SentinelOne Singularity Complete vs Trellix XDR comparison

SentinelOne and Trellix are both solutions in the Extended Detection and Response (XDR) category. SentinelOne is ranked #2 with an average rating of 9.0, while Trellix is ranked #33 with an average rating of 8.0. SentinelOne holds a 5.8% mindshare in XDR, compared to Trellix’s 0.6% mindshare. Additionally, 98% of SentinelOne users are willing to recommend the solution, compared to 100% of Trellix users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between SentinelOne Singularity Complete and Trellix XDR based on real PeerSpot user reviews.

Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed SentinelOne Singularity Complete vs. Trellix XDR Report (Updated: February 2026).

Buyer's Guide

SentinelOne Singularity Complete vs. Trellix XDR

February 2026

Download the complete report

Helped 884,933 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cortex XDR by Palo Alto Net...

Mindshare comparison

As of March 2026, in the Extended Detection and Response (XDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 4.9%, down from 5.6% compared to the previous year. The mindshare of SentinelOne Singularity Complete is 5.8%, up from 5.3% compared to the previous year. The mindshare of Trellix XDR is 0.6%, up from 0.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Extended Detection and Response (XDR) Mindshare Distribution
Product	Mindshare (%)
SentinelOne Singularity Complete	5.8%
Cortex XDR by Palo Alto Networks	4.9%
Trellix XDR	0.6%
Other	88.7%

Extended Detection and Response (XDR)

Featured Reviews

ABHISHEK_SINGH

Senior Process Expert at A.P. Moller - Maersk

Gained full visibility and streamlined threat detection through behavior-based insights and AI integration

Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.

Read full review

Vaibhav Mahendra Kolhe

Soc Analyst at Softcell Technologies Limited

Automation has reduced alerts and freed the soc team to focus on faster incident response

Regarding mean time to respond, the improvements I see with SentinelOne Singularity Complete are that genuine files also get alerts. We are getting false positives, but we are also getting genuine true positive alerts. The improvement will be deep visibility because as I am using Splunk as a SIEM, I compare deep visibility with Splunk, but deep visibility has limited access with only a 14-day policy to retain logs. The improvement will be in overall policy management. The third point will be the complexity of policies. If we want some endpoints to use only USB or if we need to block USB on some points, the policy management is very complex. The fourth point will be that Mac OS and Linux don't have the rollback policy; that policy is only for Windows. These four points are improvements if SentinelOne Singularity Complete can address them. Data privacy and security when utilizing Purple AI is crucial for SentinelOne Singularity Complete, and SentinelOne Singularity Complete lacks in data security. Data security is very important in this world. In my organization, if we deploy SentinelOne Singularity Complete and we have integrated all the firewalls, all devices, and AWS devices to SentinelOne Singularity Complete, logs will be forwarded to SentinelOne Singularity Complete through SentinelOne Singularity Complete. However, SentinelOne Singularity Complete doesn't have data security solutions such as Forcepoint DLP or 48 layer; SentinelOne Singularity Complete doesn't have that DLP solution. From the data security point of view, SentinelOne Singularity Complete is not good.

Read full review

PankajKumar24

IT Manager at Gigabit Technologies Pvt Ltd

Centralized security console has unified threat telemetry and automated investigation playbooks

The CPU utilization is very high with Trellix XDR. We are getting multiple types of CPU utilization from the EPP solution, with the EPP agent reaching as high as 80 percent CPU utilization. This creates big challenges for us. The support experience is also concerning. When we require support from Trellix immediately with high priority, we receive multiple emails requesting logs of various types. After that, we have to escalate to Trellix higher management, and then their agent will come in for a remote session to resolve any issues. I would give them eight out of ten points because of the high CPU utilization and the delayed support we experience.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The initial setup is pretty easy."

"It has pretty much everything we need and works well within the Palo Alto ecosystem."

"When the pandemic started, Palo Alto came up with many solutions, which helped with the quick shift from on-premises to the cloud."

"Cortex XDR is stable, offering high quality and reliable performance."

"We can use Cortex XDR to get the entire graph of the incidents from source to destination, and we can take remedial action."

"The interface is easy to use and it is more up to date than our previous solution."

"The user interface of the solution is sophisticated and straightforward."

