No more typing reviews! Try our Samantha, our new voice AI agent.

Microsoft Defender XDR vs Symantec XDR comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Extended Detection and Response (XDR)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Microsoft Defender XDR
Ranking in Extended Detection and Response (XDR)
5th
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
108
Ranking in other categories
Endpoint Detection and Response (EDR) (9th), Microsoft Security Suite (4th)
Symantec XDR
Ranking in Extended Detection and Response (XDR)
50th
Average Rating
8.0
Number of Reviews
1
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Extended Detection and Response (XDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 4.6%, down from 5.1% compared to the previous year. The mindshare of Microsoft Defender XDR is 4.0%, down from 5.6% compared to the previous year. The mindshare of Symantec XDR is 0.4%, up from 0.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks4.6%
Microsoft Defender XDR4.0%
Symantec XDR0.4%
Other91.0%
Extended Detection and Response (XDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
reviewer2812758 - PeerSpot reviewer
Infosec at a government with 10,001+ employees
Integrated defenses have unified threat hunting, phishing simulations, and identity investigations
I appreciate Microsoft Defender XDR's MDE, Microsoft Defender tool, which has Attack Simulator. Instead of doing a phishing campaign and getting a separate tool, Microsoft Defender XDR does it all. These features of Microsoft Defender XDR have helped us conduct a phishing campaign quarterly, which has been beneficial. I also appreciate the fact that it has Defender for Office integrated, Defender for Identity, and everything integrated together. I would describe the process of using Microsoft Defender XDR to prioritize incidents in my security operations as quite decent. I appreciate the automatic alerting system where any incidents or alerts we receive come directly to our email. From there, we can open the email, go directly to Microsoft Defender XDR, and start our investigations and remediations. I perceive the integration of security and identity access management in Microsoft Defender XDR as affecting my identity protection strategies very well because it is well integrated with Purview, integrated well with Entra ID, and integrated well with Exchange. I especially appreciate MDO, the Office product. If anything happens and I want to conduct an investigation, it takes me directly to Exchange, where I can also investigate any emails or phishing incidents. Instead of going to different portals, everything can be done from Microsoft Defender XDR. If necessary for further investigation, Microsoft Defender XDR then directs me to that environment. I would assess the integration of AI in guiding security actions within Microsoft Defender XDR as quite positive. Recently, Security Copilot went big, and it is beneficial that I can use that, especially to write KQL. I can do threat hunting features and intelligence all within using Microsoft's Security Copilot. It also has a nice AI feature for threat hunting. I know that all the Defender logs go to Sentinel, and I can pull it up from Microsoft Defender XDR or from Sentinel. The fact that I can actually do all that within Microsoft Defender XDR is a nice feature. In the top module, I can do threat lookups, and I can actually type KQLs in Microsoft Defender XDR and look up incidents. Predictive shielding has had a nice impact on my proactive security measures. It is beneficial that it has, similar to Entra ID, a secure score. For me to improve the product, the secure score helps me out. If I rate it from highest to lowest, I can see what things I can improve. Secure score helps me see what areas I can improve in Microsoft Defender XDR to increase my score and bring it to 80 or more. Knowing Microsoft Defender XDR from using it since 2019, before COVID days, I know that they have improved significantly. It is much more user-friendly and has a very nice vulnerability feature that I find handy and useful. The fact that this feature integrates into Intune is also very decent.
BR
Cyber Security Consultant at I(TS)² Saudi Arabia
A scalable and stable solution with straightforward deployment
We can generate maps from the environment. For example, suppose there is a virus that has a zero-day attack and is publicly unknown. We can block that and keep it away from the network so it is not further replicated. It also has custom white and black lists. We can add a good reputation on both lists and use the sonar technology for Symantec and the online network for advanced reports.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Cortex XDR by Palo Alto Networks saves time in various ways, although the user interface is fairly standard."
"It blocks malicious files, prevents attacks, and doesn't require many updates because it is a very light application."
"Its interface and pricing are most valuable, and it is better than other vendors in terms of security."
"But overall, when we speak about security and protection, they are one of the top providers."
"I recognize that Cortex XDR by Palo Alto Networks is one of the best products in its category regarding capabilities."
"It's very stable. I've never experienced downtime for the ASM console or ASM core."
"The product's initial setup phase is very easy."
"It is a simple platform to use."
"The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics."
"Microsoft Sentinel enables you to ingest data from your entire ecosystem, investigate threats, and respond from one place, which has reduced our time to detection and time to response by about 20 percent."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"Microsoft Defender's most critical component is its CASB solution. It has many built-in policies that can improve your organization's cloud security posture. It's effective regardless of where your users are, which is critical because most users are working from home. It's cloud-based, so nothing is on-premise."
"Microsoft 365 Defender is a good solution and easy to use."
"Microsoft 365 Defender's most valuable feature is the ability to control the shadow IP."
"What I found most valuable in Microsoft 365 Defender is that it's able to scan emails and protect users from dangerous links or attachments."
"Overall, the solution has decreased our time to detect and respond."
"We can block a virus that has a zero-day attack and is publicly unknown and keep it away from the network so it is not further replicated."
"You can advise the solution and protect your environment."
 

