Cortex XDR and Wazuh compete in the cybersecurity software category. Cortex XDR appears to have an edge with its advanced threat detection and AI capabilities, though it comes with higher costs.
Features: Cortex XDR provides advanced threat detection, behavior-based scanning, and seamless network device integration. It offers robust endpoint protection and real-time threat response with AI and machine learning. Wazuh delivers strong log monitoring, open-source flexibility, and smooth integration with other solutions. It is well-suited for compliance-driven environments and supports custom configurations with strong community support.
Room for Improvement: Cortex XDR requires better integration, reporting enhancements, and improved false positive handling. Users experience high memory usage on endpoints and lack features like network detection response. Wazuh needs to enhance scalability, threat intelligence capabilities, and integration with cloud services, focusing on user interface improvements and AI adoption for better threat detection.
Ease of Deployment and Customer Service: Cortex XDR offers versatile deployment across cloud environments but faces deployment complexities affecting user experience. Technical support varies in responsiveness and expertise. Wazuh, often deployed on-premises, benefits from open-source flexibility, though commercial support is costly and less accessible, relying heavily on community resources.
Pricing and ROI: Cortex XDR is expensive but offers significant ROI by reducing security incidents and integrating cost-saving features, although its licensing is seen as high-priced. Wazuh provides a cost-effective solution with minimal licensing fees due to its open-source nature. However, the total cost of ownership can rise with customization and management efforts, making it ideal for those seeking a budget-friendly option with community support.
They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.
I have seen a return on investment with Cortex XDR by Palo Alto Networks, as this product is offered at a minimal cost, and we can find a good ROI from it.
I have seen value in security cost savings with Wazuh, as using proprietary EDR versions could save us substantial money.
Every vendor has similar support; it depends on how the case is handled and raised.
Their support is efficient and responsive whenever I raise a ticket through my portal.
I would rate technical support from Palo Alto on a scale from one to ten as an eight, as I find it good.
They responded quickly, which was crucial as I was on a time constraint.
We use the open-source version of Wazuh, which does not provide paid support.
The documentation is good and provides clear instructions, though it's targeted at those with technical backgrounds.
It can accommodate thousands of endpoints on one instance, and multiple instances can run for different clients.
Currently, I don't see any limitations in terms of scalability as Wazuh can still connect many endpoints.
Scalability depends on the configuration and the infrastructure resources like compute and memory we allocate.
Cortex XDR is stable, offering high quality and reliable performance.
For the last 11 months, we haven't faced any outage issues, so it is a stable product.
The stability of Wazuh is strong, with no issues stemming from the solution itself.
The stability of Wazuh is largely dependent on maintenance.
The indexer frequently times out, requiring system restarts.
The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products.
If the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better.
Cortex XDR could improve its sales support team, including better commission structures and referral programs.
The integration modules are insufficiently developed, necessitating the creation of custom integration solutions using tools like Logstash and PubSub.
I think Wazuh should improve by introducing AI functionalities, as it would be beneficial to see AI incorporated in the threat hunting and detection functionalities.
Wazuh could improve by creating videos on YouTube covering installation, use cases, and integration of third-party APIs for different scenarios that other SAAS services provide.
Cortex XDR is perceived as expensive by some customers, yet offers dynamic pricing.
Compared to competitors such as CrowdStrike and Sophos, the pricing of Cortex XDR by Palo Alto Networks is similar to CrowdStrike but more expensive than Sophos.
Wazuh is completely free of charge.
Totaling around two lakh Indian rupees per month.
Wazuh is free to use, but there are licensing fees for third parties.
It incorporates AI for normal behavior detection, distinguishing unusual operations.
The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.
If a user doesn't click any link within 30 days and on the 31st day clicks a new link, Cortex XDR immediately alerts us that this user has clicked on an uncommon link or their behavior is uncommon.
Wazuh is a SIEM tool that is highly customizable and versatile.
The system allows us to monitor endpoints effectively and collect security data that can be utilized across other platforms such as SOAR.
With this open source tool, organizations can establish their own customized setup.
| Product | Market Share (%) |
|---|---|
| Wazuh | 10.7% |
| Cortex XDR by Palo Alto Networks | 5.5% |
| Other | 83.8% |
| Company Size | Count |
|---|---|
| Small Business | 41 |
| Midsize Enterprise | 18 |
| Large Enterprise | 35 |
| Company Size | Count |
|---|---|
| Small Business | 26 |
| Midsize Enterprise | 15 |
| Large Enterprise | 8 |
Cortex XDR by Palo Alto Networks delivers comprehensive endpoint security, integrating well with other systems to offer robust threat detection and real-time protection through AI-driven analytics.
Cortex XDR by Palo Alto Networks offers advanced endpoint protection and threat detection through AI and behavior-based analytics. Its user-friendly design simplifies integration with firewalls, delivering multi-layered protection with low resource consumption. Valued for policy management, USB control, and incident correlation, Cortex XDR enhances threat management and real-time threat hunting capabilities. However, users note challenges with third-party integration, reporting, and dashboard automation. Agent performance across operating systems and memory consumption are areas for improvement, alongside reducing false positives and simplifying endpoint management and setup.
What features does Cortex XDR offer?Cortex XDR is crucial in industries requiring robust endpoint protection, such as finance, healthcare, and technology. It supports malware detection, behavioral analysis, and ransomware mitigation across endpoints, including remote work environments, providing comprehensive threat visibility and security policy management. The solution's integration with firewalls and specialized industry requirements enhances security posture in diverse operational settings.
Wazuh offers comprehensive security features like MITRE ATT&CK correlation, log monitoring, and cloud-native infrastructure. It ensures compliance and provides intrusion detection with high scalability and open-source flexibility, ideal for businesses seeking robust SIEM capabilities.
Wazuh stands out in security information and event management by providing efficient log aggregation, vulnerability scanning, and event correlation against MITRE ATT&CK. Its capability to integrate seamlessly with environments, manage compliance, and monitor files makes it suitable for cloud-native infrastructures and financial sectors. Despite its technical support needing enhancement and opportunities for improving AI integration and threat intelligence, its open-source nature and cost-effectiveness make it appealing. Users can leverage custom dashboards powered by Elasticsearch for precise data analysis, even though there is a desire for a more user-friendly interface and better enterprise solution integration. Deployment may be complex, but its features contribute significantly to fortified security postures.
What are the essential features of Wazuh?Industries like finance and cloud infrastructure heavily utilize Wazuh for its security strengths. By monitoring endpoints and ensuring compliance with frameworks, companies can improve security posture and swiftly detect anomalies. The platform's focus on event correlation and alerts for security incidents is particularly beneficial.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
