No more typing reviews! Try our Samantha, our new voice AI agent.

Red Canary vs Zscaler Client Connector comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Red Canary
Ranking in Endpoint Detection and Response (EDR)
37th
Average Rating
9.0
Reviews Sentiment
7.7
Number of Reviews
7
Ranking in other categories
Advanced Threat Protection (ATP) (24th), Managed Detection and Response (MDR) (12th), Risk-Based Vulnerability Management (16th)
Zscaler Client Connector
Ranking in Endpoint Detection and Response (EDR)
24th
Average Rating
8.8
Reviews Sentiment
5.9
Number of Reviews
6
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of Red Canary is 0.7%, up from 0.2% compared to the previous year. The mindshare of Zscaler Client Connector is 0.7%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
Zscaler Client Connector0.7%
Red Canary0.7%
Other95.0%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
JH
Head of Information Security and Privacy at Ovative Group
Gained trusted 24/7 threat coverage and now focus security efforts on architecture and design
In my experience, the best features Red Canary offers are their team, their monitoring team, their expertise at incident investigation, and a focus on suspicious or actual indicators of compromise to ensure that we're not spending time just reviewing logs, but that we're actually looking at things that may indicate we have broader issues. The Red Canary team's expertise stands out compared to others I've worked with because their team is organized into smaller pods that support a given number of clients, so they're not just a bevy of operators going around the clock. The teams themselves have coordination and cohesion, and they get to know us. Their integrations into the different platforms and systems that we use all line up with our needs, whereas a number of other platforms offered a different variety of integrations that did not line up with our requirements. Red Canary has positively impacted my organization because I don't have to spend and hire resources to look at logs, which has enabled us to do much more in terms of improving security across the organization. With the freed-up resources, we've been able to implement CSPM, SAST, software testing tooling, and engage much more closely with our developers and engineers to focus on secure architecture and design.
DA
IT Support Admin at Kuehne & Nagel Inc.
Client activity has been monitored efficiently through in-depth log analysis and traffic filtering
I use the Zscaler speed test, and it is very nice. We use some logs from Zscaler Client Connector to collect data and see what is happening, such as if there is an interruption or something. There is a specific tunnel version that we have to use because, depending on the internet provider, some of them have lower speed, so we have some issues. This is because of the provider, not from Zscaler. We use Office 365 services and Office applications, and because some connections are slow and they do not have full coverage from the internet provider, we have some issues. If the speed is slow for Zscaler Client Connector connection, then we have issues because if the speed is not good, then Zscaler Client Connector goes down. This may be because they put some policy. Of course, if you use Office 365 services such as Outlook, the minimum bandwidth is 5 megabits and more, so this causes issues if the users do not have a good remote connection. This depends on the companies and the users, so they need to fix it. This is not from us or our company. It is very useful, and the logs are very helpful. When we go to logs, we understand what is happening.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Cortex XDR features advanced threat detection capabilities."
"Its ability to react to cyber data attacks is awesome. That is pretty much the use of it. What blows your mind is the ability to access your assets remotely and see what is actually going on with them. You can not only see them in a console. You can also react very rapidly to your assets that are compromised."
"Cortex is the best solution for avoiding security breaches, malware attacks, and other kinds of security issues."
"It blocks malicious files, prevents attacks, and doesn't require many updates because it is a very light application."
"Being a cloud solution it is very flexible in serving internal and external connections and a broad range of devices."
"Automation and playbooks have helped me significantly, as Cortex Xnor's playbooks predefine the workflow of the automation, such as response processes, alert triggering, and enriching the context, efficiently detecting and blocking malicious attacks with firewalls while eliminating workload and speeding responses for next-generation operations."
"They have a new GUI which is just fantastic."
"It's a nice product that's stable and scalable."
"I recommended Red Canary to my friends who work in other organizations."
"Red Canary has impacted my organization positively because we treat any ticket triggered by them as high priority due to the fact that 99 percent of the time it is a true positive."
"I am satisfied with this solution and it is very competitive with other similar EDR or MDR solutions because it provides very impressive information about the root cause of the threat, such as malware."
"The valuable features of this solution are it integrates well with different EDR software, such CrowdStrike, and Carbon Black, and the information it provides is helpful."
"The most valuable feature of the solution is its automation part."
"Red Canary has positively impacted my organization because I don't have to spend and hire resources to look at logs, which has enabled us to do much more in terms of improving security across the organization."
"The solution works well for what we use it for and the support and protection are good."
"The near real-time review translates into near real-time action. So, in addition to alerting, Red Canary MDR has response playbooks built out."
"Zscaler Client Connector is quite scalable, and I would rate its scalability as nine or ten out of ten."
"It is very useful, and the logs are very helpful; when we go to logs, we understand what is happening."
"The real-time analytics feature in Zscaler Client Connector is another valuable feature called Digital Experience, or ZDX, which can easily identify the root cause of issues accessing public or internal resources and provide good analysis so relevant teams can quickly resolve them, making it a very good tool that helps customers."
"The best features of Zscaler Client Connector are that it gives the client a much more transparent experience, as they don't have to worry about connecting to a VPN."
"The solution operates in the background seamlessly without the user noticing."
"I'd rate the solution nine out of ten."
"Zscaler Client Connector has eliminated VPN bottlenecks and outages, improved user productivity with instant secure access, and reduced help desk tickets related to VPN issues, overcoming 60% of VPN-related problems while allowing faster onboarding of remote users and better enforcement of zero-trust security policies."
"It is very important to see what is happening between the user and the applications that we have, and to filter the traffic from outbound traffic and inside traffic."
 

