No more typing reviews! Try our Samantha, our new voice AI agent.

Deepwatch vs Microsoft Sentinel comparison

Deepwatch and Microsoft are both solutions in the AI-Powered Cybersecurity Platforms category. Deepwatch is ranked #19, while Microsoft is ranked #5 with an average rating of 8.4. Deepwatch holds a 0.4% mindshare in AICP, compared to Microsoft’s 10.3% mindshare. Additionally, 100% of Deepwatch users are willing to recommend the solution, compared to 93% of Microsoft users who would recommend it.
Sponsored
Cortex XDR by Palo Alto Net...
Read 109 Cortex XDR by Palo Alto Networks reviews
  • 14,649 Views
  • 2,490 Comparison Views
96% willing to recommend
Deepwatch
Read 1 Deepwatch review
  • 480 Views
  • 67 Comparison Views
100% willing to recommend
Microsoft Sentinel
Read 107 Microsoft Sentinel reviews
  • 16,593 Views
  • 2,157 Comparison Views
93% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Deepwatch and Microsoft Sentinel based on real PeerSpot user reviews.

Find out what your peers are saying about CrowdStrike, Palo Alto Networks, TrendAI and others in AI-Powered Cybersecurity Platforms.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed AI-Powered Cybersecurity Platforms Report (Updated: March 2026).
Buyer's Guide
AI-Powered Cybersecurity Platforms
March 2026
Download the complete report
Helped 885,789 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in AI-Powered Cybersecurity Platforms
2nd
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
109
Ranking in other categories
Endpoint Protection Platform (EPP) (5th), Endpoint Detection and Response (EDR) (7th), Extended Detection and Response (XDR) (6th), Ransomware Protection (2nd)
Deepwatch
Ranking in AI-Powered Cybersecurity Platforms
19th
Average Rating
8.0
Reviews Sentiment
8.2
Number of Reviews
1
Ranking in other categories
Managed Detection and Response (MDR) (45th)
Microsoft Sentinel
Ranking in AI-Powered Cybersecurity Platforms
5th
Average Rating
8.2
Reviews Sentiment
6.9
Number of Reviews
107
Ranking in other categories
Security Information and Event Management (SIEM) (4th), Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (6th)
 

Mindshare comparison

As of April 2026, in the AI-Powered Cybersecurity Platforms category, the mindshare of Cortex XDR by Palo Alto Networks is 9.9%, down from 10.9% compared to the previous year. The mindshare of Deepwatch is 0.4%, up from 0.1% compared to the previous year. The mindshare of Microsoft Sentinel is 10.3%, up from 7.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
AI-Powered Cybersecurity Platforms Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks9.9%
Microsoft Sentinel10.3%
Deepwatch0.4%
Other79.4%
AI-Powered Cybersecurity Platforms
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
ABHISHEK_SINGH
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Read full review
Shivam Dhang - PeerSpot reviewer
Shivam Dhang
IT Infrastructure & Cloud Manager at Softcell Technologies Limited
Continuous monitoring has improved threat detection and reduces incident response time
Deepwatch could improve with more granular customization of detection rules and alert tuning to better fit specific cloud workloads and use cases. Additionally, it can be improved by enhancing the dashboarding. It should also support deeper cloud-native integrations such as AWS, Azure, and GCP, which would further improve operational efficiency and control. Regarding the support, I would say that the support team should be more responsive because ideally, the response time of the support is quite long, which is sometimes frustrating. However, I do agree that for easy issues, they respond within the expected time, but for complex issues, they do take time to respond.
Read full review
Kallamuddin Ansari - PeerSpot reviewer
Kallamuddin Ansari
Cyber Security Consultant at ProTechmanize
Centralized monitoring has improved threat response but cost control still needs refinement
Based on real operations used in our corporate IT environment, the key features include log correlation and incident view. Microsoft Sentinel's biggest strength is how it correlates multiple related alerts into a single incident. This significantly reduces alert noise and helps the SOC focus on real threats instead of isolated events. Another valuable feature is KQL-based threat hunting with Kusto Query Language. The flexibility of this language allows us to build custom hunting queries based on our environment's behavior. This is extremely useful for detecting low and slow threats or hidden threats that default rules may miss. Cloud-native scalability and stability is another important feature. Being cloud-native, Microsoft Sentinel scales well for medium to large corporate environments without infrastructure management. Stability has been solid in day-to-day production. SOAR automation using playbooks is a feature we highly recommend. Microsoft Sentinel's SOAR functionality helps automate repetitive SOC tasks like alert enrichment and notification. This saves analyst time and improves response consistency.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Stability is one of the features we like the most."
"When the pandemic started, Palo Alto came up with many solutions, which helped with the quick shift from on-premises to the cloud."
"The solution allows us to make investigations. Other XDR solutions also provide similar capabilities but for investigation, Cortex XDR is better."
"The integrations are out-of-the-box, as are the playbooks."
"The positive impacts I see from Cortex XDR by Palo Alto Networks include a complete 360-degree view of our security posture altogether, being a uniform platform where we are ingesting logs from multiple resources."
"The one feature of Palo Alto Networks Traps that our organization finds most valuable is the App ID service."
"Cortex XDR by Palo Alto Networks is easy to use and does not consume a lot of hardware resources."
"This software helps us understand any issues that may arise when someone is not at work."
More Cortex XDR by Palo Alto Networks pros
"With Deepwatch, I have seen a 40 to 50% reduction in MTTR due to faster detection and guided response playbooks, and false positives have also dropped significantly by 40 to 50% through better correlation and risk scoring, which significantly reduced SOC workload and improved analyst efficiency."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"Microsoft Sentinel helps us understand the areas that we have to improve and provides information on our current coverage."
"We have no complaints about the features or functionality."
"Being able to dictate and train efficiently and in a streamlined way is probably the most value proposition we have for something in this category."
"Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
"For us, at least, the price point is justified, and we have not had any issues."
"In terms of Sentinel, it's a best-in-class solution."
"Microsoft is continuously improving this product, and we also have private access where we can see what features are being launched and provide input to them."
More Microsoft Sentinel pros
 

