Try our new research platform with insights from 80,000+ expert users

Cortex XDR by Palo Alto Networks vs Mandiant Advantage comparison

Palo Alto Networks and Mandiant are both solutions in the Extended Detection and Response (XDR) category. Palo Alto Networks is ranked #7 with an average rating of 8.6, while Mandiant is ranked #26 with an average rating of 8.0. Palo Alto Networks holds a 5.6% mindshare in XDR, compared to Mandiant’s 1.0% mindshare. Additionally, 95% of Palo Alto Networks users are willing to recommend the solution, compared to 100% of Mandiant users who would recommend it.
Cortex XDR by Palo Alto Net...
Read 91 Cortex XDR by Palo Alto Networks reviews
  • 6,780 Views
  • 2,132 Comparison Views
95% willing to recommend
Mandiant Advantage
Read 6 Mandiant Advantage reviews
  • 960 Views
  • 318 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Jun 15, 2025

Cortex XDR and Mandiant Advantage are competitive cybersecurity solutions. Cortex XDR is favored for its integration and support, while Mandiant Advantage is praised for its robust features and value, indicating a superior offering in certain aspects.

Features: Cortex XDR offers effective threat detection and incident response, with a focus on seamless integration across security services. Mandiant Advantage provides advanced threat intelligence, integration with third-party solutions, and actionable insights, excelling in comprehensive threat analysis.

Room for Improvement: Cortex XDR could enhance its threat intelligence by incorporating more predictive analytics. Improving reporting capabilities would also provide deeper insights. Mandiant Advantage can streamline its user interface for easier navigation, reduce setup complexity, and offer more flexible integration options.

Ease of Deployment and Customer Service: Cortex XDR is noted for its straightforward cloud or on-premise deployment with extensive support, simplifying management. Mandiant Advantage also offers cloud deployment but is known for a more complex setup due to its expansive features, though its customer service is very responsive.

Pricing and ROI: Cortex XDR offers competitive pricing with significant ROI through efficient threat prevention and streamlined operations. Mandiant Advantage has a higher initial setup cost, but this is often deemed worthwhile due to its extensive data and insights, aiding long-term strategic planning.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Cortex XDR by Palo Alto Networks vs. Mandiant Advantage Report (Updated: June 2025).
Buyer's Guide
Cortex XDR by Palo Alto Networks vs. Mandiant Advantage
June 2025
Download the complete report
Helped 859,957 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Ranking in Extended Detection and Response (XDR)
7th
Average Rating
8.4
Reviews Sentiment
7.4
Number of Reviews
91
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (4th)
Mandiant Advantage
Ranking in Extended Detection and Response (XDR)
26th
Average Rating
8.4
Reviews Sentiment
7.8
Number of Reviews
6
Ranking in other categories
Attack Surface Management (ASM) (5th)
 

Mindshare comparison

As of July 2025, in the Extended Detection and Response (XDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 5.6%, down from 6.2% compared to the previous year. The mindshare of Mandiant Advantage is 1.0%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR)
 