Cons

"The deployment is pretty hard."
"Traps doesn't work with McAfee. You need to remove McAfee to install Traps. This is very common, and its nothing that should be an issue. Some antivirus engines recognize Traps as an threat component, so maybe they need to shake hands somewhere."
"A little bit more automation would be nice."
"Cortex XDR by Palo Alto Networks can improve mobile integration to allow access to the console."
"Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth."
"The solution should enhance the ADR and reporting."
"There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration."
"The dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard."
"The price could always be better."
"Red Canary's pricing spectrum may not be ideal for smaller financial institutions."
"I wish Red Canary could have a graph that shows the endpoint, user, and how it spreads, providing a visual representation to easily identify what happened."
"The most valuable feature of Red Canary MDR is the overall threat protection it provides."
"Red Canary can be improved by continuing to add new features and capabilities to what they are looking at, including the types of data they're looking at and the types of systems that they're integrating with."
"I would like there to be an on-premise version of this solution for our data centers because of the proliferation of online threats."
"In general, the solution currently fails to provide a summary to its users."
"The stability of Zscaler Client Connector needs improvement, as it often disconnects and reconnects."
"There is a hard learning curve for Zscaler Client Connector; their support isn't the greatest all the time."
"I rate this product nine out of ten because I have seen some minor instability issues after updates and some room for UI improvement for deeper analytics, with instances of major issues after updating the GCC that required rollbacks."
"There is room for improvement regarding the price of Zscaler Client Connector, as it is one of the most expensive solutions available."
"Zscaler Client Connector is not low in cost; it is definitely on the higher side."
"If the speed is slow for Zscaler Client Connector connection, then we have issues because if the speed is not good, then Zscaler Client Connector goes down."
 

Pricing and Cost Advice

"Cortex XDR by Palo Alto Networks is quite an expensive solution."
"I feel it is fairly priced."
"It has reasonable pricing for the use cases it provides to the company."
"Very costly product."
"I am using the Community edition."
"We pay about $50,000 USD per year for a bundle that includes Cortex XDR."
"It has a yearly renewal."
"Licensing for Palo Alto Networks Cortex XDR can be costly, especially when it comes to a hundred users. A license is required for each user, and the subscription must be renewed on a yearly basis."
"I have not compared Red Canary to other solutions to know if the price is high or low. However, I have found the price of this solution fair and reasonable, it cost approximately $100 per year, per device. If they could provide the solution for $50 per year, per device, it would be better."
"Red Canary MDR I use is an open-source tool."
"The solution could vary in price depending on how many endpoints a company has."
Information not available
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
9%
Construction Company
8%
Manufacturing Company
8%
Computer Software Company
8%
Manufacturing Company
21%
Financial Services Firm
10%
Government
9%
Comms Service Provider
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business6
Large Enterprise2
By reviewers
Company SizeCount
Small Business3
Large Enterprise5
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What needs improvement with Red Canary MDR?
Red Canary can be improved by continuing to add new features and capabilities to what they are looking at, including ...
What is your primary use case for Red Canary MDR?
My main use case for Red Canary is to ensure I can sleep at night by getting 24/7 coverage by a capable team to inves...
What is your experience regarding pricing and costs for Zscaler Client Connector?
My experience with pricing, setup cost, and licensing is that the pricing is fair, though it is a bit costly. It oper...
What needs improvement with Zscaler Client Connector?
For Zscaler Client Connector, I would appreciate more granular control over the client update rollout and slightly fa...
What is your primary use case for Zscaler Client Connector?
My main use case of Zscaler Client Connector is to provide secure, seamless access to the internet and internal appli...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Red Canary Managed Detection and Response (MDR)
No data available
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
DuPont, Quanta Services, Microchip Technology, Hopkins Public Schools, Henny Penny, Schumacher Homes
Information Not Available
Find out what your peers are saying about Red Canary vs. Zscaler Client Connector and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.