No more typing reviews! Try our Samantha, our new voice AI agent.

Cynet vs Microsoft Defender for Identity comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
4.7
Cortex XDR reduces costs by preventing malware, improving compliance, enhancing performance, and replacing multiple tools, outperforming alternatives.
Sentiment score
6.1
Cynet offers effective and affordable cybersecurity, providing immediate value and reducing management needs, enhancing user investment confidence.
Sentiment score
4.8
Microsoft Defender for Identity enhances threat detection, reduces efforts, minimizes risks, and optimizes costs despite varied ROI assessments.
They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.
Cyber Security Manager at Welab bank
Cortex XDR by Palo Alto Networks helps to reduce my total cost of ownership significantly.
Detection and Response Consultant at Inovasys
In Cortex XDR by Palo Alto Networks, most of the remediation is automated and the accuracy is quite good.
Network Security Engineer at Cyberwell Solution
The return on investment with Cynet is pretty good, as it doesn't require a dedicated resource to manage, being highly automated.
CoFounder at Vinca Cybertech Pvt. Ltd.
 

Customer Service

Sentiment score
7.0
Cortex XDR support is praised for responsiveness but criticized for delays, language barriers, and inconsistent satisfaction across regions.
Sentiment score
7.4
Cynet's customer service is generally praised for responsiveness, though some users desire faster support and wider geographic coverage.
Sentiment score
6.4
Microsoft Defender for Identity offers knowledgeable support, yet response times can vary, especially with complex issues or initial contacts.
The technical support from Palo Alto deserves a mark of ten because they reach out within an hour whenever assistance is needed.
Head of data centers at a non-profit with 10,001+ employees
There is no back and forth, and they know what we are asking for and come up with the best resolution for a solution.
Senior Process Expert at A.P. Moller - Maersk
If any of these services are missed, it becomes a problem in terms of support tickets, follow-up, or special configuration that needs to be done in the system.
Chief of IT Architecture at a financial services firm with 10,001+ employees
Their SOC side support, when a threat is detected, is excellent.
vCIO At Grove Networks Inc. at a computer software company with 11-50 employees
My experience with the technical support of Cynet is excellent; they are just one click away.
CoFounder at Vinca Cybertech Pvt. Ltd.
Based on our needs, they schedule remote sessions and resolve the issues.
Technical Consultant at Vincacyber
Generally, the support is more effective than other providers like Oracle.
Owner at Alopex ONE UG
The quality of support is very good, but troubleshooting can take time due to complex setups and the need to provide many logs.
Cloud Security & Governance at a financial services firm with 10,001+ employees
The people I normally use for support are very knowledgeable, especially when they help remote in and get to where I need to go and show me much faster and help me understand what I should be doing.
Technology Coordinator at a educational organization with 501-1,000 employees
 

Scalability Issues

Sentiment score
7.5
Cortex XDR offers impressive scalability for large enterprises, with easy deployment and management, supporting both medium and large environments.
Sentiment score
7.6
Cynet offers scalable, flexible deployment for medium to enterprise businesses, supporting various systems and user bases efficiently.
Sentiment score
7.2
Microsoft Defender for Identity is highly scalable and adaptable, excelling in large enterprises with efficient cloud-based processing.
You can onboard 10,000 endpoints in just hours, which demonstrates the excellent scalability of this product.
Assistant Security Architect at Cloudnomics
Activating the newly purchased licenses is instantaneous, allowing installations without adjustments since it's cloud-based.
Junior Security Analyst at ITSEC Asia
Cortex XDR by Palo Alto Networks can be expanded anytime by purchasing another license without any issues related to scalability.
Head of data centers at a non-profit with 10,001+ employees
The solution is highly scalable.
Senior Chief Manager at Arcil
We can deploy Cynet for 50,000 users, and we have deployed it at that scale, with the capability to scale higher to 100,000 users without any challenges.
CoFounder at Vinca Cybertech Pvt. Ltd.
Cynet is very scalable.
vCIO At Grove Networks Inc. at a computer software company with 11-50 employees
In a Microsoft-centric organization, especially with Azure infrastructure and Office 365, Microsoft Defender for Identity is scalable.
Cloud Security & Governance at a financial services firm with 10,001+ employees
 

Stability Issues

Sentiment score
8.0
Cortex XDR by Palo Alto Networks is praised for stability and reliability, despite occasional minor issues and complex upgrade steps.
Sentiment score
8.1
Cynet is favored for its stability, reliability, minimal system impact, and users' long-term satisfaction despite minor Linux update issues.
Sentiment score
7.1
Microsoft Defender for Identity is highly stable, reliable, with minimal downtime; occasional issues require support for agent redeployment.
Cortex remains fast and responsive, even with increasing data and alerts.
Final Year Student at Gitam University
The thresholds we've seen on our firewall boxes at some instances reached 80% to 85%, but even at that level of utilization, we don't observe any latency or any issues reported with respect to accessing the application.
Senior Process Expert at A.P. Moller - Maersk
Cortex XDR by Palo Alto Networks can be trusted completely.
Soc Analyst at Softcell Technologies Limited
Within six years of usage, we have not had any issues such as outages or downtime.
CoFounder at Vinca Cybertech Pvt. Ltd.
Microsoft Defender for Identity is quite robust and built on Azure hyperscale infrastructure, with a 99% availability.
Cloud Security & Governance at a financial services firm with 10,001+ employees
We do not see any issues with the stability of Microsoft Defender for Identity.
Deputy Manager at Servion Global Solutions
Having recently started using it, reliability is affirmed, but manual investigation is often performed to verify if alerts identified by auto-remediation are accurate.
Instrumentation Engineer at Toyo Engineering Corp
 

