Cortex XDR vs Microsoft Defender comparison

You must select at least 2 products to compare!
Fortinet Logo
10,056 views|7,518 comparisons
82% willing to recommend
Palo Alto Networks Logo
31,048 views|17,576 comparisons
94% willing to recommend
Microsoft Logo
60,745 views|47,911 comparisons
94% willing to recommend
Comparison Buyer's Guide
Executive Summary
Updated on Mar 31, 2024

Cortex XDR by Palo Alto Networks and Microsoft Defender for Endpoint are both strong endpoint security solutions with different strengths. Cortex XDR offers advanced threat detection and investigation capabilities with a focus on extended detection and response (XDR). Microsoft Defender for Endpoint emphasizes robust security measures and leverages tight integration with other Microsoft products for a comprehensive security posture.

    • Features: Cortex XDR excels in advanced threat detection, leveraging behavioral analytics and WildFire malware analysis, and provides comprehensive XDR capabilities by integrating network and endpoint data. It offers a user-friendly interface and customizable threat intelligence feeds. On the other hand, Microsoft Defender focuses on exploit and vulnerability mitigation, has limited XDR capabilities, and relies on integration with other Microsoft security tools. 
    • Pricing and ROI Comparison: Cortex XDR pricing is customized based on deployment size and features. While generally considered relatively expensive, users still find the pricing competitive due to a strong return on investment due to its advanced detection capabilities and streamlined operations. Microsoft Defender offered as part of Microsoft 365 E5 subscriptions and Azure Defender for Endpoint plans, providing potentially better value for organizations already invested in the Microsoft ecosystem.
    • Room for Improvement: Cortex XDRusers reported a desire for improved integration with third-party tools and reporting features. Microsoft Defender reviews highlighted areas for improvement in system performance and advanced threat prevention.
    • Deployment and customer support: Cortex XDR deployment can be more complex compared to Defender, requiring agent installation and potentially additional configuration. However, documentation is generally considered good. Microsoft Defender leverages existing Microsoft agents for most deployments, making setup potentially faster for Windows environments. Cortex XDR stands out for its highly praised customer service, which is known for its responsiveness, efficiency, and knowledge in addressing concerns. As a Microsoft product, Defender's support is readily available through various channels.

    The summary above is based on 214 interviews we conducted recently with Cortex XDR by Palo Alto Networks and Microsoft Defender users. To access the review's full transcripts, download our report.

    To learn more, read our detailed Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Endpoint Report (Updated: March 2024).
    767,496 professionals have used our research since 2012.
    Featured Review
    Quotes From Members
    We asked business professionals to review the solutions they use.
    Here are some excerpts of what they said:
    "The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors""It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up.""I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks.""It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain.""Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great.""Additionally, when it comes to EDR, there are more tools available to assist with client work.""The console is easy to read. I also like the scanning part and the ability to move assets from one to the other.""Fortinet has helped free up around 20 percent of our staff's time to help us out."

    More Fortinet FortiEDR Pros →

    "Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place.""Cortex XDR is a simple platform that's easy for administrators and users. You have a lot of flexibility to change or customize the features.""The most valuable feature of Cortex XDR by Palo Alto Networks is its machine-learning capabilities. Additionally, there is full integration with other solutions.""The dashboard is customizable.""Their XDR agent and their behavioral indicators of compromise (BIOC) are pretty nice. Their managed threat hunting is also pretty nice. They also have WildFire, which is a service for actively looking for malware. It's quite useful.""They did what they said. This solution could apply to any scenario.""The solution doesn't need a high level of technical training.""They have a new GUI which is just fantastic."

    More Cortex XDR by Palo Alto Networks Pros →

    "Defender is stable. The performance is good.""What I like most is the protection against phishing emails and anti-spam.""The stability keeps getting better and better.""It captures data through machine learning, which is built-in on the back-end. It also provides built-in analytics and a threat intelligence feature. It is a one-stop solution that doesn't require an antivirus because it comes prebuilt into Windows 10.""It is stable and easy to use. Everything is okay, and there are no performance issues.""Defender for Endpoint provides good visibility into threats and has favorable threat intelligence.""Offers good protection.""I find the vulnerability management section of Microsoft Defender for Endpoint to be very useful for organizations."

