No more typing reviews! Try our Samantha, our new voice AI agent.

Kaspersky Next EDR Expert vs Tanium comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Kaspersky Next EDR Expert
Ranking in Endpoint Detection and Response (EDR)
20th
Average Rating
8.2
Reviews Sentiment
6.5
Number of Reviews
51
Ranking in other categories
No ranking in other categories
Tanium
Ranking in Endpoint Detection and Response (EDR)
23rd
Average Rating
7.8
Reviews Sentiment
6.2
Number of Reviews
22
Ranking in other categories
Server Monitoring (3rd), Vulnerability Management (26th), Endpoint Protection Platform (EPP) (15th), Unified Endpoint Management (UEM) (8th)
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of Kaspersky Next EDR Expert is 1.2%, down from 1.4% compared to the previous year. The mindshare of Tanium is 2.0%, down from 2.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
Kaspersky Next EDR Expert1.2%
Tanium2.0%
Other93.2%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Ravi-Upadhyay - PeerSpot reviewer
Founder at Inspira Enterprise
Provides strong threat detection and response through behavior analytics and network isolation
I have found the most valuable features of Kaspersky Endpoint Detection and Response Expert to be its ability to tackle the biggest challenges customers face when they have to mitigate any kind of a malware, ransomware attack, or online theft scenarios. The solution utilizes its HIPS, which is the host intrusion prevention system, behavior analytics system, and device control mechanism, making the antivirus capabilities of EDR quite strong. It is able to detect zero-day threats as well as historical or legacy malware, providing protection against current threats in the market and legacy malware. My opinion on the advanced threat detection algorithms in Kaspersky Endpoint Detection and Response Expert is that the ATP functionality is quite strong because it utilizes the behavioral analytics engine in the backend, which employs machine learning mechanisms to identify any kind of vulnerability or exploit running on the operating system level and the network level. If an attack is about to happen on the endpoint, it is able to protect over the network as well and checks for any illegitimate encryption activities. The machine learning capability within Kaspersky Endpoint Detection and Response Expert has contributed to improving detection accuracy and reducing false positives in my environment by helping me identify malicious activity and differentiate between any malicious activity on the operating system level and on the network level. I have seen customers with in-house developed applications that have no public signatures available. Once I whitelist a particular application, it intelligently whitelists not only the executable but also all the dependent services required to run that application. Furthermore, Kaspersky Endpoint Detection and Response Expert has successfully blocked network-level attacks on the endpoint. For example, during a recent DoS attack aimed at choking the entire network, Kaspersky detected the attack, isolated the device in a sandbox network, and alerted my SOC team via email for corrective action, thereby proactively helping me detect and protect devices from malicious attacks.
MA
Division Manager, Information Technology at a legal firm with 51-200 employees
Centralized policies have improved remote endpoint control and have simplified data visibility
The integration is not simple and easy. It requires experienced users or people who have done the implementation. When certain policies are applied, they do not immediately push the policies. For example, we manage endpoint device USB access. We set a policy to block it, but it does not come into effect immediately. Sometimes it takes three or four days for it to reflect. That is a pain point. I have raised this issue with support as well, but they said that I need to limit the number of devices in the policy. In terms of application deployment, for us, it was seamless.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Cortex XDR by Palo Alto Networks's ability to block sophisticated threats in real time is quite good and is on par with SentinelOne's."
"The anti-exploit is impenetrable. We chose Traps because it is the only product that we were not able to get anything past."
"Cortex XDR by Palo Alto Networks is easy to use and does not consume a lot of hardware resources."
"In one single alert, we are getting the network telemetry, endpoint telemetry, email security telemetry, and proxy telemetry all in one single ticket, making it very easy."
"Based on my experience, I would recommend Cortex XDR by Palo Alto Networks to other people."
"Cortex XDR is a simple platform that's easy for administrators and users. You have a lot of flexibility to change or customize the features."
"The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical."
"After deploying Traps, we saw the performance of the network improve by 65 to 70 percent."
"In summary, I think that Kaspersky is a good product to use."
"The solution is scalable."
"The performance for Kaspersky is good, and it's not impacted our client performance."
"It is easy to manage."
"Its customer service is quite good."
"Stability-wise, I rate the solution a ten out of ten."
"Encryption is the most valuable feature. It creates an encryption tunnel from your location to the delivery address."
"This is a feature-rich product."
"Tanium is highly scalable."
"It's definitely not complex, it is pretty user-friendly and it's a solid tool enterprise to use."
"Tanium is stable and it is also lightweight."
"Tanium is a very good product and I would rate it eight or nine out of ten."
"Threat hunting is a very good feature on Tanium. We have just started using it and have not used it extensively."
"Tanium's most valuable feature is its instant discovery aspect."
"The interrogation piece was the most valuable feature because it was very detailed."
"I'm not so familiar with the tool but I like the interaction of the console to the picture. Patching is the primary model I have been focusing on for the last couple of weeks. So I have created a proof of concept environment and have been checking the available features."
 

