We performed a comparison between Cortex XDR by Palo Alto Networks and CrowdStrike Falcon based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both products receive high marks from reviewers. However, CrowdStrike Falcon comes out on top in this comparison due to its robust performance, ease of deployment, reasonable cost, and impressive ROI.
"Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP."
"The most valuable feature is its threat protection and data privacy, including its cyber attack and data protection, as we need to cover and protect data on user devices."
"Device Trajectory is one of the most valuable features. We're able to dig in and really understand how things came to be and where to focus our efforts."
"Definitely, the best feature for Cisco Secure Endpoint is the integration with Talos. On the backend, Talos checks all the signatures, all the malware, and for any attacks going on around the world... Because Secure Endpoint has a connection to it, we get protected by it right then and there."
"The biggest lesson that I have learned from using this product is that there is a lot more malware slipping through my email filters than I expected."
"It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it."
"The most valuable feature is signature-based malware detection."
"Among the most valuable features are the exclusions. And on the scalability side, we can integrate well with the SIEM orchestration engine and a number of applications that are proprietary or open source."
"Monitoring is most valuable."
"It'll not slow down your system when compared to others."
"The behavior-based detection feature is valuable."
"The initial setup is easy."
"Cortex XDR by Palo Alto Networks should be a stable solution."
"Palo Alto is constantly adding new features."
"One of the main benefits of the solution is its intelligence to correlate the events into an incident."
"One thing that I like about Cortex XDR by Palo Alto Networks, it is detecting all the suspicious or malicious binaries, and it has integration with Palo Alto Firewall."
"As an EDR tool, we can integrate log management and event management. The solution deals with threats automatically, that's the advantage."
"The most valuable feature is the activity dashboard because it gives you a holistic view of your environment from a security standpoint."
"Probably the most valuable thing to me is the real-time response piece. The fact that I can connect to an endpoint as long as it is on the Internet, no matter where it is globally. I can remove files from the endpoint, drop files on the endpoint, stop processes, reboot it, run custom scripts, and deploy software. Pretty much no other tool can do all that."
"The most valuable features in CrowdStrike Falcon are the full EDR with antivirus, hunting, reporting, and RTR remote control."
"The most valuable feature is that we don't need to re-image machines as much as we had to."
"Easy to use, intelligent, and stable threat detection software."
"CrowdStrike enables the infrastructure managers to visualize all the events and get information about the network."
"The most valuable feature of CrowdStrike Falcon is its accuracy."
"It could be improved in connection with artificial intelligence and IoT."
"We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way."
"The Linux agent is a simple offline classic agent, and it doesn't support Secure Boot, which is important to have on a Linux machine. The Linux agent has conflicts with other solutions, including the Exploit Prevention system found in Windows servers. We didn't find a fix during troubleshooting, and Cisco couldn't offer one either. Eventually, we had to shut down the Exploit Prevention system. We didn't like that as we always want a solution that can fit smoothly into the setup without causing problems, especially where security is concerned. The tool also caused CPU spikes on our production machine, and we were seriously considering moving to another product."
"The GUI needs improvement, it's not good."
"We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints."
"I would like to see integration with Cisco Analytics."
"The thing I hate the most, which they have not fixed, is when it creates duplicate entries within a console. If you have a computer and you upgrade from Windows 7 to Windows 10, or you upgrade your agent from version 6 to 7, it creates a new instance in there instead of updating the information. Instead of paying a license for one computer, I have to license two computers until I manually go in, search for all the duplicate entries, and clean them out myself."
"An easier way to do deduplication of machines, or be alerted to the fact that there's more than one instance of a machine, would be useful... That way you could get a more accurate device count, so you're not having an inflated number."
"Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want."
"A little bit more automation would be nice."
"It would be good to have a better way to search for a file within the UI."
"It would be better if they could educate the customers more. Some sort of seminars and roadshows will help educate the customers and show what the product can do. The price could be better. It would also help if they had a team for deployment and support."
"When it comes to core analysis, and security analysis, Cortex needs to provide more information."
"We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky."
"In an upcoming release, the solution could improve by proving hard disk encryption. If it could support this it would be a complete solution."
"In reporting they should have a customizable dashboard due to the fact that C-level people don't like reporting to the IT department. They prefer to have a real-time dashboard. That kind of dashboard needs to have various customizations."
"I think there's an opportunity to enhance the AI or at least the traps to say, if something changes from this baseline, let us know and flag it."
"Falcon could be improved with more function on the mobile end of things and better optimization with mobile devices."
"I would love to see more investment in Insight because CrowdStrike have an opportunity to potentially displace some of the vulnerability management vendors with the visibility they can see over time. I want to see them continue to evolve, e.g., what other things can they disrupt which are operational things we have to continue to do as an organization."
"CS Falcon sensing capabilities for non-domain machines should be enhanced since the agent doesn't detect the neighbor's IP Address and/or any anomaly which was identified in the network for the non-domain machine."
"In a future release, I would like to see more integrations for data breaches and security features."
"In the future release of CrowdStrike Falcon, they should add a sandbox feature."
"The installation process for this software needs to be simplified."
"The biggest issue with Falcon as a standalone product is it doesn't have very much reporting."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Protect your organization from all threats - not just malware - even when computers and servers aren’t connected to the internet. Start your free trial and deploy CrowdStrike Falcon within minutes to start receiving full threat protection.
Cortex XDR by Palo Alto Networks is ranked 4th in EPP (Endpoint Protection for Business) with 45 reviews while CrowdStrike Falcon is ranked 1st in EPP (Endpoint Protection for Business) with 48 reviews. Cortex XDR by Palo Alto Networks is rated 8.2, while CrowdStrike Falcon is rated 8.8. The top reviewer of Cortex XDR by Palo Alto Networks writes "Easy to set up, reliable, and always scanning". On the other hand, the top reviewer of CrowdStrike Falcon writes "Speeds up the data collection for our phishing playbooks dramatically". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, SentinelOne, Symantec Endpoint Security, Trend Micro Apex One and Cisco SecureX, whereas CrowdStrike Falcon is most compared with Microsoft Defender for Endpoint, SentinelOne, Darktrace, Trend Micro Deep Security and Trend Micro XDR. See our Cortex XDR by Palo Alto Networks vs. CrowdStrike Falcon report.
See our list of best EPP (Endpoint Protection for Business) vendors.
We monitor all EPP (Endpoint Protection for Business) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
