Cortex XDR vs Microsoft Defender comparison

Cortex XDR by Palo Alto Net...
Read 84 Cortex XDR by Palo Alto Networks reviews
  • 26,906 Views
  • 14,979 Comparison Views
94% willing to recommend
Microsoft Defender for Endp...
Read 184 Microsoft Defender for Endpoint reviews
  • 53,982 Views
  • 42,522 Comparison Views
94% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Mar 31, 2024

Cortex XDR by Palo Alto Networks and Microsoft Defender for Endpoint are both strong endpoint security solutions with different strengths. Cortex XDR offers advanced threat detection and investigation capabilities with a focus on extended detection and response (XDR). Microsoft Defender for Endpoint emphasizes robust security measures and leverages tight integration with other Microsoft products for a comprehensive security posture.

    • Features: Cortex XDR excels in advanced threat detection, leveraging behavioral analytics and WildFire malware analysis, and provides comprehensive XDR capabilities by integrating network and endpoint data. It offers a user-friendly interface and customizable threat intelligence feeds. On the other hand, Microsoft Defender focuses on exploit and vulnerability mitigation, has limited XDR capabilities, and relies on integration with other Microsoft security tools. 
    • Pricing and ROI Comparison: Cortex XDR pricing is customized based on deployment size and features. While generally considered relatively expensive, users still find the pricing competitive due to a strong return on investment due to its advanced detection capabilities and streamlined operations. Microsoft Defender offered as part of Microsoft 365 E5 subscriptions and Azure Defender for Endpoint plans, providing potentially better value for organizations already invested in the Microsoft ecosystem.
    • Room for Improvement: Cortex XDRusers reported a desire for improved integration with third-party tools and reporting features. Microsoft Defender reviews highlighted areas for improvement in system performance and advanced threat prevention.
    • Deployment and customer support: Cortex XDR deployment can be more complex compared to Defender, requiring agent installation and potentially additional configuration. However, documentation is generally considered good. Microsoft Defender leverages existing Microsoft agents for most deployments, making setup potentially faster for Windows environments. Cortex XDR stands out for its highly praised customer service, which is known for its responsiveness, efficiency, and knowledge in addressing concerns. As a Microsoft product, Defender's support is readily available through various channels.

    The summary above is based on 214 interviews we conducted recently with Cortex XDR by Palo Alto Networks and Microsoft Defender users. To access the review's full transcripts, download our report.

    DOWNLOAD THE COMPLETE REPORT
    To learn more, read our detailed Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Endpoint Report (Updated: July 2024).
    Buyer's Guide
    Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Endpoint
    July 2024
    Download the complete report
    Helped 793,295 peers since 2012
     

    Categories and Ranking

    Cortex XDR by Palo Alto Net...
    Ranking in Endpoint Protection Platform (EPP)
    4th
    Average Rating
    8.4
    Number of Reviews
    84
    Ranking in other categories
    Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (2nd)
    Microsoft Defender for Endp...
    Ranking in Endpoint Protection Platform (EPP)
    1st
    Average Rating
    8.0
    Number of Reviews
    184
    Ranking in other categories
    Advanced Threat Protection (ATP) (2nd), Anti-Malware Tools (1st), Endpoint Detection and Response (EDR) (1st), Microsoft Security Suite (6th)
     

    Mindshare comparison

    As of July 2024, in the Endpoint Protection Platform (EPP) category, the mindshare of Cortex XDR by Palo Alto Networks is 4.4%, down from 5.7% compared to the previous year. The mindshare of Microsoft Defender for Endpoint is 12.2%, down from 16.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
    Endpoint Protection Platform (EPP)
    Unique Categories:
    Extended Detection and Response (XDR)
    8.7%
    Ransomware Protection
    20.0%
    Advanced Threat Protection (ATP)
    4.1%
    Anti-Malware Tools
    18.3%
     