    More Microsoft Defender for Endpoint Pros →

    "ZTNA can improve latency.""The dashboard isn't easy to access and manage.""We've encountered challenges during API deployment, occasionally resulting in unstable environments.""I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers.""Making the portal mobile friendly would be helpful when I am out of office.""It takes about two business days for initial support, which is too slow in urgent situations.""FortiEDR can be improved by providing more detailed reporting.""We'd like to see more one-to-one product presentations for the distribution channels."

    More Fortinet FortiEDR Cons →

    "The playbooks could be improved to include more functionalities or actions.""Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer.""It automatically detects security issues. It should be able to protect our network devices while operating autonomously.""There are some third-party solutions that are difficult to integrate with, which is something that can be improved.""Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms.""Limited remote connection.""The licensing model is complex to understand. It requires expertise to explain how the licensing works. You need expertise to guide you through the subscription plan.""Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files. It was unable to retrieve new file verdicts. It was using a thing called "local analysis" to determine if something was a malicious file or not. There was no dynamic analysis."

    More Cortex XDR by Palo Alto Networks Cons →

    "In terms of the architecture of the management infrastructure, we found that other technologies are more simple. Microsoft Defender could be simpler too.""The anti-ransomware features need to be improved upon.""We encountered some misbehavior between Microsoft Office Suite and Defender. We had issues of old macros being blocked and some stuff going around the usage of Win32 APIs. There is some improvement between the Office products and Defender, and there is a bunch of stuff that you can configure in your antivirus solutions, but you have several baselines, such as security baselines for Edge, security baselines for Defender, and security baselines for MDM. You have configuration profiles as well. So, there a lot of parts where we can configure our antivirus solution, and we're getting conflicting configurations. This is the major part with which we're struggling in this solution. We are having calls and calls with Microsoft for getting rid of all configuration conflicts that we have. That's really the part that needs to be improved.""We would like more customization.""Lacks some additional integration.""It's not quite a mature solution just yet. It needs more time to grow and develop.""It would be helpful if they included XDR features, on top of the EDR functionality.""Alerts need to be sent immediately because as it is now, you see some of them without delay and others arrive perhaps 30 minutes later, and it leaves important gaps in terms of information gathering."

    More Microsoft Defender for Endpoint Cons →

    Pricing and Cost Advice
  • "I know it is tough to get big budget additions up front, but I highly recommend deploying environment wide and adding the forensic service."
  • "There are no issues with the pricing."
  • "The price is comprable to other endpoint security solutions."
  • "The pricing is typical for enterprises and fairly priced."
  • "I'm not familiar with pricing, but it looks a bit costly compared to other vendors I think."
  • "The pricing is good."
  • "I would rate the solution's pricing an eight out of ten."
  • "The hardware costs about €100,000 and about €20,000 annually for access."
  • More Fortinet FortiEDR Pricing and Cost Advice →

  • "I feel it is fairly priced."
  • "The pricing seems fair, and I do like the licensing model. You use wherever they are, and it is elastic."
  • "We didn't have to pay any additional fee for the cloud instance. It just came with the renewal, which was nice."
  • "It is "expensive" and flexible."
  • "Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance."
  • "I did PoCs on products called Cylance and CrowdStrike. Although, I consider these products and they were also good, when it come to cost and budgetary factors, Traps has been proven to be better than the other two products. It is quite cost-effective and delivers all the entire solution which we require."
  • "It is cost-effective compared to similar solutions. It fits for the small businesses through to the big businesses."
  • "The return on investment is from the user side because we have seen the performance of it increase the delivery time of the product if we are using too many web-based and on-premise applications. In indirect ways, we saw the return of investment in terms of performance and user satisfaction increase."
  • More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →

