No more typing reviews! Try our Samantha, our new voice AI agent.

Cortex Xpanse vs Darktrace comparison

Palo Alto Networks and Darktrace are both solutions in the Attack Surface Management (ASM) category. Palo Alto Networks is ranked #6 with an average rating of 8.5, while Darktrace is ranked #4 with an average rating of 8.1. Palo Alto Networks holds a 2.8% mindshare in ASM, compared to Darktrace’s 4.3% mindshare. Additionally, 100% of Palo Alto Networks users are willing to recommend the solution, compared to 95% of Darktrace users who would recommend it.
Cortex Xpanse
Read 6 Cortex Xpanse reviews
  • 1,924 Views
  • 1,905 Comparison Views
100% willing to recommend
Darktrace
Read 84 Darktrace reviews
  • 26,968 Views
  • 2,966 Comparison Views
95% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Jun 3, 2026

Darktrace and Cortex Xpanse are cybersecurity solutions competing in threat detection and response. Darktrace appears to have the upper hand with its AI-driven analytics and comprehensive network visibility, providing advanced features like Antigena that enable autonomous threat responses.

Features: Darktrace offers machine learning and AI-driven analytics, comprehensive network visibility, and proactive threat mitigation tools such as Antigena. Its AI engine significantly enhances phishing detection and alerts on data exfiltration. Cortex Xpanse focuses on attack surface management, highlighting detailed vulnerability reporting, detection of exposed assets, and digital brand protection.

Room for Improvement: Darktrace should improve its handling of false positives and offer better integration with endpoint solutions while simplifying its user interface. Pricing and complexity of visualizations are other points of concern. Cortex Xpanse could benefit from enhanced dark-web scanning and better cloud connectivity, along with more appealing customization options and pricing strategies.

Ease of Deployment and Customer Service: Darktrace provides multiple deployment options, including on-premises and cloud, with users appreciating its comprehensive technical support although setup can be challenging for non-technical users. Cortex Xpanse allows straightforward deployments in hybrid and public clouds, and while its technical support is rated excellent, it isn't as frequently mentioned as Darktrace's.

Pricing and ROI: Darktrace is perceived as expensive, but users find it worthwhile due to its advanced capabilities and improved threat identification, contributing to strong ROI through better visibility. Similarly, Cortex Xpanse is also considered costly, especially in comparison to firewall tools, yet its investment is justified by efficient attack surface management. Pricing competitiveness is an area both solutions could enhance.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Cortex Xpanse vs. Darktrace Report (Updated: April 2026).
Buyer's Guide
Cortex Xpanse vs. Darktrace
April 2026
Download the complete report
Helped 900,747 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex Xpanse
Ranking in Attack Surface Management (ASM)
6th
Average Rating
8.8
Reviews Sentiment
7.2
Number of Reviews
6
Ranking in other categories
No ranking in other categories
Darktrace
Ranking in Attack Surface Management (ASM)
4th
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
84
Ranking in other categories
Email Security (10th), Intrusion Detection and Prevention Software (IDPS) (2nd), Network Traffic Analysis (NTA) (1st), Network Detection and Response (NDR) (1st), Extended Detection and Response (XDR) (7th), Cloud Security Posture Management (CSPM) (10th), Cloud-Native Application Protection Platforms (CNAPP) (9th), AI-Powered Cybersecurity Platforms (5th), AI Observability (6th)
 

Mindshare comparison

As of June 2026, in the Attack Surface Management (ASM) category, the mindshare of Cortex Xpanse is 2.8%, down from 4.3% compared to the previous year. The mindshare of Darktrace is 4.3%, down from 10.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Attack Surface Management (ASM) Mindshare Distribution
ProductMindshare (%)
Darktrace4.3%
Cortex Xpanse2.8%
Other92.9%
Attack Surface Management (ASM)
 