    Featured Reviews

    Mohammad Qaw - PeerSpot reviewer
    Dec 15, 2022
    Perfect correlation and XDR capabilities for network traffic plus endpoint security
    The solution should force customers to integrate with network traffic to see the full benefits of XDR. If you are not integrating it or feeding in your network traffic, then you are just buying a normal antivirus which doesn't make any sense. You are paying double the price to use the antivirus feature or to say you have XDR, but in reality you are not using it. The solution should include an on-premises option because some customers want only on-premises. It would be hard, but good to do if possible. Open XDR would be beneficial in the future. Right now, the solution is Closed XDR so cannot communicate with the few new vendors in the Open XDR market.
    Read full review
    Sudhen Swami - PeerSpot reviewer
    Jun 26, 2024
    Easy to update with good protection and a useful cloud portal
    We've mainly used it for endpoints. However, we've also used it for DLP as well. We're also in the process of implementing it for cloud and identity as well. However, it's very good for endpoints, and that's our main focus. The malware protection is good. The visibility it provides is very useful. We can combine visibility with wider security features and alerts around malware, misconfiguration, or any other kinds of threats. The cloud portal is quite good. From there, we are able to see alerts and have colleagues review issues and monitor to see if any patterns arise. It's serving us quite well overall. It allows us to look at other items, like application and browser control. It helps us prioritize threats. We have a process in place now where we can review issues and remediate them effectively. We have been able to integrate a variety of Microsoft security products together. We use Azure AD, for example, and we've begun to implement DLP, among other items. We're looking at labeling and tagging and will expand into that soon. Defender has more stringent system requirements than, for example, Check Point. So when we implemented the Check Point Endpoint agent, that solution didn't mind what version of Windows you were using. When we moved to Defender, Defender had certain system prerequisites that had to be met. So we had to make sure that we're on a minimum version of Windows when we're utilizing Office, and Office has to be a particular version as well. It has more stringent system requirements that have to be met before you can implement it. It works natively together with other Microsoft solutions. Once you get more and more of those different components across the environment, then you start to get better visibility. So, rather than having lots of different solutions, you have fewer solutions and a single vendor solution. That way, you start getting into a position where you get better visibility and integration as well. The standardization is good. It's important. It's helping me with monitoring and learning. Updates and upgrades are quite smooth and seamless. Defender helps us automate routine tasks. Quite a lot of Microsoft is straightforward for us now. Previously, we didn't have enough resources and were unable to look at the alerts. Having this in place makes things a lot more straightforward for us. We have both the technology and the people in place now, alongside the process. We do see the benefits in that, and that's why we're continuing our adoption across the estate in terms of client and server as well. It's helping us avoid looking at multiple dashboards and centralized monitoring. We're not fully there yet. We're getting there. While we haven't witnessed time saving yet, once it's fully deployed, it will. By then, we'll have standardized processes across a single solution. We have saved money, however, as we continue to reduce non-Mircosft systems. Since we won't be using various competing technologies, we can save on licensing costs. We've likely so far saved 15%. While it's hard to estimate exactly how much, the solution has helped us decrease time to detection and time to respond.
    Read full review

    Quotes from Members

    We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
     

    Pros

    "The most valuable feature is that you can select remote access of any machine for sandboxing."
    "It collects and caches and the knowledge of machine learning from different customers to take to the cloud. It makes it better to use for everybody. It allows for quick learning and updates and can, therefore, offer zero-day malware security. This sharing of metadata helps make the solution very safe."
    "The anti-exploit is impenetrable. We chose Traps because it is the only product that we were not able to get anything past."
    "The information the dashboard provides is very clear."
    "The tool's use cases are relevant to security."
    "We can visualize and control the activities in the environment from anywhere."
    "The product has an intuitive dashboard."
    "Cortex XDR by Palo Alto Networks should be a stable solution."
    More Cortex XDR by Palo Alto Networks pros
    "It comes included with the Windows license."
    "The solution has an easy-to-use interface, is always updated, and is user-friendly."
    "It is already integrated with Windows 10, so you don't need to worry about that."
    "Defender is a part of Windows; you just need to enable it. There is no need to install anything."
    "I like the fact that it has the ransomware solution in there. I'm glad that the ransomware solution is built into it. That's probably the biggest thing that I see in Microsoft Defender."
    "Defender should be fine for home use. It has all the basic functionality you need. I can't speak to how well it works as an enterprise solution because I'm not in the space."
    "We use Microsoft Defender for the antivirus."
    "Defender is integrated into the operating system. It's integrated with everything. You don't have to spend time analyzing what you have to do to be sure that the integration is okay between the security tool and all the other apps. This, from my point of view, is the main advantage."
    More Microsoft Defender for Endpoint pros
     

