No more typing reviews! Try our Samantha, our new voice AI agent.

Cisco XDR vs ESET EDR/XDR comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Extended Detection and Response (XDR)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
113
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Cisco XDR
Ranking in Extended Detection and Response (XDR)
9th
Average Rating
8.4
Reviews Sentiment
6.9
Number of Reviews
21
Ranking in other categories
No ranking in other categories
ESET EDR/XDR
Ranking in Extended Detection and Response (XDR)
22nd
Average Rating
9.0
Reviews Sentiment
4.7
Number of Reviews
4
Ranking in other categories
Authentication Systems (20th), Endpoint Detection and Response (EDR) (28th)
 

Mindshare comparison

As of July 2026, in the Extended Detection and Response (XDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 4.6%, down from 5.1% compared to the previous year. The mindshare of Cisco XDR is 1.6%, down from 1.7% compared to the previous year. The mindshare of ESET EDR/XDR is 1.4%, up from 1.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks4.6%
Cisco XDR1.6%
ESET EDR/XDR1.4%
Other92.4%
Extended Detection and Response (XDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Fred Parks - PeerSpot reviewer
Senior Systems Consultant at W.C. Bradley Co.
Centralized visibility has transformed incident investigations and now cuts response time dramatically
Workflows could definitely be easier to work with. Workflows are automated tasks that can be kicked off inside of a playbook. When someone is responding to something, they can click a button and it will perform automated tasks for them inside of these other products. The product can actually control the behavior of a firewall and you can write a rule in a firewall from Cisco XDR without having to go into the firewall software. However, if it is not a native workflow automation, it is very difficult to create your own. It is not intuitive and you almost have to be a developer and get really good with the API. This could definitely be improved on, particularly the custom workflow automation. Another thing that could be improved is Cisco documenting how it makes decisions, because there are certain factors or criteria that it uses from the source products. Cisco XDR gets all of its data from the integrations, so if you do not integrate anything, it is not going to do anything. Sometimes in these integration products, such as Secure Network Analytics or Cisco Security Exposure, they could be generating some type of alert and you do not necessarily see that in Cisco XDR. This is because it knows, maybe because of these other products, it is not really a big deal and is not big enough to raise an incident. However, I do not think Cisco does a great job in explaining what those rules are, such as why this happens and how this happens. This can cause some questions and some concern. I think it is doing the right thing, but I think it would be better if they had a rule set to say, based on this data, this is how the product actually works.
GirdharMishra - PeerSpot reviewer
Program Manager at iONE IT Solutions
Centralized monitoring has improved threat visibility and reduced incident response time
In terms of valuable features in ESET EDR/XDR, we focus on endpoint device management as well as for the firewall team, including our log analysis and monitoring the firewall, which are three significant functions for us. ESET EDR/XDR has automated threat detection that gives us real-time incident alerts, and it helps us proactively receive and work on incidents that could have an impact. Regarding the usefulness of ESET EDR/XDR's behavior-based analysis in detecting potential breaches, we have identified some files or configuration files that should remain static, and if any changes occur without proper change management, we are able to identify those changes, including detecting zero-day attacks. The integration of threat intelligence feeds has helped our response strategies, as we are using Oracle OCA-based data analysis, and we have integrated it so that logs are forwarded to our SIEM, allowing us to analyze the data effectively. I evaluate the impact of centralized management on our security operations as very useful because it eliminates the need to log into individual systems to find sources, allowing us to identify all types of risks and vulnerabilities from a single desk.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Implementing Cortex XDR by Palo Alto Networks has had a significant impact on my security analyst workload because it becomes much easier."
"Cortex is the best tool for endpoint detection, and I have used it to verify hashes or domains to identify malicious activity, trigger playbooks that automate and gather endpoint logs, block malicious processes, and update incident tickets, showcasing end-to-end processes with automation in investigation and reducing the analysis workflow."
"The most valuable features are incident creation, policy-based protection, IP whitelisting, and device encryption. These are beneficial for endpoint and server security."
"The level of security I get for my endpoints and servers is extremely valuable."
"Its interface and pricing are most valuable, and it is better than other vendors in terms of security."
"The policy configuration is great, the granularity of policies that are available is very helpful, it is straightforward to set up, and it has pretty much everything we need and works well within the Palo Alto ecosystem."
"In one single alert, we are getting the network telemetry, endpoint telemetry, email security telemetry, and proxy telemetry all in one single ticket, making it very easy."
"The one feature of Palo Alto Networks Traps that our organization finds most valuable is the App ID service."
"Cisco XDR has definitely improved our security posture and our visualization, ensuring that we are protected and providing greater visibility for our SOC team."
"Cisco XDR is built primarily for enterprise endpoint security, integrated onto endpoints with logs integrated into SIEM, and it is used for security investigations, malware impact investigation, and tracking particular security incidents through integration of different logs, where endpoint logs are very important, providing detail about processes run by potential malware and any call-outs made to command and control."
"The merging of all of that data into one display is probably the best benefit of Cisco XDR."
"Cisco XDR is one of the most matured systems available."
"Since implementing Cisco XDR, our organization has improved its incident response process and overall SOC visibility."
"Cisco XDR is appreciated as a SaaS-based platform for its user-friendliness with simple management tools that are easy for configuration."
"Overall, the platform has strengthened our cybersecurity posture and increased operational efficiency for the security team."
"Cisco XDR has positively impacted my organization because instead of ten people working on one event, Cisco XDR can do many things an analyst can do, reducing the human effort required and coordinating everything."
"The solution is easy to use."
"It is pretty easy to install without any hassles, and ESET EDR_XDR has its own cloud portal where everything is available."
"The initial setup of ESET EDR_XDR is very simple, easy to deploy, and manage."
"ESET EDR/XDR has automated threat detection that gives us real-time incident alerts, and it helps us proactively receive and work on incidents that could have an impact."
 

