We performed a comparison between Cortex XDR by Palo Alto networks and Microsoft defender for endpoint based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison of Results: Based on the parameters we compared, Microsoft Defender for Endpoint seems to be a slightly superior solution. All other things being more or less equal, our reviewers found Cortex XDR by Palo Alto Networks rather expensive to purchase. Some reviewers also felt that the ease of deployment could be improved.
"appreciate the File Trajectory feature, as it's excellent for an analyst or mobile analyst. I can track everything that happens on our server from my PC or device. Integration with SecureX is a welcome feature because it connects Cisco's integrated security portfolio with our complete infrastructure. Sandboxing is helpful, and integration with the Cisco environment is excellent as we use many of their products, and that's very valuable for us."
"The most valuable feature is signature-based malware detection."
"Device Trajectory is one of the most valuable features. We're able to dig in and really understand how things came to be and where to focus our efforts."
"Definitely, the best feature for Cisco Secure Endpoint is the integration with Talos. On the backend, Talos checks all the signatures, all the malware, and for any attacks going on around the world... Because Secure Endpoint has a connection to it, we get protected by it right then and there."
"The integration with other Cisco products seemed to be really effective. We had Umbrella in place and we were using AnyConnect as well as Firepower. Once a threat was detected, being able to do the threat lookups and the live tracking was really useful."
"The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great."
"Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP."
"The most valuable feature is its threat protection and data privacy, including its cyber attack and data protection, as we need to cover and protect data on user devices."
"Its interface and pricing are most valuable. It is better than other vendors in terms of security."
"Stability is one of the features we like the most."
"Palo Alto is constantly adding new features."
"The most valuable feature of Cortex XDR by Palo Alto Networks is the low consumption of system resources. The solution uses a lot of AI and machine learning."
"The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine."
"Their XDR agent and their behavioral indicators of compromise (BIOC) are pretty nice. Their managed threat hunting is also pretty nice. They also have WildFire, which is a service for actively looking for malware. It's quite useful."
"The most valuable feature of Cortex XDR by Palo Alto Networks is its machine-learning capabilities. Additionally, there is full integration with other solutions."
"The most valuable feature is that you can select remote access of any machine for sandboxing."
"It's an enterprise solution that provides a centralized console and it supports all the platforms that we use, including Windows, Linux, Mac, iOS, and Android."
"It is stable and easy to use. Everything is okay, and there are no performance issues."
"It can reach our applications and PC activities in the cloud."
"It's effective against most types of infection, and the firewall is perfect for protection."
"This solution definitely increases our security posture. When you are reviewing your existing fleet or endpoints and based on the configuration that you put out of your Defender for Endpoint, you then receive a security score from Microsoft. Depending on what rules you have configured, what policies you have deployed, and what attack surface reduction rules that you have set up and deployed, it is almost gamifying information security in the sense that you are always trying to achieve a higher score. The more hardening you perform on your endpoints, the better score you receive. This generally tends to give you a better peace of mind, but also makes you secure at the same time."
"The performance of Microsoft Defender for Endpoint has been a valuable feature."
"File protection is the most valuable feature. Antivirus security on the Level OS, Microsoft Defender, and Microsoft Guard for 2019."
"We have just started to implement it. It is useful for protection from malware and ransomware."
"An easier way to do deduplication of machines, or be alerted to the fact that there's more than one instance of a machine, would be useful... That way you could get a more accurate device count, so you're not having an inflated number."
"They could improve the main dashboard to more clearly show me the things that I want to see. When I open the dashboard right now, I see a million things and they are not always the things that I need."
"The Linux agent is a simple offline classic agent, and it doesn't support Secure Boot, which is important to have on a Linux machine. The Linux agent has conflicts with other solutions, including the Exploit Prevention system found in Windows servers. We didn't find a fix during troubleshooting, and Cisco couldn't offer one either. Eventually, we had to shut down the Exploit Prevention system. We didn't like that as we always want a solution that can fit smoothly into the setup without causing problems, especially where security is concerned. The tool also caused CPU spikes on our production machine, and we were seriously considering moving to another product."
"In terms of the user experience, if the UX design could be much simpler [that would improve things]... if they could make it more intuitive for someone who is not an engineer so that they still can read what's going on in their webpage and understand, that would be something."
"It could be improved in connection with artificial intelligence and IoT."
"This product has issues with the number of false positives that it reports."
"The GUI needs improvement, it's not good."
"In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through."
"Impact on system performance is horrible, adding a lot of delays for users."
"It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control. Currently, Cortex is good in terms of the security of the endpoints, but it is not as good as other vendors in terms of the management of the endpoint."
