Open EDR vs Trellix Active Response comparison

Xcitium and Trellix are both solutions in the Endpoint Detection and Response (EDR) category. Xcitium is ranked #40 with an average rating of 8.0, while Trellix is ranked #48 with an average rating of 8.0. Xcitium holds a 0.9% mindshare in EDR, compared to Trellix’s 0.6% mindshare. Additionally, 100% of Xcitium users are willing to recommend the solution, compared to 50% of Trellix users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Open EDR and Trellix Active Response based on real PeerSpot user reviews.

Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in Endpoint Detection and Response (EDR).

To learn more, read our detailed Endpoint Detection and Response (EDR) Report (Updated: April 2026).

Buyer's Guide

Endpoint Detection and Response (EDR)

April 2026

Download the complete report

Helped 886,468 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cortex XDR by Palo Alto Net...

Mindshare comparison

As of April 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.4%, down from 3.9% compared to the previous year. The mindshare of Open EDR is 0.9%, down from 0.9% compared to the previous year. The mindshare of Trellix Active Response is 0.6%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Endpoint Detection and Response (EDR) Mindshare Distribution
Product	Mindshare (%)
Cortex XDR by Palo Alto Networks	3.4%
Open EDR	0.9%
Trellix Active Response	0.6%
Other	95.1%

Endpoint Detection and Response (EDR)

Featured Reviews

ABHISHEK_SINGH

Senior Process Expert at A.P. Moller - Maersk

Gained full visibility and streamlined threat detection through behavior-based insights and AI integration

Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.

Read full review

Timothy Muriithi

Chief Information Officer at a tech consulting company with 51-200 employees

I also like the ability to remotely manage update packages on your systems, and the fact that there is an open source version

Setting OpenEDR was challenging at first, but I got it done by following their documentation and online videos. You need to install the client and configure it to work with their online open platform. Next, you have to configure it on the device if it's a phone. You input a cloud link to the EDR, so you can monitor it from the cloud. There isn't any maintenance aside from updating the client. It's mostly on the cloud.

Read full review

Ezzard De Lange

Senior Manager Operational Technology and Cyber Security at Eskom Ltd

Operational efficiencies increase with immediate threat alerts for endpoints

We use Trellix Active Response primarily for our endpoints, including desktop computers. It monitors all the tools that our users use for their day-to-day work The alerts provided by Trellix Active Response are its most valuable feature. They notify us immediately of any vulnerabilities on the…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"But overall, when we speak about security and protection, they are one of the top providers."

"It'll not slow down your system when compared to others."

"If any application performs suspicious activities, such as changing registries or modifying other applications, Cortex XDR detects and blocks the entire application."

"Palo Alto is one of the tech vendors that always provides top-of-the-line products."

"Best solution for avoiding security breaches, malware attacks, and other kinds of security issues."

"The policy configuration is great, the granularity of policies that are available is very helpful, it is straightforward to set up, and it has pretty much everything we need and works well within the Palo Alto ecosystem."

"Cortex XDR's most valuable feature is its intelligence-based dashboards."

"The positive impacts I see from Cortex XDR by Palo Alto Networks include a complete 360-degree view of our security posture altogether, being a uniform platform where we are ingesting logs from multiple resources."

More Cortex XDR by Palo Alto Networks pros

"Comodo includes a firewall and antivirus in one solution. I also like the ability to remotely manage update packages on your systems. Comodo can even find a lost device and secure it remotely."

"We are hoping to automate detection and response and take advantage of user behavior analytics, given that we are working from home."

"We are hoping to automate detection and response and take advantage of user behavior analytics, given that we are working from home. About half of our workers are still remote, so Active Response gives us that visibility and lets us automate a number of those events."

"The alerts provided by Trellix Active Response are its most valuable feature."

"The solution is scalable."

"The continuous monitoring component of this solution allows Trellix to launch the MDR solution, which correlates all incidents and provides investigation reports within a short period of time, hence offering an advantage to the customers using Trellix Active Response and its integrated products."

"With the ADR parts of it or the Active Response parts of it, we're able to get a little more information compared to the older version, such as analytics, user behavior analytics, triaging, and meaningful reporting."

