Cortex XDR by Palo Alto Networks vs Wazuh comparison


Comparison Buyer's Guide

Executive Summary

Categories and Ranking

Microsoft Defender XDR
Ranking in Extended Detection and Response (XDR)
Average Rating
Number of Reviews
Ranking in other categories
Endpoint Detection and Response (EDR) (7th), Microsoft Security Suite (1st)
Cortex XDR by Palo Alto Net...
Ranking in Extended Detection and Response (XDR)
Average Rating
Number of Reviews
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Ransomware Protection (2nd)
Ranking in Extended Detection and Response (XDR)
Average Rating
Number of Reviews
Ranking in other categories
Log Management (2nd), Security Information and Event Management (SIEM) (3rd)

Market share comparison

As of June 2024, in the Extended Detection and Response (XDR) category, the market share of Microsoft Defender XDR is 23.3% and it increased by 248.9% compared to the previous year. The market share of Cortex XDR by Palo Alto Networks is 7.5% and it decreased by 47.2% compared to the previous year. The market share of Wazuh is 17.0% and it increased by 6077.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR)
Unique Categories:
Endpoint Detection and Response (EDR)
Microsoft Security Suite
Endpoint Protection Platform (EPP)
Ransomware Protection
Log Management
Security Information and Event Management (SIEM)

Featured Reviews

Majid Hussain - PeerSpot reviewer
May 27, 2024
You can scan the systems remotely to get a complete inventory of assets
Defender XDR enables you to scan a system remotely and get a complete inventory of its assets. You can gather more information from the asset inventory and apply threat intelligence using Office 365 or something. It's a user-friendly, cost-effective, and feature-rich solution. The XDR features offer considerable value because you get more insights from your user systems. Microsoft Defender XDR stops the movement of advanced attacks by working with the complete 365 package. For example, you can create rules for email filtering to block phishing emails. I can create rules for email filtering. If there are any suspicious links in an email or its attachments, we can quarantine that email. It notifies the admin or the user. The user can ask the admin to remove the email from the quarantine. We can investigate the email before it reaches the endpoint. Defender also has web content filtering and all the other EDR file features. Defender's ability to adapt to evolving threats is critical today. The number of attacks today is multiplying, and Defender's adaptability and awareness are amazing.
Aug 8, 2022
Allows us to create queries for investigation, provides good visibility, and has been able to see every single threat
I've worked with Carbon Black, which Cortex XDR beats hands down. The reason it beats it hands down is because of the ability to query. I couldn't do that with Carbon Black. For me, that was a genuine issue with Carbon Black. That was one of the main reasons why we've literally moved 22,000 devices off Carbon Black into Cortex XDR. We also use Sophos, McAfee, and BitDefender. As a group, we buy multiple companies a year. So, we come across most of them. If it is my own device, I would love to have Cortex, but I can't buy one license. I have to buy a minimum of 250 licenses. So, I normally go for something like BitDefender because it has the least amount of bloatware.
Md Salim Hossain Hossain - PeerSpot reviewer
Jan 31, 2024
An open-source platform to integrate various products
We use Wazuh for the onboarding of both Windows and Linux machines, as well as for firewall and SIM configuration. The IP address is automatically blocked if a server has multiple wrong passwords Wazuh can integrate with various open-source and paid products, allowing for flexibility in…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:


"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"The comprehensiveness of Microsoft's threat detection is good."
"Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing."
"I have found the ability to delete unwanted threats beneficial."
"The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"Its most significant advantage lies in its affordability."
"I like how Microsoft XDR and the other Microsoft products are integrated into a single unified security stack covering identity access management, endpoint protection, email, cloud applications, etc."
"The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats."
"Monitoring is most valuable."
"Being a cloud solution it is very flexible in serving internal and external connections and a broad range of devices."
"One of the things that I enjoy the most is using policy extensions. It's like having host firewalls to control USB connections. I think it's a wonderful tool to restrict use when connecting to our computers. Another important tool is Home Insights. That is an add-on to the Cortex solution. I like that because we can see all the vulnerabilities in the environment and control what assets are connected to our network."
"Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."
"Cortex XDR can integrate the firewalls and determine the tendencies of the attacks. It's a new generation antivirus, with protection endpoints and detection response. It is very easy to use and everybody can operate the solution."
"Its interface and pricing are most valuable. It is better than other vendors in terms of security."
"It collects and caches and the knowledge of machine learning from different customers to take to the cloud. It makes it better to use for everybody. It allows for quick learning and updates and can, therefore, offer zero-day malware security. This sharing of metadata helps make the solution very safe."
"Has great threat detection capabilities."
"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"If they support a solution, it is easy to do an integration."
"I like that the solution is on top of the Kubernetes stack."
"Its cost-effectiveness is the most valuable aspect."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."


