Palo Alto Networks Cortex XSOAR and Elastic Security compete in the cybersecurity automation and analytics category. Cortex XSOAR stands out due to its strong automation and integration capabilities, while Elastic Security has an advantage with its speed and open-source flexibility.
Features: Palo Alto Networks Cortex XSOAR is well-regarded for its robust automation, versatile playbooks, and seamless integration within various security infrastructures. Users highlight its scalability and diverse scripting support. Elastic Security is noted for its open-source nature, flexibility, and strong indexing capabilities, offering enhanced data visualization and infrastructure monitoring which are beneficial for fast response situations.
Room for Improvement: Customers of Cortex XSOAR seek a simpler setup process, reduced licensing complexities, and improvements in integration and cost-effectiveness. Elastic Security users desire better documentation, enhanced anomaly detection features, and more user-friendly functionalities, alongside increased AI integration and streamlined alert management processes.
Ease of Deployment and Customer Service: Cortex XSOAR is deployed across public, private, and hybrid clouds, but users report mixed experiences with customer support concerning responsiveness. Elastic Security can be deployed in various environments and is praised for its responsive and knowledgeable technical support, providing a more reliable customer service experience.
Pricing and ROI: Cortex XSOAR is often viewed as costly, which may be prohibitive for smaller businesses, but its automation brings significant ROI for mature SOCs. Elastic Security, being open-source, is perceived as more cost-effective and suitable for SMEs, providing an appealing price point while maintaining substantial flexibility and scalability.
It does not require hefty security budgets and can be deployed for enterprise security effectively.
We are positioning Palo Alto Networks Cortex XSOAR, which can be used in the SOC and do a lot of automation for the customer.
Most of the time when my team encounters issues, they receive responses within 24 hours.
Providing necessary assistance efficiently.
The technical support provided by Palo Alto Networks Cortex XSOAR is good.
Their support has been better than Anomali's and they are more responsive.
It allows us to think about specific use cases, such as gathering malicious IPs in a single view and analyzing threats based on geolocation.
The scalability of Palo Alto Networks Cortex XSOAR supports our growth and security needs because we can integrate various tools and continuously add more capability.
In terms of stability, I would rate Elastic a solid eight out of ten.
My security testing team continuously reports vulnerabilities, and we have to fix and update the versions frequently.
CrowdStrike and Defender have more established threat intelligence integration due to having a larger client base.
Elastic Security consumes a lot of resources, requiring a substantial deployment setup.
To improve the solution, it needs to have complete features that are low-code, no-code, and should be plug-and-play.
One of the significant issues we encounter is system slowdown when we receive an influx of alerts, which inhibits how quickly we can access the information needed for investigation.
Deployment is not easy, requiring significant tuning and building of integrations over weeks.
The pricing is reasonable, especially for Small Medium Enterprises (SMEs), making it a viable option for businesses building their security infrastructure.
This is beneficial for SMEs as they do not need extensive budgets for security solutions.
Elastic Security is considered cost-effective, especially at lower EPS levels.
For customers, it is zero versus $20 million, which is why they have to make a decision.
The platform provides more visibility and requires less effort in monitoring.
Elastic Security is as flexible and configurable as Microsoft Sentinel.
We require rapid processing speed for alerts and event data, and Elastic Security is very efficient at handling this level of data.
We have implemented automation features, such as automated responses to email threats and automatic configuration of target devices for blocking specific IPs.
Execution of automatic tasks for collecting, enriching, and correlating security events from hundreds of different technologies.
If I already have an established process, I do not have to change my process to fit into the tool. I can modify the tool to fit into my process, which makes things considerably easier.
| Product | Market Share (%) |
|---|---|
| Palo Alto Networks Cortex XSOAR | 9.6% |
| Elastic Security | 4.8% |
| Other | 85.6% |
| Company Size | Count |
|---|---|
| Small Business | 40 |
| Midsize Enterprise | 11 |
| Large Enterprise | 14 |
| Company Size | Count |
|---|---|
| Small Business | 19 |
| Midsize Enterprise | 8 |
| Large Enterprise | 24 |
Elastic Security combines the features of a security information and event management (SIEM) system with endpoint protection, allowing organizations to detect, investigate, and respond to threats in real time. This unified approach helps reduce complexity and improve the efficiency of security operations.
Additional offerings and benefits:
Finally, Elastic Security benefits from a global community of users who contribute to its threat intelligence, helping to enhance its detection capabilities. This collaborative approach ensures that the solution remains on the cutting edge of cybersecurity, with up-to-date information on the latest threats and vulnerabilities.
Palo Alto Networks delivers a complete solution that helps Tier-1 through Tier-3 analysts and SOC managers to optimize the entire incident life cycle while auto documenting and journaling all the evidence. More than 100+ integrations enable security orchestration workflows for incident management and other critical security operation tasks.
Palo Alto Networks Cortex XSOAR is a piece of Security Orchestration, Automation, and Response software that redefines what it means for a program to orchestrate security in an automated manner. It is a next-generation solution that offers all of the features of dozens of siloed security operations center tools in one place. Cortex XSOAR combines case management, automation, real-time collaboration, and threat intelligence management to create a platform that can handle all aspects of system security. Teams that make use of Cortex XSOAR can expect to cut the number of issues that they will have to deal with by 75%. At the same time, the speed at which they resolve those issues that slip through will rise by 90%.
Cortex XSOAR ensures that all of the IT and security tools that you employ function as a unified system. It does this by employing hundreds of integrations that allow you to run a wide variety of programs at once without ever worrying about them interfering with each other. These integrations are limited only by your imagination. They can be used immediately as they are, if that is what you need. However, they can also be customized according to the requirements of your system. This approach provides you with the maximum levels of both flexibility and utility.
The model that this platform uses is based on a machine learning algorithm. The level of automation allows you to provide more than an unchanging and inflexible blanket of coverage. Cortex XSOAR takes all of the data that it gathers and uses it to expand its protective capabilities. This creates recommendations that you can use to create a threat playbook that can be deployed uniformly throughout your organization.
Benefits of Palo Alto Networks Cortex XSOAR
Some of Palo Alto Networks Cortex XSOAR’s benefits include:
Reviews from Real Users
Palo Alto Networks Cortex XSOAR’s centralized monitoring interface and automation are two features that help it stand out. This might help explain why one quarter of the Fortune 500 companies choose Palo Alto Networks Cortex XSOAR over the competition.
Peerspot users note the effectiveness of these features. One user wrote, “We were looking for a single pane of glass type of solution that would allow us to physically be in one appliance - be able to work in concert with other servers that we have within our environment. We wanted orchestration and automation. The single pane of glass was the most important part.” Another noted, "The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
