Cortex XSIAM vs SentinelOne Singularity Identity comparison

Palo Alto Networks and SentinelOne are both solutions in the Identity Threat Detection and Response (ITDR) category. Palo Alto Networks is ranked #7 with an average rating of 8.4, while SentinelOne is ranked #5 with an average rating of 9.1. Palo Alto Networks holds a 5.3% mindshare in ITDR, compared to SentinelOne’s 5.1% mindshare. Additionally, 100% of Palo Alto Networks users are willing to recommend the solution, compared to 95% of SentinelOne users who would recommend it.

Cortex XSIAM

Read 15 Cortex XSIAM reviews

7,566 Views
908 Comparison Views

100% willing to recommend

SentinelOne Singularity Ide...

Read 22 SentinelOne Singularity Identity reviews

2,322 Views
766 Comparison Views

95% willing to recommend

Cortex XSIAM

SentinelOne Singularity Ide...

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Nov 5, 2024

SentinelOne Singularity Identity and Cortex XSIAM compete in the cybersecurity software category. SentinelOne appears to have the upper hand due to its efficiency in direct endpoint management and its strong AI capabilities.

Features: SentinelOne Singularity Identity excels in behavior-based threat detection, offers lightweight agents that don't burden system resources, and provides excellent threat visibility via its AI capabilities. Cortex XSIAM is noted for its unified solution approach, leveraging machine learning for threat detection, and solid integration capabilities across complex environments.

Room for Improvement: SentinelOne could enhance endpoint management, improve web filtering capabilities, and increase customer support responsiveness, with more precise policies for individual endpoints management. Cortex XSIAM requires better performance optimization, broader integration support to top its complex environments, and an improved developer-friendly approach compared to its competitors.

Ease of Deployment and Customer Service: SentinelOne is available both on-premises and in the public cloud, offering 24/7 support with a customer-centric approach. Cortex XSIAM receives positive ratings for support, though enhancements in first-level support are needed.

Pricing and ROI: SentinelOne Singularity Identity provides competitive pricing, considered cost-effective compared to CrowdStrike, despite concerns over yearly price hikes. Its ROI is viewed positively due to its comprehensive protection. Cortex XSIAM, while perceived as expensive, meets budget expectations and offers good value, with ROI depending heavily on the services and features selected.

To learn more, read our detailed Cortex XSIAM vs. SentinelOne Singularity Identity Report (Updated: December 2025).

Buyer's Guide

Cortex XSIAM vs. SentinelOne Singularity Identity

December 2025

Download the complete report

Helped 879,259 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

ROI

Sentiment score

4.6

Cortex XSIAM enhances incident management and provides significant financial returns by automating detection and response, reducing staffing needs.

Sentiment score

6.8

SentinelOne Singularity Identity offers enhanced protection and value, saving users over 200 hours annually in security investigations.

No quotes available

For more quotes and insights, download the Cortex XSIAM report

No quotes available

For more quotes and insights, download the SentinelOne Singularity Identity report

Customer Service

Sentiment score

5.8

Cortex XSIAM support varies; premium service excels, while non-premium experiences depend on distributor expertise and sometimes face delays.

Sentiment score

7.3

SentinelOne Singularity Identity is lauded for comprehensive, responsive support, offering rapid issue resolution and dedicated customer success resources.

With premium support, core Palo Alto technical experts handle issues directly.

joshiamarpreet

Team Lead, Security at seamlessinfotech.com

It is ineffective in terms of responding to basic queries and addressing future requirements.

reviewer2666148

Associate Director at a financial services firm with 5,001-10,000 employees

I would rate the support of Palo Alto a nine out of ten.

JohnTamakloe

Solutions Architect at ostec

For more quotes and insights, download the Cortex XSIAM report

They have been responsive to our needs as integrators and those of the client.

Marc Mould

Senior Consultant at CGI

For more quotes and insights, download the SentinelOne Singularity Identity report

Scalability Issues

Sentiment score

6.5

Cortex XSIAM is scalable for various business sizes with cloud-based integration, but lacks on-premises deployment and mixed reviews.

Sentiment score

7.9

SentinelOne Singularity Identity is scalable and flexible but faces challenges with deployment maturity and third-party integration scalability.

