We performed a comparison between Forescout Platform and Cortex XDR by Palo Alto Networks based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Forescout Platform stands out for its agentless visibility and advanced features like device fingerprinting. Forescout users say the product could be better at resolving connectivity and license issues. Users also want more compatibility with different devices and operating systems, along with better logging and troubleshooting capabilities. Cortex XDR presents an intuitive interface, advanced identification of risks, expandability, and compatibility with various other solutions. Meanwhile, Cortex XDR could use enhancements in hard disk encryption, security integration, and customer education.
Service and Support: Some users reported positive experiences with Forescout support, but others requested better responsiveness and training. Some customers were impressed with Palo Alto’s support, while others reported mixed experiences.
Ease of Deployment: Some users found Forescout’s setup to be simple and adaptable, while others perceived it as more complex and time-intensive. Some users thought Cortex XDR’s deployment was fast and straightforward, while others consider it to be a complex and time-consuming task that requires thorough planning.
Pricing: The total cost of Forescout Platform can be high depending on the level of customization and integration required. Some reviewers said Cortex XDR is expensive, but others said it was reasonable for the robust feature set Cortex offers.
ROI: Forescout Platform yields a solid ROI by improving network access control and overall security. Cortex XDR creates value by ensuring system and data security rather than a financial return on investment.
Comparison Results: Our users prefer Forescout Platform over Cortex XDR for its agentless visibility, comprehensive device fingerprinting, and easy deployment. Forescout provides outstanding visibility, flexibility, and excellent customer service. Cortex XDR lacks some features like hard disk encryption and received mixed feedback about its customer support.
"I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an attack is performed anywhere within the organization, you can isolate that instance from the network. This is what I can figure out for it. When integrated with Sentinel, you can set up playbooks to automate all the alerts gathered on Sentinel from different Microsoft solutions. Sentinel has a wider range of capabilities than XDR."
"The summarization of emails is a valuable feature."
"Microsoft 365 Defender is simple to upgrade."
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"Scanning, vulnerability reporting, and the dashboard are the most valuable features."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"I like how Microsoft XDR and the other Microsoft products are integrated into a single unified security stack covering identity access management, endpoint protection, email, cloud applications, etc."
"The solution allows us to make investigations. Other XDR solutions also provide similar capabilities but for investigation, Cortex XDR is better."
"They did what they said. This solution could apply to any scenario."
"Their XDR agent and their behavioral indicators of compromise (BIOC) are pretty nice. Their managed threat hunting is also pretty nice. They also have WildFire, which is a service for actively looking for malware. It's quite useful."
"One of the things that I enjoy the most is using policy extensions. It's like having host firewalls to control USB connections. I think it's a wonderful tool to restrict use when connecting to our computers. Another important tool is Home Insights. That is an add-on to the Cortex solution. I like that because we can see all the vulnerabilities in the environment and control what assets are connected to our network."
"From a single pane of glass, you can easily manage all of your endpoints."
"The management capabilities, allow an IT organization to get quite a good picture of attempted cyber attacks."
"The one feature of Palo Alto Networks Traps that our organization finds most valuable is the App ID service."
"They have a new GUI which is just fantastic."
"Ease of deployment There's a great support team that becomes actively engaged whenever we encounter issues. Their technical support is amazing. Good documentation is available. The product is stable. The solution is highly scalable. I recommend using the solution because it gives verified control over the environment. It has a great visibility feature."
"The interface is easy to use."
"Forescout is easy to integrate with a lot of end systems."
"Being able to actively identify the client without a certificate allows you to control every device on your network regardless of the make, model, and software running. This allows for end-to-end security."
"The most valuable feature is the ease of deployment, which does not require the use of an agent."
"Obtaining visibility into the network and connected devices is very simple with this tool. It takes me three minutes to do a base deployment when all the parameters are available."
"The most valuable feature is the blocking of USB devices."
"The user interface is quite simple."
"The mobile app support for Android and iOS is difficult and needs improvement."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"Defender XDR could provide recommendations for threat-hunting queries. Some people do not know how to write an advanced threat query, so we need to spend time training them."
"The solution should force customers to integrate with network traffic to see the full benefits of XDR."
"It is not a suitable solution if you are looking for a single product with multiple features such as DLP, encryption, rollback, etc."
"The dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard."
"When it comes to core analysis, and security analysis, Cortex needs to provide more information."
"There are some default policies which sometimes affect our applications and cause them to run around. In the hotel industry, we use a different type of data versus Oracle and SQL. By default, there are some policies which stop us from running properly. Because of this, the support level is also not that strong. We have to wait to get a results."
"Cortex XDR by Palo Alto Networks could improve by offering remote management. It would be useful to look at the client's issue to fix it."
"It would be better if they could educate the customers more. Some sort of seminars and roadshows will help educate the customers and show what the product can do. The price could be better. It would also help if they had a team for deployment and support."
"Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms."
"The initial setup is a bit complex."
"The cost is too high."
"Forescout Platform could improve the integration or compatibility with other solutions, such as Chinese-made solutions. They do not have any integration with S33 which is a switch. They do not have good integration with new solutions in the market. They do integrate well with Rocket, Cisco, Juniper, and quite a few more but they could expand the integration."
"The installation is not secure because it takes high admin privileges."
"Although Forescout manages endpoints and network devices, there is no capability for user management."
"I believe that the overall user experience has not always been preferable."
"They should improve features related to IT security. ForeScout should analyze behavior to see if the behavior is malicious behavior and block this device. They should develop the ability to analyze the behavior of the device in my environment."
"Two things can be improved in the Forescout Platform. First of all, the support for some certain proprietary protocols from other vendors, but they are very widely used. If the TechEx from Cisco, was added to Forescout, then it will be a full solution for me."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Extended Detection and Response (XDR) with 80 reviews while Forescout Platform is ranked 12th in Extended Detection and Response (XDR) with 69 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Forescout Platform is rated 8.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Forescout Platform writes "We can go granular on each endpoint, quarantine non-compliant machines, and target vulnerabilities through scripting". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Fortinet FortiEDR, whereas Forescout Platform is most compared with Cisco ISE (Identity Services Engine), Aruba ClearPass, Fortinet FortiNAC, Nozomi Networks and Armis. See our Cortex XDR by Palo Alto Networks vs. Forescout Platform report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.