  • "The product is free of charge and comes integrated into Windows."
  • "The solution is free."
  • "This product is included in the pricing for Windows."
  • "If you don't purchase the advanced threat protection then there is no additional charge."
  • "It is affordable and comes in the Office 365 bundle."
  • "Microsoft Defender ATP is expensive."
  • "I pay for it through the Windows Professional or Standard license. It is a one-time cost for me, and I use the same license."
  • "When compared with other vendors, the pricing is very high."
  • More Microsoft Defender for Endpoint Pricing and Cost Advice →

    Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
    767,496 professionals have used our research since 2012.
    Answers from the Community
    Ammar Jibarah
    Zubair Ahmad - PeerSpot reviewerZubair Ahmad
    Real User

    I have not used Microsoft Defender and only used Cortex XDR by Palo Alto Networks. My experience with Cortex is not good as you need to whitelist each and every exe file of each adn every computer. My recommendation for you is to go for Cynet360 MDR which is far better than Cortex in terms of auto detection and remediation. You will get genuine alert.

    Remy Ma - PeerSpot reviewerRemy Ma
    Real User

    Choosing Microsoft Defender makes the most sense if you already have a Microsoft ecosystem. But in reality, you need an endpoint security solution that is proactive and comes with built-in artificial intelligence capabilities.

    I value in-depth visibility across the endpoints, so I prefer CrowdStrike Falcon EDR. It’s the best solution for simplified endpoint detection and response. CrowdStrike EDR comes with advanced features and easily integrates with popular third-party solutions like Splunk and Palo Alto Networks. An easy-to-use and navigate interface reduces the learning curve. Personally, I think CrowdStrike Falcon is easier to use than Microsoft Defender.

    MSSPs like ACE Managed Security Services provide Managed CrowdStrike EDR. If you’re looking for hassle-free deployment and a fully-managed solution, you should look into ACE.

    Mike Parsons - PeerSpot reviewerMike Parsons

    Unless you are using Palo Alto elsewhere in your architecture, I would go with Microsoft if that were the only choice.

    However, if you are using another network security issue such as Fortinet or Sophos, I would also look to their endpoint solutions.  They both have EDR and XDR capabilities and the endpoint solutions facilitate synchronization between the endpoint and the network control.

    Microsoft has done lots of work in the endpoint space and the Zero Trust world over the past several months.  Defender integrates tightly with the Microsoft Cloud and there is much synchronization that occurs between the physical endpoint and the cloud infrastructure. This means that regardless where the endpoint is physically located it stays connected and controlled by the policies set in the Microsoft cloud.  Very much like the Group Policy Options we became accustomed to with the on premises domain controller.

    I know that's a scratch on the surface and there are many other considerations, but you need to seek the solutions that promise management simplicity and the ability to control and protect the endpoints wherever they may be located. 

    James Holden - PeerSpot reviewerJames Holden (SecureWorks)

    I would go for the one with the best independent threat intelligence, a platform that allows you to change, add, move IT and Security infrastructure without impacting your security platform.  I would also place a close attention to storage costs, service levels and the number of resources providing human intelligence on top of machine intelligence for investigation and incident response, all in one platform.  But I am biased ;-)

    Questions from the Community
    Top Answer:I suggest Fortinet’s FortiEDR over FortiClient for several reasons. For starters, FortiEDR guarantees solid protection… more »
    Top Answer: Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team… more »
    Top Answer:The pricing is significantly high. The implementation of this solution required us to allocate additional funds beyond… more »
    Top Answer:Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks.… more »
    Top Answer:Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that… more »
    Top Answer:Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface… more »
    Top Answer:We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior… more »
    Top Answer:The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never push… more »
    Top Answer:The most valuable aspect lies in its automation capabilities, particularly within security automation.
    Also Known As
    enSilo, FortiEDR
    Cyvera, Cortex XDR, Palo Alto Networks Traps
    Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
    Learn More
    Interactive Demo
    Demo Not Available
    Palo Alto Networks
    Demo Not Available

    Fortinet FortiEDR is a real-time endpoint protection, detection, and automated response solution. Its primary purpose is to detect advanced threats to stop breaches and ransomware damage. It is designed to do so in real time, even on an already compromised device, allowing you to respond and remediate incidents automatically so your data can remain protected.