Cons

"There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration."
"A potential area of improvement for Cortex XDR by Palo Alto Networks is the cost."
"In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are the big company, so they can improve the UI a little bit. The UI, the reports, the log system can all be improved."
"I don't like that they have different types of licenses. For example, if users select a license, they think they will have all the platforms they need to improve their network or security. But after some time, Palo Alto Networks changed their licensing, and some of the features that, for example, were free at the beginning now have a cost. I think the integration can be improved. For example, a lot of tools are just integrated through APIs."
"We had a problem with getting our older endpoints up to date, but their newest updates have been really good. I've been pleased with it in terms of what our needs are. It's doing what we want it to do."
"The solution could improve by providing better integration with their own products and others."
"The solution needs better reports. I think they should let the customer go in and customize the reports."
"Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want."
"Improvements in Cisco XDR revolve around performance."
"I could not choose Cisco XDR a perfect score mainly because there is still room for improvement in usability and customization."
"My only complaint about Cisco XDR is related to licensing, which is complicated."
"They need to provide better pricing and bundle XDR licenses with products like Meraki solutions or Firepower Threat Defense."
"The interface of Cisco XDR can be improved."
"Cisco XDR could be improved in areas concerning dashboard customization and reporting flexibility."
"One area where Cisco XDR could improve is the learning curve for new users, especially during initial setup and workflow customization."
"I would say I got to stop beta testing myself."
"The memory and CPU footprint can affect performance. It sometimes slows down the CPU performance."
"ESET EDR_XDR needs to conduct more research and development and innovations in early detection of attacks."
"The solution could improve how it scours each website."
 

Pricing and Cost Advice

"It has a yearly renewal."
"Cortex XDR’s pricing is very reasonable."
"The cost depends on your chosen license type, like Pro or other licenses."
"We pay about $50,000 USD per year for a bundle that includes Cortex XDR."
"This is an expensive solution."
"This is an expensive solution."
"Every customer has to pay for a license because it doesn't work with what you get from a managed services provider."
"Our license will require renewal in August, after which the maintenance will continue as usual."
"The licensing of Cisco XDR is a bit complicated. The cost can depend on what it is, and the process can be a little complicated."
"I rate the solution’s pricing a six or seven out of ten.."
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Outsourcing Company
20%
Computer Software Company
9%
Manufacturing Company
8%
Government
8%
Financial Services Firm
15%
Comms Service Provider
13%
Manufacturing Company
8%
Construction Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise52
By reviewers
Company SizeCount
Small Business17
Midsize Enterprise9
Large Enterprise4
No data available
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What is your experience regarding pricing and costs for Cisco XDR?
The centralized visibility, automation, and reduction in investigation time have provided good operational value for ...
What needs improvement with Cisco XDR?
Cisco XDR could improve the UI customization experience. Some workflows still feel more complex than they need to be,...
What is your primary use case for Cisco XDR?
We mainly use Cisco XDR for centralized threat detection and incident investigation, especially for correlating endpo...
What is your experience regarding pricing and costs for ESET EDR/XDR?
I find the price of ESET EDR/XDR to be competitive to the market, which is a reasonable aspect for us.
What needs improvement with ESET EDR/XDR?
I just deploy and forget it, so I don't get into much detail about improvements. The major setback we face with ESET ...
What advice do you have for others considering ESET EDR/XDR?
We might get good pricing one year, and then the next year there could be significant pricing issues. Integration wit...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
No data available
ESET Secure Authentication
 

Interactive Demo

Demo not available
Demo not available
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Information Not Available
Mitsubishi Motors, Canon
Find out what your peers are saying about Cisco XDR vs. ESET EDR/XDR and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.