No more typing reviews! Try our Samantha, our new voice AI agent.

Bitdefender GravityZone XDR vs Netsurion comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Extended Detection and Response (XDR)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Bitdefender GravityZone XDR
Ranking in Extended Detection and Response (XDR)
30th
Average Rating
9.0
Reviews Sentiment
7.2
Number of Reviews
6
Ranking in other categories
No ranking in other categories
Netsurion
Ranking in Extended Detection and Response (XDR)
44th
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
24
Ranking in other categories
Managed Security Services Providers (MSSP) (22nd), Security Information and Event Management (SIEM) (49th), SOC as a Service (11th), Managed Detection and Response (MDR) (32nd)
 

Mindshare comparison

As of July 2026, in the Extended Detection and Response (XDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 4.6%, down from 5.1% compared to the previous year. The mindshare of Bitdefender GravityZone XDR is 1.0%, up from 0.7% compared to the previous year. The mindshare of Netsurion is 0.9%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks4.6%
Bitdefender GravityZone XDR1.0%
Netsurion0.9%
Other93.5%
Extended Detection and Response (XDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Jörg Köhler - PeerSpot reviewer
Owner at AvalisNT AG
Setup is smooth and management is seamless, while improvements in email filtering transparency enhance efficiency
For data correlation, we just haven't worked long enough with it to assess its impact on our overall threat response strategy. We prefer a system that simply informs us when there is a problem; we don't want to engage too much in threat hunting. Therefore, we're not looking to create a SOC from this, which is also why we moved from XDR to MDR. There are areas for improvement, including the difficulty in getting the right handles on the applied email filters. It's sometimes unclear why one email is treated as spam and another is not, even if they contain similar content. Making the process of how emails are treated a bit more transparent would be beneficial.
John-Berry - PeerSpot reviewer
Information Technology Manager at ProfitSolv
The SOC center monitors, hunts, and notifies us of threats around the clock
I know they are working to resolve this issue, but Netsurion is currently unable to retrieve logs from S3 buckets. We use WP Engine for a lot of web hosting as well as AWS, and both of these platforms use S3 buckets. I would like Netsurion to be able to pull logs from Linux devices. We have some of that capability, and I believe they can do it. However, the way it works with Amazon is strange and glitchy. Therefore, working something out with Amazon would be great. Netsurion's SOC can be a bit too aggressive at times. We have asked them to adjust their playbook because I am tired of being notified about the same issue multiple times a day. I am aware of the issue, and it is not a cause for concern. Let's only take action on this issue if we see an actual problem.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Cortex XDR features advanced threat detection capabilities."
"Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."
"The level of security I get for my endpoints and servers is extremely valuable."
"We switched because there were a lot of added features with Palo Alto that Check Point didn't have, and it was an upgrade for us."
"Palo Alto is constantly adding new features."
"From the Palo Alto side, whatever they buy, they integrate that really well into their integration suite, and that makes a massive difference."
"I like that the product has behavior-based detection which offers many benefits over signature-based detection."
"We have found in our test Cortex XDR by Palo Alto Networks to be a very good tool."
"The solution has an automatic patch management capability."
"Since then, we are working with it, and so far, we have no problems; it's working smoothly with email security."
"Scalability is pretty easy. It's easy to increase the capacity. You can just add on licenses to the existing license, and the duration of the license can be adjusted. For example, you've already bought a license for a year, and you want to add some more users. We can just add on licenses for the remaining period so that the entire organization can have the same expiry date. That makes renewal easier."
"The HyperDetect feature in GravityZone XDR is effective."
"It provides an in-depth analysis and gives recommendations, along with a historical search capability."
"I find that the auto-response capability is most valuable."
"I appreciate the overall utilization of AI to enhance security posture."
"I would rate GravityZone XDR more than nine out of ten."
"The product satisfies our compliance, and thus, all of our auditors."
"Netsurion's 24/7 monitoring has enhanced the overall security of the company."
"Netsurion has its own security operations center, where it tracks information that comes across our telemetry."
"If I were to look at logs manually, there's no way I could do that. As an example, they are 48 million logs processed a day. There is no way I could look at all 48 million of those. So, it gives me a good structure to be able to look at the different incidents which are created and do different searches."
"The most valuable feature is definitely real-time alerting, especially in situations where someone might attempt to exploit or hack into our network."
"Of all the products and vendors that we've used, I've never had a more positive experience with a support team than with EventTracker's support team."
"EventTracker is exactly that; it's giving me all of the features and functions that we need to do our jobs, and at a price point that's incredibly attractive."
"I like the UI, overall. I like the main page and there are aspects of the search page that I like. When you bring it up on the left-hand side of the page, as you look at the events, the ability to simply hit and click the plus/minus to pull events in and out of the overall view is well done and is very effective from a threat-hunting and an analysis perspective. I like the detail it shows."
 