    Fortinet FortiEDR Features

    Fortinet FortiEDR has many valuable key features, including:

    • Easily customizable
    • Real-time proactive risk mitigation & IoT security
    • Pre-infection protection
    • Post-infection protection
    • Track applications and ratings
    • Reduce the attack surface with risk-based proactive policies
    • Achieve analysis of entire log history
    • Optional managed detection and response (MDR) service

    Fortinet FortiEDR Benefits

    Some of the key benefits of using Fortinet FortiEDR include:

    • Protection: Fortinet FortiEDR provides proactive, real-time, automated endpoint protection with the orchestrated incident response across platforms. It stops the breach with real-time postinfection blocking to protect data from exfiltration and ransomware encryption.

    • Single unified console: Fortinet FortiEDR has a single unified console with an intuitive interface, which makes management easier. The solution automates mundane endpoint security tasks so your employees don’t need to do it.

    • Cost savings: With Fortinet FortiEDR you can eliminate post-breach operational expenses and breach damage costs.

    • Flexibility: Fortinet FortiEDR can be deployed on premises or on a secure cloud instance. With Fortinet FortiEDR, endpoints are protected both on- and off-line.

    • Scalability: Because Fortinet can be deployed quickly and has a small footprint, it is easy to scale up to protect hundreds of thousand endpoints.

    Reviews from Real Users

    Below are some reviews and helpful feedback written by Fortinet FortiEDR users.

    An Owner at a security firm says, "The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers. The customer has literally about 800 cash registers. That was the use case for Fortinet FortiEDR - to get that down into a tiny space. The only way to do that was to use this product because it had that ability to unbundle services that were a surplus.”

    Chandan M., Chief Technical Officer at Provision Technologies LLP, mentions, “The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration.” He also adds, “The security is also very good and the firewall response is good.”

    Harpreet S., Information Technology Support Specialist at Chemtrade Logistics, explains, "It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."

    DeAndre V., Senior Network Administrator at a financial services firm, states, “The dashboard is easy to follow and use. The deployment and uninstalling were easy. I like the detailed information about the path of a file that might be suspicious. Being able to check that out was easy to follow. Exceptions are easy to create and the interface is easy to follow with a nice appearance.

    Cortex XDR by Palo Alto Networks is the first threat detection and response software to combine both visibility across all types of data as well as autonomous machine learning analytics. Threat detection very often requires analysts to divide their attention among many different data streams. This platform unifies a vast variety of data flows, which allows analysts to assess threats from a single location. Users can now maintain a level of visibility that other threat detection programs simply cannot offer. This level of transparency lends itself to both quick identification of problems that arise and the equally quick development of a potential solution.

    Cortex XDR’s machine learning works on many different levels to detect and prevent threats. It is constantly scanning for threats and vulnerabilities. The solution can scan up to 5.4 billion IP addresses in three-quarters of an hour. This allows it to spot weak points in the system and notify administrators long before hackers can take advantage of vulnerabilities. Once the Artificial Intelligence (AI) discovers an issue or an area where an issue could potentially take place the system creates a log of the information and subsequently sends an alert to system administrators. The AI takes the information that it has gathered and uses it to assign threat levels to the issues that it detects. Following this, a human analyst will be assigned to manually assess the issue and deal with it accordingly. You can set it to automatically respond to the threat by isolating the issue while analysts investigate it.

    Benefits of Cortex XDR

    Some of Cortex XDR’s benefits include:

    • The use of advanced AI analytics, behavior analytics, and custom-made detection to detect advanced threats before they occur.
    • The ability to group similar threat alerts, reducing incoming alerts by as much as 98%. This allows analysts to avoid being overwhelmed by the volume of incoming alerts.
    • The ability to investigate threats as much as 8 times faster than would be possible with other software. The machine learning, when coupled with the unified data stream that Cortex XDR collects, significantly increases the ability to more quickly discover the root cause of a threat.

