We performed a comparison between Mandiant Advantage and Palo Alto Networks AutoFocus based on real PeerSpot user reviews.
Find out what your peers are saying about SentinelOne, CrowdStrike, Palo Alto Networks and others in Extended Detection and Response (XDR)."We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence."
"The solution is well integrated with applications. It is easy to maintain and administer."
"Microsoft 365 Defender is simple to upgrade."
"The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."
"Microsoft Defender's most critical component is its CASB solution. It has many built-in policies that can improve your organization's cloud security posture. It's effective regardless of where your users are, which is critical because most users are working from home. It's cloud-based, so nothing is on-premise."
"Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"The integration with other Microsoft solutions is the most valuable feature."
"The feature I have found most valuable is directory monitoring. We experienced an instance of threat actors trying to ensure a complex and massive attack against our customer's infrastructure on the forum. That is, they were animating people on a formum. The solution alerted us to this two days ahead of the attack, which gave us plenty of time to prepare for it."
"The advantage of the solution is being able to go look up threat actors and get a lot of detailed information about different attacks and different tactics and general information about threats."
"It is so valuable to have someone performing these functions outside of our business hours when we don't have staff in the building. We've seen a lot of solid metrics on the amount of malware that it's detecting and resolving. We're pleased with it so far."
"I am impressed with the tool's integration of Palo Alto products which serves as a platform for security."
"The logs play a crucial role as they contribute to blocking unwanted Internet traffic."
"The most valuable feature is alerting."
"It integrates well with other solutions and provides good threat intelligence in terms of external threats."
"The feature that I like best is the dashboard."
"The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense."
"There are other SIEM solutions that are easier to use, mainly based on the creation of rules, use cases, and groups."
"Customers say they want absolutely seamless integration between other Microsoft solutions and Defender XDR, including the ability to change device settings within the Defender portal. They need to contact the IT team responsible for the device management tools to change some settings. They would prefer that those changes be initiated directly from the Defender portal or applied from Intune without involving the IT operations team."
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"The management features could be improved, particularly in terms of better integration with Intune, Microsoft's cloud-based management solution."
"They could have better support. Now that they've merged, they are moving towards a portal system, which isn't very helpful."
"I think that the data query that is used for data cloud language should be improved. It's really hard to query actual data from the platform."
"Mandiant's on-prem client is too processor-intensive, so it's putting a strain on the local device's CPU. When a scan is running on the device, the other processing tasks slow to a crawl. We're still trying to figure out the correct settings for the client."
"I would like the tool to see more integration with Cortex XDR. There is no real reason to keep them separate."
"It would be better if they used the threat intelligence feeds directly from their side and changing the verdict instead of us requesting it."
"I would like to have more technical documentation that contains greater detail on the types of threats that are occurring."
"It would be helpful to have better documentation for configuring and installing the solution."
"It is a completely cloud-based product at present."
Mandiant Advantage is ranked 19th in Extended Detection and Response (XDR) with 3 reviews while Palo Alto Networks AutoFocus is ranked 8th in Threat Intelligence Platforms with 5 reviews. Mandiant Advantage is rated 8.6, while Palo Alto Networks AutoFocus is rated 7.8. The top reviewer of Mandiant Advantage writes "It gives us peace of mind that issues can be addressed when our core IT team isn't working". On the other hand, the top reviewer of Palo Alto Networks AutoFocus writes "Impressive performance and monitoring capabilities but lacks in documentation". Mandiant Advantage is most compared with Cortex Xpanse, CrowdStrike Falcon, Microsoft Defender External Attack Surface Management, Cymulate and ThreatConnect Threat Intelligence Platform (TIP), whereas Palo Alto Networks AutoFocus is most compared with ThreatConnect Threat Intelligence Platform (TIP), Anomali ThreatStream, VirusTotal, LogRhythm SIEM and CrowdStrike Falcon.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.