"It can automatically correlate events and logs, which is very helpful for an IT administrator. It can correlate different kinds of malware activities over a network, agent, or host system. You do not need to do it manually. It is a good feature. It is also a user-friendly solution. We have deployed it on the cloud because our space does not provide any flexibility for on-premises deployment, but Palo Alto has added some flexibility to install it on-premises. It must be like the same Cortex XDR agent for all the VPN services, web filtering services, and everything else."

More Cortex XDR by Palo Alto Networks pros

"I appreciate the network control as well as the device control."

"The ability to get queries by pressing the "tab" button is a plus for SentinelOne."

"The most valuable feature is that it just unintrusively works in the background to carry out the protection."

"SentinelOne Singularity Complete reduces my mean time to respond and protects my environment, thereby reducing the workload of my engineers and security analysts by at least thirty-five percent."

"SentinelOne Singularity Complete stands out for its threat-hunting abilities and the agility of its agents in detecting malicious content across our gateways and endpoints."

"I have found the most valuable feature to be the rapid threat detection."

"It recently stopped a ransomware attack at one of my clients, proving its reliability."

"I like that SentinelOne doesn't use a lot of system resources or make the system slow. It also performs a full scan quickly—within two hours. It has an easy-to-use end-user GUI."

More SentinelOne Singularity Complete pros

"Trellix XDR is an excellent solution that is continually improving."

"Because Trellix gives us multiple types of modules, we are using a single ePO console for multiple solutions including application control, DLP, and XDR."

"The analytics assessment and flexibility of the platform are valuable."

"It contributes to our system's robust event detection and analysis, enabling us to respond effectively to incidents."

Cons

"It is not easy to sell Cortex XDR, not because it isn't a good tool. Its marketing needs to be improved."

"Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms."

"I don't like that they have different types of licenses. For example, if users select a license, they think they will have all the platforms they need to improve their network or security. But after some time, Palo Alto Networks changed their licensing, and some of the features that, for example, were free at the beginning now have a cost. I think the integration can be improved. For example, a lot of tools are just integrated through APIs."

"It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control. Currently, Cortex is good in terms of the security of the endpoints, but it is not as good as other vendors in terms of the management of the endpoint."

"They have the worst support, as a company, that I have ever worked with, as they are difficult to get a hold of and keep on the phone."

"Managing the product should be easier."

"They have the worst support, as a company, that I have ever worked with, as they are difficult to get a hold of and keep on the phone. They don't know what they are talking about when you get them on the phone. They don't like to respond to messages when you send them to them. They like to "research problems" for weeks on end, then pass you off to somebody else."

"Cortex XDR could be improved with more GUI features."

More Cortex XDR by Palo Alto Networks cons

"The management console."

"I'd like to see more documentation."

"The maintenance window can be improved because once it happened that I had multiple laptops, and the maintenance window caused a lot of laptops to get stuck in the portal, blocking access."

"Periodically we have an application that does not work correctly when SentinelOne is installed, yet performs as expected when SentinelOne is removed."

"The role-based access is in dire need of improvement. We actually discussed this on a roadmap call and were informed that it was coming, but then it was delayed. It limits the roles that you can have in the platform, and we require several custom roles. We work with a lot of third-parties whom we rely on for some of our IT services. Part of those are an external SOC function where they are over-provisioned in the solution because there isn't anything relevant for the level of work that they do."

"They are still largely an EDR product."

"Managing the false positives creates additional management overhead. The behavioral analysis engine might misinterpret real user behavior as malware. For example, a drafter was cleaning up a Revit folder and deleting 4,000 files. That looks like ransomware. The SentinelOne agent kicked his computer off the network."

"The only problem I have is they don't manually review the threat files. That's the only thing I'm concerned about."

More SentinelOne Singularity Complete cons

"The CPU utilization is very high with Trellix XDR; we are getting multiple types of CPU utilization from the EPP solution, with the EPP agent reaching as high as 80 percent CPU utilization, which creates big challenges for us."

"Technical support is crucial, especially when facing critical issues. It's rated six out of ten. Improvements are needed in the support sector, with a focus on providing expert assistance during production periods."

"The platform should enhance compatibility with all other SIEM solutions."