Without proper integration, scaling up with more servers is meaningless.

reviewer2666148

Associate Director at a financial services firm with 5,001-10,000 employees

Cortex XSIAM is highly scalable.

AKASH MAJUMDER

SOC Analyst at OVELOSEC

For more quotes and insights, download the Cortex XSIAM report

No quotes available

For more quotes and insights, download the SentinelOne Singularity Identity report

Stability Issues

Sentiment score

7.6

Cortex XSIAM is praised for its stability, rapid issue resolution, and efficient performance despite minor post-update challenges.

Sentiment score

8.1

SentinelOne Singularity Identity is highly stable with minimal disruptions, responsive support, and low CPU resource usage.

The product was easy to install and set up and worked right.

Oscar Ojeda

Owner at Xelere

Overall, Cortex XSIAM is stable.

AKASH MAJUMDER

SOC Analyst at OVELOSEC

It works really nice and performs really efficiently after configuration.

HectorRios

IT COMMUNICATIONS AND NETWORKS at Américas BPS

For more quotes and insights, download the Cortex XSIAM report

No quotes available

For more quotes and insights, download the SentinelOne Singularity Identity report

Room For Improvement

Cortex XSIAM needs improved integration, performance, interface, pricing, support, ASM, AI, onboarding, tagging, and identity management enhancements.

SentinelOne Singularity Identity needs improved policies, interfaces, support, and features like reporting, updates, and integration for better usability.

In terms of incident response automation, it is quite poor due to the lack of integration with all security tools, making manual intervention necessary.

reviewer2666148

Associate Director at a financial services firm with 5,001-10,000 employees

Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports.

AKASH MAJUMDER

SOC Analyst at OVELOSEC

Cortex XSIAM is on the expensive side and requires substantial improvement in pricing.

JohnTamakloe

Solutions Architect at ostec

For more quotes and insights, download the Cortex XSIAM report

There is a clear roadmap for improvements, including enhancing capabilities with AI and seamless functionality in an MSP model for deeper visibility across multiple agencies.

Marc Mould

Senior Consultant at CGI

For more quotes and insights, download the SentinelOne Singularity Identity report

Setup Cost

Cortex XSIAM is viewed as competitively priced but complex, aligning with market expectations despite some regional variations.

SentinelOne Singularity Identity offers flexible pricing seen as both cost-effective and sometimes expensive, reflecting its comprehensive features.

The product is very expensive.

reviewer2666148

Associate Director at a financial services firm with 5,001-10,000 employees

Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable.

Rajiv John

Director at MICROLOGIC NETWORKS PRIVATE LIMITED

The first impression is that XSIAM would be more expensive than others we tried.

Oscar Ojeda

Owner at Xelere

For more quotes and insights, download the Cortex XSIAM report

No quotes available

For more quotes and insights, download the SentinelOne Singularity Identity report

Valuable Features

Cortex XSIAM excels in machine learning threat detection, SOAR features, and advanced automation for efficient security management.

SentinelOne Singularity Identity offers AI-driven security with dynamic threat detection, seamless management, and enhanced visibility for rapid remediation.

The advanced visualization capabilities of the product are important for understanding security trends in an organization.

JohnTamakloe

Solutions Architect at ostec

Its signature-less subscriptions and robust detection power stand out in improving threat detection.

Jitendra_Singh

Senior Vice President at Chi Networks

Cortex XSIAM allows us to onboard almost every device, whether they are on-prem or on SaaS.

AKASH MAJUMDER

SOC Analyst at OVELOSEC

For more quotes and insights, download the Cortex XSIAM report

With visibility into endpoint telemetry, SentinelOne does provide useful information to find threat actors and empowers those who are in the business of threat hunting.

Marc Mould

Senior Consultant at CGI

For more quotes and insights, download the SentinelOne Singularity Identity report

Categories and Ranking

Cortex XSIAM

Ranking in Identity Threat Detection and Response (ITDR)

7th

Average Rating

8.6

Reviews Sentiment

6.7

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (13th), AI-Powered Cybersecurity Platforms (8th)

SentinelOne Singularity Ide...

