No more typing reviews! Try our Samantha, our new voice AI agent.

Kaspersky Next XDR Expert vs Morphisec comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 9, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Kaspersky Next XDR Expert
Ranking in Endpoint Detection and Response (EDR)
35th
Average Rating
7.8
Reviews Sentiment
6.3
Number of Reviews
19
Ranking in other categories
Extended Detection and Response (XDR) (20th)
Morphisec
Ranking in Endpoint Detection and Response (EDR)
61st
Average Rating
9.2
Reviews Sentiment
7.4
Number of Reviews
21
Ranking in other categories
Vulnerability Management (57th), Endpoint Protection Platform (EPP) (48th), Advanced Threat Protection (ATP) (30th), Cloud Workload Protection Platforms (CWPP) (35th), Threat Deception Platforms (15th)
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of Kaspersky Next XDR Expert is 1.0%, down from 1.8% compared to the previous year. The mindshare of Morphisec is 0.9%, up from 0.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
Kaspersky Next XDR Expert1.0%
Morphisec0.9%
Other94.5%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Manikumar David - PeerSpot reviewer
IT Manager at R K Khanna and Associates
Experienced weak security checks and increased system load with limited control
Kaspersky Endpoint Detection and Response is not up to the mark compared to what I have seen from earlier products. I was using CrowdStrike, and Kaspersky Endpoint Detection and Response is not up to the mark compared to CrowdStrike and other products. Kaspersky Endpoint Detection and Response sometimes seems to allow certain files which should not be allowed on its own. I trust Kaspersky Endpoint Detection and Response to check the files, but I cannot sit and check all the files that are coming in. Kaspersky Endpoint Detection and Response has its own weaknesses. Kaspersky Endpoint Detection and Response slows the system slightly. It uses more resources than what CrowdStrike does. When any attack happens or something is happening with other products I am using, Kaspersky Endpoint Detection and Response stops certain things. However, it does not take me to the file, and it is not user-friendly.
Rick Schibler - PeerSpot reviewer
VP of Information Technology at Kentucky Trailer
Offers in-memory protection at a lower price than competitors
Morphisec's in-memory protection is probably the most valuable feature because it stops malicious activity from occurring. If something tries to install or act as a sleeper agent, Morphisec will detect and stop it. Morphisec's Moving Target Defense is critical to hardening our attack surface. If it detects something, it indicates whether it's valid. That means you've got a breach requiring investigation. It detects anomalies but doesn't necessarily point to what caused them. You still need to do that work. The solution is reasonably easy to administer. They made some changes last year, adding a cloud-based monitoring solution that makes deploying and monitoring our endpoints easy.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Cortex XDR by Palo Alto Networks should be a stable solution."
"Palo Alto Networks Traps improves our security posture and lowers risk by providing next-gen methods to combat against modern threats on all the major platforms."
"There are a lot of lead solutions in this space, however, Palo Alto is number one."
"Stability is one of the features we like the most."
"Cortex is a very good total solution on the endpoints."
"Cortex is the best tool for endpoint detection, and I have used it to verify hashes or domains to identify malicious activity, trigger playbooks that automate and gather endpoint logs, block malicious processes, and update incident tickets, showcasing end-to-end processes with automation in investigation and reducing the analysis workflow."
"The anti-exploit is impenetrable. We chose Traps because it is the only product that we were not able to get anything past."
"Cortex XDR is a simple platform that's easy for administrators and users. You have a lot of flexibility to change or customize the features."
"I do customize the policies to determine what to do and what not to do."
"The tool's performance and prevention are amazing."
"It downloads essential security patches that are valuable for my PC."
"The most valuable aspect of the product is its consolidated features."
"Kaspersky offers more visible and comprehensive features compared to other products."
"It is a stable solution...It is a very scalable solution."
"Stability-wise, I rate the solution a ten out of ten."
"One of the good features is the provider's Faulting capability. If any of our systems detect malware, we can check the behavior of the malware by sending it to Kaspersky's sandbox environment. This helps us assess how destructive the malware is. After analyzing it, we can create use cases and protection measures based on that behavior. So, this is the best feature of Kaspersky."
"Morphisec makes use of deterministic attack prevention that doesn’t require investigation of security alerts. It changes the memory locations of where certain applications run. If you think of Excel, opening a PDF, running an Excel macro, or opening a webpage and clicking on a link, all of those actions run in a certain area of memory. Morphisec changes the memory locations of where those run."
"In a month, we are saving the effort of four to five days, and earlier we used to have a dedicated person and now we don't need a dedicated resource, which has reduced our security spending and we are saving approximately $600 a month."
"It also provides full visibility into security events from Microsoft Defender and Morphisec in one dashboard. We've always had that capability with Morphisec. The more recent version appears to do that even a little bit more natively and it's given us visibility that we didn't have otherwise."
"If you have the ability to get Morphisec into their environment, it's going to be a hundred percent return on investment."
"Morphisec has enabled us to become a lot less paranoid when it comes to staff clicking on things or accessing things that they shouldn't that could infect the whole system. Our original ransomware attack that happened came from someone's Google drive and then just filtered on through that. It has put our minds at ease a lot more in running it. It's also another layer of security that has been proven to be effective for us."
"Morphisec gives me even more than Microsoft can give me, even if I were to pay."
"Before we got Morphisec we evaluated solutions that claim to do similar things, and we have done additional evaluations since we started using it, but I don't think anything can truly touch what Morphisec does and the way it does it."
"All the alerts are on the dashboard, which is quite simple and useful for us. You can easily check all the alerts that are being blocked or allowed, or whatever the action is. You can easily see that and you can take the necessary actions. You can add a PowerShell extension or any activities for blocking at your network level or for endpoints."
 