Room For Improvement

Cortex XDR requires better integration, reduced false positives, improved UI, enhanced configuration, reporting, and broader network detection support.
Cynet should enhance mobile support, integration, customization, usability, and AI features, with better incident data and third-party integrations.
Microsoft Defender for Identity needs improvements in alert accuracy, UI/UX, asset integration, automation, anomaly detection, and third-party integration.
Improving reporting and dashboard customization, along with the addition of real-time and exportable reports, would help SOC teams greatly.
Final Year Student at Gitam University
The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products.
Pre Sales Architect at network techlab
If the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better.
Cyber Security Information Security Specialist at MHM Holding GmbH
There should be more options than deploying solely through group policy, as the assumption that GPO is working isn’t always the case.
vCIO At Grove Networks Inc. at a computer software company with 11-50 employees
Having a DLP feature would also add value.
Senior Technical Consultant at Vincacyber
Integration with local Active Directory, not only Azure AD, is a must.
Cyber Security Specialist at a computer software company with 1-10 employees
If Microsoft could develop a feature that indicates when impossible travel is caused by VPN connections, it would prevent unnecessary password resets and session disruptions, especially for VIP users in organizations.
CyberSecurity Engineer | Information Security Management at Self Employed
One improvement I would recommend is the integration of an admin application within Teams, allowing easy access to attack information on a mobile platform.
Owner at Alopex ONE UG
Reducing false positives is something we've been working on with Microsoft.
Cloud Security & Governance at a financial services firm with 10,001+ employees
 

Setup Cost

Cortex XDR's pricing is flexible and cost-effective, considering its technology, with setup costs medium and negotiable for enterprises.
Cynet offers competitive pricing with flexible licensing, appreciated for its cost-benefit ratio and comprehensive features by enterprise buyers.
Microsoft Defender for Identity pricing aligns with E5 licenses, offering value in hybrid setups but can be costly at scale.
The pricing on SentinelOne is far more reasonable and cheaper than Cortex XDR by Palo Alto Networks.
Consultant at a tech services company with 1,001-5,000 employees
I would say it is definitely not a cheap product, considering how mature it is and how scalable all Palo Alto products are together.
Senior Process Expert at A.P. Moller - Maersk
Compared to CrowdStrike, which is very costly, and SentinelOne, which is also very costly, Cortex XDR by Palo Alto Networks is a medium cost-efficient solution.
Soc Analyst at Softcell Technologies Limited
I think the pricing of Cynet is fair and one of the better options in the market.
vCIO At Grove Networks Inc. at a computer software company with 11-50 employees
The price of Cynet is reasonable considering its features and support.
IT infrastructure Specialist at Nok airline public company limited
Cynet does not ask for additional costs for add-on features.
Technical Consultant at Vincacyber
If they can reduce the costs, organizations will be happy, and it will compensate for using the Azure environment, which is more expensive on the infrastructure as a service side.
CyberSecurity Engineer | Information Security Management at Self Employed
Ensuring a fair price according to market standards.
Owner at Alopex ONE UG
From an organization perspective, using E5 licenses is value for money, especially if Azure and Office 365 are already in use.
Cloud Security & Governance at a financial services firm with 10,001+ employees
 