Featured Reviews

NiteshSharma - PeerSpot reviewer
Automated threat response and behavioral control improve security measures
I recommend adding a data loss prevention (DLP ( /categories/data-loss-prevention-dlp )) solution to Cortex XDR ( /categories/extended-detection-and-response-xdr ) by Palo Alto Networks. The inclusion of this feature would allow the application of DLP ( /categories/data-loss-prevention-dlp ) policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products. Additionally, multi-tenancy and multi-cloud features are not available and should be considered for inclusion.
Read full review
SameepAgarwal - PeerSpot reviewer
In-depth traffic analysis and proactive support reduce investigation time
The live IOC feed identifies the type, technique, and tactics used. This becomes handy since then I know what to refer to from the playbook. For instance, if I take a use case of someone with Mimikatz installed on their system, knowing the nature beforehand reduces investigation time. I can quickly apply the playbook to resolve incidents in less time.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Cortex XDR by Palo Alto Networks is easy to use and does not consume a lot of hardware resources."
"The integrations are out-of-the-box, as are the playbooks."
"One of the things that I enjoy the most is using policy extensions. It's like having host firewalls to control USB connections. I think it's a wonderful tool to restrict use when connecting to our computers. Another important tool is Home Insights. That is an add-on to the Cortex solution. I like that because we can see all the vulnerabilities in the environment and control what assets are connected to our network."
"The solution allows us to make investigations. Other XDR solutions also provide similar capabilities but for investigation, Cortex XDR is better."
"It's very stable. I've never experienced downtime for the ASM console or ASM core."
"One thing that I like about Cortex XDR by Palo Alto Networks, it is detecting all the suspicious or malicious binaries, and it has integration with Palo Alto Firewall."
"The product has an intuitive dashboard."
"The tool is easy to use."
More Cortex XDR by Palo Alto Networks pros
"The live IOC feed identifies the type, technique, and tactics used."
"The feature I have found most valuable is directory monitoring. We experienced an instance of threat actors trying to ensure a complex and massive attack against our customer's infrastructure on the forum. That is, they were animating people on a formum. The solution alerted us to this two days ahead of the attack, which gave us plenty of time to prepare for it."
"The scalability of Mandiant Advantage deserves a ten out of ten."
"It is so valuable to have someone performing these functions outside of our business hours when we don't have staff in the building. We've seen a lot of solid metrics on the amount of malware that it's detecting and resolving. We're pleased with it so far."
"I have never faced stability issues."
"The advantage of the solution is being able to go look up threat actors and get a lot of detailed information about different attacks and different tactics and general information about threats."
"Mandiant Advantage is excellent at providing the full context and all the information, where the information was found, and the full data, including the raw data that was uploaded onto the Internet."
 

Cons

"The solution can never really be an on-premises solution based simply on the way it is set up. It needs metadata to run and improve. Having an on-premises solution would cut it off from making improvements."
"Cortex XDR by Palo Alto Networks could improve by offering remote management. It would be useful to look at the client's issue to fix it."
"The encryption is not up to the mark."
"If they had pulse rate detection, it would be better."
"There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, is not user-friendly."
"Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files. It was unable to retrieve new file verdicts. It was using a thing called "local analysis" to determine if something was a malicious file or not. There was no dynamic analysis."
"Currently, we are monitoring all USB drives and ports but we would like to improve our device control capabilities."
"The tool needs to be improved in terms of integration and interface."
More Cortex XDR by Palo Alto Networks cons
"I think that the data query that is used for data cloud language should be improved. It's really hard to query actual data from the platform."
"Collaboration of data in my view becomes a bit clogged, requiring effort to understand visually."
"They could have better support. Now that they've merged, they are moving towards a portal system, which isn't very helpful."
"Sometimes Mandiant Advantage becomes noisy when dealing with widely recognized companies due to false positives."
"Sometimes Mandiant Advantage becomes noisy when dealing with widely recognized companies due to false positives."
"Mandiant's on-prem client is too processor-intensive, so it's putting a strain on the local device's CPU. When a scan is running on the device, the other processing tasks slow to a crawl. We're still trying to figure out the correct settings for the client."
"I have already given them feedback that their UI needs improvement since sometimes there is a lag. The side-by-side depiction of request response and action clogs the screen."
 

