Item: Microsoft Defender XDR
Rating: 10
Author: Verified User

Overall Satisfaction with Microsoft Defender XDR

Use Cases and Deployment Scope

All in one solution for security in an enterprise. Solves multiple security problems for Endpoint, Identity, O365, Cloud and etc.

Pros and Cons

Pros

Easy to use UI
Great documentation
Constantly improving experience
Great detection rules

Cons

Better playbooks
Better detection rules
Easier tuning options

Return on Investment

Detections that were missed by other EDR tools
Filled missing loopholes in security infrastructure

Challenges Being Addressed

Staying up to date with intelligence, alerts, and detections. Defender does most of this for you.

You don't need that many different tools for various security objectives. Defender is a one to go tool for most of the investigations.

Automated Response

Yes, in general it's pretty good. Takes some work off SOC employees. I still don't trust it enough so we manually review automated response tickets, but so far only good experience.

SIEM Connection/Configuration

We use Splunk it had Defender app. Easy to use and set up.

Alternatives Considered

CrowdStrike Falcon

Both of these tools fill up each other gaps, sometimes one catches what other does not (from EDR perspective).

Key Insights

Do you think Microsoft Defender XDR delivers good value for the price?

Not sure

Are you happy with Microsoft Defender XDR's feature set?

Yes

Did Microsoft Defender XDR live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Microsoft Defender XDR go as expected?

Yes

Would you buy Microsoft Defender XDR again?

Yes

Other Software Used

Splunk Cloud

Likelihood to Recommend

Defender is great for enterprises or companies that have limited security staff, Defender guys did a good job of making the product easy to use and understand for less experiences personal.

Comments

Please log in to join the conversation

Defender Review from SOC employee