    Reviews from Real Users

    Cortex XDR by Palo Alto Networks software stands out among its competitors for a number of reasons. Two major ones are its ability to isolate threats while enabling them to be studied and the way that the software combines all of the data that it gathers into a single, more complete picture than other solutions offer.

    PeerSpot users note the effectiveness of these features. A network designer at a computer software company wrote, “The solution has a very helpful isolation feature. If any system gets compromised, with one click I can access the system and isolate it from other networks, and then go into further forensic investigation of the current threat without compromising anything else.”

    Jeff W., Vice President/CTO at Sinnott Wolach Technology Group, noted, “The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly.”

    Microsoft Defender for Endpoint is a comprehensive security solution that provides advanced threat protection for organizations. It offers real-time protection against various types of cyber threats, including malware, viruses, ransomware, and phishing attacks.

    With its powerful machine-learning capabilities, it can detect and block sophisticated attacks before they can cause any harm. The solution also includes endpoint detection and response (EDR) capabilities, allowing organizations to quickly investigate and respond to security incidents. It provides detailed insights into the attack timeline, enabling security teams to understand the scope and impact of an incident.

    Microsoft Defender for Endpoint also offers proactive threat hunting, allowing organizations to proactively search for and identify potential threats within their network. It integrates seamlessly with other Microsoft security solutions, such as Microsoft Defender XDR, to provide a unified and holistic security approach. With its centralized management console, organizations can easily deploy, configure, and monitor the security solution across their entire network.

    Microsoft Defender for Endpoint is a robust and scalable security solution that helps organizations protect their endpoints and data from evolving cyber threats.

    Sample Customers
    Financial, Healthcare, Legal, Technology, Enterprise, Manufacturing ... 
    CBI Health Group, University Honda, VakifBank
    Petrofrac, Metro CSG, Christus Health
    Top Industries
    Financial Services Firm21%
    Comms Service Provider11%
    Manufacturing Company11%
    Computer Software Company16%
    Manufacturing Company8%
    Financial Services Firm8%
    Computer Software Company17%
    Financial Services Firm13%
    Security Firm9%
    Consumer Goods Company7%
    Computer Software Company15%
    Financial Services Firm8%
    Comms Service Provider6%
    Financial Services Firm19%
    Computer Software Company16%
    Energy/Utilities Company7%
    Comms Service Provider7%
    Educational Organization21%
    Computer Software Company13%
    Financial Services Firm7%
    Company Size
    Small Business50%
    Midsize Enterprise16%
    Large Enterprise34%
    Small Business31%
    Midsize Enterprise19%
    Large Enterprise50%
    Small Business41%
    Midsize Enterprise22%
    Large Enterprise37%
    Small Business25%
    Midsize Enterprise19%
    Large Enterprise56%
    Small Business40%
    Midsize Enterprise17%
    Large Enterprise43%
    Small Business23%
    Midsize Enterprise32%
    Large Enterprise45%
    Buyer's Guide
    Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Endpoint
    March 2024
    Find out what your peers are saying about Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Endpoint and other solutions. Updated: March 2024.
    767,496 professionals have used our research since 2012.

    Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while Microsoft Defender for Endpoint is ranked 1st in Endpoint Protection Platform (EPP) with 182 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of Cortex XDR by Palo Alto Networks writes "It provides a whole new level of visibility and integrates with most other vendors". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". Cortex XDR by Palo Alto Networks is most compared with CrowdStrike Falcon, Darktrace, Symantec Endpoint Security, Trend Micro Apex One and SentinelOne Singularity Complete, whereas Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, CrowdStrike Falcon, SentinelOne Singularity Complete and Fortinet FortiClient. See our Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Endpoint report.

    See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.

    We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.