    Cons

    "I would like to see them include NDR (Network Detection Response)."
    "A little bit more automation would be nice."
    "It tends to do 99.9% of things. The only thing I'd like is single sign-on authentication into their cloud platform so that my users can be properly authenticated against it."
    "Palo Alto Networks Cortex XDR does not detect malicious activity like in other anti-virus solutions like Trend Micro and Windows with Cisco."
    "The solution should force customers to integrate with network traffic to see the full benefits of XDR."
    "There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, is not user-friendly."
    "The dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard."
    "We would also like to have advanced tech protection and email scanning."
    More Cortex XDR by Palo Alto Networks cons
    "Microsoft Windows Defender doesn't have a game mode."
    "In terms of improvements for their technical support, a focus on enhancing response times could be beneficial."
    "If a threat actor comes in, and creates a global administrative account, they can gain access to everything and whitelist then block everything else. Having everything, including Defender, under one brand is like having all of your eggs in one basket."
    "I would like to see improvements made to how it secures activities on web pages."
    "The solution could improve by providing more integration."
    "Some of the integrations that Defender should include involve the use of the web app."
    "I have accounts for administrators and corporate employees, but I also have accounts for students. I can't split these types of accounts. I need a separate configuration for both... I need to research how I can get alerts for only the administrative machines."
    "The time it takes to restore the application could be improved. It has a lot of dependencies. It's not like the Microsoft security that comes with the OS. Updating through the command prompt, most of the time, it takes some time to download some of these dependencies."
    More Microsoft Defender for Endpoint cons
     

    Pricing and Cost Advice

    "The solution is expensive. It's pricing is on a yearly-basis."
    "This is an expensive solution."
    "I did PoCs on products called Cylance and CrowdStrike. Although, I consider these products and they were also good, when it come to cost and budgetary factors, Traps has been proven to be better than the other two products. It is quite cost-effective and delivers all the entire solution which we require."
    "The pricing is okay, although direct support can be expensive."
    "It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."
    "The pricing is a little high. It is per user per year."
    "The product pricing is reasonable. The licensing model was flexible based on the number of endpoints."
    "It has reasonable pricing for the use cases it provides to the company."
    More Cortex XDR by Palo Alto Networks pricing and cost advice
    "Microsoft Defender for Endpoint is cost-effective because there's one unified license, and with this unified license, you get the capabilities for your cloud applications, servers, and endpoints as well. Therefore, it saves us a lot of money because the cost with other solutions is for just one piece of OS or maybe an urban environment. The licensing process is not complex as well."
    "You do not need to pay any additional costs for antivirus and anti-malware solutions for endpoint protection."
    "The licensing fee is a function of your Office 365 license. The feature set you get is a function of the license as well. There is probably an E2 version, an E3 version, and an E5 version. There are several versions, and not all features are the same. So, you might want to check what features you're expecting because you might get shocked. If you only have an E3 license, the capability isn't the same."
    "Licensing options vary. Some customers buy it as an enterprise agreement and pay yearly. Others buy it as a CSP, so they pay per month. It completely depends on the customer's needs."
    "Pricing for Microsoft Defender for Endpoint is competitive. Out of the bundle, you will get a lot of security, if I talk about Microsoft E5, for example, and get a lot of benefits. If the customer goes and purchases a different solution, it will cost more, so pricing for Microsoft Defender for Endpoint is quite reasonable at the moment. There isn't any challenge in terms of pricing, for example, I didn't see a customer who pulled back because of the price. Some prices could be negotiable, and sometimes, as a sales point, the two become negotiable, but they don't bill one and pull back because of the pricing. If you have an E5 license, you get everything."
    "The solution is free."
    "The normal, standalone model, is not expensive, but the enterprise model that includes the bundle with email and some web protection, is a bit more expensive."
    "It is so expensive. It isn't cheaper than McAfee or other solutions."
    More Microsoft Defender for Endpoint pricing and cost advice
    report
    See which vendors are best for you
    Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
    See recommendations
    793,295 professionals have used our research since 2012.
     

