No more typing reviews! Try our Samantha, our new voice AI agent.

Red Canary vs Sangfor Endpoint Secure comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Red Canary
Ranking in Endpoint Detection and Response (EDR)
37th
Average Rating
9.0
Reviews Sentiment
7.7
Number of Reviews
7
Ranking in other categories
Advanced Threat Protection (ATP) (24th), Managed Detection and Response (MDR) (12th), Risk-Based Vulnerability Management (16th)
Sangfor Endpoint Secure
Ranking in Endpoint Detection and Response (EDR)
36th
Average Rating
8.2
Reviews Sentiment
7.4
Number of Reviews
11
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of Red Canary is 0.7%, up from 0.2% compared to the previous year. The mindshare of Sangfor Endpoint Secure is 0.7%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
Sangfor Endpoint Secure0.7%
Red Canary0.7%
Other95.0%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
JH
Head of Information Security and Privacy at Ovative Group
Gained trusted 24/7 threat coverage and now focus security efforts on architecture and design
In my experience, the best features Red Canary offers are their team, their monitoring team, their expertise at incident investigation, and a focus on suspicious or actual indicators of compromise to ensure that we're not spending time just reviewing logs, but that we're actually looking at things that may indicate we have broader issues. The Red Canary team's expertise stands out compared to others I've worked with because their team is organized into smaller pods that support a given number of clients, so they're not just a bevy of operators going around the clock. The teams themselves have coordination and cohesion, and they get to know us. Their integrations into the different platforms and systems that we use all line up with our needs, whereas a number of other platforms offered a different variety of integrations that did not line up with our requirements. Red Canary has positively impacted my organization because I don't have to spend and hire resources to look at logs, which has enabled us to do much more in terms of improving security across the organization. With the freed-up resources, we've been able to implement CSPM, SAST, software testing tooling, and engage much more closely with our developers and engineers to focus on secure architecture and design.
OA
Coordinator Associate at National Institute of Cardiovascular Diseases
Quick threat response and behavior analysis while enhancing network security
The main use case is usually related to security. It deals with attacks that come day-to-day such as zero-day attacks and APT attacks. Our main task is to secure the network infrastructure in the hospital where I work It facilitates the departments of IT and other departments to procure and…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I can highlight that we have not faced any security incidents with Cortex XDR by Palo Alto Networks, and even though our environment is quite dynamic, we have not faced any security incident with Cortex XDR by Palo Alto Networks until now."
"The product's initial setup phase is very easy."
"The solution's most valuable feature is its ability to rapidly detect certain hardware files."
"The information the dashboard provides is very clear."
"The anti-exploit is impenetrable."
"The solution doesn't need a high level of technical training."
"I have found the solution to be very easy in respect of the integration and configurable."
"It collects and caches and the knowledge of machine learning from different customers to take to the cloud, it makes it better to use for everybody, it allows for quick learning and updates and can, therefore, offer zero-day malware security, and this sharing of metadata helps make the solution very safe."
"I recommended Red Canary to my friends who work in other organizations."
"The near real-time review translates into near real-time action. So, in addition to alerting, Red Canary MDR has response playbooks built out."
"I am satisfied with this solution and it is very competitive with other similar EDR or MDR solutions because it provides very impressive information about the root cause of the threat, such as malware."
"Red Canary has impacted my organization positively because we treat any ticket triggered by them as high priority due to the fact that 99 percent of the time it is a true positive."
"Red Canary has positively impacted my organization because I don't have to spend and hire resources to look at logs, which has enabled us to do much more in terms of improving security across the organization."
"The most valuable feature of the solution is its automation part."
"The solution works well for what we use it for and the support and protection are good."
"The valuable features of this solution are it integrates well with different EDR software, such CrowdStrike, and Carbon Black, and the information it provides is helpful."
"The most valuable feature I have found in the system is its comprehensive end-to-end protection."
"The tool's most valuable features are control access, endpoint security, and load balancing of ISPs."
"The user-friendliness of Sangfor Endpoint Secure is particularly impressive. Even with basic technical knowledge, users can easily navigate the system, make changes, and implement updates."
"The product's initial setup phase was straightforward."
"It has a quick response time, threat intelligence, cybersecurity features, quick report generation, behavior analysis, dynamic detection, and quarantine features."
"The tool's AI feature is helpful in endpoint security."
"We use the product for network protection from any malicious threat."
"I like the tool's honeypot feature. Some features include having a honeypot to detect attacks in a certain area. Additionally, there is RDP protection, which means that when we remote into our server or any endpoint, we must enter a password as a second layer of security. It can also integrate with next-generation firewalls."
 

