No more typing reviews! Try our Samantha, our new voice AI agent.

CrowdStrike Falcon vs Forescout XDR comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 11, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Extended Detection and Response (XDR)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
CrowdStrike Falcon
Ranking in Extended Detection and Response (XDR)
1st
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
139
Ranking in other categories
Security Information and Event Management (SIEM) (5th), Endpoint Protection Platform (EPP) (2nd), Threat Intelligence Platforms (TIP) (2nd), Endpoint Detection and Response (EDR) (1st), Attack Surface Management (ASM) (2nd), Identity Threat Detection and Response (ITDR) (1st), AI-Powered Cybersecurity Platforms (2nd)
Forescout XDR
Ranking in Extended Detection and Response (XDR)
46th
Average Rating
6.0
Reviews Sentiment
8.5
Number of Reviews
1
Ranking in other categories
SOC as a Service (16th)
 

Mindshare comparison

As of July 2026, in the Extended Detection and Response (XDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 4.6%, down from 5.1% compared to the previous year. The mindshare of CrowdStrike Falcon is 9.3%, down from 16.7% compared to the previous year. The mindshare of Forescout XDR is 0.5%, up from 0.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR) Mindshare Distribution
ProductMindshare (%)
CrowdStrike Falcon9.3%
Cortex XDR by Palo Alto Networks4.6%
Forescout XDR0.5%
Other85.6%
Extended Detection and Response (XDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Chetan Bhati - PeerSpot reviewer
Network Security Engineer at Arrow PC Network Pvt Ltd
Cloud-native security has improved real-time threat detection and streamlined daily operations
While CrowdStrike Falcon is strong overall, there are a few areas where it could be improved. First, the user interface can be a bit complex for new users. Sometimes, navigating through different sections and understanding detailed alerts takes time, especially for teams without deep security expertise. The cost is also something to consider, as the features and additional modules can increase pricing, which may be a challenge for smaller teams. Additionally, some integrations with simpler reporting would be helpful. The onboarding process for new users is a bit challenging for beginners to understand all features and workflows in the product. More simplified documentation, step-by-step guides, and real-world examples could help new users get comfortable faster. A structured onboarding or basic training module would be very useful for teams who are new to endpoint security tools. In addition, having more in-product guidance and tooltips within the dashboard could make navigation easier and reduce the learning curve. Overall, improving training resources and onboarding support would make the platform more user-friendly, especially for new users.
Utpal Sinha - PeerSpot reviewer
Sr Network Engineer at Momentive
Provides efficient network access control, but its support services need improvement
We use the product for network access control The product has valuable features for cloud IoT device enhancement, intelligent threat detection, etc. We can easily quarantine any computer if it gets hacked. The product's support services have limitations. We have to connect with their senior…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The best feature of Cortex XDR by Palo Alto Networks is that it collects logs from different sections such as the endpoint, the network, and the cloud, making it easy to investigate alerts, collect some of the investigation packages related to the infected machines, and provide live response."
"Stability is one of the features we like the most."
"The initial setup is pretty easy."
"The initial setup is easy."
"I have found the solution to be very easy in respect of the integration and configurable."
"The dashboard is customizable."
"Stability is a primary factor, and then there's the ease of distribution and policy management; Cortex XDR by Palo Alto Networks is very easy to work with, and we're quite happy with them."
"Previously, we had to install endpoint protection per machine and then scan and update, but Cortex XDR basically does that centrally and predictably, so we have more time to do day-to-day work rather than spend time chasing those endpoints."
"The initial setup was straightforward."
"The CS falcon agent is a lightweight agent compared with other agents of EDR products."
"We rely on our environmental security and we haven't had any infections so that's valuable for us."
"The platform is very scalable."
"It improves a lot of our security operations for threat management, and it provides a lot for our day-to-day operations too."
"The most useful feature is that we do not need to install or keep signature files. Regular scanning that consumes a lot of computer resources is not needed."
"It seems to do a pretty good job of protecting the host. It offers good insights that it gives you when it has a detection. It's pretty incredible."
"The most valuable features in CrowdStrike Falcon are the full EDR with antivirus, hunting, reporting, and RTR remote control."
"The product has valuable features for cloud IoT device enhancement, intelligent threat detection, etc."
 

Cons

"I would like to see them include NDR (Network Detection Response). Then it would work well with SIEM Response."
"It's not an ideal choice for smaller businesses, as you need a minimum of 200 endpoints to even use the solution at all."
"A better pricing plan would make this product more competitive."
"I have faced some issues with Cortex XDR by Palo Alto Networks; there is room for improvement in the sense that certain options prevent us from seeing and segregating data."
"The product's pricing could be better."
"The encryption is not up to the mark."
"Cortex XDR should have a lightweight agent, and the agent size should not be heavy."
"Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access."
"The biggest issue occurred when every computer worldwide experienced a blue screen."
"The price of CrowdStrike Falcon is expensive."
"The product is quite expensive."
"The Integration with tools, SOC tools, could be better."
"They need to strengthen the forensic capabilities of this product, for e-discovery."
"I would like CrowdStrike to provide some correlation in the threat analysis, so we can visualize things better."
"CrowdStrike Falcon needs to improve their host management system."
"CrowdStrike Falcon could improve the EDR functionality."
"The product is more expensive than other vendors in terms of features."
 

Pricing and Cost Advice

"Very costly product."
"Cortex XDR's pricing is ok."
"The cost depends on your chosen license type, like Pro or other licenses."
"In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage."
"It has a yearly renewal."
"It has reasonable pricing for the use cases it provides to the company."
"The pricing seems fair, and I do like the licensing model. You use wherever they are, and it is elastic."
"The price was fine."
"The product is expensive."
"The price of CrowdStrike Falcon could be better. It is very expensive, we pay approximately $900 per month for the licenses. There are not any additional fees."
"There are approximately a hundred different modules you have to purchase, depending on what you want to do. I have most of the modules. How it works is you buy the portfolio, you have to decide all the components you want in it, and then they price out a bundle for you. I have almost all of the package features in my bundle. You only need to pay for the modules you want."
"The licensing model is straightforward. We choose the features we want and we then can download the package we want."
"While CrowdStrike Falcon offers significant security benefits, its high price point might make it prohibitively expensive for many small and medium-sized businesses, including companies like ours."
"The cost of CrowdStrike Falcon in Latin America seems high relative to the economic conditions in the region."
"CrowdStrike Falcon is one of the more expensive endpoint solutions on the market."
"This solution has a very competitive price."
"The product is more expensive than other vendors in terms of features."
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
903,933 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
11%
Comms Service Provider
9%
Financial Services Firm
11%
Manufacturing Company
10%
Computer Software Company
9%
Government
5%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business55
Midsize Enterprise33
Large Enterprise63
No data available
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing u...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never pu...
Is Crowdstrike Falcon better than Trend Micro Deep Security?
I like that Crowdstrike allows me to easily correlate data between my firewalls. What’s most useful for my needs is t...
Ask a question
Earn 20 points
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
CrowdStrike Falcon XDR, CrowdStrike Falcon Threat Intelligence, CrowdStrike Identity Protection, CrowdStrike Falcon Surface, CrowdStrike Falcon Platform
No data available
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Information Not Available
Information Not Available
Find out what your peers are saying about CrowdStrike, SentinelOne, TrendAI and others in Extended Detection and Response (XDR). Updated: June 2026.
903,933 professionals have used our research since 2012.