Featured Reviews

reviewer1442496 - PeerSpot reviewer
reviewer1442496
System Administrator at a retailer with 5,001-10,000 employees
Ensures robust security management with seamless integration
We work with the cloud version of Cortex Xpanse. We are working with Palo Alto products right at the moment. We have Cortex and GlobalProtect that we are using. I'm not sure if we utilize Cortex Xpanse's capability to identify internet-facing assets. I'm not sure about the automated threat assessment of Cortex helping prioritize vulnerabilities. I would assess the integration capabilities of Cortex Xpanse as good; no issues so far with integration with other tools from different vendors. Cortex Xpanse supports our organization's regulatory compliance efforts 100%, and it's what we need from it. Right now, I am working only with Palo Alto for security. I am not planning to work with some other vendors. On a scale of one to ten, I rate Cortex Xpanse a nine.
Read full review
Pasan Jayarathna - PeerSpot reviewer
Pasan Jayarathna
Network Security Engineer at Cyberwell Solution
Monitoring has improved data loss detection and now spots abnormal internal file transfers quickly
In my understanding, the best feature Darktrace offers is the identification of copying files, which acts as a DLP, and it is a main concern for companies because users sometimes copy data outside without knowing, especially those without a technical background. When I mention the DLP-like feature and file copying detection, the alerts have been very timely, as we get an alert within a couple of minutes, which is excellent. Even if some developers are working after hours and copying files, our SOC team detects this, and most of the time they call us so we can identify the users. The alerts are quite accurate and proactive.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable features of the solution are its firewall and antivirus."
"As an attack surface manager, I highly recommend Cortex Xpanse, especially if there are many services exposed publicly on the internet."
"The most valuable aspect is its ability to catch trojans and malware."
"Cortex Xpanse has an easy-to-use user interface."
"Cortex Xpanse is a strong solution for attack surface management, including digital brand protection and continuous monitoring."
"The best feature of the product is that it's easy to manage when we have set it up, and the beneficial impact of Cortex Xpanse for the company is security."
"When there is an alert from Cortex Xpanse regarding a certificate or surface, it prompts us to take immediate action."
"Darktrace impacts my organization positively by providing us with a better understanding of abnormal activities detected among users."
"Darktrace's most valuable features are that it understands the network environment and is able to trace the traffic and alert on anomalies."
"Darktrace is a good product and it can be implemented on premises."
"It is a stable solution without downtime."
"Because of unsupervised machine learning, its detection capability is quite good."
"The autonomous response is also highly designed in Darktrace."
"It is a very simple product to use."
"A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time."
More Darktrace pros
 

Cons

"It's challenging to confirm the absolute coverage and penetration of Cortex Xpanse into the Dark Web. The solution lacks comprehensive intelligence on adversaries and risks, which other competitors might provide."
"Regarding technical support, I would rate it as a seven."
"Cortex Xpanse should offer better customization and configuration options on its dashboard."
"Some improvements are needed in the user interface. It may require more enhancements."
"There is an issue with the old versions of Cortex, and so when we have an older one with Windows or any OS, we have a problem with its connectivity with the cloud."
"Cortex Xpanse needs to add dark-web scanning."
"The product doesn't have an endpoint agent that can react to triggers set on the device,"
"The initial setup is a bit complex."
"Darktrace needs to simplify most of the positive reports. We have to field all the positive reports, false positives, too."
"Block attack capabilities or integration with other SIEM solutions such as IBM QRadar."
"I would like for the product to work on the endpoints as well. I would like to see enhanced visibility into the endpoints and network but this solution only sits on the network itself."
"Upper management wasn't sold on the value proposition."
"The dashboard and reporting for this solution could be improved as it is currently complex. The GUI for this solution could also be improved."
"The solution's user interface and stability could be improved."
More Darktrace cons
 

Pricing and Cost Advice

"The tool's cost is too high."
"Cortex Xpanse is cheaper than other solutions."
"The price of the solution is not cheap. It is not a one-time purchase, there is a subscription that needs to be paid every one to five years depending on your choice. It is expensive but you can reduce the price by only using the services that you want."
"Darktrace is expensive. You can pay for the license yearly."
"It was $3,600 a month or $2,000 plus or so. I am not sure. Its licensing is pretty simple."
"They are too expensive compared with other vendors."
"The pricing is expensive. It costs over $100,000 a year."
"The cost of the solution is expensive for smaller businesses. They will not be able to afford it or might not need this type of security solution."
"The pricing is a little high compared to the competition."
"Darktrace is quite an expensive solution."
More Darktrace pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Attack Surface Management (ASM) solutions are best for your needs.
See recommendations
900,747 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
12%
Computer Software Company
10%
Government
10%
Performing Arts
8%
Manufacturing Company
10%
Financial Services Firm
9%
Computer Software Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business44
Midsize Enterprise20
Large Enterprise29
 

Questions from the Community

What is your experience regarding pricing and costs for Cortex Xpanse?
I don't know the licensing or setup cost; I have no idea about the cost.
See all answers
What needs improvement with Cortex Xpanse?
I'm not sure right now; I have nothing to comment on regarding what could be improved in the product. We are using it and we are satisfied. I have nothing to comment right now on what other feature...
See all answers
What is your primary use case for Cortex Xpanse?
Cortex Xpanse is usually used for security from clients.
See all answers
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a cl...
See all answers
Which is better - SentinelOne or Darktrace?
Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for organ...
See all answers
What is your experience regarding pricing and costs for Darktrace?
Concerning pricing for the product, I would say it is somewhat expensive.
See all answers
 

