Cortex XSIAM vs Forescout XDR comparison

Security Information and Event Management (SIEM)

Download the complete report

Helped 861,803 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cortex XSIAM

Average Rating

8.4

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (15th), Identity Threat Detection and Response (ITDR) (5th), AI-Powered Cybersecurity Platforms (8th)

Forescout XDR

Average Rating

6.0

Reviews Sentiment

8.5

Number of Reviews

Ranking in other categories

SOC as a Service (9th), Extended Detection and Response (XDR) (39th)

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Cortex XSIAM is designed for Security Information and Event Management (SIEM) and holds a mindshare of 2.8%, up 1.2% compared to last year.
Forescout XDR, on the other hand, focuses on SOC as a Service, holds 2.6% mindshare, down 4.0% since last year.

Security Information and Event Management (SIEM)

SOC as a Service

Featured Reviews

AKASH MAJUMDER

SOC Analyst at OVELOSEC

Incident response times have significantly reduced with efficient device integration and log parsing capabilities

Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports. Additionally, a future update request is to enable tagging of endpoints in groups, similar to a feature available in Cortex XDR. The AI analytics need fine-tuning because some use cases are not working from my side.

Read full review

Utpal Sinha

Sr Network Engineer at Momentive

Provides efficient network access control, but its support services need improvement

We use the product for network access control The product has valuable features for cloud IoT device enhancement, intelligent threat detection, etc. We can easily quarantine any computer if it gets hacked. The product's support services have limitations. We have to connect with their senior…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable features of Cortex XSIAM are the machine learning used to identify threats, the complexity of the environment of products, and efficiency."

"One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities."

"It does a better job of identifying anomalies that are more likely to be incidents of compromise without as many false positives or false negatives."

"Cortex XSIAM enhances our ability to apply endpoint protection policies, implement restrictions, conduct scans, and engage in sandboxing."

"It operates on a single, extensive database which enables it to excel in detecting threats and anomalies across the network and endpoints, delivering a highly effective and comprehensive security solution."

"The flexibility for creating manual workflows stands out."

"It is an effective solution in terms of performance and functionalities."

More Cortex XSIAM pros

"The product has valuable features for cloud IoT device enhancement, intelligent threat detection, etc."

Cons

"The platform isn't very developer-friendly and it should provide more flexibility and ease."

"The standard integrations are very limited, and the integrations available are not listed in the marketplace."

"It could provide more integration with a large variety of products."

"Further integration capabilities with various other software products that can seamlessly tie into Cortex XSIAM would be advantageous."

"Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable compared to CrowdStrike."

"The solution’s pricing and technical support could be improved."

"The standard integrations are very limited, and the integrations available are not listed in the marketplace. Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long."

"Cortex could improve the detection and online resolution of security vulnerabilities."

More Cortex XSIAM cons

"The product is more expensive than other vendors in terms of features."

Pricing and Cost Advice

"The product cost could be considered value for money compared to other solutions in the market, though it is quite high."

"The solution comes at a significant cost."

"The solution is expensive compared to its competitors."

"In terms of pricing, we found Cortex XSIAM to offer a very reasonable and competitive rate."

"Since Palo Alto is trying to get as many new customers as possible, they're offering very competitive pricing."

"The product is more expensive than other vendors in terms of features."

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

861,803 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

13%

Manufacturing Company

10%

Financial Services Firm

10%

Government

Transportation Company

12%

Financial Services Firm

10%

Computer Software Company

Non Profit

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What do you like most about Cortex XSIAM?

It is an effective solution in terms of performance and functionalities.

What is your experience regarding pricing and costs for Cortex XSIAM?

The licensing cost of Cortex XSIAM is more or less the same as Splunk, making it quite expensive compared to other tools. There are additional expenses for more functionalities.

What needs improvement with Cortex XSIAM?

What do you like most about Forescout XDR?

The product has valuable features for cloud IoT device enhancement, intelligent threat detection, etc.

What is your experience regarding pricing and costs for Forescout XDR?

The product is more expensive than other vendors in terms of features. In comparison, Qualys offers good support services, and Splunk offers additional on-premise resources.

What needs improvement with Forescout XDR?