Ranking in Identity Threat Detection and Response (ITDR)

5th

Average Rating

9.0

Reviews Sentiment

7.3

Number of Reviews

Ranking in other categories

Vulnerability Management (22nd), Advanced Threat Protection (ATP) (14th), Threat Deception Platforms (3rd)

Mindshare comparison

As of December 2025, in the Identity Threat Detection and Response (ITDR) category, the mindshare of Cortex XSIAM is 5.3%, up from 4.2% compared to the previous year. The mindshare of SentinelOne Singularity Identity is 5.1%, up from 2.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Identity Threat Detection and Response (ITDR) Market Share Distribution
Product	Market Share (%)
SentinelOne Singularity Identity	5.1%
Cortex XSIAM	5.3%
Other	89.6%

Identity Threat Detection and Response (ITDR)

Featured Reviews

reviewer2666148

Associate Director at a financial services firm with 5,001-10,000 employees

Integration challenges highlight the need for manual workflows

The standard integrations are very limited, and the integrations available are not listed in the marketplace. Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long. The solution would benefit from having more standard playbooks and templates available, as in other partners. Currently, everything must be created from scratch. In terms of incident response automation, it is quite poor due to the lack of integration with all security tools, making manual intervention necessary.

Read full review

Marc Mould

Senior Consultant at CGI

We have seen a night and day difference in mean time to detect reduction

Incident response is one of the key areas where the solution has been very useful. Whenever there is an incident, instead of being reactive, the government is now able to quickly gain the data that it needs to see what its end agency is also seeing and partner with them in real-time to look at the same data and to collaborate where needed, empowering the agency to be able to do their job. When it comes to the mean time to detect, we see a night and day difference. When you have an MSP model with visibility across multiple entities, your ability to get a tip, follow up on the tip, and investigate it is night and day. There's no comparison between having visibility and having across-agency visibility. SentinelOne has definitely reduced their mean time to respond. With this visibility, you can now respond. Before, there was no visibility, so we definitely see a big difference. With visibility into endpoint telemetry, SentinelOne does provide useful information to find threat actors and empowers those who are in the business of threat hunting. Prior to this, the alternative was partnering with an agency. going on-site and getting access. Now, being able to do that work remotely in real-time, it's a ninety-day difference in terms of being able to quickly, correctly, quickly respond and partner with the end agencies. That's a definite benefit. As an architect, I'm very curious about how AI takes security the next step forward, what it enables people to do differently, more quickly, or more comprehensively, and how that meets some of the needs today. I think that AI holds a lot of potential, and it can allow analysts to do their job quicker. It can allow them to do their job with more helpful context and, as a result, be able to perform orders of magnitude better than they would have without the tool.

Read full review

See which vendors are best for you

Use our free recommendation engine to learn which Identity Threat Detection and Response (ITDR) solutions are best for your needs.

See recommendations

879,259 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

12%

Financial Services Firm

10%

Manufacturing Company

Government

Computer Software Company

12%

Manufacturing Company

Financial Services Firm

Comms Service Provider

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	9
Midsize Enterprise	2
Large Enterprise	4

By reviewers
Company Size	Count
Small Business	4
Midsize Enterprise	5
Large Enterprise	13

Questions from the Community

What do you like most about Cortex XSIAM?

It is an effective solution in terms of performance and functionalities.

See all answers

What is your experience regarding pricing and costs for Cortex XSIAM?

I did not participate in pricing discussions for Cortex XSIAM solutions, so I cannot provide a review regarding prices for this solution.

See all answers

What needs improvement with Cortex XSIAM?

Cortex XSIAM is on the expensive side and requires substantial improvement in pricing. There are other features that could be improved, including integration with vendors such as CyberArk. I would ...

See all answers

What is your experience regarding pricing and costs for SentinelOne Singularity Identity?

I have no visibility into pricing, setup costs, or licensing as the government handles these aspects directly with SentinelOne. We do the integrating, and they process the payments.

See all answers

What needs improvement with SentinelOne Singularity Identity?

Regarding improvements, I believe that API integration in third-party applications could be better. The Singularity tool uses its own credential in the record features.

See all answers

What is your primary use case for SentinelOne Singularity Identity?

