Try our new research platform with insights from 80,000+ expert users

Cortex XDR by Palo Alto Networks vs CrowdStrike Falcon comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on May 4, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.7
Cortex XDR secures data, reduces malware, lowers costs, and replaces systems, enhancing user satisfaction and operational efficiency.
Sentiment score
7.4
CrowdStrike Falcon enhances productivity and security, reducing costs and downtime while efficiently managing threats with rapid deployment and detection.
They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.
CrowdStrike Falcon saves time and offers good value for money, especially for enterprise companies, because it can stop breaches.
 

Customer Service

Sentiment score
6.6
Cortex XDR support is praised for responsiveness but criticized for delayed responses and knowledge gaps in certain regions.
Sentiment score
7.0
CrowdStrike Falcon support is valued for responsiveness and expertise, though growth causes delays; premium support is highly rated.
Every vendor has similar support; it depends on how the case is handled and raised.
Their support is efficient and responsive whenever I raise a ticket through my portal.
On a scale of one to ten, I would rate the technical support as a 10 because they resolve many issues for us.
The CrowdStrike team is very efficient; I would rate them ten out of ten.
They could improve by initiating calls for high-priority cases instead of just opening tickets.
 

Scalability Issues

Sentiment score
7.6
Cortex XDR offers scalable, efficient data handling across Linux, Mac, and Windows, praised for simplifying large enterprise management.
Sentiment score
7.9
CrowdStrike Falcon's scalability and adaptability make it ideal for diverse platforms, though costs may limit expansive deployments.
It has adequate coverage and is easy to deploy.
In terms of scalability, I find CrowdStrike to be stable, and I have not encountered any limitations with it.
There's no scalability limitation from CrowdStrike itself, as it just requires agent deployment.
 

Stability Issues

Sentiment score
8.1
Cortex XDR is praised for its stability and reliability, with minor issues noted but generally offering seamless protection.
Sentiment score
8.1
CrowdStrike Falcon is highly regarded for its stability, efficiency, and reliability, with minor update issues quickly resolved.
Cortex XDR is stable, offering high quality and reliable performance.
I have never seen instability in the CrowdStrike tool.
We are following N-1 versions across our environment, which is stable.
The biggest issue occurred when every computer worldwide experienced a blue screen.
 

Room For Improvement

Cortex XDR struggles with integration, high memory, false positives, limited features, complex setup, and lacks enhanced support and customization.
CrowdStrike Falcon needs system integration, better reporting, reduced false positives, enhanced support, advanced features, and flexible pricing.
The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products.
Cortex XDR could improve its sales support team, including better commission structures and referral programs.
Simplifying the querying process, such as using double quote queries or directly obtaining logs based on IP addresses or usernames, would be beneficial.
Another concern is CrowdStrike's GUI. It changes annually, making it hard to work and find options.
Threat prevention should be their first priority.
 

Setup Cost

Enterprise buyers view Cortex XDR as expensive yet flexible, offering scalable licensing with varying costs based on features and users.
CrowdStrike Falcon's pricing ranges from $30-$100 per user annually, ideal for large enterprises but costly for smaller businesses.
Cortex XDR is perceived as expensive by some customers, yet offers dynamic pricing.
Compared to competitors such as CrowdStrike and Sophos, the pricing of Cortex XDR by Palo Alto Networks is similar to CrowdStrike but more expensive than Sophos.
It is expensive compared to SentinelOne, but as the market leader, it is worth it.
The licensing cost and setup costs are affordable.
The solution is a bit expensive.
 

Valuable Features

Cortex XDR excels in cybersecurity with advanced detection, ease of use, and integration, offering scalable, efficient threat management.
CrowdStrike Falcon provides robust threat intelligence, AI-driven detection, and seamless integration with minimal system impact and intuitive interface.
It incorporates AI for normal behavior detection, distinguishing unusual operations.
The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.
I can investigate by accessing the customer's host based on the RTR environment and utilize host search to know details for the past seven days, including logins, processes, file installations, malicious processes, and network connections.
The real-time analytics aspect of CrowdStrike performs well because we get all logs in real-time, with no delay, allowing us to take action immediately.
Being an EDR solution, it helps us identify attacks in real-time.
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Ranking in Endpoint Protection Platform (EPP)
4th
Ranking in Extended Detection and Response (XDR)
7th
Ranking in AI-Powered Cybersecurity Platforms
4th
Average Rating
8.4
Reviews Sentiment
7.4
Number of Reviews
90
Ranking in other categories
Ransomware Protection (1st)
CrowdStrike Falcon
Ranking in Endpoint Protection Platform (EPP)
2nd
Ranking in Extended Detection and Response (XDR)
1st
Ranking in AI-Powered Cybersecurity Platforms
1st
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
132
Ranking in other categories
Security Information and Event Management (SIEM) (6th), Threat Intelligence Platforms (1st), Endpoint Detection and Response (EDR) (1st), Attack Surface Management (ASM) (1st), Identity Threat Detection and Response (ITDR) (2nd)
 

Mindshare comparison

As of June 2025, in the Extended Detection and Response (XDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 5.6%, down from 6.3% compared to the previous year. The mindshare of CrowdStrike Falcon is 14.9%, down from 19.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR)
 

Featured Reviews

NiteshSharma - PeerSpot reviewer
Automated threat response and behavioral control improve security measures
I recommend adding a data loss prevention (DLP ( /categories/data-loss-prevention-dlp )) solution to Cortex XDR ( /categories/extended-detection-and-response-xdr ) by Palo Alto Networks. The inclusion of this feature would allow the application of DLP ( /categories/data-loss-prevention-dlp ) policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products. Additionally, multi-tenancy and multi-cloud features are not available and should be considered for inclusion.
Waleed Omar - PeerSpot reviewer
Provides effective real-time threat detection with potential for cost optimization
Some features such as device control, firewall management, and file analysis are standalone products that we need to purchase separately. If these features came out of the box within the product, it would be much more beneficial for us. Other providers such as SentinelOne include these features in their base product. We attended a CrowdStrike Falcon event where they discussed some shallow AI features, but we cannot see these in our panel yet. We work with different solutions such as Darktrace and SocRadar, where AI features are automatically displayed in our dashboards after release. However, for CrowdStrike Falcon, we cannot see these features.
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
856,874 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
9%
Manufacturing Company
8%
Government
7%
Computer Software Company
15%
Financial Services Firm
10%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that are very scalable, secure, and user-friendly. Cortex XDR by Palo Alto offers ...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a cl...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...
Is Crowdstrike Falcon better than Trend Micro Deep Security?
I like that Crowdstrike allows me to easily correlate data between my firewalls. What’s most useful for my needs is the intelligence modules feature. I also find that Crowdstrike Falcon’s dashboard...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
CrowdStrike Falcon, CrowdStrike Falcon XDR, CrowdStrike Falcon Threat Intelligence, CrowdStrike Identity Protection, CrowdStrike Falcon Surface
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Information Not Available
Find out what your peers are saying about Cortex XDR by Palo Alto Networks vs. CrowdStrike Falcon and other solutions. Updated: June 2025.
856,874 professionals have used our research since 2012.