Pricing and Cost Advice

"This is an expensive solution."
"I don't like that they have different types of licenses."
"It is cost-effective compared to similar solutions. It fits for the small businesses through to the big businesses."
"I did PoCs on products called Cylance and CrowdStrike. Although, I consider these products and they were also good, when it come to cost and budgetary factors, Traps has been proven to be better than the other two products. It is quite cost-effective and delivers all the entire solution which we require."
"The cost of Cortex XDR by Palo Alto Networks is $55 to $90 USD per endpoint per month."
"Every customer has to pay for a license because it doesn't work with what you get from a managed services provider."
"The pricing is a little bit on the expensive side."
"Compared to CrowdStrike, Cortex XDR is an expensive solution."
More Cortex XDR by Palo Alto Networks pricing and cost advice
Information not available
report
See which vendors are best for you
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
See recommendations
859,957 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
9%
Manufacturing Company
8%
Government
7%
Financial Services Firm
17%
Computer Software Company
12%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to...
See all answers
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that are very scalable, secure, and user-friendly. Cortex XDR by Palo Alto offers ...
See all answers
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
See all answers
What needs improvement with Mandiant Advantage?
Sometimes Mandiant Advantage becomes noisy when dealing with widely recognized companies due to false positives. More fine-tuning is required to handle famous company names. It also handles alerts ...
See all answers
What is your primary use case for Mandiant Advantage?
I use it for cyber threat intelligence. I gather information about newly created domains around the Internet that can be related to my managed company. I monitor these domains for any phishing acti...
See all answers
What advice do you have for others considering Mandiant Advantage?
I would advise exploring multiple functions because there are many different capabilities of Mandiant Advantage. For small organizations, try every feature included in the package. Use known source...
See all answers
 

Comparisons

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks Logo
Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks
Compared 10% of the time
CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks Logo
CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks
Compared 7% of the time
SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks Logo
SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks
Compared 5% of the time
Wazuh vs Cortex XDR by Palo Alto Networks Logo
Wazuh vs Cortex XDR by Palo Alto Networks
Compared 4% of the time
Cortex XSIAM vs Cortex XDR by Palo Alto Networks Logo
Cortex XSIAM vs Cortex XDR by Palo Alto Networks
Compared 4% of the time
More Cortex XDR by Palo Alto Networks Competitors
CrowdStrike Falcon vs Mandiant Advantage Logo
CrowdStrike Falcon vs Mandiant Advantage
Compared 20% of the time
Cymulate vs Mandiant Advantage Logo
Cymulate vs Mandiant Advantage
Compared 16% of the time
Microsoft Defender XDR vs Mandiant Advantage Logo
Microsoft Defender XDR vs Mandiant Advantage
Compared 8% of the time
Tenable Attack Surface Management vs Mandiant Advantage Logo
Tenable Attack Surface Management vs Mandiant Advantage
Compared 8% of the time
Qualys CyberSecurity Asset Management vs Mandiant Advantage Logo
Qualys CyberSecurity Asset Management vs Mandiant Advantage
Compared 4% of the time
More Mandiant Advantage Competitors
 

Product Reports

Buyer's Guide
Cortex XDR by Palo Alto Networks
June 2025
Cortex XDR by Palo Alto Networks reportDownload Cortex XDR by Palo Alto Networks product report
Buyer's Guide
Extended Detection and Response (XDR)
June 2025
Mandiant Advantage reportDownload Mandiant Advantage product report
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Mandiant Threat Intelligence
 

Overview

Cortex XDR by Palo Alto Networks delivers comprehensive endpoint security, integrating well with other systems to offer robust threat detection and real-time protection through AI-driven analytics.

Cortex XDR by Palo Alto Networks offers advanced endpoint protection and threat detection through AI and behavior-based analytics. Its user-friendly design simplifies integration with firewalls, delivering multi-layered protection with low resource consumption. Valued for policy management, USB control, and incident correlation, Cortex XDR enhances threat management and real-time threat hunting capabilities. However, users note challenges with third-party integration, reporting, and dashboard automation. Agent performance across operating systems and memory consumption are areas for improvement, alongside reducing false positives and simplifying endpoint management and setup.

What features does Cortex XDR offer?
  • Behavior-Based Detection: Analyzes user behavior to identify suspicious activities.
  • AI Analytics: Utilizes AI for accurate threat detection and response.
  • Real-Time Protection: Provides immediate defense against threats.
  • Policy Management: Allows customization of security policies across endpoints.
  • USB Control: Regulates USB device access for added security.
  • Incident Correlation: Connects and analyzes various security events for better response.
  • Firewall Integration: Seamlessly works with firewalls for enhanced security.
  • Machine Learning Capabilities: Continuously improves threat detection precision.
What benefits should be considered in reviews?
  • Low Resource Consumption: Efficient security functions without taxing system resources.
  • Multi-Layered Protection: Comprehensive security across multiple attack vectors.
  • User-Friendly Interface: Intuitive design for easier management.
  • Enhanced Threat Management: Identifies and mitigates threats effectively.
  • Real-Time Threat Hunting: Proactively searches for and mitigates potential threats.