Valuable Features

Cortex XDR by Palo Alto Networks provides AI threat detection, seamless integration, automated responses, and scalable multi-layered protection.
Cynet delivers seamless threat detection with automation, scalability, and low management effort, featuring advanced EDR/XDR capabilities and 24/7 support.
Microsoft Defender for Identity enhances threat detection and security integration, offering streamlined investigation with automated alerts and behavioral analytics.
It incorporates AI for normal behavior detection, distinguishing unusual operations.
Cyber Security Manager at Welab bank
The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.
Pre Sales Architect at network techlab
It includes machine learning to easily analyze data and detect complex threats across endpoints, networks, or clouds.
Final Year Student at Gitam University
The valuable aspects of Cynet are its EDR and XDR components, which are available at a reasonable price point.
vCIO At Grove Networks Inc. at a computer software company with 11-50 employees
The most effective features of Cynet are its ransomware protection and lateral movement deception.
Senior Technical Consultant at Vincacyber
The SOAR function, deception, and forensics are very useful.
Cyber Security Specialist at a computer software company with 1-10 employees
We receive an advance report of risky users, allowing us to take preemptive action before an attack causes damage to organization details.
Instrumentation Engineer at Toyo Engineering Corp
The most valuable feature is its hybrid artificial intelligence, which gathers forensic data to track and counteract security threats, much like the CSI series in effect.
Owner at Alopex ONE UG
The advanced threat protection is one of the strengths of Microsoft Defender for Identity, as it utilizes user and entity analytics and can detect indicative attacks.
Cloud Security & Governance at a financial services firm with 10,001+ employees
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Cynet
Average Rating
8.8
Reviews Sentiment
7.3
Number of Reviews
45
Ranking in other categories
Security Information and Event Management (SIEM) (20th), Endpoint Protection Platform (EPP) (18th), User Entity Behavior Analytics (UEBA) (8th), Endpoint Detection and Response (EDR) (17th), Threat Deception Platforms (2nd), Network Detection and Response (NDR) (8th), Extended Detection and Response (XDR) (13th), Ransomware Protection (3rd)
Microsoft Defender for Iden...
Average Rating
8.8
Reviews Sentiment
6.8
Number of Reviews
28
Ranking in other categories
Advanced Threat Protection (ATP) (8th), Microsoft Security Suite (5th), Identity Threat Detection and Response (ITDR) (3rd)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Roshan Jadhav - PeerSpot reviewer
Technical Consultant at Vincacyber
Has improved threat detection and streamlined incident analysis through centralized control and AI-driven insights
People are looking for Cynet because it has next-generation threat protection that detects zero-day threats. It has UEBA (user entity behavior analysis), threat hunting features, and storage device control where we can create profiles and block unauthorized USB storage devices. We can also create threat protection policies to detect malware, ransomware, and many other threats. The most valuable feature is the UBA (User behavior analysis). It has integration with SIEM solutions, allowing us to share our logs to third-party SIEM servers. Cynet has AI integration which showcases complete forensic data about threats, making it very easy to understand what happened with the system and what type of incident was detected. Autonomous breach protection is a feature of Cynet which can detect and mitigate known and unknown threats based on signatures. If there are any signature-less files, malware, or ransomware, it will detect them based on autonomous breach protection capabilities. The centralized management console provides a dashboard where we can see four types of attack vectors and incident counts in real-time. It continuously scans the radar and shows open alerts related to files, hosts, users, or networks. We can easily export these alerts and send reports via email.
Peter Arabomen - PeerSpot reviewer
Security Engineer at Fidelity Bank Plc
Has supported hybrid identity management while integrating well with cloud directory services
The only challenge I have with Microsoft Defender for Identity is the latency. I may not put that entirely on Microsoft, because latency could be network related. At times when trying to authenticate, the prompt is delayed. We tried implementing passwordless authentication, especially for on-premises workloads, but we haven't been able to achieve that. Passwordless authentication is part of the identity functionalities, particularly when it comes to enforcing passwordless for on-premises workloads. In terms of improvements, you can't create OUs on Azure AD. Regarding giving users privileges on what they can do across different OUs, I haven't seen that feature on Microsoft Defender for Identity. Microsoft Defender for Identity needs to be able to plug into third-party applications that are not Microsoft. For instance, with a human resource application used to manage users and leave requests, when staff leaves the organization, they are first exited from that application before AD. Integration between Azure AD and third-party applications would allow automatic syncing when removing staff. The initial setup of Microsoft Defender for Identity is not hard. However, setup is one thing, and getting value from the application end-to-end is another. It can be set up and running from the first day but not functioning optimally. Initially, when we did the setup, it wasn't optimal. Over time, with continuous improvement, which we're still doing, we've gotten to a comfortable level, but there's still room for improvement.
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
903,996 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Manufacturing Company
12%
Financial Services Firm
10%
Comms Service Provider
9%
Computer Software Company
8%
Financial Services Firm
13%
Manufacturing Company
10%
Computer Software Company
10%
Comms Service Provider
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business30
Midsize Enterprise7
Large Enterprise12
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise5
Large Enterprise15
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
When evaluating User Activity Monitoring, what aspect do you think is the most important to look for?
The support team that stands behind the detection and response. Is there adequate expertise and are they behind you ...
What is your experience regarding pricing and costs for Cynet?
Cynet is not very costly. We can refer it to other customers because Cynet does not ask for additional costs for add-...
What needs improvement with Cynet?
One area where Cynet needs improvement is tamper protection for Mac and Linux agents. It currently has tamper protect...
What needs improvement with Microsoft Defender for Identity?
I really would have to sit down to think about how Microsoft Defender for Identity can be improved. I didn't take sto...
What is your primary use case for Microsoft Defender for Identity?
My main use cases for Microsoft Defender for Identity include Conditional Access, checking risky users, remediating r...
What advice do you have for others considering Microsoft Defender for Identity?
I don't really use Microsoft Defender for Identity a lot because my new role doesn't allow me to take time to do so. ...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
No data available
Azure Advanced Threat Protection, Azure ATP, MS Defender for Identity
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Meuhedet, East Boston Neighborhood Health Center
Microsoft Defender for Identity is trusted by companies such as St. Luke’s University Health Network, Ansell, and more.
Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in Endpoint Detection and Response (EDR). Updated: June 2026.
903,996 professionals have used our research since 2012.