Cons

"It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control. Currently, Cortex is good in terms of the security of the endpoints, but it is not as good as other vendors in terms of the management of the endpoint."
"I feel that it should not be a licensed activity because a feature should allow us to see applications running on end devices."
"The product's pricing could be better."
"If he is using a smaller company, he can depend on some other tools because Cortex XDR by Palo Alto Networks is a bit expensive."
"Cortex XDR could be improved with more GUI features."
"While using Cortex, I noticed some aspects that could be improved, such as increasing the synchronization speed between XDR and Xnor."
"It is a complex solution to implement."
"I would like to see some additional features related to email protection included."
"Kaspersky EDR currently has limited OS support. They only focus on Windows Server and Windows. Kaspersky recently released a Linux version, but it's rudimentary. It does not have any advanced features available on Windows platforms. They should increase their footprint on the Linux side and support other operating systems on the market, like MacOS."
"Technical support can be improved. When you need support, when you call for support, and you present the evidence in a ticket, they always come back with more questions."
"I could be covering more devices, for example, the XDR. If it covered more products, it would improve the XDR."
"Documentation needs to be simplified and improved so that it provides good product awareness for end users."
"It's not a simple implementation."
"The solution lacks DLP."
"Installing Kaspersky is complex. It requires more work from system admins and takes almost one week to deploy, including integration and mapping with other solutions. You also have to configure Kaspersky EDR sandboxing then set up permissions for various teams and customers."
"There is a problem with the solution, it came from Russia and we are looking for a replacement."
"The problem or challenge is a pre-sales and go-to strategy for the SMB market delivered through a channel or model. It's very convoluted and vague, which leads to some confusion about the various types of modules, and the device-to-seat cost is extremely difficult to calculate."
"We had some issues with the solution's OS upgrade."
"It is not really additional functions, or the features that are needed, rather the complexity would be reduced based on the number of modules required to put together a comprehensive operational security and risk compliance model."
"There are some bugs in the product. The tool needs to improve in the area of reporting."
"Any movement into a SaaS solution has challenges since the processes and data flows are not well defined. Hence, you need to build it at the same time."
"Our biggest issue with the solution is its lack of mobility."
"Tanium required local admin or root rights on Mac devices, which did not comply with our security policies. This made the solution less suitable for our restrictive environment."
"The solution needs to improve the reporting and tracking capabilities."
 

Pricing and Cost Advice

"We didn't have to pay any additional fee for the cloud instance. It just came with the renewal, which was nice."
"The price of the solution could be reduced. I have customers that have voiced that the solution is good for the value but if I want to sell more of the solution the price reduction would help."
"When we first bought it, it was a bit expensive, but it was worth it. The licensing was straightforward."
"It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."
"It is cost-effective compared to similar solutions. It fits for the small businesses through to the big businesses."
"If one wishes to work with another team or large number of users at a future point, he must purchase a license for them."
"Cortex XDR's pricing is ok."
"I don't like that they have different types of licenses."
"The license for EDR costs about 1,000 pesos per user. I would rate the pricing as four out of five."
"The solution's cost is reasonable compared to other vendors."
"The price of the solution could be reduced."
"The solution isn't the cheapest considering what you get. I would rate the pricing as seven out of ten."
"Kaspersky's pricing is very competitive when it comes to comparison with the other solutions."
"Endpoint's pricing is good, especially compared to expensive solutions like Sophos."
"The price of Kaspersky Endpoint Detection and Response is in the middle range compared to competitors. The pricing model is based on the users using the solutions. The cost for us is approximately 2200 Algerian dinars. The price of the solution could be reduced."
"The solution is worth its cost so I rate pricing a ten out of ten."
"It's an expensive solution. It would be nice if the cost were lower."
"The solution offers value for money."
"The product's pricing differs from region to region depending on negotiations and the number of endpoints."
"There is an annual license required to use this solution."
"The solution is expensive but it's a good investment."
"Tanium is a more expensive solution in Latin America than some of the competitors, such as BigFix."
"It is higher than some competitors in the market."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
10%
Construction Company
9%
Computer Software Company
9%
Comms Service Provider
9%
Financial Services Firm
14%
Government
10%
Manufacturing Company
9%
Healthcare Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business30
Midsize Enterprise4
Large Enterprise18
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise3
Large Enterprise12
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What needs improvement with Kaspersky Endpoint Detection and Response Expert?
The user interface of Kaspersky Endpoint Detection and Response Expert could be more intuitive, and I would appreciat...
What is your primary use case for Kaspersky Endpoint Detection and Response Expert?
My usual use cases for Kaspersky Endpoint Detection and Response Expert involve detecting ransomware earlier and proa...
What needs improvement with Tanium?
While there is always room for improvement, I am pleased with Tanium.
What is your primary use case for Tanium?
The primary use case for Tanium ( /products/tanium-reviews ) is compliance, patching, and inventory as part of the co...
What advice do you have for others considering Tanium?
For smaller companies, Tanium is quite a big investment, and one needs to have a considerable setup to make it econom...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Kaspersky EDR
Tanium Inc Cloud, Tanium XEM
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Ferrari, Insolar, Tael, Republic of Serbia
JPMorgan Chase, eBay, Amazon, US Bank, MetLife, pwc, Cerner, Delphi, MGM Grand, New York Life
Find out what your peers are saying about Kaspersky Next EDR Expert vs. Tanium and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.