No more typing reviews! Try our Samantha, our new voice AI agent.

Cybereason XDR vs Elastic Security comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Extended Detection and Response (XDR)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
113
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Cybereason XDR
Ranking in Extended Detection and Response (XDR)
24th
Average Rating
8.6
Reviews Sentiment
6.7
Number of Reviews
3
Ranking in other categories
No ranking in other categories
Elastic Security
Ranking in Extended Detection and Response (XDR)
12th
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
66
Ranking in other categories
Log Management (11th), Security Information and Event Management (SIEM) (7th), Endpoint Detection and Response (EDR) (15th), Security Orchestration Automation and Response (SOAR) (10th)
 

Mindshare comparison

As of July 2026, in the Extended Detection and Response (XDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 4.6%, down from 5.1% compared to the previous year. The mindshare of Cybereason XDR is 1.0%, up from 0.7% compared to the previous year. The mindshare of Elastic Security is 3.4%, down from 4.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks4.6%
Elastic Security3.4%
Cybereason XDR1.0%
Other91.0%
Extended Detection and Response (XDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Peter Nowak - PeerSpot reviewer
Business Development Manager for Cybereason at Bechtle
Integration of multiple firewalls enables advanced threat detection
The integration of data from firewalls and Active Directory is most valuable. Cybereason XDR facilitates two-way communication, where the firewall sends data to the Cybereason system, and it can communicate with the firewall to stop unwanted communication. Customers can deal with multiple types of firewalls with ease. The behavioral analytics help detect advanced threats when attackers use existing software. The multilayered protection approach, including NGAV, integrates XDR detection with antivirus to assess and counter threats effectively.
Laurentiu Popescu - PeerSpot reviewer
Chief Product Officer at ClusterPower
Has improved threat detection with deep log analysis and streamlined investigation workflows
The most useful features I find in Elastic Security are the forensic ones that allow us to carry deeper analysis into the logs for in-depth investigations, and the dashboards, with the reporting dashboard being quite user-friendly. Elastic Security is quite good at identifying threats, as it is part of the deep investigation tool that I mentioned before. Unless we need to look further into a certain log, we can carry out a deeper analysis and forensics on those particular logs. I can assess the impact of Elastic Security's real-time data analysis on our threat response efficiency as working pretty good. We are looking for real-time analysis because we have a continuous inflow of logs from different sources: from our cloud, from Active Directory, from our network. So it works pretty well.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly. The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that."
"The stability of the solution is very good. We have about 100 users on it right now, and we use it twice a week."
"The most valuable aspect of Cortex XDR by Palo Alto Networks for me is its integration with AI detection, where we get to know the behavioral detection based on users, traffic patterns, and different services that we consume."
"I can highlight that we have not faced any security incidents with Cortex XDR by Palo Alto Networks, and even though our environment is quite dynamic, we have not faced any security incident with Cortex XDR by Palo Alto Networks until now."
"I have found the solution to be very easy in respect of the integration and configurable."
"But overall, when we speak about security and protection, they are one of the top providers."
"The dashboard is customizable."
"The initial setup isn't too bad."
"The solution has an investigation feature, which is useful for building storylines."
"Cybereason XDR's most useful feature is the investigation."
"The integration of data from firewalls and Active Directory is most valuable."
"One of the most valuable features of this solution is that it is more flexible than AlienVault."
"In terms of query resolution, error searching finding and production issues, we're able to find issues quicker."
"The visualization is very good."
"The intelligence of the system has been very impressive. It's not quite AI, but the technical bit where it correlates information, based on the seen attacks within an organization is good."
"I would advise others to use this solution as it is relatively low cost and the implementation is quick, giving you results faster."
"It's quite stable; we have not seen it going down at all for the last three years and it's working well consistently."
"The most valuable feature of Elastic Security is that you can install agents, and they are not separately licensed."
"Overall, this product does what it is supposed to do, although there is always room for improvement."
 

Cons

"The server sometimes stops continuously to check things so it would be helpful to receive access updates or technical reasons."
"Cortex XDR is trickier to configure than other Palo Alto products. This is one area where we are not so satisfied."
"Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats."
"The solution could improve by providing better integration with their own products and others."
"There are some false positives."
"Managing the product should be easier."
"It is not a suitable solution if you are looking for a single product with multiple features such as DLP, encryption, rollback, etc."
"As an improvement, I would like to see enhanced connection speeds."
"Cybereason's customer support could be better."
"Customer service is rated as a five out of ten. When they work and reach the right level, they are helpful, but getting to the right person can be time-consuming."
"There could be more integrations with other data sources like NDR systems."
"The one thing we sometimes have issues with is its integration with other security applications like antiviruses."
"Technical support could respond faster."
"Elastic Security could improve the documentation. It would help if they were more simple and clean."
"The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics."
"One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow."
"An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot."
"The solution is stable if you don't touch it too much. Meaning, it's technically stable, but if there is a period of downtime, you will face quite a big hiccup in getting it running again and stabilized."
"The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated."
"This solution cannot do predictive maintenance, so we have to build our own modules for doing it."
 

Pricing and Cost Advice

"Very costly product."
"The return on investment is from the user side because we have seen the performance of it increase the delivery time of the product if we are using too many web-based and on-premise applications. In indirect ways, we saw the return of investment in terms of performance and user satisfaction increase."
"The pricing is okay, although direct support can be expensive."
"I feel it is fairly priced."
"The solution has one subscription for endpoint protection and one subscription for detection and response. The two licenses combined give you the BRO version."
"The price was fine."
"Cortex XDR's pricing is ok."
"It's about $55 per license on a yearly basis."
"The solution is cheaper than Microsoft Defender. It has a subscription and no standard license."
"When compared to other products, the price is average or on the low side."
"Elastic Stack is an open-source tool. You don't have to pay anything for the components."
"The tool's pricing is flexible and comes at unit cost. You don't have to pay for everything."
"The product offers an amazing pricing structure. Price-wise, the product is very competitive."
"I find it better than Splunk in terms of cost-effectiveness. For cost-effectiveness, I would rate it a nine out of 10."
"Elastic Security is free to use."
"We use the open-source version, so there is no charge for this solution."
"The price is reasonable. It probably costs the same as ArcSight and LogRhythm SIEM. FortiSIEM might cost less than Elastic Security. There are no hidden or additional costs."
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Manufacturing Company
12%
Computer Software Company
11%
Outsourcing Company
8%
Comms Service Provider
8%
Comms Service Provider
9%
Financial Services Firm
9%
Government
8%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise52
No data available
By reviewers
Company SizeCount
Small Business40
Midsize Enterprise12
Large Enterprise15
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What needs improvement with Cybereason XDR?
There could be more integrations with other data sources like NDR systems. Additionally, technical support has been s...
What is your primary use case for Cybereason XDR?
I use Cybereason XDR for customers who don't have a SOC or managed SOC yet and want to be protected on more than thei...
What advice do you have for others considering Cybereason XDR?
I rate Cybereason XDR a nine out of ten. I recommend having hands-on experience and doing some threat hunting to fami...
Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several time...
What is your experience regarding pricing and costs for Elastic Security?
I am satisfied with the pricing, setup cost, and licensing cost. It is a pure 10.
What needs improvement with Elastic Security?
I do not have any specific recommendations for improvements in Elastic Security, but I feel that the AI module should...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
No data available
Elastic SIEM, ELK Logstash
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
MOTOROLA MOBILITY
Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
Find out what your peers are saying about Cybereason XDR vs. Elastic Security and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.