


Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.
Cortex XDR by Palo Alto Networks helps to reduce my total cost of ownership significantly.
In Cortex XDR by Palo Alto Networks, most of the remediation is automated and the accuracy is quite good.
It does not require hefty security budgets and can be deployed for enterprise security effectively.
The workload has been reduced and the ROI has improved by around 20 percent.
I have seen a return on investment because, in terms of employees, 15 were cut down to eight, and it was also saving us time from the whole dashboard automation.
Trellix helped us save our information, which is the most critical, and also save money.
The technical support from Palo Alto deserves a mark of ten because they reach out within an hour whenever assistance is needed.
There is no back and forth, and they know what we are asking for and come up with the best resolution for a solution.
If any of these services are missed, it becomes a problem in terms of support tickets, follow-up, or special configuration that needs to be done in the system.
Support is prompt and helpful.
Most of the time when my team encounters issues, they receive responses within 24 hours.
I have not faced any difficulties with Elastic Security, as we have a pretty good support service from them.
If I require remote support, they will send a link to join a session and help me resolve any issues I have faced.
Technical support is crucial, especially when facing critical issues.
The most basic thing that you need from the vendor is support, and by the time they resolve it, you probably would have figured it out by yourself because the resolution came after weeks or months.
You can onboard 10,000 endpoints in just hours, which demonstrates the excellent scalability of this product.
Activating the newly purchased licenses is instantaneous, allowing installations without adjustments since it's cloud-based.
Cortex XDR by Palo Alto Networks can be expanded anytime by purchasing another license without any issues related to scalability.
It allows us to think about specific use cases, such as gathering malicious IPs in a single view and analyzing threats based on geolocation.
Elastic Security is quite scalable.
Trellix XDR has good scalability because it can handle multiple security sources and multiple logs.
in our environment, we have fed a lot of data logs into the tool, and it has been reliable and scalable with no issues.
You can scale from ten licenses to several thousand.
Cortex remains fast and responsive, even with increasing data and alerts.
The thresholds we've seen on our firewall boxes at some instances reached 80% to 85%, but even at that level of utilization, we don't observe any latency or any issues reported with respect to accessing the application.
Cortex XDR by Palo Alto Networks can be trusted completely.
In terms of stability, I would rate Elastic a solid eight out of ten.
Support and stability are good. They are continuously improving.
The system would go down for half an hour, an hour, or two hours in the off-hours which would then impact the business, impact the alerts, and the flow of alert.
There is no downtime, or if there is, prior notification is sent to us so we can prepare accordingly.
Improving reporting and dashboard customization, along with the addition of real-time and exportable reports, would help SOC teams greatly.
The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products.
If the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better.
CrowdStrike and Defender have more established threat intelligence integration due to having a larger client base.
My security testing team continuously reports vulnerabilities, and we have to fix and update the versions frequently.
Machine learning algorithms become better with time; as they ingest a huge volume of data, they become better.
Trellix support team is not highly regarded because they follow a whole hierarchical process to escalate the complaints and the feedback requests, and the resolution can take very long, from two to three weeks to a month, which is not really viable in a cybersecurity landscape which is moving this fast.
Continuous enhancement to automation and AI-driven threat prioritization would further reduce analysts' workflow and improve response effectiveness.
We are getting multiple types of CPU utilization from the EPP solution, with the EPP agent reaching as high as 80 percent CPU utilization.
The pricing on SentinelOne is far more reasonable and cheaper than Cortex XDR by Palo Alto Networks.
I would say it is definitely not a cheap product, considering how mature it is and how scalable all Palo Alto products are together.
Compared to CrowdStrike, which is very costly, and SentinelOne, which is also very costly, Cortex XDR by Palo Alto Networks is a medium cost-efficient solution.
The pricing is reasonable, especially for Small Medium Enterprises (SMEs), making it a viable option for businesses building their security infrastructure.
This is beneficial for SMEs as they do not need extensive budgets for security solutions.
Elastic Security is considered cost-effective, especially at lower EPS levels.
But currently, they have bumped up the prices and that is why we have now moved to a different solution totally. We have left Trellix XDR.
My experience with pricing, setup cost, and licensing shows that the pricing is very competitive and not overly expensive.
It incorporates AI for normal behavior detection, distinguishing unusual operations.
The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.
It includes machine learning to easily analyze data and detect complex threats across endpoints, networks, or clouds.
Elastic Security offers good insight regarding alerts, reports, and cases.
Elastic Security offers advanced features such as machine learning and integration with ChatGPT.
We require rapid processing speed for alerts and event data, and Elastic Security is very efficient at handling this level of data.
Getting the telemetry data from the endpoint with Trellix XDR helps us detect the severity based on malware types, techniques, and tactics with MITRE mapping.
The core functionality includes EDR and NDR, and Trellix XDR gets threat detection on both the network and endpoint levels.
The second feature is its ability for cross-platform threat correlation, meaning the platform helps to correlate all events across endpoints, network activity, security controls, and threat intelligence sources, providing us with a more in-depth view in terms of threat detection and threat research.
| Product | Mindshare (%) |
|---|---|
| Cortex XDR by Palo Alto Networks | 4.6% |
| Elastic Security | 3.4% |
| Trellix XDR | 0.8% |
| Other | 91.2% |



| Company Size | Count |
|---|---|
| Small Business | 46 |
| Midsize Enterprise | 21 |
| Large Enterprise | 52 |
| Company Size | Count |
|---|---|
| Small Business | 40 |
| Midsize Enterprise | 12 |
| Large Enterprise | 15 |
| Company Size | Count |
|---|---|
| Small Business | 5 |
| Midsize Enterprise | 3 |
| Large Enterprise | 6 |
Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.
Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.
What are the key features of Cortex XDR?Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.
Elastic Security stands out for its speed, scalability, and intuitive interface. It integrates seamlessly with Elasticsearch and Kibana, providing efficient data indexing, centralized log management, and intelligent threat identification, all while being open-source.
Elastic Security offers robust capabilities in security monitoring, threat identification, and SIEM functionalities. Its open-source nature enhances scalability, facilitating log aggregation and infrastructure monitoring. Users appreciate the intuitive dashboards and machine learning integration, which aid in proactive security measures and anomaly detection. Despite its strengths, improvements are needed in documentation, scalability, and configuration complexity. High data volume pricing and limited machine learning support are concerns, while dashboard enhancement and seamless integration with existing systems are desirable. The platform is widely used for alerting suspicious activities, analyzing logs from firewalls and Active Directory, and providing endpoint protection. It serves as a key tool for security awareness and auditing, integrating effectively with technologies like Kibana and OpenShift.
What are the most notable features of Elastic Security?Organizations deploy Elastic Security across industries for log aggregation and security monitoring, detecting unauthorized access, and analyzing system logs. It is essential for infrastructure monitoring and integrates effectively with systems such as Fluentd and OpenShift, supporting comprehensive security views across enterprise environments.
Trellix XDR provides a comprehensive approach to threat detection and response, enhancing security by integrating data from multiple sources into a single pane of glass for more effective incident management.
Leveraging robust analytics, Trellix XDR enables organizations to improve threat visibility and response capabilities. The platform streamlines security operations by centralizing data from networks, endpoints, and cloud resources. This integration helps security teams quickly identify, analyze, and mitigate threats, reducing the time to respond and improving overall security posture.
What are the most important features of Trellix XDR?In finance and healthcare, Trellix XDR is implemented to secure critical infrastructures, ensuring compliance with industry regulations and standards. Its scalability makes it ideal for retail, adapting to variable traffic patterns and data volumes, consistently safeguarding data and operations across sectors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.