Cons

"Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files. It was unable to retrieve new file verdicts. It was using a thing called "local analysis" to determine if something was a malicious file or not. There was no dynamic analysis."
"Cortex XDR by Palo Alto Networks could improve by adding a sandbox feature to better compete with their competitors which have it."
"Managing the product should be easier."
"It would be good to have a better way to search for a file within the UI."
"Impact on system performance is horrible, adding a lot of delays for users."
"The dashboard is the area that needs to improve so that we can have the ability to drill down without having to go elsewhere to verify results."
"Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files."
"It's not an ideal choice for smaller businesses, as you need a minimum of 200 endpoints to even use the solution at all."
More Cortex XDR by Palo Alto Networks cons
"Regarding the support, I would say that the support team should be more responsive because ideally, the response time of the support is quite long, which is sometimes frustrating."
"However, I do have challenges with KQL, and I believe they could work on making the language more user-friendly."
"Cost management is still one of the biggest pain points."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"Technical support doesn't understand the features well enough. Their solutions and response time aren't very good."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"Its implementation could be simpler. It is not really simple or straightforward."
More Microsoft Sentinel cons
 

Pricing and Cost Advice

"The solution has one subscription for endpoint protection and one subscription for detection and response. The two licenses combined give you the BRO version."
"It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff."
"It is cost-effective compared to similar solutions. It fits for the small businesses through to the big businesses."
"Compared to CrowdStrike, Cortex XDR is an expensive solution."
"I don't like that they have different types of licenses."
"Our customers have expressed that the price is high."
"The price is on the higher side, but it's okay."
"The price of the product is not very economical."
More Cortex XDR by Palo Alto Networks pricing and cost advice
Information not available
"Sentinel is fairly priced and pretty cost-effective."
"The product is costly compared to Splunk."
"It is certainly the most expensive solution. The cost is very high. We need to do an assessment using the one-month trial so that we can study the cost side. Before implementing it, we must do a careful calculation."
"It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
"Sentinel's price is comparable to pretty much everything out there. None of it is cheap, but we didn't think we could save money by going a different route. Sentinel was part of our Azure expenditures, so it was easier to add the expense instead of having a completely separate vendor."
"The are two native advantages for customers that use M365 Security and Sentinel. The first advantage is that the log or security-event ingestion into Sentinel is free. Cost-wise, they're saving a lot and that is a major advantage."
"There are no additional costs other than the initial costs of Sentinel."
"It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
More Microsoft Sentinel pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which AI-Powered Cybersecurity Platforms solutions are best for your needs.
See recommendations
885,789 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
14%
Financial Services Firm
10%
Comms Service Provider
8%
Manufacturing Company
7%
Construction Company
29%
Manufacturing Company
12%
Healthcare Company
8%
Media Company
8%
Computer Software Company
12%
Financial Services Firm
10%
Manufacturing Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business44
Midsize Enterprise20
Large Enterprise48
No data available
By reviewers
Company SizeCount
Small Business41
Midsize Enterprise22
Large Enterprise46
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
See all answers
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
See all answers
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
See all answers
Ask a question
Earn 20 points
Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel an...
See all answers
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingest...
See all answers
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel...
See all answers
 

