No more typing reviews! Try our Samantha, our new voice AI agent.

Microsoft Defender XDR vs Symantec XDR comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Extended Detection and Response (XDR)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Microsoft Defender XDR
Ranking in Extended Detection and Response (XDR)
5th
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
108
Ranking in other categories
Endpoint Detection and Response (EDR) (9th), Microsoft Security Suite (4th)
Symantec XDR
Ranking in Extended Detection and Response (XDR)
50th
Average Rating
8.0
Number of Reviews
1
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Extended Detection and Response (XDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 4.6%, down from 5.1% compared to the previous year. The mindshare of Microsoft Defender XDR is 4.0%, down from 5.6% compared to the previous year. The mindshare of Symantec XDR is 0.4%, up from 0.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks4.6%
Microsoft Defender XDR4.0%
Symantec XDR0.4%
Other91.0%
Extended Detection and Response (XDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
MohtesanShaikh - PeerSpot reviewer
Business Development Executive at TechnoFirrm
Experience improves security management and simplifies threat protection
I have created automated investigations, and while they work, they operate rather slowly in the Microsoft portal. If I automate something, it takes considerable time; if I do it manually, I can complete it in a quarter of the time. The automation response being slow is the main concern; when an incident occurs or if I run a remediation, it takes significant time to complete the remediation. There are some limitations regarding the scalability of Microsoft Defender XDR with specific licensing. For SMB customers, there is only Microsoft Defender for Business, and if they want more features such as XDR features and automation investigation or incident response, they need to purchase Defender for Endpoint. We are currently using the EDR.
BR
Cyber Security Consultant at I(TS)² Saudi Arabia
A scalable and stable solution with straightforward deployment
We can generate maps from the environment. For example, suppose there is a virus that has a zero-day attack and is publicly unknown. We can block that and keep it away from the network so it is not further replicated. It also has custom white and black lists. We can add a good reputation on both lists and use the sonar technology for Symantec and the online network for advanced reports.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The good thing about the product is that it's always scanning."
"Overall, it's a great platform; it integrates very well with other solutions from Palo Alto and also with our vendors, the ease of use is excellent, I love the root cause analysis from Cortex, which is amazing, and in a few clicks you can have the full root cause."
"The tool is designed to scale for large enterprises and handle large volumes of data."
"The level of security I get for my endpoints and servers is extremely valuable."
"Cortex XDR is a simple platform that's easy for administrators and users. You have a lot of flexibility to change or customize the features."
"Technical support is the best in class, in my opinion, because they have invested heavily in research and development."
"The solution's most valuable feature is its ability to rapidly detect certain hardware files."
"If you are looking for security, mainly for advanced threat prevention from ransomware and malware attacks, I would recommend Cortex."
"In Microsoft 365 vendor products, monitoring and connectivity across all Microsoft and third-party connectors enable viewing of all activity within those environments."
"The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"The integration between all the Defender products is the most valuable feature."
"What I found most valuable in Microsoft 365 Defender is that it's able to scan emails and protect users from dangerous links or attachments."
"The stability has been great."
"Overall, the solution has decreased our time to detect and respond."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"We can block a virus that has a zero-day attack and is publicly unknown and keep it away from the network so it is not further replicated."
"You can advise the solution and protect your environment."
 

Cons

"The product's pricing could be better."
"Cortex XDR is trickier to configure than other Palo Alto products. This is one area where we are not so satisfied."
"I would like to see them include NDR (Network Detection Response). Then it would work well with SIEM Response."
"The downsides of Cortex XDR by Palo Alto Networks are that in many incidents, when I enter the causality chain, there are numerous logs."
"The solution can never really be an on-premises solution based simply on the way it is set up. It needs metadata to run and improve. Having an on-premises solution would cut it off from making improvements."
"I feel that it should not be a licensed activity because a feature should allow us to see applications running on end devices."
"Cortex XDR by Palo Alto Networks could improve its user interface, which is more complicated compared to competitors such as SentinelOne."
"This product has not improved my organization - in fact, we are in the process of moving back to another product as a result of Cortex's horrible impact on system performance."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
"The onboarding and offboarding need improvement."
"The support could be more knowledgable to improve their offering."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"The logs could be better."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"There could be a way to proactively monitor unusual activity ."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"The solution should have better reporting."
 

Pricing and Cost Advice

"Very costly product."
"I don't recall what the cost was, but it wasn't really that expensive."
"The cost of Cortex XDR by Palo Alto Networks is $55 to $90 USD per endpoint per month."
"It has a higher cost than other solutions, like CrowdStrike or Microsoft’s EDR tools, but it reduces the cost of our operations because it’s a new generation antivirus tool."
"The pricing is a little bit on the expensive side."
"Cortex XDR's pricing is ok."
"It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff."
"Its pricing is kind of in line with its competitors and everybody else out there."
"It can be complex to navigate since customers have varying licensing agreements across Microsoft. If they go straightforward with E5 for all users, it's simple, but combinations based on budget constraints can complicate things."
"Microsoft Defender falls within a mid-tier price range compared to other security solutions."
"We've managed to navigate it effectively through our enterprise agreement, and Microsoft's academic discounts have proven to be quite generous."
"It is fairly priced because we get complete integrated services with the E5 license."
"I believe that the pricing of the licensing is fair."
"The pricing of Microsoft 365 Defender is definitely on the costly side, but with the features and services that Microsoft provides, such as the seamless integration of all the Defender tools, while the price is on the higher side, there is no alternative."
"Microsoft Defender XDR is priced high."
"Microsoft is not competitive with the pricing of the solution. The competitors are able to offer lower discounts. The price of the solution is higher."
Information not available
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
904,146 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
11%
Comms Service Provider
9%
Computer Software Company
9%
Financial Services Firm
9%
Comms Service Provider
7%
Manufacturing Company
7%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise28
Large Enterprise41
No data available
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What is your experience regarding pricing and costs for Microsoft 365 Defender?
My experience with the pricing, setup costs, and licensing of Microsoft Defender XDR is that we are on an E5 license,...
What needs improvement with Microsoft 365 Defender?
From my perspective, Microsoft Defender XDR can be improved with better visibility in certain areas where I can trigg...
What is your primary use case for Microsoft 365 Defender?
My main use cases for Microsoft Defender XDR are telemetry, advanced hunting, and the ability to perform host isolati...
Ask a question
Earn 20 points
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
No data available
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
Information Not Available
Find out what your peers are saying about CrowdStrike, SentinelOne, TrendAI and others in Extended Detection and Response (XDR). Updated: June 2026.
904,146 professionals have used our research since 2012.