Cons

"The solution should offer more dashboards and they should be better customized."
"There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, is not user-friendly."
"In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are the big company, so they can improve the UI a little bit. The UI, the reports, the log system can all be improved."
"The main issue I could point out is the offline agents and the way that it is missing."
"I have seen lagging with Cortex XDR by Palo Alto Networks. There was one time when we faced a threat actor trying to gain access to our system. When our team utilized the tool, we were all on the same dashboard and we faced a lag issue at that time of around five minutes, which was quite significant."
"They are charging for Network Traffic Analyzer (NTA) services, so if the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better."
"I recommend adding a data loss prevention (DLP) solution to Cortex XDR by Palo Alto Networks. The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products."
"The product's pricing could be better."
"It needs improvement in communication between the network and endpoint, as well as between endpoint and server."
"There are certain shortcomings with the UI of the solution. The UI is not at all user-friendly."
"One of the main areas where the tool could improve is its integration capabilities. For example, I find it challenging to integrate it with other solutions. It would be helpful if the tool could make it more open to integration with other tools."
"My team was struggling with the reporting when we were doing an audit. The console features are a little more interactive and user-friendly. There's some issue, or maybe some fixing has to be done."
"Kaspersky Endpoint Detection and Response needs vast resources on the central node. Not all maintenance tasks are in the GUI, so we often use commands. The lack of documentation for these processes means we frequently reach out to support, open tickets, and run complex CLI commands. It's not the most straightforward process. It should also improve stability."
"I want to be able to use the product as a patch management tool for my endpoints since it is an area that is not working effectively for me."
"Enhancing user-friendliness should be a priority."
"The main issue was compatibility with the cloud itself. The CPU usage immediately spiked, causing the machines to hang and sometimes even forcing server or computer restarts."
"We started in the Linux platform and we deployed to Linux. The licensing of that has been kind of confusing between Linux licensing and Windows licensing. The overall simplicity of licensing or offering an enterprise license to just cover everything and then we don't have to count needs improvement."
"From a company standpoint, a little more interaction with the customers throughout the year might be beneficial. I would like check-ins from the Morphisec account executives about any type of Morphisec news as well as a bit more interaction with customers throughout the year to know if anything new is coming out with Morphisec, e.g., what they are working on in regards to their development roadmap. We tend not to get that up until the time that we go for a yearly renewal. So, we end up talking to people from Morphisec once a year, but it is usually at renewal time."
"We sometimes have to depend on the support team to know what action we should take."
"I haven't been able to get the cloud deployment to work."
"If anything, tech support might be their weakest link."
"The weakest point of this product is how difficult it is to understand the reasons for an alert. This is a problem because it is hard to determine whether an attack is real or not."
"The only area that really needs improvement is the reporting functionality. Gathering the detailed information that is in the system for an executive, or for me as a director, could be better. Some of the interface and reporting aspects are a little bit dated. They're working on it."
"It might be a bit much to ask, but we are now beginning to use Morphisec Scout, which provides vulnerability information. At this time, it's recognizing vulnerabilities and reporting them to us, but it's not necessarily resolving them. There's still a separate manual process to resolve those vulnerabilities, primarily through upgrades. We have to do that outside of Morphisec. If Morphisec could somehow have that capability built into it, that would be very effective."
 

