Recommendations
- CrowdStrike for Unix and Linux Servers
- Microsoft Defender for Linux
- Microsoft Defender for Windows Servers
Linux Servers
| Feature | CrowdStrike | Microsoft Defender |
|---|---|---|
| Cost | $29.05 per machine/year | $69.38 per machine/year |
| Support Offerings | Vendor support is included in the Crowdstrike license. OIT's recommended Linux support third-party vendor is Crafty Penguins. | OIT can assist in escalations to Microsoft. OIT's recommended Linux support third-party vendor is Crafty Penguins. |
| Capability | Antivirus, Endpoint Detection and Response, managed Security Operations Center, Vulnerability Management (additional subscription required). | Antivirus, Endpoint Detection and Response, and Vulnerability Management. |
| Deployment ease of use | Download the latest installer script from the web portal. Additional work required to integrate with configuration management tools like Ansible, Puppet or Chef. | Install via package repository for popular distros or download the installer script. Online documentation includes examples for all popular configuration management tools. |
| Performance Impact on endpoint | Minimal performance impact | Moderate performance impact |
| Management interface ease of use | The management interface offers a lot of options. Multiple ways to find the information you are looking for. | Familiar, easy to navigate, management interface for anyone using other online Microsoft services. |
| Endpoint Detection and Response (EDR) performance | Detailed detection logic and tracebacks. Easy to customize configurations via the management interface. Few false positive detections from our testing. | Less detailed detection logic and tracebacks. Configuration tuning is done solely on the host, via CLI tools or configuration files. More false positive detections from our testing. |
| Vulnerability management | Vulnerability management available as a separate subscription (Falcon Spotlight). | Vulnerability management included. Review features of Defender Plan 2. |
OIT Recommendation for Linux Servers
CrowdStrike for Unix and Linux Servers, plus adding on vulnerability management tools like Falcon Spotlight and Identity Protection/Exposure Management.
Linux Workstations
| Feature | CrowdStrike | Microsoft Defender |
|---|---|---|
| Cost | $29.05 per machine/year | (No Cost) Included in University of Colorado’s Microsoft A5 licensing |
| Support Offerings | Contact Crowdstrike, OIT does not offer Linux workstation support. | Contact Microsoft, OIT does not offer Linux workstation support. |
| Capability | Antivirus, Endpoint Detection and Response | Antivirus, Endpoint Detection and Response, and Vulnerability Management. |
| Deployment ease of use | Download the latest installer script from the web portal. Additional work required to integrate with configuration management tools like Ansible, Puppet or Chef. | Install via package repository for popular distros or download the installer script. Online documentation includes examples for all popular configuration management tools. |
| Performance Impact on endpoint | Minimal performance impact | Moderate performance impact, not noticeable for a modern workstation that meets the campus standards. |
| Management interface ease of use | The management interface offers a lot of options. Multiple ways to find the information you are looking for. | Familiar, easy to navigate, management interface for anyone using other online Microsoft services. Same management interface as Windows and macOS and you can see all devices in one place. |
| Endpoint Detection and Response (EDR) performance | No noticeable system impact. | No noticeable system impact. |
| Vulnerability management | N/A | Primarily focused on user applications and kernel versions. |
OIT Recommendation for Linux Workstations
Windows Servers
| Feature | CrowdStrike | Microsoft Defender |
|---|---|---|
| Cost | $29.05 per machine/year | $69.38 per machine/year |
| Capability | Antivirus, Endpoint Detection and Response | Antivirus, Endpoint Detection and Response, and Vulnerability Management |
| Deployment ease of use | Must manually disable Defender through PowerShell prior to CrowdStrike install. Actual exe easy to deploy. Removing CrowdStrike is difficult. | Defender is already included with Windows Server, configuring central reporting is easy. |
| Performance Impact on endpoint | Minimal performance impact. | Minimal performance impact. |
| Management interface ease of use | The management interface offers a lot of options. Multiple ways to find the information you are looking for. | Familiar, easy to navigate, management interface for anyone using other Microsoft services. Same management interface as Windows and macOS and you can see all devices in one place. |
| Endpoint Detection and Response (EDR) performance | N/A | Very detailed information about Windows services and their interaction with other services. Tracing of all scripted processes. |
| Vulnerability management | Vulnerability management available as a separate subscription (Falcon Spotlight) | Vulnerability management included. No noticeable system impact related to performance. Review features of Defender Plan 2.) |