"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"At times, there may be delays in the execution of certain actions and their effects."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"The solution does not offer a unified response and standard data."
"The price should be adjustable by region."
"A simple dashboard without having to use MS Sentinel would be a welcome improvement."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats."
"The playbooks could be improved to include more functionalities or actions."
"It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control. Currently, Cortex is good in terms of the security of the endpoints, but it is not as good as other vendors in terms of the management of the endpoint."
"It's not an ideal choice for smaller businesses, as you need a minimum of 200 endpoints to even use the solution at all."
"I would like to see some additional features related to email protection included."
"It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue."
"There's an overall lack of features."
"I would like to see them include NDR (Network Detection Response)."
"Integration with Vyara could be better."
"There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
"Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
"I have yet to find the same capability in Wazuh to get logs from different sources into the system"
"Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system."
"They could include flexibility and customization capabilities by modifying for customers based on partner agreements."

Pricing and Cost Advice

"We have a lot of problems in Latin America regarding the price of Microsoft 365 Defender, because the relationship between dollars and the money of the different countries, it's is a lot. Many customers that have small businesses say that they would like the solution but it is too expensive. However, large companies do not find the cost an issue."
"All I can say again is the E5 gives you all the capabilities that it offers. It also gives Office 365 and one terabyte of storage. All in all, the E5 license model makes sense. There are some people who say it's quite costly, but rather than paying different vendors, it makes sense to go all in with Microsoft if you've got that licensing. From that perspective, it's cost-effective, but I can't comment much on that."
"Sometimes 365 Defender is expensive, but it can be moderate, depending on the organization's size and the license type. We're satisfied with the cost because it gives us a product that protects our entire environment with DLP. To compromise some cost, of course, we are to complete the most secure environment."
"The pricing of Microsoft 365 Defender is definitely on the costly side, but with the features and services that Microsoft provides, such as the seamless integration of all the Defender tools, while the price is on the higher side, there is no alternative."
"It has consistently offered highly appealing academic pricing, with distinct rates for higher education and general educational purposes."
"The product is fairly priced for what we get from it."
"With the little idea I have about the costs, I can say that XDR tools tend to be a bit expensive. If you are using Microsoft Defender XDR, then you need to go for a subscription-based pricing model."
"Microsoft Defender XDR is included in our license."
"The price of the product is not very economical."
"The price was fine."
"If one wishes to work with another team or large number of users at a future point, he must purchase a license for them."
"The pricing is okay, although direct support can be expensive."
"The solution has one subscription for endpoint protection and one subscription for detection and response. The two licenses combined give you the BRO version."
"It is "expensive" and flexible."
"It has a yearly renewal."
"It's about $55 per license on a yearly basis."
"Wazuh is totally free and open source. There are no licensing costs, only support costs if you need them."
"Wazuh is open-source, but you must consider the total cost of ownership. It may be free to acquire, but you spend a lot of time and effort supporting the product and getting it to a point where it's useful."
"The solution's cost is above the average."
"Wazuh has a community edition, and I was using that. It's free and open source."
"The current pricing is open source."
"Wazuh is open-source, so I think it's an option for a small organization that cannot go for enterprise-grade solutions like Splunk."
"Wazuh is open-source, therefore it is free. You can purchase support for $1,000 a year."
"My client uses the open-source version of Wazuh."
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
787,560 professionals have used our research since 2012.

Top Industries

By visitors reading reviews
Computer Software Company
Financial Services Firm
Manufacturing Company
Computer Software Company
Financial Services Firm
Manufacturing Company
Computer Software Company
Comms Service Provider
Financial Services Firm

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business

Questions from the Community

What do you like most about Microsoft 365 Defender?
Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and p...
What is your experience regarding pricing and costs for Microsoft 365 Defender?
Microsoft Defender XDR is expensive, especially for the full suite functionality. However, when compared to buying mu...
What needs improvement with Microsoft 365 Defender?
Improving scalability, especially for very large tenants, could be beneficial for Microsoft Defender XDR. Additionall...
Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What do you like most about Wazuh?
Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases.
What needs improvement with Wazuh?
I have built some rules that produce duplicate alerts two or three times. Therefore, these rules should be consolidat...
What is your primary use case for Wazuh?
We use Wazuh for the onboarding of both Windows and Linux machines, as well as for firewall and SIM configuration. Th...

Also Known As

Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
Cyvera, Cortex XDR, Palo Alto Networks Traps
No data available



Sample Customers

Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
CBI Health Group, University Honda, VakifBank
Information Not Available
Find out what your peers are saying about Cortex XDR by Palo Alto Networks vs. Wazuh and other solutions. Updated: May 2024.
787,560 professionals have used our research since 2012.