Cortex XDR by Palo Alto Networks vs Microsoft Defender for Cloud comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Jan 9, 2023

We performed a comparison between Cortex XDR By Palo Alto Networks and Microsoft Defender for Cloud based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Cortex XDR users share mixed opinions on the ease of deployment. Microsoft Defender for Cloud users say the initial setup is straightforward.
  • Features: Users of both products are happy with their stability and scalability.

    Cortex XDR users report being satisfied with its user interface but would like to see more integration with other platforms.

    Microsoft Defender for Cloud users like its alerting tools and say it provides them with good visibility into their system. Several users mention that Defender for Cloud isn’t very user friendly.
  • Pricing: Cortex XDR users say the solution is expensive. Microsoft Defender for Cloud users say the solution is fairly priced.
  • Service and Support: Users of both solutions report being satisfied with the level of the support they receive.
  • ROI: Users of both solutions report a positive ROI.

Comparison Results: The main difference between the two solutions is that Cortex XDR users say the solution is expensive while Microsoft Defender for Cloud users consider the solution to be fairly priced.

To learn more, read our detailed Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Cloud Report (Updated: January 2023).
687,947 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"There is also one dashboard that shows us the status of many controls at once and the details I can get... It gives a great overview of many areas, such as files, emails, chats, and links. Even with the apps, it gives you a great overview. In one place you can see where you should look into things more deeply...""The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it.""I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there.""The EDR features are valuable. By getting the EDR features, we have more control over the device. We have information about events in real-time and more protection against zero-day threats and zero-day vulnerabilities. We can monitor every event or action that a device is going through. We can get an idea if it is something malicious or if we have to take any actions.""It gives a lot of flexibility in terms of configuration and customization as per the business requirements.""The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update.""I have found the ability to delete unwanted threats beneficial.""We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience with the integrations, it was just a click of a button and things were integrated. It's just a button."

More Microsoft 365 Defender Pros →

"Cortex XDR by Palo Alto Networks should be a stable solution.""It'll not slow down your system when compared to others.""It has pretty much everything we need and works well within the Palo Alto ecosystem.""The information the dashboard provides is very clear.""I like the centralized console and the predictive analysis it does of malware. It is very stable and also scalable.""One thing that I like about Cortex XDR by Palo Alto Networks, it is detecting all the suspicious or malicious binaries, and it has integration with Palo Alto Firewall.""Its ability to react to cyber data attacks is awesome. That is pretty much the use of it. What blows your mind is the ability to access your assets remotely and see what is actually going on with them. You can not only see them in a console. You can also react very rapidly to your assets that are compromised.""The most valuable for us is the correlation feature."

More Cortex XDR by Palo Alto Networks Pros →

"When we started out, our secure score was pretty low. We adopted some of the recommendations that Security Center set out and we were able to make good progress on improving it. It had been in the low thirties and is now in the upper eighties.""It is very intuitive when it comes to policy administration, alerts and notifications, and ease of setting up roles at different hierarchies. It has also been good in terms of the network technology maps. It provides a good overview, but it also depends on the complexity of your network.""The solution is very easy to deploy.""One of the features that I like about the solution is it is both a hybrid cloud and also multi-cloud. We never know what company we're going to buy, and therefore we are ready to go. If they have GCP or AWS, we have support for that as well. It offers a single-panel blast across multiple clouds.""It's got a lot of great features.""The integration with Logic Apps allows for automated responses to incidents.""It works seamlessly on the Azure platform because it's a Microsoft app. Its setup is similar, so if you already have a Microsoft account, it just flows into it.""The first valuable feature was the fact that it gave us a list of everything that users were surfing on the web. Having the list, we could make decisions about those sites."

More Microsoft Defender for Cloud Pros →

Cons
"There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use.""The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category.""The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there.""This solution could be improved if it included features such as those offered by Malwarebytes.""Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed.""The data recovery and backup could be improved.""I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises.""The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."

