No more typing reviews! Try our Samantha, our new voice AI agent.

Elastic Security vs Sangfor Endpoint Secure comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Elastic Security
Ranking in Endpoint Detection and Response (EDR)
15th
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
66
Ranking in other categories
Log Management (11th), Security Information and Event Management (SIEM) (7th), Security Orchestration Automation and Response (SOAR) (10th), Extended Detection and Response (XDR) (12th)
Sangfor Endpoint Secure
Ranking in Endpoint Detection and Response (EDR)
36th
Average Rating
8.2
Reviews Sentiment
7.4
Number of Reviews
11
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of Elastic Security is 2.3%, up from 2.2% compared to the previous year. The mindshare of Sangfor Endpoint Secure is 0.7%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
Elastic Security2.3%
Sangfor Endpoint Secure0.7%
Other93.4%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Laurentiu Popescu - PeerSpot reviewer
Chief Product Officer at ClusterPower
Has improved threat detection with deep log analysis and streamlined investigation workflows
The most useful features I find in Elastic Security are the forensic ones that allow us to carry deeper analysis into the logs for in-depth investigations, and the dashboards, with the reporting dashboard being quite user-friendly. Elastic Security is quite good at identifying threats, as it is part of the deep investigation tool that I mentioned before. Unless we need to look further into a certain log, we can carry out a deeper analysis and forensics on those particular logs. I can assess the impact of Elastic Security's real-time data analysis on our threat response efficiency as working pretty good. We are looking for real-time analysis because we have a continuous inflow of logs from different sources: from our cloud, from Active Directory, from our network. So it works pretty well.
OA
Coordinator Associate at National Institute of Cardiovascular Diseases
Quick threat response and behavior analysis while enhancing network security
The main use case is usually related to security. It deals with attacks that come day-to-day such as zero-day attacks and APT attacks. Our main task is to secure the network infrastructure in the hospital where I work It facilitates the departments of IT and other departments to procure and…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Cortex XDR features advanced threat detection capabilities."
"The most valuable aspect of Cortex XDR by Palo Alto Networks for me is its integration with AI detection, where we get to know the behavioral detection based on users, traffic patterns, and different services that we consume."
"We've had a significant increase in blocking with a decrease in false positives, because it's looking at how the files work, not just a list of files that it's been told to look for."
"The initial setup is easy."
"It has absolutely improved the way our organization functions, we are more secure, it is giving us more peace of mind, and it has found malicious activity happening on our endpoints that probably would not have been detected if we didn't have it."
"The solution's most valuable feature is its ability to rapidly detect certain hardware files."
"The solution's most valuable feature is the user interface."
"The product has an intuitive dashboard."
"Enables monitoring of application performance and the ability to predict behaviors."
"ELK documentation is very good, so never needed to contact technical support."
"The solution's most valuable features are anomaly detection and connectivity reporting."
"The stability of the solution is good."
"One of the most valuable features of this solution is that it is more flexible than AlienVault."
"It is scalable."
"The most valuable feature is the machine learning capability."
"Elastic SIEM is pretty stable."
"The user-friendliness of Sangfor Endpoint Secure is particularly impressive. Even with basic technical knowledge, users can easily navigate the system, make changes, and implement updates."
"Sangfor Endpoint Secure has some good policy certificates."
"I like the tool's honeypot feature. Some features include having a honeypot to detect attacks in a certain area. Additionally, there is RDP protection, which means that when we remote into our server or any endpoint, we must enter a password as a second layer of security. It can also integrate with next-generation firewalls."
"What stands out to me is the dual-end user interface they provide."
"The real-time monitoring feature of Sangfor Endpoint Secure is truly real-time, with no delay compared to other solutions."
"We use the product for network protection from any malicious threat."
"The most valuable feature I have found in the system is its comprehensive end-to-end protection."
"The product's initial setup phase was straightforward."
 