Comparisons

Tenable Attack Surface Management vs Cortex Xpanse Logo
Tenable Attack Surface Management vs Cortex Xpanse
Compared 15% of the time
CyCognito vs Cortex Xpanse Logo
CyCognito vs Cortex Xpanse
Compared 11% of the time
Bitsight vs Cortex Xpanse Logo
Bitsight vs Cortex Xpanse
Compared 10% of the time
Censys Attack Surface Management vs Cortex Xpanse Logo
Censys Attack Surface Management vs Cortex Xpanse
Compared 6% of the time
IBM Security Randori Recon vs Cortex Xpanse Logo
IBM Security Randori Recon vs Cortex Xpanse
Compared 4% of the time
More Cortex Xpanse Competitors
Vectra AI vs Darktrace Logo
Vectra AI vs Darktrace
Compared 5% of the time
CrowdStrike Falcon vs Darktrace Logo
CrowdStrike Falcon vs Darktrace
Compared 4% of the time
Cisco Secure Network Analytics vs Darktrace Logo
Cisco Secure Network Analytics vs Darktrace
Compared 2% of the time
SentinelOne Singularity Endpoint vs Darktrace Logo
SentinelOne Singularity Endpoint vs Darktrace
Compared 2% of the time
ExtraHop Reveal(x) vs Darktrace Logo
ExtraHop Reveal(x) vs Darktrace
Compared 2% of the time
More Darktrace Competitors
 

Product Reports

Buyer's Guide
Attack Surface Management (ASM)
May 2026
Cortex Xpanse reportDownload Cortex Xpanse product report
Buyer's Guide
Darktrace
June 2026
Darktrace reportDownload Darktrace product report
 

Overview

Cortex Xpanse offers comprehensive security by identifying trojans, malware, and unknown exposed assets while providing digital brand protection and monitoring, benefiting organizations of all sizes.

Cortex Xpanse provides robust threat detection and management with features like real-time reporting and asset discovery. Its antivirus and firewall enhance security, while dark web monitoring facilitates swift action on vulnerabilities and certificates. However, improvements in cloud connectivity and dark web scanning are needed. Enterprises, especially those with Security Operations Centers, find it useful for its installation ease, device control, and security measures, despite firewall complexity.

What are key features of Cortex Xpanse?
  • Digital Brand Protection: Shields the organization's digital brand from threats.
  • Continuous Monitoring: Observes activities for quick threat detection.
  • Real-Time Reporting: Provides timely security insights through user-friendly interfaces.
  • Asset Discovery: Identifies vulnerable assets for proactive management.
  • Firewall and Antivirus: Strengthens overall security posture.
What benefits and ROI should users consider?
  • Proactive Threat Management: Allows organizations to react swiftly to emerging threats.
  • Ease of Installation: Supports seamless deployment across networks.
  • Comprehensive Device Control: Ensures effective management and monitoring of devices.
  • Actionable Vulnerability Insights: Enhances security decision-making processes.

Cortex Xpanse is predominantly applied in large enterprises for safeguarding applications and databases against ransomware and malware. Organizations with Security Operations Centers leverage its customizable policies for client security and vulnerability remediation. It aids in managing attack surfaces as a proactive security strategy.

Palo Alto Networks

Darktrace revolutionizes network security with AI-driven alerts, anomaly detection, and robust visibility across networks. It autonomously detects threats, minimizing the need for human oversight, and offers efficient IP identification with minimal false positives.

Darktrace uses advanced AI analytics to enhance network protection. Its powerful real-time threat response capabilities and self-learning enable thorough monitoring and insightful analysis of network activities. While providing scalable and reliable security, users seek improvements in false positive reduction, user-friendly interfaces, and pricing. Enhanced third-party integration, more effective dashboards, and centralized automation features remain top priorities. Users benefit greatly from its Antigena feature, offering automated responses like blocking suspicious connections for robust network defense.

What Are Darktrace's Key Features?
  • AI-Driven Alerts: Provides real-time alerts for threat detection.
  • Anomaly Detection: Identifies unusual network activities with precision.
  • Real-Time Threat Response: Autonomously counteracts potential threats.
  • Comprehensive Monitoring: Offers detailed network activity insights.
  • Scalability: Adapts to expanding network environments effectively.
Which Benefits Should Users Consider in Reviews?
  • Stability: Reliable performance ensures constant protection.
  • Efficient Cloud Protection: Safeguards data across cloud infrastructures.
  • Intuitive Interface: Facilitates easy navigation and efficient operations.
  • Network Visibility: Enhances understanding of network traffic and activities.
  • Automated Threat Blocking: Quick response to potential network breaches.

In industries employing Darktrace, it is pivotal in securing LAN networks, analyzing behavioral patterns, and detecting internal and external threats. Adoption alongside platforms like F5 and SAP enhances incident response, traffic analysis, and threat identification, utilizing Antigena for proactive security measures.

Darktrace
 

Sample Customers

Information Not Available
Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol, Allianz, KKR, AIRBUS, dpd, Billabong, Mclaren Group.
Buyer's Guide
Cortex Xpanse vs. Darktrace
April 2026
Free Report: Cortex Xpanse vs. Darktrace
Find out what your peers are saying about Cortex Xpanse vs. Darktrace and other solutions. Updated: April 2026.
DOWNLOAD NOW
900,747 professionals have used our research since 2012.
See our Cortex Xpanse vs. Darktrace report.
See our list of best Attack Surface Management (ASM) vendors.

We monitor all Attack Surface Management (ASM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.