Stormshield Endpoint Security vs ThreatLocker Zero Trust Platform comparison

Stormshield Endpoint Security vs. ThreatLocker Zero Trust Platform

Download the complete report

Helped 885,311 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cortex XDR by Palo Alto Net...

Mindshare comparison

As of March 2026, in the Endpoint Protection Platform (EPP) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.5%, down from 4.0% compared to the previous year. The mindshare of Stormshield Endpoint Security is 0.4%, up from 0.1% compared to the previous year. The mindshare of ThreatLocker Zero Trust Platform is 1.2%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Endpoint Protection Platform (EPP) Mindshare Distribution
Product	Mindshare (%)
Cortex XDR by Palo Alto Networks	3.5%
ThreatLocker Zero Trust Endpoint Protection Platform	1.2%
Stormshield Endpoint Security	0.4%
Other	94.9%

Endpoint Protection Platform (EPP)

Featured Reviews

ABHISHEK_SINGH

Senior Process Expert at A.P. Moller - Maersk

Gained full visibility and streamlined threat detection through behavior-based insights and AI integration

Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.

Read full review

it_user745593

Senior Project Manager, PMP at a transportation company with 10,001+ employees

Protects the global station and has good stability

The feature I find most valuable is that it protects the global station The solution's integration with the Windows environment could be better. The solution needs better integration with products, if it did, it would have the assumption of better security. I've been using the solution since…

Read full review

Santo Joy

Head Of Cyber Security at a outsourcing company with 201-500 employees

Security controls have been strengthened with granular application, ringfencing, and access policies

The features of ThreatLocker Zero Trust Endpoint Protection Platform that I like the most are the Ringfencing, elevation control, storage control, and application whitelisting functionality. For examples of how these features benefit my company, we were looking for a solution across various vendors to actually implement application whitelisting controls. ThreatLocker's agent, which is very lightweight and does not use much CPU or RAM, helped us achieve that solution. Ringfencing was an add-on that ticked off a lot of Australian framework security controls, which is the reason we chose it. My impression of the allowlisting feature in terms of managing which software, scripts, and libraries run on my devices is that ThreatLocker's community page has a lot of information around this, which is very helpful. Not only that, the Cyber Hero support that ThreatLocker provides gives us insights and best practices, helping us achieve that solution and guiding us to the right platform. The impact of Ringfencing on controlling the behavior of approved applications has been a big winner for us because it is something that many other platforms do not provide as a functionality. Having that allowed us to identify what applications talk to each other, which is something that many other platforms do not do. The network control feature impacts my ability to manage network traffic across my endpoints and servers. We have not used this widely across all our partners, but wherever required, we use it. It has been an easy solution for those customers to get that control implemented. The elevation feature's role in facilitating just-in-time administrative access for approved applications shows that elevation control helps in many use cases involving remote control platforms, door usage, and security system platforms that require local admins. There are many solutions that provide this functionality, but the licensing cost seems to be expensive, and it also adds another solution into the mix. Rather than doing that, we try to use ThreatLocker Zero Trust Endpoint Protection Platform to achieve that control. Regarding the storage control feature, I have used it. The primary function is USB blocking, which is very widely adopted, and also just locking down and allowing certain users to access certain file locations helps us there. When it comes to enforcing policy-driven access over various storage devices, it depends on the business risk adapted by the companies that we support, but generally the use case is USB and external storage devices where companies know that is a risk, but they do not have appropriate solutions. There are EDR platforms that claim to do this, but ThreatLocker Zero Trust Endpoint Protection Platform does it at an advanced level. My assessment of the efficiency of the real-time threat intelligence and category controls employed by Web Control in blocking malicious and non-compliant sites leads me to think that Web Control is another functionality within ThreatLocker Zero Trust Endpoint Protection Platform that is an add-on on top of the current set. That is another solution that we use based on what is required for the company, but again, that is not widely adapted yet for our partners.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"But overall, when we speak about security and protection, they are one of the top providers."