Cons

"In general, the price could be more competitive."
"The MAC agent is not as robust feature-wise as the PC version."
"Cortex XDR by Palo Alto Networks could improve by adding a sandbox feature to better compete with their competitors which have it."
"The solution should force customers to integrate with network traffic to see the full benefits of XDR."
"The solution eats memory of the computer, unlike anything I've ever seen."
"The technical support is not very good. I find the process difficult."
"Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access."
"The solution can never really be an on-premises solution based simply on the way it is set up. It needs metadata to run and improve. Having an on-premises solution would cut it off from making improvements."
"The product could be improved by offering a single panel for the management of all Bitdefender products. Additionally, there might be a need to simplify the interface in the future."
"It's not very mature, and additional costs are involved."
"Another area of improvement is CPU utilization. CPU utilization could be improved."
"There are areas for improvement, including the difficulty in getting the right handles on the applied email filters."
"The resource consumption is high for Bitdefender GravityZone XDR, nearly using one gigabyte of RAM, especially on Windows 10 and 11."
"The solution’s pricing could be improved."
"Their SOC team can't understand our network because they haven't worked in the actual company. This does negatively affect security posture, e.g., if you don't have knowledge about the network, then you will miss things."
"Probably the biggest thing is just: Can I search for this and what's the best way to do it? If I'm looking for two events versus a singular event, I just throw it back at them. They're the experts on it."
"I would like to see the dashboard come up more quickly."
"I'd like to see improvement in the ease of generating reports. It seems fairly cumbersome whenever you decide to start tracking new categories of events. It seems a little kludgy when trying to generate those reports."
"The EventTracker support said, "We do have that." However, that wasn't necessarily the case. It was primarily an eight to five type of thing."
"I would also like to have a dashboard that I can access anytime to review the real-time data from their website."
"They have their programs and tools that you have to put into your own environment. We basically ingest all the log data and then push it out to them. I wish it was a little bit different than that where we just push directly towards them. I do not know if that is a function that they thought would be better in terms of security, but I wish that instead of doing that, it should go from the device to them and not from the device to another system and then out to them. There seem to be some drawbacks to doing that."
"The system requirements are very, very high. So I need a pretty powerful server to run. If they could lighten that load so that the on-premise part of their product didn't impact my systems as much that would be ideal."
 

Pricing and Cost Advice

"Licensing for Palo Alto Networks Cortex XDR can be costly, especially when it comes to a hundred users. A license is required for each user, and the subscription must be renewed on a yearly basis."
"I did PoCs on products called Cylance and CrowdStrike. Although, I consider these products and they were also good, when it come to cost and budgetary factors, Traps has been proven to be better than the other two products. It is quite cost-effective and delivers all the entire solution which we require."
"I am using the Community edition."
"It has reasonable pricing for the use cases it provides to the company."
"Very costly product."
"It's the most expensive solution, but features-wise, it's quite strong. It's very good for protection, so the results are very good in the case of protection. I would rate it a two out of ten in terms of pricing."
"The pricing is okay, although direct support can be expensive."
"The solution is expensive. It's pricing is on a yearly-basis."
"It's not the price of the software itself that makes it expensive. It's because you have to buy a VM; you have to buy additional hardware. All those things make it slightly costlier."
"On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a six out of ten."
"In the security space, it's hard to quantify your return on investment. So, I don't. We spend about $40,000 a year and so. It's hard to say if the SIEM saved that much money."
"Licensing is very easy. Our CIO takes care of the billing, but in terms of price point, he hasn't complained, so it must be good."
"The solution is fairly expensive, but in my experience, all of the SIEM applications that I've evaluated or looked at cost about the same."
"The upfront costs have increased, and we have been locked into this contract. The cost of changing over from it is way too high."
"EventTracker's subscription-based model is interesting as far as yearly license type stuff. It's nice because you know what it's going to be next year. We haven't really looked at any other solutions. The pricing at the time compared to the other solutions was a lot less. A couple of years ago, we actually looked at Splunk. The amount in Splunk's licensing model is based on 20 gigs a day, or something like that. Based on our number of logs and stuff that we were already generating, the costs would be substantially more for the amount of logs that we would be getting."
"When we first got the EventTracker product, we were using SIEM Simplified. At the time they didn't call it that, but it was more of a service thing. So, there was a bit more hand-holding and getting stuff set up, along with failure reports, that they did during the first one to two years. Then, we decided that the the additional money to have someone do these daily reports wasn't terribly useful, so we discontinued that service."
"I don't know if the pricing is by the seat but we're paying about $20,000 to 25,000 a year. On top of that, we pay for the managed support services. That runs us about another $35,000 or $40,000 a year."
"Our budget follows the calendar year. We just started a new budget year at the beginning of the month. We did budget for an increase in our threat management system selection. Therefore, we have the budget to implement and accommodate a threat management system change, including an increase for the quoted actions that we received to improve EventTracker. We are just waiting on our council to approve that budget, which might not be for a little while. Hopefully, when they do, we will be able to jump on doing something."
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Comms Service Provider
11%
Construction Company
11%
Computer Software Company
11%
Outsourcing Company
7%
Construction Company
11%
Outsourcing Company
10%
Performing Arts
10%
Manufacturing Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
No data available
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise7
Large Enterprise7
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What needs improvement with Bitdefender GravityZone XDR?
For data correlation, we just haven't worked long enough with it to assess its impact on our overall threat response ...
What is your primary use case for Bitdefender GravityZone XDR?
I am using SentinelOne not for MDR, only for EDR/XDR, because we wanted to use it for MDR, but the threshold for the ...
Ask a question
Earn 20 points
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
No data available
Netsurion Managed Threat Protection, Netsurion EventTracker
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Information Not Available
The Salvation Army, The FRESH Market, Pacific Western Bank, NASA, American Academy of Orthopaedic Surgeons (AAOS), and Talbot’s Stores
Find out what your peers are saying about Bitdefender GravityZone XDR vs. Netsurion and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.