product for auditing, it has a very hard time to distinguish what is malicious and is an attack, what is not. Very rarely we get indication of a real malicious attack. We got lots of hours for off the shelf malware that it cleans up automatically. So basically we never get to look at it, which is a positive thing, but threats are detected by the third party endpoint, so it will not be enough by itself.
Read full review
Likelihood to Renew
Graylog
No answers on this topic
Microsoft
Cost add-ons for Security features is nickel and diming the process to keep pace with cybercrime. Limited Education budgets require us to be more pro-active in finding cost-effective measures to protect our devices, staff and students. Defender is a strong, well-featured product that is pricing itself out of the education market
Read full review
Support Rating
Graylog
Community support does not give simple straightforward answers; simply search up Graylog Issues and look at some of the responses on the forums. The documentation is your only hope if you are on the free version, as you can NOT purchase only support. The few times I have worked with Graylog Enterprise support they were great though.
Read full review
Microsoft
The first time I tried to onboard my macOS endpoints to MDE I struggled for quite a bit. I had to reach out to Microsoft's MDE support team. The tech was very helpful in walking me through the steps during a screen share session
Read full review
Alternatives Considered
Graylog
In terms of log aggregation, the free product fully stacks up with the competitors listed. Full control over the data ingests for flexible configuration. Graylog even better on that front than AlienVault USM because you cannot configure the variable mapping. We haven't used the threat exchange stuff or correlation. But with regex searches, we have created function dashboards that show threat theater pictures of our network based on logs from our firewall.
Read full review
Microsoft
I would say not to name specific company names, because I'm a partner with one of them and that's the account that I work with. But I use some competing solutions that I would say are pretty heavy from an overhead perspective with the agent that has to be installed in the machine. It can be too restrictive for permissions where it gets in the way of an employee doing their job and the ability for Defender to be secure in that, but still allow an employee to go about their day and do what they need to do is certainly a change maker there. But yeah, from the other products perspective across the years, whether it be business or personal, some other products I can name are other endpoint protections from Vera Avast, McAfee, of course as folks remember that. And some of the other major players too that I would say a large networking company that doubles in security as well. I'll name them that way.
Read full review
Return on Investment
Graylog
  • Graylog is just less expensive than some other options which meant it fit into our budget otherwise we might not be able to justify a higher cost.
  • Being able to track issues that we normally couldn't track using other tools is a bonus to help us know of any issues we have and can fix before an outage or failure that could potentially cost money.
  • We have had to spend more time than I would like to understand and customize Graylog which has taken time away from other tasks and projects.
Read full review
Microsoft
  • It is a unified platform with lots of core features for exposure detection, antivirus and SIEM all in a single platform.
  • The centralized management is absolutely the it.
  • It creates a more intertwined secure environment because it integrates well with other Microsoft security apps.
  • Automated detection and remediation saves in time and money.
  • Visibilities of endpoints and advanced threat detection increase our security and well-being.
Read full review
ScreenShots

Microsoft Defender for Endpoint Screenshots

Screenshot of blocked activitiesScreenshot of Detects & respondsScreenshot of discovers vulnerabilityScreenshot of Eliminates blind spotsScreenshot of Risk management