The product's support services have limitations. We have to connect with their senior executives to get correct and immediate solutions. They should maintain the SLA properly. Additionally, the inc...

Palo Alto Networks Cortex XSOAR vs Cortex XSIAM

Comparisons

Compared 36% of the time

Microsoft Sentinel vs Cortex XSIAM

Compared 13% of the time

Splunk SOAR vs Cortex XSIAM

Compared 7% of the time

IBM Security QRadar vs Cortex XSIAM

Compared 6% of the time

CrowdStrike Falcon vs Cortex XSIAM

Compared 6% of the time

More Cortex XSIAM Competitors

No data available

Product Reports

Security Information and Event Management (SIEM)

Download Cortex XSIAM product report

SOC as a Service

Download Forescout XDR product report

Overview

Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.

Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.

What are Cortex XSIAM's key features?

Security Orchestration: Streamlines processes across security operations.
Automation and Response: Efficient incident response management.
Detection Enrichment: Enhances identification of threats.
Centralized Endpoint Security: Comprehensive protection and monitoring of endpoints.
Forensic Investigation: Automated investigation to expedite threat analysis.

What benefits are evident in Cortex XSIAM reviews?

Cost-Effectiveness: Provides economical options compared to other market players.
Comprehensive Integration: Seamlessly integrates with multiple data sources and vendors.
Reduced Management Effort: Simplifies the administration of security operations.
Enhanced Threat Detection: Strengthens identification and remediation processes.

Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.

Palo Alto Networks

Forescout XDR is an eXtended detection and response solution that converts telemetry and logs into high fidelity, SOC-actionable probable threats.

It automates the detection, investigation, hunt for and response to advanced threats across all connected assets – IT, OT/ICS, IoT and IoMT – from campus to cloud to data center to edge. Forescout XDR combines essential SOC technologies and functions into a unified, cloud-native platform, viewable and actionable from a single console.

Forescout XDR Business Value

Reduces business risk: Reduce the risk and magnitude of a successful attack, business disruption or data breach by eliminating alert noise so you can quickly and accurately detect, investigate, and respond to the broadest range of advanced threats.
Optimize security operations: Streamline the analyst function and speed complex investigation and threat-hunting processes with enriched, normalized, and contextualized data correlated to produce a small number of detections that warrant investigation – all in a unified console that integrates with case management systems and other security tools.
Support Compliance: Combine long-term log storage with automated threat detection and threat intelligence to close the potential gap between when a breach or disruption is noticed and when a response action is taken.
Lower costs: Consolidate point solutions (data lake, security analytics, SOAR, UEBA, threat intel platform) and reduce costs related to data onboarding, rules management and analyst turnover with a solution that simplifies and supports their workflow.
Leverage multi-vendor security investments: Derive more value from existing solutions and make better use of asset data and threat intel via automation across case management and incident response systems, sensors (network, endpoint, cloud) and enforcement points.

Improve SOC efficiency by 450x with better detection and response of true threats

Security operations center (SOC) teams face a daily barrage of incomplete and inaccurate alerts that lack vital contextual information, many of them false positives. As a result, analysts miss critical threats and take longer to investigate and respond to them, increasing the risk of a breach. In fact, the typical SOC receives an estimated 11,000 alerts per day, or 450 alerts per hour – most of them low fidelity, low confidence alerts, and false positives.

With Forescout XDR, that number is reduced to one SOC-actionable detection an hour – or one probable threat that warrants human investigation.

Key Features

Data ingestion: Natively supports Forescout eyeSight, eyeInspect and Medical Device Security data – and over 170 vendor- and EDR-agnostic sources including: security, infrastructure, enrichment, applications and cloud/SaaS.
Data onboarding: Helps ensure that you extract maximum detection value to support your most important use cases. Forescout data engineers work alongside your team to plan and prioritize the data sources to be onboarded, then help configure the data pipeline and ensure your data is being properly parsed, cleansed, normalized, and enriched.
Advanced data pipeline: Applies a rigorous data science-centric approach to manage data flowing from enterprise-wide sources into its advanced threat detection engine.

Forescout

Security Information and Event Management (SIEM)