No more typing reviews! Try our Samantha, our new voice AI agent.

Bitdefender GravityZone XDR vs Microsoft Defender XDR comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Extended Detection and Response (XDR)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
113
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Bitdefender GravityZone XDR
Ranking in Extended Detection and Response (XDR)
30th
Average Rating
9.0
Reviews Sentiment
7.2
Number of Reviews
6
Ranking in other categories
No ranking in other categories
Microsoft Defender XDR
Ranking in Extended Detection and Response (XDR)
5th
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
108
Ranking in other categories
Endpoint Detection and Response (EDR) (9th), Microsoft Security Suite (4th)
 

Mindshare comparison

As of July 2026, in the Extended Detection and Response (XDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 4.6%, down from 5.1% compared to the previous year. The mindshare of Bitdefender GravityZone XDR is 1.0%, up from 0.7% compared to the previous year. The mindshare of Microsoft Defender XDR is 4.0%, down from 5.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks4.6%
Microsoft Defender XDR4.0%
Bitdefender GravityZone XDR1.0%
Other90.4%
Extended Detection and Response (XDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Jörg Köhler - PeerSpot reviewer
Owner at AvalisNT AG
Setup is smooth and management is seamless, while improvements in email filtering transparency enhance efficiency
For data correlation, we just haven't worked long enough with it to assess its impact on our overall threat response strategy. We prefer a system that simply informs us when there is a problem; we don't want to engage too much in threat hunting. Therefore, we're not looking to create a SOC from this, which is also why we moved from XDR to MDR. There are areas for improvement, including the difficulty in getting the right handles on the applied email filters. It's sometimes unclear why one email is treated as spam and another is not, even if they contain similar content. Making the process of how emails are treated a bit more transparent would be beneficial.
reviewer2812758 - PeerSpot reviewer
Infosec at a government with 10,001+ employees
Integrated defenses have unified threat hunting, phishing simulations, and identity investigations
I appreciate Microsoft Defender XDR's MDE, Microsoft Defender tool, which has Attack Simulator. Instead of doing a phishing campaign and getting a separate tool, Microsoft Defender XDR does it all. These features of Microsoft Defender XDR have helped us conduct a phishing campaign quarterly, which has been beneficial. I also appreciate the fact that it has Defender for Office integrated, Defender for Identity, and everything integrated together. I would describe the process of using Microsoft Defender XDR to prioritize incidents in my security operations as quite decent. I appreciate the automatic alerting system where any incidents or alerts we receive come directly to our email. From there, we can open the email, go directly to Microsoft Defender XDR, and start our investigations and remediations. I perceive the integration of security and identity access management in Microsoft Defender XDR as affecting my identity protection strategies very well because it is well integrated with Purview, integrated well with Entra ID, and integrated well with Exchange. I especially appreciate MDO, the Office product. If anything happens and I want to conduct an investigation, it takes me directly to Exchange, where I can also investigate any emails or phishing incidents. Instead of going to different portals, everything can be done from Microsoft Defender XDR. If necessary for further investigation, Microsoft Defender XDR then directs me to that environment. I would assess the integration of AI in guiding security actions within Microsoft Defender XDR as quite positive. Recently, Security Copilot went big, and it is beneficial that I can use that, especially to write KQL. I can do threat hunting features and intelligence all within using Microsoft's Security Copilot. It also has a nice AI feature for threat hunting. I know that all the Defender logs go to Sentinel, and I can pull it up from Microsoft Defender XDR or from Sentinel. The fact that I can actually do all that within Microsoft Defender XDR is a nice feature. In the top module, I can do threat lookups, and I can actually type KQLs in Microsoft Defender XDR and look up incidents. Predictive shielding has had a nice impact on my proactive security measures. It is beneficial that it has, similar to Entra ID, a secure score. For me to improve the product, the secure score helps me out. If I rate it from highest to lowest, I can see what things I can improve. Secure score helps me see what areas I can improve in Microsoft Defender XDR to increase my score and bring it to 80 or more. Knowing Microsoft Defender XDR from using it since 2019, before COVID days, I know that they have improved significantly. It is much more user-friendly and has a very nice vulnerability feature that I find handy and useful. The fact that this feature integrates into Intune is also very decent.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"One of the main benefits of the solution is its intelligence to correlate the events into an incident."
"Stability is one of the features we like the most."
"Cortex XDR by Palo Alto Networks is easy to use and does not consume a lot of hardware resources."
"Cortex XDR's most valuable feature is its intelligence-based dashboards."
"Palo Alto is the core of the security infrastructure in the environment."
"We think that this product will help us grow, as it meets our needs currently and we can grow with it over time."
"We've had a significant increase in blocking with a decrease in false positives, because it's looking at how the files work, not just a list of files that it's been told to look for."
"Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place."
"Scalability is pretty easy. It's easy to increase the capacity. You can just add on licenses to the existing license, and the duration of the license can be adjusted. For example, you've already bought a license for a year, and you want to add some more users. We can just add on licenses for the remaining period so that the entire organization can have the same expiry date. That makes renewal easier."
"I appreciate the overall utilization of AI to enhance security posture."
"Since then, we are working with it, and so far, we have no problems; it's working smoothly with email security."
"I find that the auto-response capability is most valuable."
"The solution has an automatic patch management capability."
"The HyperDetect feature in GravityZone XDR is effective."
"I would rate GravityZone XDR more than nine out of ten."
"It provides an in-depth analysis and gives recommendations, along with a historical search capability."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"The native capabilities are quite good as it slips in seamlessly as part of our integration and gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"The feature of Microsoft Defender XDR that I preferred the most traditionally was its focus on endpoint protection, but now identity is right up there with endpoint security. Identity is important because different compromises start at the identity level. This allows us to understand what actions are being taken, who is doing them, and whether it is actually them."
"The biggest return on investment when using Microsoft Defender XDR for me is saving time for the most part."
"There is also one dashboard that shows us the status of many controls at once and the details I can get... It gives a great overview of many areas, such as files, emails, chats, and links. Even with the apps, it gives you a great overview. In one place you can see where you should look into things more deeply..."
 