Cortex XDR is crucial in industries requiring robust endpoint protection, such as finance, healthcare, and technology. It supports malware detection, behavioral analysis, and ransomware mitigation across endpoints, including remote work environments, providing comprehensive threat visibility and security policy management. The solution's integration with firewalls and specialized industry requirements enhances security posture in diverse operational settings.

Palo Alto Networks

Mandiant Advantage is a multi-vendor XDR platform that provides security teams of all sizes with frontline intelligence. Mandiant Advantage aims to speed up operational as well as strategic security and risk decision making. Mandiant Advantage provides security teams with an early knowledge advantage through the Mandiant Intel Grid, which provides platform modules with current and relevant threat data and analysis capabilities. Organizations are better protected from cyber attacks and more confident in their readiness when they have access to continuous security validation, detection, and response.

Mandiant Advantage Features

Mandiant Advantage has many valuable key features. Some of the most useful ones include:

  • Threat intelligence: Front-line intelligence that enables a defender to be aware of the strategies and tactics that opponents are employing at this moment. Organizations will be able to contextualize, prioritize, and implement the most pertinent new intelligence by fusing ASM and threat intelligence.
  • Security validation: This allows security teams to optimize, rationalize, and prioritize their security activities from a budget and manpower viewpoint. It measures the effectiveness of security controls applied within an organization. Controls can be evaluated against the most recent TTPs actively used by threat actors by incorporating information into the security validation procedure. Organizations can determine whether their security policies are successfully thwarting or detecting attacks against their external attack surface by integrating ASM and security validation.
  • Automated Defense: In order to fuel SOC event/alert correlation and triage, Automated Defense combines knowledge and intelligence with machine learning. This is similar to integrating a machine-based Mandiant analyst into your security program. By merging ASM and Automated Defense, more context is given to Automated Defense, enhancing the relevance and usefulness of alarms.
  • Attack surface management: ASM offers a continuous, scalable method for locating hundreds of different asset and exposure types within on-premises, cloud, and SaaS application environments. In addition to assets being found, technologies in use are also identified, and vulnerabilities are confirmed rather than just speculated. Cyber defenders are able to effectively and efficiently limit their external exposures by integrating the full Mandiant Advantage suite into ASM, which prioritizes and validates the information regarding the attack surface.

Mandiant Advantage Benefits

There are many benefits to implementing Mandiant Advantage. Some of the biggest advantages the solution offers include:

  • Boost your current security investments: No matter what security policies you have implemented, you may improve your security capabilities by automating Mandiant's expertise as a virtual extension of your team.
  • Improve your visibility and priority: View the threats Mandiant is continuously monitoring across your attack surface and internal controls in order to prioritize and drive focus.
  • Flexible deployment: Depending on your needs, Mandiant Advantage can be supplied as technology, along with support, or as a fully managed contract.
  • Scale efficiently: Without the need for time-consuming and expensive human labor, a SaaS-based strategy deploys in hours, scales with your environment, and provides constant expert analysis.
Mandiant
 

Sample Customers

CBI Health Group, University Honda, VakifBank
Stater Bros. Markets, Rush Copley, Blackboat, CapWealth
Buyer's Guide
Cortex XDR by Palo Alto Networks vs. Mandiant Advantage
June 2025
Free Report: Cortex XDR by Palo Alto Networks vs. Mandiant Advantage
Find out what your peers are saying about Cortex XDR by Palo Alto Networks vs. Mandiant Advantage and other solutions. Updated: June 2025.
DOWNLOAD NOW
859,957 professionals have used our research since 2012.
See our Cortex XDR by Palo Alto Networks vs. Mandiant Advantage report.
See our list of best Extended Detection and Response (XDR) vendors.

We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.