We performed a comparison between Cortex XDR by Palo Alto Networks and LogRhythm UEBA based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"It's a very scalable tool that can be used in a very small environment or in a very large environment. Everything can be managed from a simple dashboard and can be scaled up or down depending on the customer's environment."
"It has great stability."
"Microsoft Defender XDR is scalable."
"If the user leaves our premises or network, Palo Alto Traps will still be on that endpoint and will still apply our policies."
"The solution allows control over the user and his machine through Cortex XDR security policies."
"It can automatically correlate events and logs, which is very helpful for an IT administrator. It can correlate different kinds of malware activities over a network, agent, or host system. You do not need to do it manually. It is a good feature. It is also a user-friendly solution. We have deployed it on the cloud because our space does not provide any flexibility for on-premises deployment, but Palo Alto has added some flexibility to install it on-premises. It must be like the same Cortex XDR agent for all the VPN services, web filtering services, and everything else."
"The solution allows us to make investigations. Other XDR solutions also provide similar capabilities but for investigation, Cortex XDR is better."
"Being a cloud solution it is very flexible in serving internal and external connections and a broad range of devices."
"Palo Alto is constantly adding new features."
"The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly. The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that."
"Has great threat detection capabilities."
"The tool's most valuable feature is server threat hunting."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"It is easy to monitor users and that is how the solution is adding value to our firm."
"Good capability pinpointing specific cyber incidents."
"LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs."
"What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."
"The solution's most valuable features are the graphical user interface and the reporting."
"It has a lot of features. It has file integration monitoring."
"I would like more of the features in Defender for 365 to be included in the smaller licenses. Even if I buy a small license and don't need everything, security shouldn't be a question. Security is one of the main aspects of all projects from our side, so it would be nice to have more features in the smaller licenses."
"The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."
"In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals."
"A simple dashboard without having to use MS Sentinel would be a welcome improvement."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"The management and automation of the cloud apps have room for improvement."
"The only problem I find is that the use cases are built-in. There is no template available that you can modify according to your organization's standards. What they give is very generic, the market standard, but that might not be applicable to every organization."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"We had a problem with getting our older endpoints up to date, but their newest updates have been really good. I've been pleased with it in terms of what our needs are. It's doing what we want it to do."
"There are a large number of false positives."
"Impact on system performance is horrible, adding a lot of delays for users."
"Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."
"The solution could improve by providing better integration with their own products and others."
"Managing the product should be easier."
"It should support more mobile operating systems. That is one of the cons of their infrastructure right now."
"I would like to see better protection, specifically to protect email applications."
"The search feature needs to be improved."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."
"The cloud version is lacking and not up to par."
"The UI could be improved a little bit."
"LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users."
"It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved."
"What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 3rd in Extended Detection and Response (XDR) with 80 reviews while LogRhythm UEBA is ranked 22nd in Extended Detection and Response (XDR) with 10 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while LogRhythm UEBA is rated 7.2. The top reviewer of Cortex XDR by Palo Alto Networks writes "It provides a whole new level of visibility and integrates with most other vendors". On the other hand, the top reviewer of LogRhythm UEBA writes "Detects unusual logins but dashboards need improvement ". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Trend Micro Apex One, whereas LogRhythm UEBA is most compared with Wazuh, Darktrace, CrowdStrike Falcon, Trend Micro Deep Discovery and Aruba IntroSpect. See our Cortex XDR by Palo Alto Networks vs. LogRhythm UEBA report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.