Pricing and Cost Advice

"I did PoCs on products called Cylance and CrowdStrike. Although, I consider these products and they were also good, when it come to cost and budgetary factors, Traps has been proven to be better than the other two products. It is quite cost-effective and delivers all the entire solution which we require."
"In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage."
"When we first bought it, it was a bit expensive, but it was worth it. The licensing was straightforward."
"It has a higher cost than other solutions, like CrowdStrike or Microsoft’s EDR tools, but it reduces the cost of our operations because it’s a new generation antivirus tool."
"Its pricing is kind of in line with its competitors and everybody else out there."
"The cost of Cortex XDR by Palo Alto Networks is $55 to $90 USD per endpoint per month."
"Very costly product."
"Cortex XDR’s pricing is very reasonable."
"I rate the solution's pricing model a seven on a scale of one to ten, where one is cheap, and ten is expensive."
"I was satisfied with the pricing of Kaspersky."
"The tool's pricing was high during the last renewal."
"The solution is not cheap, but it is not expensive."
"I rate the product price a five on a scale of one to ten, where one is low price and ten is high price."
"The tool's pricing is reasonable."
"It is cost-effective in terms of services and features compared to other more expensive EDR solutions like CrowdStrike and Trend Micro."
"The pricing falls within the average range."
"It does not have multi-tenants. If South Africa wants to show only the machines that they have, they need their own cloud incidence. It is not possible to have that in a single cloud incidence with multiple tenants in it, instead you need to have multiple cloud incidences. Then, if you have that, it will be more expensive. However, they are going to change that, which is good."
"Morphisec is reasonably priced because our parent company's other subsidiaries use different products like CrowdStrike. CrowdStrike is four or five times more expensive than Morphisec. The competitive pricing saves us money in our overall security stack."
"We are still using a separate tool. I know for our 600 or I think we're actually licensed for up to 700 users, it runs me 23 or $24,000 a year. When you're talking to that many users plus servers being protected, that's well worth the investment for that dollar amount."
"It is an annual subscription basis per device. For the devices that we have in scope right now, it is about $25,000 a year."
"It is priced correctly for what it does. They end up doing a good deal of discounting, but I think it is priced appropriately."
"Licenses are per endpoint, and that's true for the cloud version as well. The only difference is that there is a little extra charge for the cloud version."
"It is a little bit more expensive than other security products that we use, but it does provide us good protection. So, it is a trade-off."
"The pricing is definitely fair for what it does."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Comms Service Provider
12%
Financial Services Firm
9%
Manufacturing Company
9%
Construction Company
7%
Outsourcing Company
16%
Manufacturing Company
12%
Construction Company
11%
Financial Services Firm
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise6
Large Enterprise6
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise8
Large Enterprise8
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What needs improvement with Kaspersky Endpoint Detection and Response?
Kaspersky Endpoint Detection and Response is not up to the mark compared to what I have seen from earlier products. I...
What advice do you have for others considering Kaspersky Endpoint Detection and Response?
It seems okay. CrowdStrike was not heavy on my network or usage. I would rate this product an 8.
Ask a question
Earn 20 points
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
No data available
Morphisec, Morphisec Moving Target Defense
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Information Not Available
Lenovo/Motorola, TruGreen, Covenant Health, Citizens Medical Center
Find out what your peers are saying about Kaspersky Next XDR Expert vs. Morphisec and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.