Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.
Cortex XDR by Palo Alto Networks helps to reduce my total cost of ownership significantly.
In Cortex XDR by Palo Alto Networks, most of the remediation is automated and the accuracy is quite good.
Other NDR solutions provide virtual appliances that can be deployed on virtualization servers to get up and running quickly.
Using this solution provides financial benefits by securing from server attacks, which offers indirect savings.
The workload has been reduced and the ROI has improved by around 20 percent.
I have seen a return on investment because, in terms of employees, 15 were cut down to eight, and it was also saving us time from the whole dashboard automation.
Trellix helped us save our information, which is the most critical, and also save money.
The technical support from Palo Alto deserves a mark of ten because they reach out within an hour whenever assistance is needed.
There is no back and forth, and they know what we are asking for and come up with the best resolution for a solution.
If any of these services are missed, it becomes a problem in terms of support tickets, follow-up, or special configuration that needs to be done in the system.
The technical support from Darktrace is of high quality.
Darktrace provides excellent technical support with a monthly meeting to review platform incidents, ensuring the system functions as expected.
The challenge lies in waiting for a response after logging a ticket.
If I require remote support, they will send a link to join a session and help me resolve any issues I have faced.
Technical support is crucial, especially when facing critical issues.
The most basic thing that you need from the vendor is support, and by the time they resolve it, you probably would have figured it out by yourself because the resolution came after weeks or months.
You can onboard 10,000 endpoints in just hours, which demonstrates the excellent scalability of this product.
Activating the newly purchased licenses is instantaneous, allowing installations without adjustments since it's cloud-based.
Cortex XDR by Palo Alto Networks can be expanded anytime by purchasing another license without any issues related to scalability.
Darktrace has high scalability, and I would rate it a nine out of ten.
Since it's cloud-based, it expands easily.
There is still a gap in terms of storage, and we are trying to figure out how to increase that capacity for regulated environments, which require data retention for 5 to 6 years.
Trellix XDR has good scalability because it can handle multiple security sources and multiple logs.
in our environment, we have fed a lot of data logs into the tool, and it has been reliable and scalable with no issues.
You can scale from ten licenses to several thousand.
Cortex remains fast and responsive, even with increasing data and alerts.
The thresholds we've seen on our firewall boxes at some instances reached 80% to 85%, but even at that level of utilization, we don't observe any latency or any issues reported with respect to accessing the application.
Cortex XDR by Palo Alto Networks can be trusted completely.
The stability of Darktrace is excellent, rated ten out of ten.
The appliance itself has never let me down.
For stability, I would rate Darktrace an eight out of ten.
Support and stability are good. They are continuously improving.
The system would go down for half an hour, an hour, or two hours in the off-hours which would then impact the business, impact the alerts, and the flow of alert.
There is no downtime, or if there is, prior notification is sent to us so we can prepare accordingly.
Improving reporting and dashboard customization, along with the addition of real-time and exportable reports, would help SOC teams greatly.
The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products.
If the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better.
There is no dedicated salesperson in Egypt, and having one would help to improve focus on this market.
They say they can integrate with most firewalls, but when we did an integration with Meraki MX firewalls, that integration didn't work and still doesn't work to this day.
We need Darktrace on each branch to get the data out, and I suggest having some kind of a centralized product that gets data from multiple sources to aggregate and provide the data.
Trellix support team is not highly regarded because they follow a whole hierarchical process to escalate the complaints and the feedback requests, and the resolution can take very long, from two to three weeks to a month, which is not really viable in a cybersecurity landscape which is moving this fast.
Continuous enhancement to automation and AI-driven threat prioritization would further reduce analysts' workflow and improve response effectiveness.
We are getting multiple types of CPU utilization from the EPP solution, with the EPP agent reaching as high as 80 percent CPU utilization.
The pricing on SentinelOne is far more reasonable and cheaper than Cortex XDR by Palo Alto Networks.