"It's a little lighter compared to the older version, which was mostly signature-based."

"The alerts provided by Trellix Active Response are its most valuable feature."

More Trellix Active Response pros

Cons

"There are some false positives."

"It would be better if they could educate the customers more. Some sort of seminars and roadshows will help educate the customers and show what the product can do."

"There is also no recovery feature; if some endpoint is under attack there must be the possibility of recovering it or restoring it to a normal state."

"It's very time-consuming to log support issues and the people that answer the tickets aren't very knowledgeable."

"The complexity and confusion regarding product variants, such as XDR, Forexiant, and Forexon, must be addressed."

"However, if you do not have Palo Alto in your environment, you are paying these additional services just for Cortex XDR by Palo Alto Networks, so it is not a cost-effective solution."

"I would like to see some additional features related to email protection included."

"The installation should be easier and the Palo Alto pre-sales and sales teams should have more information on the product because they don't know what they are selling."

More Cortex XDR by Palo Alto Networks cons

"Comodo includes a firewall and antivirus in one solution. I also like the ability to remotely manage update packages on your systems. Comodo can even find a lost device and secure it remotely."

"While the product is good, we are currently facing support issues."

"I would rate technical support from Trellix Active Response as a seven because sometimes we face difficulties finding engineers quickly, leading to customer frustration."

"The only area for improvement is regarding operational technology devices, specifically the engineering automation systems."

"While the product is good, we are currently facing support issues."

"I also expected Active Response 's user interface to be much more analytical."

"The truth, however, is that I was really looking for something much more advanced with user behavior analytics and some AI features that the other competitor's next-gen AV does offer."

"I expected Active Response's user interface to be much more analytical."

"There are some components on the cloud that should also reside in the on-prem deployment models but don't."

Pricing and Cost Advice

"It is "expensive" and flexible."

"The price is on the higher side, but it's okay."

"It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."

"In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage."

"If one wishes to work with another team or large number of users at a future point, he must purchase a license for them."

"The return on investment is from the user side because we have seen the performance of it increase the delivery time of the product if we are using too many web-based and on-premise applications. In indirect ways, we saw the return of investment in terms of performance and user satisfaction increase."

"The price of the solution is high for the license and in general."

"I don't like that they have different types of licenses."

More Cortex XDR by Palo Alto Networks pricing and cost advice

Information not available

"Our costs were somewhere around $600K in Trinidad dollars, which might be about $100K US. We have the ETP plus the EDR. Our recent renewal was 1800 licenses as opposed to the full amount. Our transaction cost was about $600K Trinidad dollars, which is somewhere around $90-100K US."

See which vendors are best for you

Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.

See recommendations

886,468 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Construction Company

13%

Financial Services Firm

13%

Comms Service Provider

Manufacturing Company

Computer Software Company

14%

Manufacturing Company

10%

Financial Services Firm

Comms Service Provider

Construction Company

16%

Financial Services Firm

16%

Comms Service Provider

13%

Performing Arts

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	44
Midsize Enterprise	20
Large Enterprise	48

No data available

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One

Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...

See all answers

Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)

Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...

See all answers

How is Cortex XDR compared with Microsoft Defender?

Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...

See all answers

Ask a question

Earn 20 points

What is your experience regarding pricing and costs for McAfee Active Response?

Based on our evaluations, Trellix Active Response's pricing was the most feasible from a cost perspective. I rate the...

See all answers

What needs improvement with McAfee Active Response?

For Trellix Active Response, there is room for improvement in the platform area and security area to make the dashboa...

See all answers

What is your primary use case for McAfee Active Response?

The typical use case for Trellix Active Response is to provide quick incident response, as the product collects and c...