Cons

"Cortex XDR by Palo Alto Networks is not only pricey; it is extremely expensive."
"The only issues that we have are, one the cost, two the dashboard is not very intuitive, even though you can drill down within the dashboard, we usually have to gather information from other sources to determine locations and if its a false positive."
"It is a complex solution to implement."
"Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms."
"We would also like to have advanced tech protection and email scanning."
"There are some third-party solutions that are difficult to integrate with, which is something that can be improved."
"I feel that it should not be a licensed activity because a feature should allow us to see applications running on end devices."
"It would be good to have a better way to search for a file within the UI."
"The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there."
"Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks."
"The interface could be more user friendly because it is sometimes hard to deal with."
"I want to find an automatic security system in the tool, like a SOAR solution. I am looking forward to seeing a SOAR system in the tool."
"The initial configuration and setup are complicated and not straightforward."
"Elastic Security could improve the documentation. It would help if they were more simple and clean."
"Its documentation should be a bit better. I have to spend at least a couple of hours to find the solution for a simple thing. When we buy Elastic, training is not included for free with Elastic. We have to pay extra for the training. They should include training in the price."
"The tool needs to integrate with legacy servers. Big companies can have legacy servers that may not always be updated."
"It is complicated to establish a tunnel due to technical issues in the VPN system."
"When an issue occurs, the response time for first-level support and the time taken for meetings could be improved."
"I believe Sangfor Endpoint Secure could improve in terms of its user interface and management capabilities."
"Sangfor Endpoint Secure performs poorly."
"Sangfor Endpoint Secure should include healing capabilities."
"Sometimes, the VPN is not secure and doesn't work properly in Sangfor Endpoint Secure."
"It would be much more convenient if the migration tool could be installed directly on the customer's VMs, enabling a smoother migration process to the new infrastructure, with potential restrictions addressed accordingly."
"The interface has too many buttons, making it cluttered."
 

Pricing and Cost Advice

"Compared to CrowdStrike, Cortex XDR is an expensive solution."
"When we first bought it, it was a bit expensive, but it was worth it. The licensing was straightforward."
"The pricing seems fair, and I do like the licensing model. You use wherever they are, and it is elastic."
"The price was fine."
"In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage."
"The pricing is okay, although direct support can be expensive."
"The solution is expensive. It's pricing is on a yearly-basis."
"The cost of Cortex XDR by Palo Alto Networks is $55 to $90 USD per endpoint per month."
"The licensing cost of Elastic Security is based on the daily ingestion rate. I can't recall the exact figure, but for 10GB of log action daily, it would cost around $20,000."
"We use the open-source version, so there is no charge for this solution."
"This is an open-source product, so there are no costs."
"The base product is open-source but if you need advanced security features then you need to pay for the subscription. Elastic Security's price is reasonable in some cases and in other cases it's not."
"The pricing is in the middle. I think it is not an expensive experience if we compare it with big names, for example, QRadar, and also Oxide. I think Elastic Security is quite cheap. I would rate the pricing of this solution a five out of ten."
"The price is reasonable. It probably costs the same as ArcSight and LogRhythm SIEM. FortiSIEM might cost less than Elastic Security. There are no hidden or additional costs."
"It's a monthly cost with Elastic SIEM, but I am not sure of the exact cost."
"Its price is fine. Its licensing works on a yearly basis. We have to renew the license every year. I also have a good experience with Darktrace. When we buy Darktrace, we get training free of cost, which is not there in Elastic. We have to pay extra for training. There is certainly room for improvement."
"The product is expensive compared to other vendors."
"Price-wise, Sangfor Endpoint Secure can be considered a competitively priced product in the market as it offers quite low prices compared to other solutions."
"Its "pay as you grow" model offers cost-effectiveness compared to major cloud providers."
"Sangfor Endpoint Secure's pricing is cheap. I rate it seven out of ten."
"The solution is cheap. It is cheaper than other products by 15-20 percent."
"Sangfor Endpoint Secure is not a cheap solution."
"We were using Hyper-V. So, we switched to Sangfor because of the pricing."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Comms Service Provider
9%
Financial Services Firm
9%
Government
8%
Manufacturing Company
8%
Financial Services Firm
17%
Comms Service Provider
11%
University
7%
Media Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business40
Midsize Enterprise12
Large Enterprise15
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise3
Large Enterprise3
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several time...
What is your experience regarding pricing and costs for Elastic Security?
I am satisfied with the pricing, setup cost, and licensing cost. It is a pure 10.
What needs improvement with Elastic Security?
I do not have any specific recommendations for improvements in Elastic Security, but I feel that the AI module should...
What needs improvement with Sangfor Endpoint Secure?
The interface has too many buttons, making it cluttered. It would be better if it were a simplified version with fewe...
What is your primary use case for Sangfor Endpoint Secure?
Sangfor Endpoint Secure is easy to handle with its user-friendly interface. The four engines it utilizes for endpoint...
What advice do you have for others considering Sangfor Endpoint Secure?
At first, people might not understand the interface, which is why it should be simplified. However, once they underst...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Elastic SIEM, ELK Logstash
No data available
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
Information Not Available
Find out what your peers are saying about Elastic Security vs. Sangfor Endpoint Secure and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.