"Cortex XDR is trickier to configure than other Palo Alto products. This is one area where we are not so satisfied."
"We would also like to have advanced tech protection and email scanning."
"It is not easy to sell Cortex XDR, not because it isn't a good tool. Its marketing needs to be improved."
"The solution lacks real-time, on-demand antivirus."
"They've been having some issues with updating their endpoint agents, and it has been quite frustrating."
"Cortex XDR could be improved with more GUI features."
"Localization is always a challenge, especially with new products you typically want. Solutions are designed to be deployed where the most licenses are being consumed, such as in the United States. They focus on US products, devices, and networks. Specialized deployments for other countries would allow for a smoother experience in transition."
"They should bring back the feature of a dedicated proxy device for communication to the cloud. As of now, all the agents are required to send the logs directly to the cloud. There should be a solution where you can put a proxy and all the logs are consolidated, like a forwarder."
"They're in the process of pulling more things together. They can continue with the integrations and provide a better way of seeing the impact of security changes, especially on the endpoint side. Before we actually flip the switch, we should be able to see the impact of security changes on the business or business applications. It would prevent breaking any business applications."
"Microsoft support could be more knowledgeable."
"It would be helpful if they included XDR features, on top of the EDR functionality."
"Defender could be more secure and stable."
"The initial setup can be a bit complex."
"The solution could improve by providing more integration."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in EPP (Endpoint Protection for Business) with 41 reviews while Microsoft Defender for Endpoint is ranked 1st in EPP (Endpoint Protection for Business) with 121 reviews. Cortex XDR by Palo Alto Networks is rated 8.2, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of Cortex XDR by Palo Alto Networks writes "Easy to set up, reliable, and always scanning". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Enables ingestion of events directly into your SIEM/SOAR, but requires integration with all Defender products to work optimally". Cortex XDR by Palo Alto Networks is most compared with Crowdstrike Falcon Endpoint Security and XDR, SentinelOne, Darktrace, Symantec Endpoint Security and Kaspersky Endpoint Security for Business, whereas Microsoft Defender for Endpoint is most compared with Sophos Intercept X, Crowdstrike Falcon Endpoint Security and XDR, Symantec Endpoint Security, SentinelOne and Check Point Harmony Endpoint. See our Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Endpoint report.
See our list of best EPP (Endpoint Protection for Business) vendors.
We monitor all EPP (Endpoint Protection for Business) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I have not used Microsoft Defender and only used Cortex XDR by Palo Alto Networks. My experience with Cortex is not good as you need to whitelist each and every exe file of each adn every computer. My recommendation for you is to go for Cynet360 MDR which is far better than Cortex in terms of auto detection and remediation. You will get genuine alert.
Choosing Microsoft Defender makes the most sense if you already have a Microsoft ecosystem. But in reality, you need an endpoint security solution that is proactive and comes with built-in artificial intelligence capabilities.
I value in-depth visibility across the endpoints, so I prefer CrowdStrike Falcon EDR. It’s the best solution for simplified endpoint detection and response. CrowdStrike EDR comes with advanced features and easily integrates with popular third-party solutions like Splunk and Palo Alto Networks. An easy-to-use and navigate interface reduces the learning curve. Personally, I think CrowdStrike Falcon is easier to use than Microsoft Defender.
MSSPs like ACE Managed Security Services provide Managed CrowdStrike EDR. If you’re looking for hassle-free deployment and a fully-managed solution, you should look into ACE.
Unless you are using Palo Alto elsewhere in your architecture, I would go with Microsoft if that were the only choice.
However, if you are using another network security issue such as Fortinet or Sophos, I would also look to their endpoint solutions. They both have EDR and XDR capabilities and the endpoint solutions facilitate synchronization between the endpoint and the network control.
Microsoft has done lots of work in the endpoint space and the Zero Trust world over the past several months. Defender integrates tightly with the Microsoft Cloud and there is much synchronization that occurs between the physical endpoint and the cloud infrastructure. This means that regardless where the endpoint is physically located it stays connected and controlled by the policies set in the Microsoft cloud. Very much like the Group Policy Options we became accustomed to with the on premises domain controller.
I know that's a scratch on the surface and there are many other considerations, but you need to seek the solutions that promise management simplicity and the ability to control and protect the endpoints wherever they may be located.
I would go for the one with the best independent threat intelligence, a platform that allows you to change, add, move IT and Security infrastructure without impacting your security platform. I would also place a close attention to storage costs, service levels and the number of resources providing human intelligence on top of machine intelligence for investigation and incident response, all in one platform. But I am biased ;-)