Palo Alto Networks Cortex XSOAR vs Swimlane comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo
17,715 views|9,994 comparisons
92% willing to recommend
Palo Alto Networks Logo
11,001 views|6,061 comparisons
91% willing to recommend
Swimlane Logo
1,724 views|1,190 comparisons
100% willing to recommend
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Palo Alto Networks Cortex XSOAR and Swimlane based on real PeerSpot user reviews.

Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Palo Alto Networks Cortex XSOAR vs. Swimlane Report (Updated: May 2024).
771,946 professionals have used our research since 2012.
Q&A Highlights
Question: Which SOAR product has the better value: Palo Alto Networks Cortex XSOAR or Swimlane? Why?
Answer: Palo Alto Networks Cortex XSOAR and Swimlane may be considered excellent SOAR products but have different strengths and weaknesses. Below is a comparison of the two products in terms of value: Palo Alto Networks Cortex XSOAR Strengths Cortex XSOAR is known for being scalable, plus it has several features. The solution also offers a variety of integrations with other security tools and cloud platforms. Weaknesses Some consider Cortex XSOAR more complex to use than Swimlane, and it may not be as well-suited for small and medium-sized businesses. Swimlane Strengths It is reported that Swimlane is easy to use and is known for having a powerful workflow engine. Like Cortex XSOAR, Swimlane also offers various integrations with other security tools. Weaknesses Some say Swimlane could be more expensive than Cortex XSOAR and may not be as well-suited for large enterprises with complex security needs. They say that Swimlane provides better value for most organizations. It may be easier to use and more affordable than Cortex XSOAR, plus it offers a variety of integrations and features that may be essential for most organizations. However, if you are a large enterprise with complex security needs, Cortex XSOAR may be a better choice for you, as they say it is more scalable and offers a broader range of features over Swimlane.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning.""The Log analytics are useful.""We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable.""The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running.""Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information.""Sentinel pricing is good""The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system.""Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"

More Microsoft Sentinel Pros →

"The solution is very reliable.""The product’s stability is good.""Palo Alto is easy to use.""The most valuable features are the orchestration because of the way in which it coordinates the loss from all the devices and it provides us with a high-level overview of the critical log information.""The pricing is very good.""The product is quite easy to use.""The most valuable features of Palo Alto Networks Cortex XSOAR are its overall track record and features that fit our use case.""It is a scalable solution."

More Palo Alto Networks Cortex XSOAR Pros →

"The technical support from Swimlane is very good.""The most valuable feature of the solution is the support.""It provides us with a single portal for our logs from different solutions."

More Swimlane Pros →

Cons
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized.""For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons.""We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed.""It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall.""We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules.""Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel.""Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise.""They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."

More Microsoft Sentinel Cons →

"XSOAR could have more integration options.""When Palo Alto bought the solution, the pricing increased by 1.5 times. There's been a 50% increase, which is a lot.""With Palo Alto Networks Cortex XSOAR, managing its setup phase can be a complicated task.""In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts. I can't take a tab and say I want to use this tab on these other layouts. I have to physically go in there and recreate it from scratch, which is maddening.""The solution requires DV but does not support open-source DV elastic searches.""The integration could be better. Cortex, for example, does not work with iPhone.""It doesn't offer automatic internet reports out of the box.""There is room for improvement in support. The response time could be faster."

More Palo Alto Networks Cortex XSOAR Cons →

"The initial setup and deployment are complex.""The stability of the solution has room for improvement.""We faced a lot of issues with the product’s stability."

More Swimlane Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."
  • More Microsoft Sentinel Pricing and Cost Advice →

  • "There is a perception that it is priced very high compared to other solutions."
  • "From the cost perspective, I have heard that its price is a bit high as compared to other similar products."
  • "There is a yearly license required for this solution and it is expensive."
  • "It is approx $10,000 or $20,000 per year for two user licenses."
  • "When I first looked at Demisto, it had a price tag of $250,000 but when we finally purchased it, it was $345,000."
  • "The price of Palo Alto Networks Cortex XSOAR is expensive."
  • "The price of Palo Alto Networks Cortex XSOAR is comparable to other solutions in the market."
  • "The solution is based on an annual licensing model that is expensive."
  • More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →

    Information Not Available
    report
    Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
    771,946 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Top Answer:Whether the product is cheap or expensive depends on the company and how much they are willing to spend on security… more »
    Top Answer:The solution is complicated to learn. Customers find it difficult to learn how the solution works. We need professionals… more »
    Top Answer:It provides us with a single portal for our logs from different solutions.
    Top Answer:We faced a lot of issues with the product’s stability. Sometimes we find bugs in the plug-ins. We experience some… more »
    Top Answer:I use the solution for receiving alerts and case creation. It is used as a ticketing system.
    Comparisons
    Also Known As
    Azure Sentinel
    Demisto Enterprise, Cortex XSOAR, Demisto
    Learn More
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Palo Alto Networks delivers a complete solution that helps Tier-1 through Tier-3 analysts and SOC managers to optimize the entire incident life cycle while auto documenting and journaling all the evidence. More than 100+ integrations enable security orchestration workflows for incident management and other critical security operation tasks.