Cons

"The GUI could be improved."
"The solution can never really be an on-premises solution based simply on the way it is set up. It needs metadata to run and improve. Having an on-premises solution would cut it off from making improvements."
"The price could be a little lower."
"We would also like to have advanced tech protection and email scanning."
"Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."
"Impact on system performance is horrible, adding a lot of delays for users."
"There's room for improvement with Mac device installations, which can be challenging."
"Cortex XDR by Palo Alto Networks is not only pricey; it is extremely expensive."
"Automated playbooks and automated dashboards would be preferable to the way the data is currently being presented."
"For Microsoft Defender XDR, there is currently no ability to reset passwords for on-premises accounts, which is a key challenge."
"I'd like to see a wider solution that includes not only desktop devices but also other devices, such as servers, storage cabinets, switching equipment, et cetera."
"Microsoft support is not very good. You get stuck in low-level support for way longer than you should, instead of them escalating the issue up the chain."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"From a performance standpoint, improvements could be made."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"The solution should have better reporting."
 

Pricing and Cost Advice

"Our customers have expressed that the price is high."
"In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage."
"Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance."
"Cortex XDR by Palo Alto Networks is quite an expensive solution."
"This is an expensive solution."
"It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff."
"When we first bought it, it was a bit expensive, but it was worth it. The licensing was straightforward."
"The price of the solution is high for the license and in general."
"We have a lot of problems in Latin America regarding the price of Microsoft 365 Defender, because the relationship between dollars and the money of the different countries, it's is a lot. Many customers that have small businesses say that they would like the solution but it is too expensive. However, large companies do not find the cost an issue."
"For Defender, they have Endpoint Plan 1 and Endpoint Plan 2, but I don't know on what basis they have classified Endpoint Plan 1 and Plan 2, but it has given me enough pain to pick and design Endpoint Plan 1 or Endpoint Plan 2 for my organization. In fact, we are still struggling with it. Too many SKUs are confusing. There should not be too many SKUs, and they shouldn't charge for every new feature."
"Sometimes 365 Defender is expensive, but it can be moderate, depending on the organization's size and the license type. We're satisfied with the cost because it gives us a product that protects our entire environment with DLP. To compromise some cost, of course, we are to complete the most secure environment."
"Microsoft should provide lower-level licensing options. They should do it in such a way that even an individual could purchase a license, and it should be entirely flexible."
"The licensing fee for Microsoft 365 Defender is fair."
"We've managed to navigate it effectively through our enterprise agreement, and Microsoft's academic discounts have proven to be quite generous."
"It has consistently offered highly appealing academic pricing, with distinct rates for higher education and general educational purposes."
"It is fairly priced because we get complete integrated services with the E5 license."
Information not available
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
903,067 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Computer Software Company
9%
Financial Services Firm
9%
Comms Service Provider
7%
Manufacturing Company
7%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise28
Large Enterprise41
No data available
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What is your experience regarding pricing and costs for Microsoft 365 Defender?
My experience with the pricing, setup costs, and licensing of Microsoft Defender XDR is that we are on an E5 license,...
What needs improvement with Microsoft 365 Defender?
From my perspective, Microsoft Defender XDR can be improved with better visibility in certain areas where I can trigg...
What is your primary use case for Microsoft 365 Defender?
My main use cases for Microsoft Defender XDR are telemetry, advanced hunting, and the ability to perform host isolati...
Ask a question
Earn 20 points
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Microsoft 365 Defender, Microsoft Threat Protection, MS 365 Defender
No data available
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Accenture, Deloitte, ExxonMobil, General Electric, IBM, Johnson & Johnson and many others.
Information Not Available
Find out what your peers are saying about CrowdStrike, SentinelOne, TrendAI and others in Extended Detection and Response (XDR). Updated: June 2026.
903,067 professionals have used our research since 2012.