Cortex XDR and Microsoft Defender XDR compete in the realm of XDR solutions for robust security across endpoints and servers. Based on features and ease of integration, Microsoft Defender XDR seems to have the upper hand due to its seamless integration within the Microsoft ecosystem and automated threat handling capabilities.
Features: Cortex XDR offers advanced detection capabilities, anti-exploit measures, and a multi-layered approach to threat detection. It excels in preventing unknown code execution and correlates data from firewalls, networks, and endpoints. Microsoft Defender XDR's key features include deep integration into the Microsoft ecosystem, substantial automation in threat handling across endpoints, cloud applications, and emails, enhanced threat management, and efficient integration with Microsoft 365 services.
Room for Improvement: Cortex XDR faces challenges such as gaps in support for different OS versions, high memory usage, and integration issues with third-party antivirus solutions. Microsoft Defender XDR could improve with simplified licensing, better integration with non-Microsoft products, and a more intuitive user interface. Consistent visibility across environments is also an area for enhancement in Microsoft Defender.
Ease of Deployment and Customer Service: Both Cortex XDR and Microsoft Defender XDR provide versatile deployment options. Cortex XDR accommodates cloud and on-premises solutions but has mixed reviews in technical support, with occasional delays. Microsoft Defender XDR supports hybrid models and generally receives positive feedback for customer service, though certain integration processes could be improved for ease.
Pricing and ROI: Cortex XDR is known for its higher upfront cost, justified by its robust feature set aimed at reducing security breaches. Microsoft Defender XDR pricing is perceived as complex and can become expensive, especially for smaller businesses. However, it can be cost-effective within the Microsoft ecosystem through bundled pricing options. Both solutions offer enhanced security, potentially increasing ROI through reduced breaches and compliance features.
They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.
I have seen a return on investment with Cortex XDR by Palo Alto Networks, as this product is offered at a minimal cost, and we can find a good ROI from it.
We can quarantine and isolate a device within minutes.
Microsoft Defender XDR has saved me at least 50% of my time.
Ever since we turned on the M5 feature set back in June, we have seen a reduced number of potentially malicious clicks and faster alerting when incidents occur.
Every vendor has similar support; it depends on how the case is handled and raised.
Their support is efficient and responsive whenever I raise a ticket through my portal.
I would rate technical support from Palo Alto on a scale from one to ten as an eight, as I find it good.
You get stuck in low-level support for way longer than you should, instead of them escalating the issue up the chain.
It's critical to escalate SEV B issues immediately to a domestic engineer.
Once issues are escalated to the second or third layer, the support is much better.
Microsoft Defender XDR shows tremendous scalability, much more so than on-premises solutions.
Microsoft Defender XDR scales pretty well.
It is suitable for enterprise-level deployment but has room for improvement.
Cortex XDR is stable, offering high quality and reliable performance.
For the last 11 months, we haven't faced any outage issues, so it is a stable product.
The service has remained consistently online, with any issues isolated to specific components, suggesting a well-designed and modular architecture.
The services within our ecosystem have been reliable, meeting their SLAs.
It provides high-fidelity signals.
The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products.
If the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better.
Cortex XDR could improve its sales support team, including better commission structures and referral programs.
The licensing process needs improvement and clarification.
Improvements are needed in automated response capabilities.
Some inconsistencies exist between blades, which could be improved for a more seamless user and UI experience.
Cortex XDR is perceived as expensive by some customers, yet offers dynamic pricing.
Compared to competitors such as CrowdStrike and Sophos, the pricing of Cortex XDR by Palo Alto Networks is similar to CrowdStrike but more expensive than Sophos.
There are certainly savings when using Microsoft Defender XDR, which can range from 30%, 40%, and even up to 50%.
I would rate the pricing as eight out of ten, indicating it is a reasonable cost for the product.
Microsoft purposefully obfuscates this through marketing ploys to hide costs.
It incorporates AI for normal behavior detection, distinguishing unusual operations.
The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.
If a user doesn't click any link within 30 days and on the 31st day clicks a new link, Cortex XDR immediately alerts us that this user has clicked on an uncommon link or their behavior is uncommon.
With Microsoft threat intelligence information, it detects various types of threats, including insider attacks, malicious content, and data exfiltration.
This allows us to secure our systems in advance and proactively improve security, rather than waiting for incidents to occur.
Once we have it on the security dashboard, we can see a real-time storyline.
| Product | Market Share (%) |
|---|---|
| Microsoft Defender XDR | 6.1% |
| Cortex XDR by Palo Alto Networks | 5.5% |
| Other | 88.4% |
| Company Size | Count |
|---|---|
| Small Business | 41 |
| Midsize Enterprise | 18 |
| Large Enterprise | 35 |
| Company Size | Count |
|---|---|
| Small Business | 46 |
| Midsize Enterprise | 23 |
| Large Enterprise | 37 |
Cortex XDR by Palo Alto Networks delivers comprehensive endpoint security, integrating well with other systems to offer robust threat detection and real-time protection through AI-driven analytics.
Cortex XDR by Palo Alto Networks offers advanced endpoint protection and threat detection through AI and behavior-based analytics. Its user-friendly design simplifies integration with firewalls, delivering multi-layered protection with low resource consumption. Valued for policy management, USB control, and incident correlation, Cortex XDR enhances threat management and real-time threat hunting capabilities. However, users note challenges with third-party integration, reporting, and dashboard automation. Agent performance across operating systems and memory consumption are areas for improvement, alongside reducing false positives and simplifying endpoint management and setup.
What features does Cortex XDR offer?Cortex XDR is crucial in industries requiring robust endpoint protection, such as finance, healthcare, and technology. It supports malware detection, behavioral analysis, and ransomware mitigation across endpoints, including remote work environments, providing comprehensive threat visibility and security policy management. The solution's integration with firewalls and specialized industry requirements enhances security posture in diverse operational settings.
Microsoft Defender XDR is a comprehensive security solution designed to protect against threats in the Microsoft 365 environment.
It offers robust security measures, comprehensive threat detection capabilities, and an efficient incident response system. With seamless integration with other Microsoft products and a user-friendly interface, it simplifies security management tasks.
Users have found it effective in detecting and preventing various types of attacks, such as phishing attempts, malware infections, and data breaches.
Watch the Microsoft demo video here: Microsoft Defender XDR demo video.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