One of the main use cases I describe is that we face lateral movement in our customer's server side. The customer is using 50 or more servers for the news channel, Daily Thanthi. Among those, one s...

See all answers

Comparisons

Palo Alto Networks Cortex XSOAR vs Cortex XSIAM

Compared 25% of the time

Microsoft Sentinel vs Cortex XSIAM

Compared 12% of the time

Cortex XDR by Palo Alto Networks vs Cortex XSIAM

Compared 9% of the time

CrowdStrike Falcon vs Cortex XSIAM

Compared 7% of the time

IBM Security QRadar vs Cortex XSIAM

Compared 6% of the time

More Cortex XSIAM Competitors

Huntress Managed ITDR vs SentinelOne Singularity Identity

Compared 10% of the time

Tenable Vulnerability Management vs SentinelOne Singularity Identity

Compared 9% of the time

Microsoft Defender for Identity vs SentinelOne Singularity Identity

Compared 7% of the time

CrowdStrike Falcon vs SentinelOne Singularity Identity

Compared 6% of the time

More SentinelOne Singularity Identity Competitors

Product Reports

Buyer's Guide

Cortex XSIAM

December 2025

Download Cortex XSIAM product report

Buyer's Guide

SentinelOne Singularity Identity

December 2025

Download SentinelOne Singularity Identity product report

Overview

Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.

Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.

What are Cortex XSIAM's key features?

Security Orchestration: Streamlines processes across security operations.
Automation and Response: Efficient incident response management.
Detection Enrichment: Enhances identification of threats.
Centralized Endpoint Security: Comprehensive protection and monitoring of endpoints.
Forensic Investigation: Automated investigation to expedite threat analysis.

What benefits are evident in Cortex XSIAM reviews?

Cost-Effectiveness: Provides economical options compared to other market players.
Comprehensive Integration: Seamlessly integrates with multiple data sources and vendors.
Reduced Management Effort: Simplifies the administration of security operations.
Enhanced Threat Detection: Strengthens identification and remediation processes.

Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.

Palo Alto Networks

Singularity Identity, a component of the Singularity platform, provides threat detection & response (ITDR) capabilities to defend Active Directory and domain-joined endpoints in real-time from adversaries aiming to gain persistent, elevated privilege and move covertly. Singularity Identity provides actionable, high-fidelity insight as attacks emerge from managed and unmanaged devices. It detects identity misuse and reconnaissance activity happening within endpoint processes targeting critical domain servers, service accounts, local credentials, local data, network data, and cloud data. On-agent cloaking and deception techniques slow the adversary down while providing situational awareness and halting adversarial attempts at lateral movement. Singularity Identity helps you detect and respond to identity-based attacks, providing early warning while misdirecting them away from production assets.

Singularity Identity’s primary use case is to protect credential data and disrupt identity-based attacks. The most valuable function of Singularity Identity is its ability to misdirect attackers by providing deceptive data to identity-based recon attacks. Additionally, it can hide and deny access to locally stored credentials or identity data on Active Directory domain controllers.

Singularity Identity also provides rapid detection and respond to identity attacks, capturing attack activity and feeding it directly to the Singularity platform’s Security DataLake for enterprise-wide analysis and response.

By implementing Singularity Identity, organizations benefit from enhanced security, reduced credential-related risks, and improved user productivity. It detects and responds to identity-based attacks, ensuring only authorized individuals can access critical identity data. With its cloaking capabilities to hide identity stored locally on endpoints or in the identity infrastructure and it’s ability to provide decoy results to identity-based attacks, organizations can effectively secure their sensitive or privileged identities, resulting in improved overall identity security.

SentinelOne

Buyer's Guide

Cortex XSIAM vs. SentinelOne Singularity Identity

December 2025

Free Report: Cortex XSIAM vs. SentinelOne Singularity Identity

Find out what your peers are saying about Cortex XSIAM vs. SentinelOne Singularity Identity and other solutions. Updated: December 2025.

DOWNLOAD NOW

879,259 professionals have used our research since 2012.

See our Cortex XSIAM vs. SentinelOne Singularity Identity report.

See our list of best Identity Threat Detection and Response (ITDR) vendors.

We monitor all Identity Threat Detection and Response (ITDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.