Try our new research platform with insights from 80,000+ expert users

Cortex XDR by Palo Alto Networks vs Google Security Operations comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 2, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Ranking in AI-Powered Cybersecurity Platforms
2nd
Average Rating
8.4
Reviews Sentiment
6.9
Number of Reviews
103
Ranking in other categories
Endpoint Protection Platform (EPP) (5th), Endpoint Detection and Response (EDR) (8th), Extended Detection and Response (XDR) (7th), Ransomware Protection (2nd)
Google Security Operations
Ranking in AI-Powered Cybersecurity Platforms
11th
Average Rating
9.0
Reviews Sentiment
7.7
Number of Reviews
4
Ranking in other categories
Security Information and Event Management (SIEM) (23rd), Security Orchestration Automation and Response (SOAR) (14th)
 

Mindshare comparison

As of January 2026, in the AI-Powered Cybersecurity Platforms category, the mindshare of Cortex XDR by Palo Alto Networks is 10.0%, down from 11.1% compared to the previous year. The mindshare of Google Security Operations is 4.5%, up from 0.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
AI-Powered Cybersecurity Platforms Market Share Distribution
ProductMarket Share (%)
Cortex XDR by Palo Alto Networks10.0%
Google Security Operations4.5%
Other85.5%
AI-Powered Cybersecurity Platforms
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
reviewer2203269 - PeerSpot reviewer
Cloud Senior lead at a financial services firm with 10,001+ employees
Real-time threat detection and alarm management have improved security operations
Google SecOps is extremely useful for threat detection and hunting. It provides a detailed pipeline for detection and is beneficial for real-time threat monitoring when integrated with Mandiant. The tool's integration capabilities are effective, and it helps in managing alarms for normal threats efficiently. Overall, Google SecOps is a very useful service for security operations.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The positive impacts I see from Cortex XDR by Palo Alto Networks include a complete 360-degree view of our security posture altogether, being a uniform platform where we are ingesting logs from multiple resources."
"The most valuable features are incident creation, policy-based protection, IP whitelisting, and device encryption. These are beneficial for endpoint and server security."
"The product's most valuable features are massive user and feature intelligence exploit detection."
"Provides behavior-based detection which offers many benefits over signature-based detection."
"The most valuable aspect of Cortex XDR by Palo Alto Networks for me is its integration with AI detection, where we get to know the behavioral detection based on users, traffic patterns, and different services that we consume."
"Cortex XDR features advanced threat detection capabilities."
"Traps is quite a stable product. Once it was properly deployed and configured, you have nothing to be worried about."
"The normal protection was really effective, and we detected situations that if we didn't have Cortex XDR by Palo Alto Networks, it's highly likely that we would have been affected, but it protected the infrastructure."
"The playbooks feature in Siemplify is crucial for automation. We've utilized both standard and custom integrations with other security operation solutions, enhancing our flexibility. The user interface is generally straightforward, although recent changes may require some adjustment and Siemplify's integrations and capabilities offer potential support for various compliance requirements."
"The most valuable feature of Siemplify is the playbooks that can be created."
"Google SecOps is extremely useful for threat detection and hunting."
"Without hyperbole, I have never, in my entire career, encountered a vendor or a vendor community as awesome as Siemplify. Siemplify and the Siemplify Community quite literally made it possible for our SOC to increase almost five-fold in our number of clients and number of analysts and to go from a Monday to Friday 9-5 shop to a 24/7 shop all in the span of under a year and a half and all while continually adding capabilities and improving the services we offer to our clients."
"Overall, Google SecOps is a very useful service for security operations."
 

Cons

"Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well."
"It's very time-consuming to log support issues and the people that answer the tickets aren't very knowledgeable."
"Cortex XDR should have a lightweight agent, and the agent size should not be heavy."
"If you compare it to SentinelOne, which has more functionalities and detection capabilities on an open platform, the pricing on SentinelOne is far more reasonable and cheaper than Cortex XDR by Palo Alto Networks."
"The tool needs to be improved in terms of integration and interface."
"It's more focused on network communication. If a customer wants to increase the level of protection and start working with documents, it's impossible to integrate these features into the system. It's more of a communication-oriented system than a content security-oriented system."
"Palo Alto Networks Cortex XDR does not detect malicious activity like in other anti-virus solutions like Trend Micro and Windows with Cisco."
"In terms of areas of improvement, we have not completed our review of the product. We're also looking at other products. So, it's a little bit hard to tell what could be different because we have not completed the review of this product, but based on our experience so far, its implementation is quite complex."
"I'm inclined to say that I'd love to see some Machine Learning capabilities integrated into the platform, however, I just attended a demo this morning where Siemplify gave a sneak peek into some Machine Learning capabilities that they are currently developing and have roadmapped for release soon."
"The main improvement could be in the accuracy and detail provided in threat descriptions."
"Building the playbooks could be easier and the integration could improve. It is a difficult process, such as what API connections need to be made."
"We often encounter minor issues that could be improved, but we maintain communication with the developers and submit feature requests. Recently, I requested enhancements such as improved search functionality within playbooks and expanded options for exporting case data."
"The main improvement could be in the accuracy and detail provided in threat descriptions."
 

Pricing and Cost Advice

"I did PoCs on products called Cylance and CrowdStrike. Although, I consider these products and they were also good, when it come to cost and budgetary factors, Traps has been proven to be better than the other two products. It is quite cost-effective and delivers all the entire solution which we require."
"The price of the solution is high for the license and in general."
"The tool's price is moderate."
"The cost of Cortex XDR by Palo Alto Networks is $55 to $90 USD per endpoint per month."
"I feel it is fairly priced."
"The price is on the higher side, but it's okay."
"Its pricing is kind of in line with its competitors and everybody else out there."
"We didn't have to pay any additional fee for the cloud instance. It just came with the renewal, which was nice."
Information not available
report
Use our free recommendation engine to learn which AI-Powered Cybersecurity Platforms solutions are best for your needs.
881,114 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
11%
Financial Services Firm
10%
Manufacturing Company
8%
Comms Service Provider
6%
Financial Services Firm
16%
Manufacturing Company
9%
Computer Software Company
8%
University
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business43
Midsize Enterprise20
Large Enterprise44
No data available
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that are very scalable, secure, and user-friendly. Cortex XDR by Palo Alto offers ...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
What do you like most about Siemplify?
The playbooks feature in Siemplify is crucial for automation. We've utilized both standard and custom integrations with other security operation solutions, enhancing our flexibility. The user inter...
What is your experience regarding pricing and costs for Siemplify?
The pricing for Google SecOps and Microsoft Sentinel is almost the same, with no significant differences.
What needs improvement with Siemplify?
The main improvement could be in the accuracy and detail provided in threat descriptions. Google SecOps reports could be more detailed, similar to the comprehensive descriptions provided by Microso...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Siemplify ThreatNexus
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
FedEx Mondelez Intenrational Check Point Trustwave Atos Cyberint Bae Systems Crowe Longwall Security Telefonica Nordea HCL
Find out what your peers are saying about Cortex XDR by Palo Alto Networks vs. Google Security Operations and other solutions. Updated: December 2025.
881,114 professionals have used our research since 2012.