    Answers from the Community

    Ammar Jibarah - PeerSpot reviewer
    Dec 7, 2022
    Dec 7, 2022
    Which product would you choose: Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks?
    I have not used Microsoft Defender and only used Cortex XDR by Palo Alto Networks. My experience with Cortex is not good as you need to whitelist each and every exe file of each adn every computer. My recommendation for you is to go for Cynet360 MDR which is far better than Cortex in terms of auto detection and remediation. You will get genuine alert.
    2 out of 4 answers
    Zubair Ahmad - PeerSpot reviewer
    Sep 7, 2022
    I have not used Microsoft Defender and only used Cortex XDR by Palo Alto Networks. My experience with Cortex is not good as you need to whitelist each and every exe file of each adn every computer. My recommendation for you is to go for Cynet360 MDR which is far better than Cortex in terms of auto detection and remediation. You will get genuine alert.
    Read full answer
    JH
    Sep 7, 2022
    I would go for the one with the best independent threat intelligence, a platform that allows you to change, add, move IT and Security infrastructure without impacting your security platform.  I would also place a close attention to storage costs, service levels and the number of resources providing human intelligence on top of machine intelligence for investigation and incident response, all in one platform.  But I am biased ;-)
    Read full answer
    See all 4 answers
     

    Top Industries

    By visitors reading reviews
    Computer Software Company
    16%
    Government
    8%
    Financial Services Firm
    8%
    Manufacturing Company
    7%
    Educational Organization
    24%
    Computer Software Company
    13%
    Government
    8%
    Financial Services Firm
    7%
     

    Company Size

    By reviewers
    Large Enterprise
    Midsize Enterprise
    Small Business
     

    Questions from the Community

    Cortex XDR by Palo Alto vs. Sentinel One
    Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to...
    See all answers
    Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
    Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that are very scalable, secure, and user-friendly. Cortex XDR by Palo Alto offers ...
    See all answers
    How is Cortex XDR compared with Microsoft Defender?
    Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
    See all answers
    Which offers better endpoint security - Symantec or Microsoft Defender?
    We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior solution. Microsoft Defender for Endpoint is a cloud-delivered endpoint security s...
    See all answers
    How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
    The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push your machine hardware to "test", you don't have the usual "scan now" feature ...
    See all answers
    What do you like most about Microsoft Defender for Endpoint?
    The most valuable aspect lies in its automation capabilities, particularly within security automation.
    See all answers
     

    Comparisons

    Darktrace vs Cortex XDR by Palo Alto Networks Logo
    Darktrace vs Cortex XDR by Palo Alto Networks
    Compared 8% of the time
    CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks Logo
    CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks
    Compared 7% of the time
    Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks Logo
    Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks
    Compared 5% of the time
    Fortinet FortiEDR vs Cortex XDR by Palo Alto Networks Logo
    Fortinet FortiEDR vs Cortex XDR by Palo Alto Networks
    Compared 4% of the time
    Wazuh vs Cortex XDR by Palo Alto Networks Logo
    Wazuh vs Cortex XDR by Palo Alto Networks
    Compared 4% of the time
    More Cortex XDR by Palo Alto Networks Competitors
    Symantec Endpoint Security vs Microsoft Defender for Endpoint Logo
    Symantec Endpoint Security vs Microsoft Defender for Endpoint
    Compared 7% of the time
    Intercept X Endpoint vs Microsoft Defender for Endpoint Logo
    Intercept X Endpoint vs Microsoft Defender for Endpoint
    Compared 5% of the time
    CrowdStrike Falcon vs Microsoft Defender for Endpoint Logo
    CrowdStrike Falcon vs Microsoft Defender for Endpoint
    Compared 5% of the time
    Trellix Endpoint Security vs Microsoft Defender for Endpoint Logo
    Trellix Endpoint Security vs Microsoft Defender for Endpoint
    Compared 5% of the time
    SentinelOne Singularity Complete vs Microsoft Defender for Endpoint Logo
    SentinelOne Singularity Complete vs Microsoft Defender for Endpoint
    Compared 4% of the time
    More Microsoft Defender for Endpoint Competitors
     

