No more typing reviews! Try our Samantha, our new voice AI agent.

SanerNow CyberHygiene Platform vs Trellix Endpoint Detection and Response (EDR) comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
SanerNow CyberHygiene Platform
Ranking in Endpoint Detection and Response (EDR)
42nd
Average Rating
9.6
Reviews Sentiment
7.6
Number of Reviews
2
Ranking in other categories
Vulnerability Management (49th), Patch Management (17th), Risk-Based Vulnerability Management (19th)
Trellix Endpoint Detection ...
Ranking in Endpoint Detection and Response (EDR)
14th
Average Rating
7.6
Reviews Sentiment
6.9
Number of Reviews
29
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of SanerNow CyberHygiene Platform is 0.7%, up from 0.1% compared to the previous year. The mindshare of Trellix Endpoint Detection and Response (EDR) is 1.0%, down from 1.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
Trellix Endpoint Detection and Response (EDR)1.0%
SanerNow CyberHygiene Platform0.7%
Other94.7%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
JU
Information Technology Supervisor at DMCI Homes, Inc.
Can automate updates and manage software licenses more effectively
Our team uses the SanerNow CyberHygiene Platform for threat detection, focusing on features like vulnerabilities and asset exposure. The asset exposure feature is packaged with software licenses and machines. We get the latest updates and patches for Windows workstations and applications for remediation. We can automate these updates, which greatly improves our previous manual and scripting-based tools. Before, we struggled with setting policies and making changes to workstations. Now, we can automate updates and manage software licenses more effectively. We monitor who's using various licenses like Office, CAD, Visio, and Lumion.
Duncan  Kims - PeerSpot reviewer
Business Development Manager at a retailer with 10,001+ employees
Advanced detection has reduced targeted attacks and builds daily confidence in our defenses
Trellix Endpoint Detection and Response (EDR) has a very low false positive rate compared to other products, thus increasing the SOC efficiency in how my team relies on the solution day-to-day.With the best features Trellix Endpoint Detection and Response (EDR) offers, ease of SOAR integration helps to automate the IOC distribution, and our security team and management trust the product. Advanced detection capabilities ensure that targeted attacks will be detected and blocked before they arrive at our network. SOAR integration has assisted our security team and management in trusting the product.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"They have a new GUI which is just fantastic."
"Cortex XDR is a simple platform that's easy for administrators and users. You have a lot of flexibility to change or customize the features."
"Automation and playbooks have helped me significantly, as Cortex Xnor's playbooks predefine the workflow of the automation, such as response processes, alert triggering, and enriching the context, efficiently detecting and blocking malicious attacks with firewalls while eliminating workload and speeding responses for next-generation operations."
"Palo Alto is one of the tech vendors that always provides top-of-the-line products."
"The anti-exploit is impenetrable. We chose Traps because it is the only product that we were not able to get anything past."
"Cortex XDR's most valuable feature is its intelligence-based dashboards."
"If the user leaves our premises or network, Palo Alto Traps will still be on that endpoint and will still apply our policies."
"Palo Alto is the core of the security infrastructure in the environment."
"Although it is, in fact, a complete vulnerability management solution, the most valuable feature is the patch management functionality. Most of our customers give preference to this tool over other tools when it comes to patch management."
"Our team uses the SanerNow CyberHygiene Platform for threat detection, focusing on features like vulnerabilities and asset exposure. The asset exposure feature is packaged with software licenses and machines. We get the latest updates and patches for Windows workstations and applications for remediation. We can automate these updates, which greatly improves our previous manual and scripting-based tools."
"The product provides a one-click recovery of encrypted files."
"If there is any malicious behavior in the workstation or server, the tool stops or isolates it automatically and generates alerts."
"Trellix Endpoint Detection and Response (EDR) has positively impacted my organization with threat exchange and intel, low false positive ratios, and very high uptime values for both inline and spam modes, along with advanced detection and mitigation capabilities ensuring the highest level of protection and proper detection for command and control and bot attacks."
"Trellix Endpoint Detection and Response (EDR) has positively impacted our organization by improving overall efficiency, overall detection and response capabilities, and the capability to improve threat detections as well as the overall efficiency, time utilized, resource management, and analytic use cases review, significantly enhancing the business functionality."
"Trellix Endpoint Detection and Response (EDR) is valuable because we have a Wide Area Network with many sites, and the EDR is cross-site since it is installed and managed from the cloud."
"The most useful features are behavior monitoring, DLP, and access control. The automation has gotten much better in the last two years than when it was McAfee. It works better now and integrates more smoothly."
"The product is user-friendly."
"It relies on external systems for detection and then asks the endpoint to handle blocking. However, the most crucial feature is its investigative capabilities. With real-time search and other functionalities, it enables comprehensive detection and response."
 