    Palo Alto Networks Cortex XSOAR is a piece of Security Orchestration, Automation, and Response software that redefines what it means for a program to orchestrate security in an automated manner. It is a next-generation solution that offers all of the features of dozens of siloed security operations center tools in one place. Cortex XSOAR combines case management, automation, real-time collaboration, and threat intelligence management to create a platform that can handle all aspects of system security. Teams that make use of Cortex XSOAR can expect to cut the number of issues that they will have to deal with by 75%. At the same time, the speed at which they resolve those issues that slip through will rise by 90%.

    Cortex XSOAR ensures that all of the IT and security tools that you employ function as a unified system. It does this by employing hundreds of integrations that allow you to run a wide variety of programs at once without ever worrying about them interfering with each other. These integrations are limited only by your imagination. They can be used immediately as they are, if that is what you need. However, they can also be customized according to the requirements of your system. This approach provides you with the maximum levels of both flexibility and utility.

    The model that this platform uses is based on a machine learning algorithm. The level of automation allows you to provide more than an unchanging and inflexible blanket of coverage. Cortex XSOAR takes all of the data that it gathers and uses it to expand its protective capabilities. This creates recommendations that you can use to create a threat playbook that can be deployed uniformly throughout your organization.


    Benefits of Palo Alto Networks Cortex XSOAR

    Some of Palo Alto Networks Cortex XSOAR’s benefits include:

    • The ability to have all of your data collected in a single location. Valuable time can be saved now that everything that security analysts need to know in order to diagnose and react to threats has been centralized.
    • Security operations center tasks can be automated. This allows you to assign management and analyst staff to the most essential tasks. The effectiveness of your organization will be increased, which will result in a rise in your company’s overall security and productivity.
    • Many kinds of data can be stitched together by this platform. Network, endpoint, cloud, and identity data can be combined to offer a more complete picture of the threats that are discovered.
    • Integrated threat intelligence management can notify you about threats in real time. Now you can diagnose and address issues as they arise. You can also assign values to the threats so that your resources are being used in the most effective manner possible.


    Reviews from Real Users

    Palo Alto Networks Cortex XSOAR’s centralized monitoring interface and automation are two features that help it stand out. This might help explain why one quarter of the Fortune 500 companies choose Palo Alto Networks Cortex XSOAR over the competition.

    Peerspot users note the effectiveness of these features. One user wrote, “We were looking for a single pane of glass type of solution that would allow us to physically be in one appliance - be able to work in concert with other servers that we have within our environment. We wanted orchestration and automation. The single pane of glass was the most important part.” Another noted, "The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."

    Swimlane is a leader in security orchestration, automation and response (SOAR). By automating time-intensive, manual processes and operational workflows and delivering powerful, consolidated analytics, real time dashboards and reporting from across your security infrastructure, Swimlane maximizes the incident response capabilities of over-burdened and understaffed security operations.

    Swimlane was founded to deliver scalable innovative and flexible security solutions to organizations struggling with alert fatigue, vendor proliferation and chronic staffing shortages. Swimlane is at the forefront of the growing market for security automation and orchestration solutions that automate and organize security processes in repeatable ways to get the most out of available resources and accelerate incident response.

    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Cellcom Israel, Blue Cross and Blue Shield of Kansas City, esri, Cylance, Flatiron Health, Veeva, ADT Cybersecurity
    LinkedIn, TransUnion, Citrix, Aetna, Perspecta
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Manufacturing Company8%
    Comms Service Provider8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Financial Services Firm20%
    Educational Organization15%
    Comms Service Provider10%
    Retailer10%
    VISITORS READING REVIEWS
    Financial Services Firm13%
    Computer Software Company12%
    Government9%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Computer Software Company14%
    Financial Services Firm12%
    Government10%
    Manufacturing Company8%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    REVIEWERS
    Small Business36%
    Midsize Enterprise18%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise14%
    Large Enterprise65%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise13%
    Large Enterprise67%
    Buyer's Guide
    Palo Alto Networks Cortex XSOAR vs. Swimlane
    May 2024
    Find out what your peers are saying about Palo Alto Networks Cortex XSOAR vs. Swimlane and other solutions. Updated: May 2024.
    771,946 professionals have used our research since 2012.

    Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews while Swimlane is ranked 17th in Security Orchestration Automation and Response (SOAR) with 3 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while Swimlane is rated 7.6. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of Swimlane writes "Great support, scalable, and easier to code". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, ServiceNow Security Operations and IBM Resilient, whereas Swimlane is most compared with Splunk SOAR, Tines, Fortinet FortiSOAR, ServiceNow Security Operations and Cyware Fusion and Threat Response. See our Palo Alto Networks Cortex XSOAR vs. Swimlane report.

    See our list of best Security Orchestration Automation and Response (SOAR) vendors.

    We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.