We performed a comparison between Cortex XDR by Palo Alto Networks and ThreatLocker Protect based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Protection Platform (EPP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the analysis, because of the beta structure."
"The price is low and quite competitive with others."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"The product detects and blocks threats and is more proactive than firewalls."
"The setup is pretty simple."
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"The one feature of Palo Alto Networks Traps that our organization finds most valuable is the App ID service."
"Stability is a primary factor, and then there's the ease of distribution and policy management."
"The protection offered by this product is good, as is the endpoint reporting."
"If there are multiple alerts, the app will automatically create and rate an event instead of going through each one."
"Cortex XDR by Palo Alto Networks should be a stable solution."
"The most valuable feature of Cortex XDR by Palo Alto Networks is the low consumption of system resources. The solution uses a lot of AI and machine learning."
"The interface is easy to use and it is more up to date than our previous solution."
"It's a nice product that's stable and scalable."
"While it can be frustrating at times, we appreciate the low-level security provided by the application whitelist."
"The most valuable feature is selective elevation, which allows elevating an individual process to admin privilege without granting admin privilege to that user, which has been by far the most useful feature outside of the overall solution itself."
"The great thing is that if you get a malicious email and you try to run something, ThreatLocker is not going to let it do anything. It is not going to let anything infect your network."
"Application control, ring-fencing, and storage control are the most important features, followed closely by elevation."
"Feature-wise, the learning mode and the fact that it's blocking everything are the most valuable. I don't see why more companies don't use the type of product."
"The sandbox functionality is fantastic."
"The biggest improvement has been knowing that something unauthorized isn't going to get installed on anyone’s machines."
"Every single feature has been invaluable."
"FortiEDR can be improved by providing more detailed reporting."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"The SIEM could be improved."
"We find the solution to be a bit expensive."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"I would like to see better protection, specifically to protect email applications."
"Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer."
"They have the worst support, as a company, that I have ever worked with, as they are difficult to get a hold of and keep on the phone. They don't know what they are talking about when you get them on the phone. They don't like to respond to messages when you send them to them. They like to "research problems" for weeks on end, then pass you off to somebody else."
"There's an overall lack of features."
"It'll help if customization was easier."
"The solution needs better reports. I think they should let the customer go in and customize the reports."
"The solution should offer more dashboards and they should be better customized."
"Dashboards do not allow everyone to see what's happening."
"ThreatLocker Allowlisting needs to improve its user interface and overall workflow."
"The reporting could be improved."
"The portal can be a little overwhelming at times from an administration point of view. It displays a lot of information, and it's all useful. However, sometimes there is too much on the screen to sift through, especially if you're trying to diagnose a client's problem with a piece of software. Maybe something has stopped working since they updated it, and we need to see if ThreatLocker is blocking a component of that software."
"There are some times when applications get submitted, the hashes don't really line up."
"More visibility in the built-ins would be nice."
"We identified several areas that we would like to see improved."
"ThreatLocker could offer more flexible training, like online or offline classes after hours. The fact that they even provide weekly training makes it seem silly to suggest, but some people can't do it during the day, so they want to train after work. They could also start a podcast about issues they see frequently and what requires attention. A podcast would be helpful to keep us all apprised about what's going on and/or offline training for those people who can't train during the week."
"From a reporting perspective, enhancing the ability to customize reports would be beneficial."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while ThreatLocker Protect is ranked 26th in Endpoint Protection Platform (EPP) with 13 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while ThreatLocker Protect is rated 9.2. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of ThreatLocker Protect writes "Integration is simple, deployment is straightforward, and extensive well-written documentation is available online". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Check Point Harmony Endpoint, whereas ThreatLocker Protect is most compared with SentinelOne Singularity Complete, Microsoft Defender for Endpoint, CrowdStrike Falcon, Huntress and GravityZone Business Security. See our Cortex XDR by Palo Alto Networks vs. ThreatLocker Protect report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Ransomware Protection vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