Cons

"I have run into some detection issues with Cortex XDR. It needs to be better at detection of internal attacks."
"The MAC agent is not as robust feature-wise as the PC version."
"As an improvement, I would like to see enhanced connection speeds."
"The solution should force customers to integrate with network traffic to see the full benefits of XDR."
"It takes time to scan the servers and devices."
"Impact on system performance is horrible, adding a lot of delays for users."
"In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are the big company, so they can improve the UI a little bit. The UI, the reports, the log system can all be improved."
"I would like to see improvement in the tool's user interface, particularly in the area of managing alerts and providing more reporting capabilities."
"Red Canary can be improved by continuing to add new features and capabilities to what they are looking at, including the types of data they're looking at and the types of systems that they're integrating with."
"The most valuable feature of Red Canary MDR is the overall threat protection it provides."
"The price could always be better."
"Red Canary's pricing spectrum may not be ideal for smaller financial institutions."
"In general, the solution currently fails to provide a summary to its users."
"I would like there to be an on-premise version of this solution for our data centers because of the proliferation of online threats."
"I wish Red Canary could have a graph that shows the endpoint, user, and how it spreads, providing a visual representation to easily identify what happened."
"I believe Sangfor Endpoint Secure could improve in terms of its user interface and management capabilities."
"Sometimes, the VPN is not secure and doesn't work properly in Sangfor Endpoint Secure."
"I face issues while migrating from Kaspersky to Sangfor Endpoint Secure."
"Sangfor Endpoint Secure performs poorly."
"When an issue occurs, the response time for first-level support and the time taken for meetings could be improved."
"It is complicated to establish a tunnel due to technical issues in the VPN system."
"Currently, the tool lacks reporting functionalities."
"It would be much more convenient if the migration tool could be installed directly on the customer's VMs, enabling a smoother migration process to the new infrastructure, with potential restrictions addressed accordingly."
 

Pricing and Cost Advice

"It has reasonable pricing for the use cases it provides to the company."
"It has a yearly renewal."
"The price of the solution could be reduced. I have customers that have voiced that the solution is good for the value but if I want to sell more of the solution the price reduction would help."
"The price is on the higher side, but it's okay."
"Cortex XDR’s pricing is very reasonable."
"When we first bought it, it was a bit expensive, but it was worth it. The licensing was straightforward."
"The tool's price is moderate."
"It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff."
"Red Canary MDR I use is an open-source tool."
"The solution could vary in price depending on how many endpoints a company has."
"I have not compared Red Canary to other solutions to know if the price is high or low. However, I have found the price of this solution fair and reasonable, it cost approximately $100 per year, per device. If they could provide the solution for $50 per year, per device, it would be better."
"Sangfor Endpoint Secure is not a cheap solution."
"Sangfor Endpoint Secure's pricing is cheap. I rate it seven out of ten."
"The product is expensive compared to other vendors."
"We were using Hyper-V. So, we switched to Sangfor because of the pricing."
"Price-wise, Sangfor Endpoint Secure can be considered a competitively priced product in the market as it offers quite low prices compared to other solutions."
"The solution is cheap. It is cheaper than other products by 15-20 percent."
"Its "pay as you grow" model offers cost-effectiveness compared to major cloud providers."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
9%
Construction Company
8%
Manufacturing Company
8%
Computer Software Company
8%
Financial Services Firm
17%
Comms Service Provider
11%
University
7%
Media Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business6
Large Enterprise2
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise3
Large Enterprise3
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What needs improvement with Red Canary MDR?
Red Canary can be improved by continuing to add new features and capabilities to what they are looking at, including ...
What is your primary use case for Red Canary MDR?
My main use case for Red Canary is to ensure I can sleep at night by getting 24/7 coverage by a capable team to inves...
What needs improvement with Sangfor Endpoint Secure?
The interface has too many buttons, making it cluttered. It would be better if it were a simplified version with fewe...
What is your primary use case for Sangfor Endpoint Secure?
Sangfor Endpoint Secure is easy to handle with its user-friendly interface. The four engines it utilizes for endpoint...
What advice do you have for others considering Sangfor Endpoint Secure?
At first, people might not understand the interface, which is why it should be simplified. However, once they underst...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Red Canary Managed Detection and Response (MDR)
No data available
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
DuPont, Quanta Services, Microchip Technology, Hopkins Public Schools, Henny Penny, Schumacher Homes
Information Not Available
Find out what your peers are saying about Red Canary vs. Sangfor Endpoint Secure and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.