Cortex XDR by Palo Alto Networks and Microsoft Defender for Cloud compete in the realm of cybersecurity solutions, each offering unique advantages. While Cortex XDR is noted for its advanced detection capabilities and AI-driven threat management, Microsoft Defender for Cloud excels in seamless Azure integration and comprehensive compliance support, giving it an upper hand for Azure-centric enterprises.
Features: Cortex XDR offers advanced detection capabilities, Wildfire integration for threat analysis, and strong containment solutions. Microsoft Defender for Cloud integrates seamlessly with Azure, providing centralized orchestration and robust compliance features like PCI and NIST policy frameworks. It also includes security posture management across multi-cloud environments.
Room for Improvement: Cortex XDR could enhance its user interface and optimize cloud management capabilities. Users often point out the need for improved reporting tools and reduced resource usage. Microsoft Defender for Cloud should streamline its documentation and dashboard navigation while addressing issues with false positives and licensing complexities.
Ease of Deployment and Customer Service: Cortex XDR allows flexibility in cloud-based deployments, though it may be complex during setup, with occasional challenges in support interactions, particularly for escalated issues. Microsoft Defender for Cloud integrates smoothly within Azure but may present challenges in mixed cloud setups, and its technical support can be inconsistent.
Pricing and ROI: Cortex XDR is a premium offering, with higher upfront costs justified by advanced security features and solid ROI through breach reduction. Microsoft Defender for Cloud is competitively priced within the Microsoft ecosystem, particularly appealing due to bundled packages, though smaller enterprises might find its pricing structure less favorable.
They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.
I have seen a return on investment with Cortex XDR by Palo Alto Networks, as this product is offered at a minimal cost, and we can find a good ROI from it.
Defender proactively indexes and analyzes documents, identifying potential threats even when inactive, enhancing preventative security.
Identifying potential vulnerabilities has helped us avoid costly data losses.
The biggest return on investment is the rapid improvement of security posture.
Every vendor has similar support; it depends on how the case is handled and raised.
Their support is efficient and responsive whenever I raise a ticket through my portal.
I would rate technical support from Palo Alto on a scale from one to ten as an eight, as I find it good.
Since security is critical, we prefer a quicker response time.
The support team was very responsive to queries.
They understand their product, but much like us, they struggle with the finer details, especially with new features.
We are using infrastructure as a code, so we do not have any scalability issues with Microsoft Defender for Cloud implementation because our cloud automatically does it.
It has multiple licenses and features, covering infrastructures from a hundred to five hundred virtual machines, without any issues.
Defender won't replace our endpoint XDR, but it will likely adapt and support any growth in the Microsoft Cloud space.
Cortex XDR is stable, offering high quality and reliable performance.
For the last 11 months, we haven't faced any outage issues, so it is a stable product.
Defender's stability has been flawless for us.
Microsoft Defender for Cloud is very stable.
Microsoft sometimes changes settings or configurations without transparency.
The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products.
If the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better.
Cortex XDR could improve its sales support team, including better commission structures and referral programs.
Microsoft, in general, could significantly improve its communication and support.
It would be beneficial to streamline recommendations to avoid unnecessary alerts and to refine the severity of alerts based on specific environments or environmental attributes.
The artificial intelligence features could be expanded to allow the system to autonomously manage security issues without needing intervention from admins.
Cortex XDR is perceived as expensive by some customers, yet offers dynamic pricing.
Compared to competitors such as CrowdStrike and Sophos, the pricing of Cortex XDR by Palo Alto Networks is similar to CrowdStrike but more expensive than Sophos.
Every time we consider expanding usage, we carefully evaluate the necessity due to cost concerns.
We appreciate the licensing approach based on employee count rather than a big enterprise license.
Microsoft Defender for Cloud is pricey, especially for Kubernetes clusters.
It incorporates AI for normal behavior detection, distinguishing unusual operations.
The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.
If a user doesn't click any link within 30 days and on the 31st day clicks a new link, Cortex XDR immediately alerts us that this user has clicked on an uncommon link or their behavior is uncommon.
The most valuable feature for me is the variety of APIs available.
This feature significantly aids in threat detection and enhances the user experience by streamlining security management.
The most valuable feature is the recommendations provided on how to improve security.
| Product | Market Share (%) |
|---|---|
| Cortex XDR by Palo Alto Networks | 3.8% |
| Microsoft Defender for Endpoint | 10.0% |
| CrowdStrike Falcon | 8.2% |
| Other | 78.0% |
| Product | Market Share (%) |
|---|---|
| Microsoft Defender for Cloud | 14.3% |
| Wiz | 16.6% |
| AWS GuardDuty | 12.8% |
| Other | 56.3% |
| Company Size | Count |
|---|---|
| Small Business | 41 |
| Midsize Enterprise | 18 |
| Large Enterprise | 35 |
| Company Size | Count |
|---|---|
| Small Business | 25 |
| Midsize Enterprise | 8 |
| Large Enterprise | 44 |
Cortex XDR by Palo Alto Networks delivers comprehensive endpoint security, integrating well with other systems to offer robust threat detection and real-time protection through AI-driven analytics.
Cortex XDR by Palo Alto Networks offers advanced endpoint protection and threat detection through AI and behavior-based analytics. Its user-friendly design simplifies integration with firewalls, delivering multi-layered protection with low resource consumption. Valued for policy management, USB control, and incident correlation, Cortex XDR enhances threat management and real-time threat hunting capabilities. However, users note challenges with third-party integration, reporting, and dashboard automation. Agent performance across operating systems and memory consumption are areas for improvement, alongside reducing false positives and simplifying endpoint management and setup.
What features does Cortex XDR offer?Cortex XDR is crucial in industries requiring robust endpoint protection, such as finance, healthcare, and technology. It supports malware detection, behavioral analysis, and ransomware mitigation across endpoints, including remote work environments, providing comprehensive threat visibility and security policy management. The solution's integration with firewalls and specialized industry requirements enhances security posture in diverse operational settings.
Microsoft Defender for Cloud is a comprehensive security solution that provides advanced threat protection for cloud workloads. It offers real-time visibility into the security posture of cloud environments, enabling organizations to quickly identify and respond to potential threats. With its advanced machine learning capabilities, Microsoft Defender for Cloud can detect and block sophisticated attacks, including zero-day exploits and fileless malware.
The solution also provides automated remediation capabilities, allowing security teams to quickly and easily respond to security incidents. With Microsoft Defender for Cloud, organizations can ensure the security and compliance of their cloud workloads, while reducing the burden on their security teams.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