More Microsoft 365 Defender Cons →

"The encryption is not up to the mark.""I would like to see some additional features related to email protection included.""If they had pulse rate detection, it would be better.""The server sometimes stops continuously to check things so it would be helpful to receive access updates or technical reasons.""It would be better if they could educate the customers more. Some sort of seminars and roadshows will help educate the customers and show what the product can do. The price could be better. It would also help if they had a team for deployment and support.""Cortex XDR by Palo Alto Networks could improve by adding a sandbox feature to better compete with their competitors which have it.""In terms of areas of improvement, we have not completed our review of the product. We're also looking at other products. So, it's a little bit hard to tell what could be different because we have not completed the review of this product, but based on our experience so far, its implementation is quite complex.""The setup is quite easy. We had appropriate support from the manager. One thing that was missing was the integration part."

More Cortex XDR by Palo Alto Networks Cons →

"Microsoft can improve the pricing by offering a plan that is more cost-effective for small and medium organizations.""Consistency is the area where the most improvement is needed. For example, there are some areas where the UI is not uniform across the board.""The solution could extend its capabilities to other cloud providers. Right now, if you want to monitor a virtual machine on another cloud, you can do that. However, this cannot be done with other cloud platform services. I hope once that is available then Defender for Cloud will be a unified solution for all cloud platform services.""Azure's system could be more on point like AWS support. For example, if I have an issue with AWS, I create a support ticket, then I get a call or a message. With Azure support, you raise a ticket, and somebody calls back depending on their availability and the priority, which might not align with your business priority.""The solution could improve by being more intuitive and easier to use requiring less technical knowledge.""Customizing some of the compliance requirements based on individual needs seems like the biggest area of improvement. There should be an option to turn specific controls on and off based on how your solution is configured.""After getting a recommendation, it takes time for the solution to refresh properly to show that the problem has been eliminated.""If a customer is already using Okta as an SSO in its entire environment, they will want to continue with it. But Security Center doesn't understand that and keeps making recommendations. It would help if it let us resolve a recommendation, even if it is not implemented."

More Microsoft Defender for Cloud Cons →

Pricing and Cost Advice
  • "The solutions price is fair for what they offer."
  • "The price could be better. Normally, the costs depend on the country you're located in for the license. When we were in the initial stage, we went with the E5 license they call premium standard. It cost us around $5.20 per month for four users."
  • "The price of the solution is high compared to others and we have lost some customers because of it."
  • "Microsoft is not competitive with the pricing of the solution. The competitors are able to offer lower discounts. The price of the solution is higher."
  • "We have a lot of problems in Latin America regarding the price of Microsoft 365 Defender, because the relationship between dollars and the money of the different countries, it's is a lot. Many customers that have small businesses say that they would like the solution but it is too expensive. However, large companies do not find the cost an issue."
  • "The most valuable licensing option is expensive, so pricing could be improved. Licensing options for this solution also need to be consolidated, because they frequently change."
  • "Microsoft should provide lower-level licensing options. They should do it in such a way that even an individual could purchase a license, and it should be entirely flexible."
  • "They have moved from a licensing model to pay-per-use... The question is: What happens if, for any reason, there's not enough budget to accept this model? That could be a great problem."
  • More Microsoft 365 Defender Pricing and Cost Advice →

  • "It's about $55 per license on a yearly basis."
  • "It has a yearly renewal."
  • "The price of the solution is high for the license and in general."
  • "The price is on the higher side, but it's okay."
  • "I don't have any issues with the pricing. We are satisfied with the price."
  • "If one wishes to work with another team or large number of users at a future point, he must purchase a license for them."
  • "In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage."
  • "Very costly product."
  • More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →

  • "This is a worldwide service and depending on the country, there will be different prices."
  • "Security Center charges $15 per resource for any workload that you onboard into it. They charge per VM or per data-base server or per application. It's not like Microsoft 365 licensing, where there are levels like E3 and E5. Security Center is pretty straightforward."
  • "There is a helpful cost-reducing option that allows you to integrate production subscriptions with non-production subscriptions."
  • "Its pricing is a little bit high in terms of Azure Security Center, but the good thing is that we don't need to maintain and deploy it. So, while the pricing is high, it is native to Azure which is why we prefer using this tool."
  • "I am not involved in this area. However, I believe its price is okay because even small customers are using Azure Security Center. I don't think it is very expensive."
  • "The cost of the license is based on the subscriptions that you have."
  • "Although I am outside of the discussion on budget and costing, I can say that the importance of security provided by this solution is of such importance that whatever the cost is, it is not a factor."
  • "This solution is more cost-effective than some competing products. My understanding is that it is based on the number of integrations that you have, so if you have fewer subscriptions then you pay less for the service."
  • More Microsoft Defender for Cloud Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
    687,947 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:The solution is well integrated with applications. It is easy to maintain and administer.
    Top Answer:The data recovery and backup could be improved.
    Top Answer:Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks.… more »
    Top Answer:Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions… more »
    Top Answer:Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface… more »
    Top Answer:Azure Security Center is very easy to use, integrates well, and gives very good visibility on what is happening across… more »
    Top Answer:The integration with Logic Apps allows for automated responses to incidents.
    Top Answer:This is a worldwide service and depending on the country, there will be different prices. There is a price calculator… more »
    Comparisons
    Also Known As
    Microsoft Threat Protection, MS 365 Defender
    Cyvera, Cortex XDR, Palo Alto Networks Traps
    Microsoft Azure Security Center, Azure Security Center, Microsoft ASC, Azure Defender
    Learn More
    Overview

    Microsoft 365 Defender, part of Microsoft’s XDR solution, leverages the Microsoft 365 security portfolio to automatically analyze threat data across domains, building a complete picture of each attack in a single dashboard. With this breadth and depth of clarity defenders can now focus on critical threats and hunt for sophisticated breaches, trusting that the powerful automation in Microsoft 365 Defender detects and stops attacks anywhere in the kill chain and returns the organization to a secure state.

    - Reduce signal noise by viewing prioritized incidents in a single dashboard. 

    - Use the automated investigation capabilities to spend less time on detection and response.

    - Take care of routine and complex remediation with Microsoft 365 Defender by auto-healing affected assets.

    - Hunt across all your data, leveraging your organizational knowledge with custom queries. 

    - Develop custom detection and response tools for long-term protection and improved security posture.

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Cortex XDR by Palo Alto Networks is the first threat detection and response software to combine both visibility across all types of data as well as autonomous machine learning analytics. Threat detection very often requires analysts to divide their attention among many different data streams. This platform unifies a vast variety of data flows, which allows analysts to assess threats from a single location. Users can now maintain a level of visibility that other threat detection programs simply cannot offer. This level of transparency lends itself to both quick identification of problems that arise and the equally quick development of a potential solution.

    Cortex XDR’s machine learning works on many different levels to detect and prevent threats. It is constantly scanning for threats and vulnerabilities. The solution can scan up to 5.4 billion IP addresses in three-quarters of an hour. This allows it to spot weak points in the system and notify administrators long before hackers can take advantage of vulnerabilities. Once the Artificial Intelligence (AI) discovers an issue or an area where an issue could potentially take place the system creates a log of the information and subsequently sends an alert to system administrators. The AI takes the information that it has gathered and uses it to assign threat levels to the issues that it detects. Following this, a human analyst will be assigned to manually assess the issue and deal with it accordingly. You can set it to automatically respond to the threat by isolating the issue while analysts investigate it.

    Benefits of Cortex XDR

    Some of Cortex XDR’s benefits include:

    • The use of advanced AI analytics, behavior analytics, and custom-made detection to detect advanced threats before they occur.
    • The ability to group similar threat alerts, reducing incoming alerts by as much as 98%. This allows analysts to avoid being overwhelmed by the volume of incoming alerts.
    • The ability to investigate threats as much as 8 times faster than would be possible with other software. The machine learning, when coupled with the unified data stream that Cortex XDR collects, significantly increases the ability to more quickly discover the root cause of a threat.

    Reviews from Real Users

    Cortex XDR by Palo Alto Networks software stands out among its competitors for a number of reasons. Two major ones are its ability to isolate threats while enabling them to be studied and the way that the software combines all of the data that it gathers into a single, more complete picture than other solutions offer.