"The initial setup isn't too bad."

"What I like about Cortex XDR by Palo Alto Networks is that it is a comprehensive solution that contains everything the organization may need when using endpoints."

"The product is mostly automated, and we do not have to make decisions, because all the decisions are made by the product itself and we are not required to create any custom policies since the policies that are created are well defined in the product itself."

"Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place."

"The anti-exploit is impenetrable. We chose Traps because it is the only product that we were not able to get anything past."

"The most valuable for us is the correlation feature."

"The most valuable features are incident creation, policy-based protection, IP whitelisting, and device encryption. These are beneficial for endpoint and server security."

More Cortex XDR by Palo Alto Networks pros

"If you need a Windows based multi-functional end-point security solution then this product is for you."

"The feature I find most valuable is that it protects the global station."

"It is very good for preventing cryptolocker attacks."

"By using ThreatLocker Zero Trust Endpoint Protection Platform, our company has been able to eliminate or consolidate security tools, such as BeyondTrust PAM, and we removed USB-Lock software by adopting ThreatLocker."

"Overall, ThreatLocker Zero Trust Endpoint Protection Platform is an ideal solution for any company lacking comparable protection, offering complete visibility into the environment, making it a recommended choice for every organization with computer systems in place."

"The most valuable feature is probably the ability to block programs from running. ThreatLocker has some built-in features that make it super easy. You can also contact their support within the program. If you're having issues, you can click on that button and connect with someone in five to 10 seconds."

"The application management on any workstation with the solution is valuable. I find it valuable that it indicates whether the software is part of our pre-approved list, adding a nice layer of protection. It works great because people cannot just install or download any app from the web."

"The application control is highly valued by me."

"ThreatLocker Zero Trust Endpoint Protection Platform's ability to block access to unauthorized applications has been excellent."

"ThreatLocker Zero Trust Endpoint Protection Platform benefits my company by allowing us to be preventative instead of being retroactive or reactive."

"The sandbox functionality is fantastic."

More ThreatLocker Zero Trust Platform pros

Cons

"Whenever the tool releases a new version when deploying the product across the organization, I feel like there are some disturbances in the CPU usage after upgrading the tool to the latest version."

"In terms of areas of improvement, we have not completed our review of the product. We're also looking at other products. So, it's a little bit hard to tell what could be different because we have not completed the review of this product, but based on our experience so far, its implementation is quite complex."

"The solution lags to the real-time scenarios here and there."

"The solution lacks real-time, on-demand antivirus."

"It would be better if they could educate the customers more. Some sort of seminars and roadshows will help educate the customers and show what the product can do."

"I have run into some detection issues with Cortex XDR. It needs to be better at detection of internal attacks."

"There's room for improvement with Mac device installations, which can be challenging."

"Product might have some bugs."

More Cortex XDR by Palo Alto Networks cons

"Only Windows based. Dependence on MS updates and service start-up priority."

"The solution's integration with the Windows environment could be better."

"Release speed for newer versions. When a new OS is released, you've got to wait half year to get the new version that covers the new Windows OS."

"A valuable addition to ThreatLocker would be a column in the audit page displaying a VirusTotal score for each file."

"This is my first Zero Trust conference, and so far, it has been good. The only thing I have noticed is that sometimes they encounter technical issues. For example, in one of the demo labs, the laptop trying to connect to the projector was not working, which affected the demonstration of the victim versus attacker laptop scenarios. It would be helpful to fix these issues."

"I find that the learning mode is too accessible. Technicians sometimes default to it instead of manually building policy controls."

"The company should strive to stay ahead of all the developments happening externally. If their progress accelerates more rapidly than the ongoing changes outside, it would prove advantageous."

"Scalability is challenging, not due to the platform. Scaling ThreatLocker Zero Trust Endpoint Protection Platform usage requires dedicated resources for maintenance."

"I was discussing with someone the other day, and it seems there is currently no solution for mobile users."