    Product Reports

    Buyer's Guide
    Cortex XDR by Palo Alto Networks
    July 2024
    Cortex XDR by Palo Alto Networks reportDownload Cortex XDR by Palo Alto Networks product report
    Buyer's Guide
    Microsoft Defender for Endpoint
    July 2024
    Microsoft Defender for Endpoint reportDownload Microsoft Defender for Endpoint product report
     

    Also Known As

    Cyvera, Cortex XDR, Palo Alto Networks Traps
    Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
     

    Learn More

    Palo Alto Networks
    Microsoft
     

    Interactive Demo

    Demo not available
    Palo Alto Networks
    Microsoft
     

    Overview

    Cortex XDR by Palo Alto Networks is the first threat detection and response software to combine both visibility across all types of data as well as autonomous machine learning analytics. Threat detection very often requires analysts to divide their attention among many different data streams. This platform unifies a vast variety of data flows, which allows analysts to assess threats from a single location. Users can now maintain a level of visibility that other threat detection programs simply cannot offer. This level of transparency lends itself to both quick identification of problems that arise and the equally quick development of a potential solution.

    Cortex XDR’s machine learning works on many different levels to detect and prevent threats. It is constantly scanning for threats and vulnerabilities. The solution can scan up to 5.4 billion IP addresses in three-quarters of an hour. This allows it to spot weak points in the system and notify administrators long before hackers can take advantage of vulnerabilities. Once the Artificial Intelligence (AI) discovers an issue or an area where an issue could potentially take place the system creates a log of the information and subsequently sends an alert to system administrators. The AI takes the information that it has gathered and uses it to assign threat levels to the issues that it detects. Following this, a human analyst will be assigned to manually assess the issue and deal with it accordingly. You can set it to automatically respond to the threat by isolating the issue while analysts investigate it.

    Benefits of Cortex XDR

    Some of Cortex XDR’s benefits include:

    • The use of advanced AI analytics, behavior analytics, and custom-made detection to detect advanced threats before they occur.
    • The ability to group similar threat alerts, reducing incoming alerts by as much as 98%. This allows analysts to avoid being overwhelmed by the volume of incoming alerts.
    • The ability to investigate threats as much as 8 times faster than would be possible with other software. The machine learning, when coupled with the unified data stream that Cortex XDR collects, significantly increases the ability to more quickly discover the root cause of a threat.

    Reviews from Real Users

    Cortex XDR by Palo Alto Networks software stands out among its competitors for a number of reasons. Two major ones are its ability to isolate threats while enabling them to be studied and the way that the software combines all of the data that it gathers into a single, more complete picture than other solutions offer.

    PeerSpot users note the effectiveness of these features. A network designer at a computer software company wrote, “The solution has a very helpful isolation feature. If any system gets compromised, with one click I can access the system and isolate it from other networks, and then go into further forensic investigation of the current threat without compromising anything else.”

    Jeff W., Vice President/CTO at Sinnott Wolach Technology Group, noted, “The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly.”



    Microsoft Defender for Endpoint is a comprehensive security solution that provides advanced threat protection for organizations. It offers real-time protection against various types of cyber threats, including malware, viruses, ransomware, and phishing attacks.

    With its powerful machine-learning capabilities, it can detect and block sophisticated attacks before they can cause any harm. The solution also includes endpoint detection and response (EDR) capabilities, allowing organizations to quickly investigate and respond to security incidents. It provides detailed insights into the attack timeline, enabling security teams to understand the scope and impact of an incident.

    Microsoft Defender for Endpoint also offers proactive threat hunting, allowing organizations to proactively search for and identify potential threats within their network. It integrates seamlessly with other Microsoft security solutions, such as Microsoft Defender XDR, to provide a unified and holistic security approach. With its centralized management console, organizations can easily deploy, configure, and monitor the security solution across their entire network.

    Microsoft Defender for Endpoint is a robust and scalable security solution that helps organizations protect their endpoints and data from evolving cyber threats.

     

    Sample Customers

    CBI Health Group, University Honda, VakifBank
    Petrofrac, Metro CSG, Christus Health
    Buyer's Guide
    Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Endpoint
    July 2024
    Free Report: Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Endpoint
    Find out what your peers are saying about Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Endpoint and other solutions. Updated: July 2024.
    DOWNLOAD NOW
    793,295 professionals have used our research since 2012.
    See our Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Endpoint report.
    See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.

    We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.