    PeerSpot users note the effectiveness of these features. A network designer at a computer software company wrote, “The solution has a very helpful isolation feature. If any system gets compromised, with one click I can access the system and isolate it from other networks, and then go into further forensic investigation of the current threat without compromising anything else.”

    Jeff W., Vice President/CTO at Sinnott Wolach Technology Group, noted, “The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly.”



    Microsoft Defender for Cloud protects your Azure and hybrid resources. Microsoft uses a wide variety of physical, infrastructure, and operational controls to help secure Azure—but there are additional actions you need to take to help safeguard your workloads. Turn on Azure Security Center to strengthen your cloud security posture. Within Azure Security Center, use Azure Defender to protect your hybrid cloud workloads. With Azure Security Center, you can:

    - Assess and visualize the security state of your resources in Azure, on-premises, and in other clouds with Azure Secure Score

    - Simplify enterprise compliance and view your compliance against regulatory requirements

    - Protect all your hybrid cloud workloads with Azure Defender, which is integrated with Security Center

    - Use AI and automation to cut through false alarms, quickly identify threats, and streamline threat investigation

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Offer
    Learn more about Microsoft 365 Defender
    Learn more about Cortex XDR by Palo Alto Networks
    Learn more about Microsoft Defender for Cloud
    Sample Customers
    Information Not Available
    CBI Health Group, University Honda, VakifBank
    Microsoft Defender for Cloud is trusted by companies such as ASOS, Vatenfall, SWC Technology Partners, and more.
    Top Industries
    REVIEWERS
    Computer Software Company38%
    Manufacturing Company25%
    Comms Service Provider13%
    Aerospace/Defense Firm13%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm10%
    Government9%
    Manufacturing Company6%
    REVIEWERS
    Computer Software Company17%
    Financial Services Firm10%
    Security Firm10%
    Government7%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Comms Service Provider9%
    Government9%
    Financial Services Firm7%
    REVIEWERS
    Computer Software Company22%
    Agriculture11%
    Consumer Goods Company11%
    Legal Firm6%
    VISITORS READING REVIEWS
    Computer Software Company20%
    Financial Services Firm12%
    Government7%
    Comms Service Provider6%
    Company Size
    REVIEWERS
    Small Business42%
    Midsize Enterprise12%
    Large Enterprise46%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise16%
    Large Enterprise62%
    REVIEWERS
    Small Business41%
    Midsize Enterprise22%
    Large Enterprise37%
    VISITORS READING REVIEWS
    Small Business24%
    Midsize Enterprise18%
    Large Enterprise58%
    REVIEWERS
    Small Business26%
    Midsize Enterprise13%
    Large Enterprise62%
    VISITORS READING REVIEWS
    Small Business19%
    Midsize Enterprise13%
    Large Enterprise68%
    Buyer's Guide
    Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Cloud
    January 2023
    Find out what your peers are saying about Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Cloud and other solutions. Updated: January 2023.
    687,947 professionals have used our research since 2012.

    Cortex XDR by Palo Alto Networks is ranked 3rd in Extended Detection and Response (XDR) with 42 reviews while Microsoft Defender for Cloud is ranked 4th in Extended Detection and Response (XDR) with 32 reviews. Cortex XDR by Palo Alto Networks is rated 8.2, while Microsoft Defender for Cloud is rated 8.2. The top reviewer of Cortex XDR by Palo Alto Networks writes "Easy to set up, reliable, and always scanning". On the other hand, the top reviewer of Microsoft Defender for Cloud writes "Provides good recommendations and makes policy administration easy". Cortex XDR by Palo Alto Networks is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne Singularity Complete, Darktrace and Fortinet FortiClient, whereas Microsoft Defender for Cloud is most compared with Prisma Cloud by Palo Alto Networks, AWS GuardDuty, Trend Micro Cloud One Workload Security, Wiz and Orca Security. See our Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Cloud report.

    See our list of best Extended Detection and Response (XDR) vendors.

    We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.