"ThreatLocker Zero Trust Endpoint Protection Platform could be improved by being able to consolidate even more with an EDR for deeper scanning as needed."

"ThreatLocker would benefit from incorporating an antivirus feature or comprehensive 24-hour log monitoring, a valuable enhancement for both business and enterprise-level users."

More ThreatLocker Zero Trust Platform cons

Pricing and Cost Advice

"The solution has one subscription for endpoint protection and one subscription for detection and response. The two licenses combined give you the BRO version."

"Cortex XDR by Palo Alto Networks is an expensive solution."

"The cost of Cortex XDR by Palo Alto Networks is $55 to $90 USD per endpoint per month."

"We pay about $50,000 USD per year for a bundle that includes Cortex XDR."

"Licensing for Palo Alto Networks Cortex XDR can be costly, especially when it comes to a hundred users. A license is required for each user, and the subscription must be renewed on a yearly basis."

"The price of the product is not very economical."

"I feel it is fairly priced."

"The pricing is okay, although direct support can be expensive."

More Cortex XDR by Palo Alto Networks pricing and cost advice

Information not available

"Considering what this product does, ThreatLocker is very well-priced, if not too nicely priced for the customer."

"I do not know about the licensing and price as it comes bundled from our MSP. However, it seems fairly reasonable for us, which is why we chose it."

"I can't complain. Cheaper would always be nice, but I think it's reasonable compared to other software in the cybersecurity market."

"We have not had any real issues with the pricing. As they have added more features, due to the way our contracts are structured with our customers, we have had to hold off on adopting the new features because they do add costs."

"I do not deal with pricing, but I assume it is cost-effective for us. We choose a solution based on functionality and affordability."

"Its price is fair. They have added some additional things to it beyond allowlisting. They are up-charging for them, but in terms of the value we get and the way it impacts us, we get a bang for our buck with ThreatLocker than a lot of our other security tools."

"The pricing works fine for me. It's very reasonably priced."

"Others say ThreatLocker is too expensive, and I tell them they're dreaming. It's well-priced for what it does."

More ThreatLocker Zero Trust Platform pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.

See recommendations

885,311 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Construction Company

13%

Manufacturing Company

Computer Software Company

Financial Services Firm

No data available

Computer Software Company

17%

Manufacturing Company

Retailer

Financial Services Firm

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	44
Midsize Enterprise	20
Large Enterprise	47

No data available

By reviewers
Company Size	Count
Small Business	51
Midsize Enterprise	13
Large Enterprise	8

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One

Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...

Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)

Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...

How is Cortex XDR compared with Microsoft Defender?

Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...

What is your experience regarding pricing and costs for ThreatLocker Allowlisting?

Ask a question

Earn 20 points

My experience with pricing, setup cost, and licensing for ThreatLocker Zero Trust Endpoint Protection Platform is goo...

What needs improvement with ThreatLocker Allowlisting?

ThreatLocker Zero Trust Endpoint Protection Platform can be improved by providing admin rights that allow us to manag...

What is your primary use case for ThreatLocker Allowlisting?

My main use case for ThreatLocker Zero Trust Endpoint Protection Platform is to secure the server.A specific example ...

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks

Comparisons

Compared 9% of the time

SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks

Compared 6% of the time

CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Cortex XSIAM vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks

Compared 3% of the time

More Cortex XDR by Palo Alto Networks Competitors

Trellix Endpoint Security Platform vs Stormshield Endpoint Security

Compared 19% of the time

Sophos Endpoint vs Stormshield Endpoint Security

Compared 17% of the time

Symantec Endpoint Security vs Stormshield Endpoint Security

Compared 17% of the time

WithSecure Elements Endpoint Protection vs Stormshield Endpoint Security

Compared 12% of the time

Fortinet FortiClient vs Stormshield Endpoint Security

Compared 11% of the time

More Stormshield Endpoint Security Competitors

CrowdStrike Falcon vs ThreatLocker Zero Trust Platform

Compared 6% of the time

Airlock Digital Application Control vs ThreatLocker Zero Trust Platform

Compared 6% of the time

Microsoft Defender for Endpoint vs ThreatLocker Zero Trust Platform

Compared 4% of the time

SentinelOne Singularity Complete vs ThreatLocker Zero Trust Platform

Compared 4% of the time

CyberArk Endpoint Privilege Manager vs ThreatLocker Zero Trust Platform

Compared 2% of the time

More ThreatLocker Zero Trust Platform Competitors

Product Reports

Cortex XDR by Palo Alto Networks

Download Cortex XDR by Palo Alto Networks product report

Endpoint Protection Platform (EPP)

February 2026

Download Stormshield Endpoint Security product report

ThreatLocker Zero Trust Platform

Download ThreatLocker Zero Trust Platform product report

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps

SkyRecon Systems StormShield Security Suite

Protect, Allowlisting, Network Control, Ringfencing

Overview

Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.

Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.

What are the key features of Cortex XDR?

Advanced Threat Detection: Uses AI and machine learning for proactive threat identification.
Multi-layered Security: Combines various security measures for comprehensive protection.
Endpoint Protection: Safeguards against malware and exploits.
Behavioral Analysis: Monitors suspicious activity for early detection.
Automatic Threat Response: Automates responses to neutralize threats.

What benefits should users expect?

Ease of Use: Simplifies security management with intuitive design.
Resource Efficiency: Minimizes impact on system resources.
Integration Capabilities: Works well with existing security setups.
Reduced Analyst Workload: Automates processes to decrease manual intervention.

Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.

Palo Alto Networks

Stormshield offers innovative end-to-end security solutions worldwide to protect networks (Stormshield Network Security), workstations (Stormshield Endpoint Security) and data (Stormshield Data Security). These next-generation trusted solutions ensure the protection of strategic information and are deployed through a partner network of distributors, integrators and operators in businesses of all sizes, government institutions and defense organizations worldwide.

Stormshield

Gain proactive, industry leading Zero Trust cybersecurity capabilities with ThreatLocker. By employing a deny-by-default approach, you will greatly enhance your security and operational efficiency. Solutions from ThreatLocker are focused on precise application control and
streamlined access management without administrative rights.

ThreatLocker Application Control solutions include Zero Trust Alllowlisting, Zero Trust Ringfencing and Privilege Access Management, significantly reducing any unauthorized software activities in your environment. Granular controls improve your overall security, while ringfencing enhances application behavior monitoring. Elevation requests will allow users to gain administrative access without IT intervention. The platform's ease of policy management and real-time threat visibility contribute to reduced help desk tickets and operational costs, ensuring protection against ransomware and
unauthorized applications.

What are the key features of ThreatLocker Zero Trust Platform?

Zero Trust Allowlisting: Allows detailed allowlisting for specific application use.
Privilege Access Management: Streamlines administrative access requests without IT involvement.
Ringfencing: Monitors application behavior to prevent unauthorized actions.
USB access and Data storage Control: Ensures comprehensive endpoint security across networks.

What benefits and ROI should users expect?

Enhanced Security: Reduces your daily risks through deny-by-default policies and ransomware protection.
Operational Efficiency: Your overall number of help desk tickets and operational costs will be cut down.
Compliance Assurance: You maintain compliance by preventing unauthorized software actions.

Organizations often deploy ThreatLocker to ensure endpoint security in industries requiring stringent application control and administrative access management. Its functionalities are critical for managing Shadow IT, creating policies, and overseeing software installation approvals. Common usage spans sectors demanding robust security and compliance, such as finance and healthcare, where maintaining high
security and efficiency is crucial.

ThreatLocker

Sample Customers

CBI Health Group, University Honda, VakifBank

Arkoon, Netasq

Information Not Available

Stormshield Endpoint Security vs. ThreatLocker Zero Trust Platform