"The EdgeGear solution is an area that requires attention, specifically regarding AI solutions and intelligence features."

Pricing and Cost Advice

"Licensing for Palo Alto Networks Cortex XDR can be costly, especially when it comes to a hundred users. A license is required for each user, and the subscription must be renewed on a yearly basis."

"It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff."

"It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."

"I don't recall what the cost was, but it wasn't really that expensive."

"I feel it is fairly priced."

"Compared to CrowdStrike, Cortex XDR is an expensive solution."

"I did PoCs on products called Cylance and CrowdStrike. Although, I consider these products and they were also good, when it come to cost and budgetary factors, Traps has been proven to be better than the other two products. It is quite cost-effective and delivers all the entire solution which we require."

"The price of the solution could be reduced. I have customers that have voiced that the solution is good for the value but if I want to sell more of the solution the price reduction would help."

More Cortex XDR by Palo Alto Networks pricing and cost advice

"We buy the licensing in bulk. From a pricing standpoint, because we buy in bulk, we get very good pricing. Based on its functionality and capabilities, it is well worth the price. I do not think it is at all expensive based on what you get in the solution. We use the complete up to the core. Our pricing is probably a little bit more than somebody who is on the core. In general, it is well worth what you get for the price you pay."

"SentinelOne Singularity Complete is reasonably priced."

"We have not been beaten in the market by pricing, so we have been feeling good about that. The discussions we have had over the years keep us at a very low price per unit. It can always get better, but we also know there is a cost to the backend."

"You have to look at the kinds of problems you can end up with and the fact that you want security against them, and then SentinelOne is not expensive."

"The licensing is comparable to other solutions in the market. The pricing is competitive."

"It is very affordable and easy to license, and it allows us to onboard new analysts quickly, with a turnaround time of one day at most."

"Just buy the Capture Client and buy the installer itself in a license of 100,000, or whatever is needed. You don't need to invest in any management tools because they are already installed, and maintenance from the client will keep everything up and running."

"The price of Singularity Complete compared to some of its competitors is competitive."

More SentinelOne Singularity Complete pricing and cost advice

Information not available

See which vendors are best for you

Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.

See recommendations

884,933 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

Manufacturing Company

Financial Services Firm

Comms Service Provider

Computer Software Company

12%

Manufacturing Company

Financial Services Firm

Government

Computer Software Company

22%

Healthcare Company

10%

Government

Comms Service Provider

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	44
Midsize Enterprise	20
Large Enterprise	47

By reviewers
Company Size	Count
Small Business	94
Midsize Enterprise	48
Large Enterprise	78

No data available

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One

Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...

See all answers

Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)

Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...

See all answers

How is Cortex XDR compared with Microsoft Defender?

Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...

See all answers

Which is better - SentinelOne or Darktrace?

Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is ...

See all answers

What do you like most about SentinelOne Singularity?

The Ranger feature is valuable.

See all answers

What is your experience regarding pricing and costs for SentinelOne Singularity?

It is neither too costly, but definitely, it is one of the advantages that SentinelOne is quite adapted towards the p...

See all answers

What is your experience regarding pricing and costs for Trellix XDR?

Since I'm a technical engineer, I don't deal with pricing or licensing. Our sales team handles those aspects.

See all answers

What needs improvement with Trellix XDR?

The CPU utilization is very high with Trellix XDR. We are getting multiple types of CPU utilization from the EPP solu...

See all answers

What is your primary use case for Trellix XDR?

We are selling Trellix XDR products including DLP and EPP solutions. We sell Trellix XDR for endpoint protection. We ...

See all answers

Comparisons

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks

Compared 9% of the time

CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Cortex XSIAM vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks

Compared 3% of the time

Trellix Endpoint Security Platform vs Cortex XDR by Palo Alto Networks

Compared 3% of the time

More Cortex XDR by Palo Alto Networks Competitors

Fortinet FortiEDR vs SentinelOne Singularity Complete

Compared 5% of the time

CrowdStrike Falcon vs SentinelOne Singularity Complete

Compared 5% of the time

Microsoft Defender for Endpoint vs SentinelOne Singularity Complete

Compared 3% of the time

Huntress Managed EDR vs SentinelOne Singularity Complete

Compared 3% of the time

Trellix Endpoint Security Platform vs SentinelOne Singularity Complete

Compared 2% of the time

More SentinelOne Singularity Complete Competitors

CrowdStrike Falcon vs Trellix XDR

Compared 40% of the time

Trellix Endpoint Security Platform vs Trellix XDR

Compared 13% of the time

Mandiant Advantage vs Trellix XDR

Compared 13% of the time

More Trellix XDR Competitors

Product Reports

Buyer's Guide

Cortex XDR by Palo Alto Networks

March 2026

Download Cortex XDR by Palo Alto Networks product report

Buyer's Guide

SentinelOne Singularity Complete

February 2026

Download SentinelOne Singularity Complete product report

Buyer's Guide

Extended Detection and Response (XDR)

February 2026

Download Trellix XDR product report

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps

Sentinel Labs, SentinelOne Singularity

MVision XDR, MVision eXtended Detection and Response

Overview

Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.

Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.

What are the key features of Cortex XDR?

Advanced Threat Detection: Uses AI and machine learning for proactive threat identification.
Multi-layered Security: Combines various security measures for comprehensive protection.
Endpoint Protection: Safeguards against malware and exploits.
Behavioral Analysis: Monitors suspicious activity for early detection.
Automatic Threat Response: Automates responses to neutralize threats.

What benefits should users expect?

Ease of Use: Simplifies security management with intuitive design.
Resource Efficiency: Minimizes impact on system resources.
Integration Capabilities: Works well with existing security setups.
Reduced Analyst Workload: Automates processes to decrease manual intervention.

Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.

Palo Alto Networks

SentinelOne Singularity Complete delivers advanced endpoint protection leveraging AI-driven threat detection and behavior analysis for efficient malware and ransomware response. Its standout features enhance security insights and ensure comprehensive endpoint management.

SentinelOne Singularity Complete provides robust ransomware recovery through unique rollback capabilities and seamless integration with various security solutions. Its machine learning enhances endpoint protection, minimizing false positives and automating responses. While praised for real-time threat monitoring, incident management, and asset management, it faces challenges in managing the console, customizing UI, and maintaining policy flexibility. Some users report difficulties with deployment and integration with existing systems, and enhanced reporting, alert management, and documentation are desired. Its appeal extends to deploying across multiple operating systems, offering comprehensive security coverage and facilitating cybersecurity compliance.

What standout features does SentinelOne Singularity Complete offer?

Rollback Capability: Provides effective ransomware recovery.
AI-Driven Threat Detection: Enhances threat identification and response.
Behavior Analysis: Automates and refines security processes.
Seamless Integration: Works well with other security solutions.
Machine Learning: Minimizes false positives and improves threat response.

What benefits should users consider in reviews?

Enhanced Security Insights: Improves overall threat management.
Reduced Detection Time: Lowers incident response time significantly.
User-Friendly Interface: Simplifies process for deployment and management.
Comprehensive Endpoint Protection: Ensures broad defense against threats.

Industries implement SentinelOne Singularity Complete for its AI capabilities in advanced endpoint protection, particularly against malware and ransomware. It's utilized across diverse operating systems, aiding in real-time threat monitoring and facilitating compliance. Organizations use it for vulnerability assessments and asset management, ensuring optimal protection in complex IT environments.

SentinelOne

Gain greater visibility and superior detection with Trellix XDR. This constantly evolving cybersecurity platform defends against today’s and tomorrow’s most sophisticated threats with advanced capabilities such as machine learning and embedded cyber intelligence.

Trellix

Sample Customers

CBI Health Group, University Honda, VakifBank

Havas, Flex, Estee Lauder, McKesson, Norfolk Southern, JetBlue, Norwegian airlines, TGI Friday, AVX, Fim Bank

Information Not Available

Buyer's Guide

SentinelOne Singularity Complete vs. Trellix XDR

February 2026

Free Report: SentinelOne Singularity Complete vs. Trellix XDR

Find out what your peers are saying about SentinelOne Singularity Complete vs. Trellix XDR and other solutions. Updated: February 2026.

DOWNLOAD NOW

884,933 professionals have used our research since 2012.

See our SentinelOne Singularity Complete vs. Trellix XDR report.

See our list of best Extended Detection and Response (XDR) vendors.

We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.