I would say it is definitely not a cheap product, considering how mature it is and how scalable all Palo Alto products are together.
Compared to CrowdStrike, which is very costly, and SentinelOne, which is also very costly, Cortex XDR by Palo Alto Networks is a medium cost-efficient solution.
The product is considered expensive compared to others.
The pricing is costly in USD, and they charge based on device counts.
The licensing cost is approximately eight dollars a year.
But currently, they have bumped up the prices and that is why we have now moved to a different solution totally. We have left Trellix XDR.
My experience with pricing, setup cost, and licensing shows that the pricing is very competitive and not overly expensive.
It incorporates AI for normal behavior detection, distinguishing unusual operations.
The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.
It includes machine learning to easily analyze data and detect complex threats across endpoints, networks, or clouds.
It is capable of responding to lateral movement and ransomware deployment within environments where there is data exfiltration.
I do not need to manually process incidents as Darktrace provides an incident summary, potential detection paths, and other details, all exportable with just a click.
If I am in a data center where I don't have layer two, it becomes an issue because the autonomous response is reliant on sending spoofed TCP resets to my core switch to block traffic, which is a major issue.
Getting the telemetry data from the endpoint with Trellix XDR helps us detect the severity based on malware types, techniques, and tactics with MITRE mapping.
The core functionality includes EDR and NDR, and Trellix XDR gets threat detection on both the network and endpoint levels.
The second feature is its ability for cross-platform threat correlation, meaning the platform helps to correlate all events across endpoints, network activity, security controls, and threat intelligence sources, providing us with a more in-depth view in terms of threat detection and threat research.
| Product | Mindshare (%) |
|---|---|
| Cortex XDR by Palo Alto Networks | 4.6% |
| Darktrace | 4.4% |
| Trellix XDR | 0.8% |
| Other | 90.2% |



| Company Size | Count |
|---|---|
| Small Business | 46 |
| Midsize Enterprise | 21 |
| Large Enterprise | 53 |
| Company Size | Count |
|---|---|
| Small Business | 44 |
| Midsize Enterprise | 20 |
| Large Enterprise | 29 |
| Company Size | Count |
|---|---|
| Small Business | 5 |
| Midsize Enterprise | 3 |
| Large Enterprise | 6 |
Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.
Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.
What are the key features of Cortex XDR?Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.
Darktrace revolutionizes network security with AI-driven alerts, anomaly detection, and robust visibility across networks. It autonomously detects threats, minimizing the need for human oversight, and offers efficient IP identification with minimal false positives.
Darktrace uses advanced AI analytics to enhance network protection. Its powerful real-time threat response capabilities and self-learning enable thorough monitoring and insightful analysis of network activities. While providing scalable and reliable security, users seek improvements in false positive reduction, user-friendly interfaces, and pricing. Enhanced third-party integration, more effective dashboards, and centralized automation features remain top priorities. Users benefit greatly from its Antigena feature, offering automated responses like blocking suspicious connections for robust network defense.
What Are Darktrace's Key Features?In industries employing Darktrace, it is pivotal in securing LAN networks, analyzing behavioral patterns, and detecting internal and external threats. Adoption alongside platforms like F5 and SAP enhances incident response, traffic analysis, and threat identification, utilizing Antigena for proactive security measures.
Trellix XDR provides a comprehensive approach to threat detection and response, enhancing security by integrating data from multiple sources into a single pane of glass for more effective incident management.
Leveraging robust analytics, Trellix XDR enables organizations to improve threat visibility and response capabilities. The platform streamlines security operations by centralizing data from networks, endpoints, and cloud resources. This integration helps security teams quickly identify, analyze, and mitigate threats, reducing the time to respond and improving overall security posture.
What are the most important features of Trellix XDR?In finance and healthcare, Trellix XDR is implemented to secure critical infrastructures, ensuring compliance with industry regulations and standards. Its scalability makes it ideal for retail, adapting to variable traffic patterns and data volumes, consistently safeguarding data and operations across sectors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.