Microsoft Sentinel and Palo Alto Networks Cortex XSOAR compete in the security and orchestration space. Microsoft Sentinel may have the upper hand with its Azure integration and scalability, while Cortex XSOAR shines with its orchestration capabilities.
Features: Microsoft Sentinel offers seamless integration with Azure and Microsoft products, extensive automation, and scalability within its ecosystem. On the other hand, Palo Alto Networks Cortex XSOAR is known for its powerful orchestration, advanced automation capabilities, and wide integration possibilities.
Room for Improvement: Microsoft Sentinel users suggest a more intuitive user experience, improved documentation, and better mobile notifications. Pricing complexity and challenges with non-Microsoft integrations were also noted. For Cortex XSOAR, users seek enhanced dashboard customization, reduced licensing costs, and more user-friendly out-of-the-box playbooks.
Ease of Deployment and Customer Service: Microsoft Sentinel is primarily deployed on the public cloud, backed by robust Microsoft resources and generally favorable setup experiences. Customer support is responsive, though documentation can improve. Cortex XSOAR offers varied deployment options, with knowledgeable support that is sometimes inconsistent for non-premium users.
Pricing and ROI: Microsoft Sentinel follows a pay-as-you-go model, beneficial for scaling but potentially costly with data ingestion. Effective use of automation enhances ROI. Cortex XSOAR is considered high-cost, with expenses rising with additional features. Its ROI proves substantial when workflows are extensively automated in mature SOC environments.
If a customer is already using Microsoft’s ecosystem, the ROI can be positive due to seamless integration.
We attribute our growth to Sentinel.
From a risk perspective, it's about mitigating risk, and as mentioned earlier, we haven't missed many things since we've had the offering in market—only a couple of minor incidents.
We are positioning Palo Alto Networks Cortex XSOAR, which can be used in the SOC and do a lot of automation for the customer.
Their solutions' integration simplifies resolving issues compared to those caused by third-party products.
Working with a Sentinel engineer helped us tune settings effectively.
When my team needs to escalate issues to Microsoft, especially for Microsoft Sentinel, the response is fast through their French entity.
Their support has been better than Anomali's and they are more responsive.
The technical support provided by Palo Alto Networks Cortex XSOAR is good.
Office 365 and Exchange are running on it, covering about 35,000 users efficiently.
As our organization uses Microsoft Azure and Defender, everything grows together, and we can integrate various features seamlessly.
Being a SaaS solution, the scalability of Microsoft Sentinel is robust.
The scalability of Palo Alto Networks Cortex XSOAR supports our growth and security needs because we can integrate various tools and continuously add more capability.
So far, we have not experienced any issues, and it has been stable from the beginning.
In the past two years, our team hasn't encountered any issues with the stability of Microsoft Sentinel from an operations perspective.
I need to be aware of deprecated connectors as they may disconnect, but the data continues to be sent with a need for quick adaptation.
We have some tools, such as our off-site Meraki firewalls, that have not fully integrated with Sentinel.
Currently, we are happy to have a way in the middle with not so much cost, but it would be nice to have the ability to enhance the automation of workflows based on learned incidents.
There are complexities in calculating the right pricing tier for different customers, which makes it difficult for me as a consultant during upfront pricing.
The deployment requires integration and the development of integration modules.
One of the significant issues we encounter is system slowdown when we receive an influx of alerts, which inhibits how quickly we can access the information needed for investigation.
To improve the solution, it needs to have complete features that are low-code, no-code, and should be plug-and-play.
Microsoft Sentinel offers more capabilities than Bastion, with a more intuitive experience.
Setting up the right cost model for customers is intricate, requiring careful consideration of various components and licensing tiers.
The ingestion costs for the data analytics is usually the highest cost.
For customers, it is zero versus $20 million, which is why they have to make a decision.
Microsoft Sentinel's ability to correlate data from multiple sources and its detection capabilities are essential.
Microsoft Sentinel has improved cost efficiency, which is one of the key areas we're able to win business against the ability to have threat intelligence.
Microsoft Sentinel's ability to correlate data from multiple sources enhances our threat detection capabilities beyond what is a simple data lake solution by filtering out the noise and consolidating the signal down to a meaningful level that is easier to investigate and see.
Execution of automatic tasks for collecting, enriching, and correlating security events from hundreds of different technologies.
If I already have an established process, I do not have to change my process to fit into the tool. I can modify the tool to fit into my process, which makes things considerably easier.
We have implemented automation features, such as automated responses to email threats and automatic configuration of target devices for blocking specific IPs.
| Product | Market Share (%) |
|---|---|
| Microsoft Sentinel | 16.3% |
| Palo Alto Networks Cortex XSOAR | 9.7% |
| Other | 74.0% |
| Company Size | Count |
|---|---|
| Small Business | 37 |
| Midsize Enterprise | 20 |
| Large Enterprise | 41 |
| Company Size | Count |
|---|---|
| Small Business | 19 |
| Midsize Enterprise | 8 |
| Large Enterprise | 24 |
Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:
- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds
- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft
- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft
- Respond to incidents rapidly with built-in orchestration and automation of common tasks
To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.
Palo Alto Networks delivers a complete solution that helps Tier-1 through Tier-3 analysts and SOC managers to optimize the entire incident life cycle while auto documenting and journaling all the evidence. More than 100+ integrations enable security orchestration workflows for incident management and other critical security operation tasks.
Palo Alto Networks Cortex XSOAR is a piece of Security Orchestration, Automation, and Response software that redefines what it means for a program to orchestrate security in an automated manner. It is a next-generation solution that offers all of the features of dozens of siloed security operations center tools in one place. Cortex XSOAR combines case management, automation, real-time collaboration, and threat intelligence management to create a platform that can handle all aspects of system security. Teams that make use of Cortex XSOAR can expect to cut the number of issues that they will have to deal with by 75%. At the same time, the speed at which they resolve those issues that slip through will rise by 90%.
Cortex XSOAR ensures that all of the IT and security tools that you employ function as a unified system. It does this by employing hundreds of integrations that allow you to run a wide variety of programs at once without ever worrying about them interfering with each other. These integrations are limited only by your imagination. They can be used immediately as they are, if that is what you need. However, they can also be customized according to the requirements of your system. This approach provides you with the maximum levels of both flexibility and utility.
The model that this platform uses is based on a machine learning algorithm. The level of automation allows you to provide more than an unchanging and inflexible blanket of coverage. Cortex XSOAR takes all of the data that it gathers and uses it to expand its protective capabilities. This creates recommendations that you can use to create a threat playbook that can be deployed uniformly throughout your organization.
Benefits of Palo Alto Networks Cortex XSOAR
Some of Palo Alto Networks Cortex XSOAR’s benefits include:
Reviews from Real Users
Palo Alto Networks Cortex XSOAR’s centralized monitoring interface and automation are two features that help it stand out. This might help explain why one quarter of the Fortune 500 companies choose Palo Alto Networks Cortex XSOAR over the competition.
Peerspot users note the effectiveness of these features. One user wrote, “We were looking for a single pane of glass type of solution that would allow us to physically be in one appliance - be able to work in concert with other servers that we have within our environment. We wanted orchestration and automation. The single pane of glass was the most important part.” Another noted, "The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