Cons

"Fine-tuning the detection policy requires experience because the policy is very complex in Cortex XDR by Palo Alto Networks, and we get high false positive alerts."
"The downsides of Cortex XDR by Palo Alto Networks are that in many incidents, when I enter the causality chain, there are numerous logs."
"Cortex XDR by Palo Alto Networks is a very good product, but financially, it is very expensive, so the company should look into that area."
"It's not an ideal choice for smaller businesses, as you need a minimum of 200 endpoints to even use the solution at all."
"This is a very costly product."
"The negative aspect I see is the economic model used by Palo Alto."
"One thing that was missing was the integration part. Currently, they don't have out-of-box integration with IBM QRadar, or if they have the integration, the integration doesn't work well."
"Dashboards do not allow everyone to see what's happening."
"The product could be improved by offering a single panel for the management of all Bitdefender products. Additionally, there might be a need to simplify the interface in the future."
"It's not very mature, and additional costs are involved."
"The resource consumption is high for Bitdefender GravityZone XDR, nearly using one gigabyte of RAM, especially on Windows 10 and 11."
"Another area of improvement is CPU utilization. CPU utilization could be improved."
"There are areas for improvement, including the difficulty in getting the right handles on the applied email filters."
"The solution’s pricing could be improved."
"Defender's AI for identifying suspicious activity could be improved. Also, I do a lot of home updates. Maybe there is a way to set it up faster. For example, let's say that I want to automatically update seven computers, servers, etc. I wouldn't do it to a user, but maybe the server. I don't mind if the server restarts automatically."
"There are still some components, such as vulnerability management within the vendor product, where improved integration would be beneficial."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"The tool gives inconsistent answers and crashes a lot."
"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
 

Pricing and Cost Advice

"It is "expensive" and flexible."
"I did PoCs on products called Cylance and CrowdStrike. Although, I consider these products and they were also good, when it come to cost and budgetary factors, Traps has been proven to be better than the other two products. It is quite cost-effective and delivers all the entire solution which we require."
"It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff."
"Our license will require renewal in August, after which the maintenance will continue as usual."
"I don't like that they have different types of licenses."
"It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."
"We pay about $50,000 USD per year for a bundle that includes Cortex XDR."
"The return on investment is from the user side because we have seen the performance of it increase the delivery time of the product if we are using too many web-based and on-premise applications. In indirect ways, we saw the return of investment in terms of performance and user satisfaction increase."
"On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a six out of ten."
"It's not the price of the software itself that makes it expensive. It's because you have to buy a VM; you have to buy additional hardware. All those things make it slightly costlier."
"Its licensing and pricing are handled by someone else. My role is limited to incidents or issues with the portal, but you get what you pay for. It is worth the cost."
"It has consistently offered highly appealing academic pricing, with distinct rates for higher education and general educational purposes."
"On average, we pay around 55 euros per user for the services and features we receive."
"The price could be better. Normally, the costs depend on the country you're located in for the license. When we were in the initial stage, we went with the E5 license they call premium standard. It cost us around $5.20 per month for four users."
"Microsoft Defender XDR is included in our license."
"365 Defender is billed per account. I don't know the exact price, but my supervisor told me that Microsoft Defender is cheaper than the alternatives. It's bundled, so you get all the features in one place."
"Sometimes 365 Defender is expensive, but it can be moderate, depending on the organization's size and the license type. We're satisfied with the cost because it gives us a product that protects our entire environment with DLP. To compromise some cost, of course, we are to complete the most secure environment."
"Microsoft purposely makes its license combinations complex and includes combinations like Microsoft 365 E3 and Microsoft 365 E5, Office 365 E3, Office 365 E5, and Office 365 E1, so you get confused. Microsoft tries to sell you a bundle of a lot of things together."
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Comms Service Provider
11%
Construction Company
11%
Computer Software Company
11%
Outsourcing Company
7%
Computer Software Company
9%
Financial Services Firm
9%
Comms Service Provider
7%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise52
No data available
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise28
Large Enterprise41
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What needs improvement with Bitdefender GravityZone XDR?
For data correlation, we just haven't worked long enough with it to assess its impact on our overall threat response ...
What is your primary use case for Bitdefender GravityZone XDR?
I am using SentinelOne not for MDR, only for EDR/XDR, because we wanted to use it for MDR, but the threshold for the ...
What is your experience regarding pricing and costs for Microsoft 365 Defender?
My experience with the pricing, setup costs, and licensing of Microsoft Defender XDR is that we are on an E5 license,...
What needs improvement with Microsoft 365 Defender?
From my perspective, Microsoft Defender XDR can be improved with better visibility in certain areas where I can trigg...
What is your primary use case for Microsoft 365 Defender?
My main use cases for Microsoft Defender XDR are telemetry, advanced hunting, and the ability to perform host isolati...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
No data available
Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Information Not Available
Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
Find out what your peers are saying about Bitdefender GravityZone XDR vs. Microsoft Defender XDR and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.