Microsoft Defender for Identity and Cortex XSIAM compete in the cybersecurity and identity protection category. Microsoft Defender for Identity seems to have the upper hand in integration with Microsoft tools, enhancing centralized threat visibility and management, whereas Cortex XSIAM excels in security orchestration and anomaly detection through machine learning.
Features: Microsoft Defender for Identity offers integration within the Microsoft ecosystem, advanced threat detection, and highlights risky accounts. It synchronizes between on-premises and cloud environments seamlessly. Cortex XSIAM provides exceptional security orchestration and integration capabilities, a unified design across networks and endpoints, and utilizes machine learning for anomaly detection.
Room for Improvement: Microsoft Defender for Identity struggles with false positives, limited console actions, and inconsistent on-premises and cloud experiences. Cortex XSIAM needs better third-party integration and enhanced administrative interfaces, and should improve its performance under heavy usage.
Ease of Deployment and Customer Service: Microsoft Defender for Identity supports diverse deployment environments, including cloud and on-premises, but its customer service varies depending on the subscription level and team contact. Cortex XSIAM, being cloud-focused, offers responsive technical support with minimal direct contact required.
Pricing and ROI: Microsoft Defender for Identity is included in Microsoft's E3 and E5 licenses, offering cost advantages for organizations within the Microsoft ecosystem. Cortex XSIAM is seen as costly but valuable, especially for those already invested in the broader ecosystem, though cost concerns exist.
With premium support, core Palo Alto technical experts handle issues directly.
It is ineffective in terms of responding to basic queries and addressing future requirements.
The Palo Alto support team is fully responsive and helpful.
Generally, the support is more effective than other providers like Oracle.
The quality of support is very good, but troubleshooting can take time due to complex setups and the need to provide many logs.
Technical support from Microsoft rates an eight on a scale of 1 to 10 for response time.
Without proper integration, scaling up with more servers is meaningless.
Cortex XSIAM is highly scalable.
In a Microsoft-centric organization, especially with Azure infrastructure and Office 365, Microsoft Defender for Identity is scalable.
The product was easy to install and set up and worked right.
Overall, Cortex XSIAM is stable.
Microsoft Defender for Identity is quite robust and built on Azure hyperscale infrastructure, with a 99% availability.
We do not see any issues with the stability of Microsoft Defender for Identity.
Having recently started using it, reliability is affirmed, but manual investigation is often performed to verify if alerts identified by auto-remediation are accurate.
Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long.
Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports.
Cortex XSIAM is on the expensive side and requires substantial improvement in pricing.
If Microsoft could develop a feature that indicates when impossible travel is caused by VPN connections, it would prevent unnecessary password resets and session disruptions, especially for VIP users in organizations.
One improvement I would recommend is the integration of an admin application within Teams, allowing easy access to attack information on a mobile platform.
Reducing false positives is something we've been working on with Microsoft.
The first impression is that XSIAM would be more expensive than others we tried.
The product is very expensive.
Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable.
If they can reduce the costs, organizations will be happy, and it will compensate for using the Azure environment, which is more expensive on the infrastructure as a service side.
Ensuring a fair price according to market standards.
From an organization perspective, using E5 licenses is value for money, especially if Azure and Office 365 are already in use.
The advanced visualization capabilities of the product are important for understanding security trends in an organization.
One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities.
The flexibility for creating manual workflows stands out.
We receive an advance report of risky users, allowing us to take preemptive action before an attack causes damage to organization details.
The most valuable feature is its hybrid artificial intelligence, which gathers forensic data to track and counteract security threats, much like the CSI series in effect.
The advanced threat protection is one of the strengths of Microsoft Defender for Identity, as it utilizes user and entity analytics and can detect indicative attacks.
| Product | Market Share (%) |
|---|---|
| Microsoft Defender for Identity | 15.4% |
| Cortex XSIAM | 5.5% |
| Other | 79.1% |
| Company Size | Count |
|---|---|
| Small Business | 9 |
| Midsize Enterprise | 2 |
| Large Enterprise | 3 |
| Company Size | Count |
|---|---|
| Small Business | 7 |
| Midsize Enterprise | 3 |
| Large Enterprise | 14 |
Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.
Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.
What are Cortex XSIAM's key features?
What benefits are evident in Cortex XSIAM reviews?
Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.
Microsoft Defender for Identity integrates with Microsoft tools to monitor user activity, providing advanced threat detection and analysis using AI. It enhances proactive threat response and security visibility, making it essential for securing on-premises and cloud environments like Active Directory.
Microsoft Defender for Identity offers comprehensive monitoring and AI-driven user behavior analysis. It detects threats through real-time alerts and identifies lateral movements and entity tagging, ensuring robust security management. With excellent visibility via its dashboard, it supports customized detection rules and seamlessly integrates with SIEM platforms. While SecureScore and SecureScan provide robust environment security, there is room for improvement in cloud security, on-premises application integration, and remediation capabilities. Azure integration is limited, and the administrative interface could be more user-friendly. Users experience frequent false positives, affecting threat detection efficiency.
What key features stand out in Microsoft Defender for Identity?In specific industries such as education and finance, Microsoft Defender for Identity is crucial for securing on-premises Active Directory and Azure Active Directory environments. It effectively detects suspicious activities and manages conditional access policies, offering user and entity behavior analytics, endpoint detection and response capabilities. This helps prevent unauthorized access and strengthens overall security, making it an invaluable asset for organizations aiming to safeguard their digital infrastructure.
We monitor all Identity Threat Detection and Response (ITDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