Comparisons

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks Logo
Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks
Compared 8% of the time
SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks Logo
SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks
Compared 6% of the time
CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks Logo
CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks
Compared 4% of the time
Cortex XSIAM vs Cortex XDR by Palo Alto Networks Logo
Cortex XSIAM vs Cortex XDR by Palo Alto Networks
Compared 4% of the time
Darktrace vs Cortex XDR by Palo Alto Networks Logo
Darktrace vs Cortex XDR by Palo Alto Networks
Compared 1% of the time
More Cortex XDR by Palo Alto Networks Competitors
Proficio Managed Detection and Response vs Deepwatch Logo
Proficio Managed Detection and Response vs Deepwatch
Compared 21% of the time
Rapid7 MDR vs Deepwatch Logo
Rapid7 MDR vs Deepwatch
Compared 18% of the time
Expel vs Deepwatch Logo
Expel vs Deepwatch
Compared 16% of the time
Arctic Wolf Managed Detection and Response vs Deepwatch Logo
Arctic Wolf Managed Detection and Response vs Deepwatch
Compared 13% of the time
ReliaQuest GreyMatter vs Deepwatch Logo
ReliaQuest GreyMatter vs Deepwatch
Compared 12% of the time
More Deepwatch Competitors
AWS Security Hub vs Microsoft Sentinel Logo
AWS Security Hub vs Microsoft Sentinel
Compared 16% of the time
SentinelOne Singularity AI SIEM vs Microsoft Sentinel Logo
SentinelOne Singularity AI SIEM vs Microsoft Sentinel
Compared 5% of the time
Cortex XSIAM vs Microsoft Sentinel Logo
Cortex XSIAM vs Microsoft Sentinel
Compared 4% of the time
CrowdStrike Falcon vs Microsoft Sentinel Logo
CrowdStrike Falcon vs Microsoft Sentinel
Compared 4% of the time
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Compared 4% of the time
More Microsoft Sentinel Competitors
 

Product Reports

Buyer's Guide
Cortex XDR by Palo Alto Networks
April 2026
Cortex XDR by Palo Alto Networks reportDownload Cortex XDR by Palo Alto Networks product report
Buyer's Guide
Managed Detection and Response (MDR)
April 2026
Deepwatch reportDownload Deepwatch product report
Buyer's Guide
Microsoft Sentinel
March 2026
Microsoft Sentinel reportDownload Microsoft Sentinel product report
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
No data available
Azure Sentinel
 

Overview

Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.

Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.

What are the key features of Cortex XDR?
  • Advanced Threat Detection: Uses AI and machine learning for proactive threat identification.
  • Multi-layered Security: Combines various security measures for comprehensive protection.
  • Endpoint Protection: Safeguards against malware and exploits.
  • Behavioral Analysis: Monitors suspicious activity for early detection.
  • Automatic Threat Response: Automates responses to neutralize threats.
What benefits should users expect?
  • Ease of Use: Simplifies security management with intuitive design.
  • Resource Efficiency: Minimizes impact on system resources.
  • Integration Capabilities: Works well with existing security setups.
  • Reduced Analyst Workload: Automates processes to decrease manual intervention.

Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.

Palo Alto Networks

deepwatch delivers results-driven managed security services by extending customers’ cybersecurity teams and proactively advancing their SecOps maturity. Powered by its cloud SecOps platform, deepwatch is trusted by leading global organizations to provide 24/7/365 managed security services.

Deepwatch

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Microsoft
 

Sample Customers

CBI Health Group, University Honda, VakifBank
Premise Health, Dover, Follett, Genuine Parts Company
Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Buyer's Guide
AI-Powered Cybersecurity Platforms
March 2026
Download Free Report
Find out what your peers are saying about CrowdStrike, Palo Alto Networks, TrendAI and others in AI-Powered Cybersecurity Platforms. Updated: March 2026.
DOWNLOAD NOW
885,789 professionals have used our research since 2012.
See our list of best AI-Powered Cybersecurity Platforms vendors.

We monitor all AI-Powered Cybersecurity Platforms reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.