See all answers

Comparisons

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks

Compared 8% of the time

SentinelOne Singularity Endpoint vs Cortex XDR by Palo Alto Networks

Compared 6% of the time

CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Cortex XSIAM vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks

Compared 3% of the time

More Cortex XDR by Palo Alto Networks Competitors

Elastic Security vs Open EDR

Compared 12% of the time

Trellix Endpoint Security Platform vs Open EDR

Compared 10% of the time

CrowdStrike Falcon vs Open EDR

Compared 7% of the time

SentinelOne Singularity Endpoint vs Open EDR

Compared 6% of the time

Uptycs vs Open EDR

Compared 5% of the time

More Open EDR Competitors

Microsoft Defender for Endpoint vs Trellix Active Response

Compared 12% of the time

Trellix Endpoint Detection and Response (EDR) vs Trellix Active Response

Compared 11% of the time

CrowdStrike Falcon vs Trellix Active Response

Compared 9% of the time

Kaspersky Next XDR Expert vs Trellix Active Response

Compared 6% of the time

Lookout vs Trellix Active Response

Compared 5% of the time

More Trellix Active Response Competitors

Product Reports

Buyer's Guide

Cortex XDR by Palo Alto Networks

April 2026

Download Cortex XDR by Palo Alto Networks product report

Buyer's Guide

Endpoint Detection and Response (EDR)

April 2026

Download Open EDR product report

Buyer's Guide

Endpoint Detection and Response (EDR)

April 2026

Download Trellix Active Response product report

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps

No data available

McAfee Active Response

Overview

Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.

Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.

What are the key features of Cortex XDR?

Advanced Threat Detection: Uses AI and machine learning for proactive threat identification.
Multi-layered Security: Combines various security measures for comprehensive protection.
Endpoint Protection: Safeguards against malware and exploits.
Behavioral Analysis: Monitors suspicious activity for early detection.
Automatic Threat Response: Automates responses to neutralize threats.

What benefits should users expect?

Ease of Use: Simplifies security management with intuitive design.
Resource Efficiency: Minimizes impact on system resources.
Integration Capabilities: Works well with existing security setups.
Reduced Analyst Workload: Automates processes to decrease manual intervention.

Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.

Palo Alto Networks

Open EDR is an advanced solution designed to offer comprehensive endpoint detection and response capabilities. It focuses on providing strong security features tailored to meet the specific needs of modern IT environments.

Open EDR offers robust features for detecting, investigating, and responding to threats within an IT ecosystem. Its design caters to professionals seeking efficient threat management tools. By integrating seamlessly into existing infrastructures, it enhances security operations with real-time threat detection and efficient incident response. As a versatile tool, Open EDR supports a wide array of security use cases, making it an essential part of contemporary IT security strategies.

What are the standout features of Open EDR?

Real-Time Threat Detection: Instantly identifies potential security threats as they arise.
Comprehensive Reporting: Provides detailed analytics and reports to keep users informed.
Scalability: Easily adjusts to accommodate growing IT infrastructures.
Customizable Alerts: Tailor alerts based on specific security requirements.
Seamless Integration: Smooth integration with existing IT tools and platforms.

What benefits or ROI should users expect?

Enhanced Security Posture: Strengthens overall security infrastructure.
Cost Efficiency: Reduces overhead by automating threat detection processes.
Improved Incident Response: Facilitates quicker response times to potential threats.
Better Resource Allocation: Allows teams to focus efforts on strategic initiatives.

In the financial sector, Open EDR is often implemented to safeguard sensitive data while ensuring compliance with industry regulations. Tech firms utilize it to maintain comprehensive oversight and control over their digital environments, adapting quickly to emerging threats and vulnerabilities.

Xcitium

Continuous Visibility into Your Endpoints:
Capture and monitor events, files, host flows, process objects, context, and system state changes that may be indicators of attack or dormant attack components.

Identify and Remediate Breaches Faster:
Access tools you need to quickly correct security issues. Send intelligence to analytics, operations, and forensic teams.

Target Critical Threats:
Get preconfigured and customizable actions when triggered, so you can target and eliminate threats.

Trellix

Sample Customers

CBI Health Group, University Honda, VakifBank

Information Not Available

Liquor Control Board of Ontario

Buyer's Guide

Endpoint Detection and Response (EDR)

April 2026

Download Free Report

Find out what your peers are saying about CrowdStrike, SentinelOne, Microsoft and others in Endpoint Detection and Response (EDR). Updated: April 2026.

DOWNLOAD NOW

886,468 professionals have used our research since 2012.

See our list of best Endpoint Detection and Response (EDR) vendors.

We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.