Cons

"It should support more mobile operating systems. That is one of the cons of their infrastructure right now."
"There are some third-party solutions that are difficult to integrate with, which is something that can be improved."
"Additionally, I think the price is very high, and if it can be adjusted, I believe it will be a very good solution."
"The dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard."
"The solution could improve by providing better integration with their own products and others."
"However, if you do not have Palo Alto in your environment, you are paying these additional services just for Cortex XDR by Palo Alto Networks, so it is not a cost-effective solution."
"Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms."
"There are some false positives."
"SanerNow has good integration with the more well known ITSM tools, but at the same time there are many other ITSM (IT Service Management) tools available in the market, including local tools here in India, and I'm not sure how SanerNow plans to integrate with them all out of the box."
"SanerNow CyberHygiene Platform needs to incorporate more documentation."
"The dashboard and reporting features are not so user-friendly or intuitive, so they need some work."
"The searching capabilities for the IOCs can be further improved"
"The console has a lot of bugs, and it creates many issues."
"The solution lacks the ability to integrate with external platforms. In future releases of the solution, I would like to see the solution increase its integration capabilities with external platforms."
"When it comes to some unknown fileless attacks, the tool is not able to detect them properly, making it an area where improvements are required."
"I also think performance needs improvement, especially for servers, as the Trellix HX module uses high CPU, scans constantly, and negatively impacts the performance for our clients' users or our servers."
"This is the worst technical support. Without OEM support, you can't handle this product."
"From an operational standpoint, the first area of improvement would be agent resource optimization, especially for high-load servers, because Trellix Endpoint Detection and Response (EDR) captures an incredible depth of telemetry and real-time forensics."
 

Pricing and Cost Advice

"Its pricing is kind of in line with its competitors and everybody else out there."
"Cortex XDR’s pricing is very reasonable."
"The pricing is a little high. It is per user per year."
"It has a yearly renewal."
"We didn't have to pay any additional fee for the cloud instance. It just came with the renewal, which was nice."
"It's about $55 per license on a yearly basis."
"I feel it is fairly priced."
"The tool's price is moderate."
"The pricing is reasonable - we paid about 2.5 million for 3,500 nodes."
"As with several other solutions such as Microsoft MECM and SCCM, the licensing for SanerNow involves per-device pricing for each kind of product or service on offer."
"The cost is okay, compared to other products."
"Pricing for McAfee MVISION Endpoint Detection and Response is not that expensive, but it's not something that a startup could buy. Pricing for it is for midsized businesses. There's an additional payment if you want data retention for more than thirty days. They gave us data retention for thirty days. Then if you want longer data retention, they have the paid option for a three-month data retention period and for a one-year data retention period."
"The pricing is always high."
"The product’s pricing is reasonable."
"Speaking about the price, you must use the product to find the product's cost for you."
"The licensing costs attached to the solution are very easy to manage. There is a need to make yearly payments towards the licensing costs."
"McAfee MVISION Endpoint Detection and Response is reasonable in terms of cost. It's a tool my company has been using for a few years now. It costs $25,000 to $30,000 for six hundred users."
"Pricing is a problem in South Africa. It could be cheaper here. The rand-to-dollar exchange rate makes it expensive for us. A 25 dollar endpoint cost becomes quite significant when converted to rand."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Outsourcing Company
14%
Construction Company
8%
Retailer
8%
Financial Services Firm
8%
Financial Services Firm
15%
Construction Company
7%
Manufacturing Company
7%
Computer Software Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
No data available
By reviewers
Company SizeCount
Small Business16
Midsize Enterprise3
Large Enterprise14
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What is your experience regarding pricing and costs for SanerNow?
The pricing is reasonable - we paid about 2.5 million for 3,500 nodes.
What needs improvement with SanerNow?
SanerNow CyberHygiene Platform needs to incorporate more documentation.
What is your primary use case for SanerNow?
We use the tool for patch, application, and vulnerability management.
What is your experience regarding pricing and costs for McAfee MVISION Endpoint Detection and Response?
I find licensing to be one of the best aspects of Trellix Endpoint Detection and Response (EDR), but I am unsure abou...
What needs improvement with McAfee MVISION Endpoint Detection and Response?
Trellix Endpoint Detection and Response (EDR) could be improved as I find that, since FireEye and McAfee became Trell...
What is your primary use case for McAfee MVISION Endpoint Detection and Response?
My main use case for Trellix Endpoint Detection and Response (EDR) is for blocking malware and catching unusual behav...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
SecPod SanerNow, SanerNow RP
McAfee MVISION EDR, MVISION EDR, MVISION Endpoint Detection and Response
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Siemens, Aruba, SironLabs, POS Aviation, Kotak, Kaizen Automotive, Amagi, McNeilus Steel, Claremont, Glassbeam, Marlabs, Amazon Web Services
Sutherland Global Services
Find out what your peers are saying about SanerNow CyberHygiene Platform vs. Trellix Endpoint Detection and Response (EDR) and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.