No more typing reviews! Try our Samantha, our new voice AI agent.

Symantec Endpoint Detection and Response vs Tanium comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Symantec Endpoint Detection...
Ranking in Endpoint Detection and Response (EDR)
33rd
Average Rating
7.6
Reviews Sentiment
5.9
Number of Reviews
31
Ranking in other categories
No ranking in other categories
Tanium
Ranking in Endpoint Detection and Response (EDR)
23rd
Average Rating
7.8
Reviews Sentiment
6.2
Number of Reviews
22
Ranking in other categories
Server Monitoring (3rd), Vulnerability Management (26th), Endpoint Protection Platform (EPP) (15th), Unified Endpoint Management (UEM) (8th)
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of Symantec Endpoint Detection and Response is 0.7%, up from 0.5% compared to the previous year. The mindshare of Tanium is 2.0%, down from 2.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
Tanium2.0%
Symantec Endpoint Detection and Response0.7%
Other93.7%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
HH
IT Director at Al Akhawayn University
A highly stable and affordable solution for detecting and preventing security threats
The solution needs to provide better integration. We may receive things from email, network, or the machine itself. So we need a centralized system to get alerts or messages which are not available in the product. The solution must provide features to centralize the alerts received. It should provide integration with other Symantec products.
MA
Division Manager, Information Technology at a legal firm with 51-200 employees
Centralized policies have improved remote endpoint control and have simplified data visibility
The integration is not simple and easy. It requires experienced users or people who have done the implementation. When certain policies are applied, they do not immediately push the policies. For example, we manage endpoint device USB access. We set a policy to block it, but it does not come into effect immediately. Sometimes it takes three or four days for it to reflect. That is a pain point. I have raised this issue with support as well, but they said that I need to limit the number of devices in the policy. In terms of application deployment, for us, it was seamless.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Cortex XDR's most valuable feature is its intelligence-based dashboards."
"This software helps us understand any issues that may arise when someone is not at work."
"The user interface of the solution is sophisticated and straightforward."
"We switched because there were a lot of added features with Palo Alto that Check Point didn't have, and it was an upgrade for us."
"We use it for malicious connections from malicious websites, to identify payloads that might be inside the traffic, to identify malicious processes or bugs that are running on the network, and any activities that tend to lead to data infiltration."
"Cortex XDR by Palo Alto Networks has helped lighten the load of our security analysts because it was the major tool that we were using and the one we utilized most."
"It has a higher cost than other solutions, like CrowdStrike or Microsoft’s EDR tools, but it reduces the cost of our operations because it’s a new generation antivirus tool."
"The most valuable features of this product are the management capabilities, which allow an IT organization to get quite a good picture of attempted cyber attacks, and its out-of-the-box investigation capabilities."
"The most valuable feature is that the same agent can act as the endpoint detection and response agent."
"The pricing is pretty reasonable."
"Previously, I was working with Trend Micro; before the detection and response were included, I would have recommended Trend Micro, however Symantec Endpoint has now taken the lead."
"The most valuable features of this product include network isolation for machines and the ability to work with a consistent and defined set of virtual machines."
"The Detection vulnerability is very effective and distinguishes Symantec Endpoint Detection and Response from its competitors."
"It is mostly used for malware detection and antivirus purposes."
"I've mainly found the antivirus and antispyware features valuable. The documentation is okay as well."
"I would definitely recommend Symantec because the company provides great support from its engineers."
"I'm not so familiar with the tool but I like the interaction of the console to the picture. Patching is the primary model I have been focusing on for the last couple of weeks. So I have created a proof of concept environment and have been checking the available features."
"Tanium's most valuable feature is its instant discovery aspect."
"Tanium is highly scalable."
"Tanium’s best features include support for any Windows, Linux, or Mac endpoint, regardless of where it is, and the ability to do IT operations and security operations."
"The solution's technical support is very responsive."
"I find the inventory and compliance features of Tanium to be the most impressive."
"The insights we gain from our endpoints and the management capabilities that Tanium provides have been a boon to our operations and security."
"The security features are very valuable."
 

Cons

"There's room for improvement with Mac device installations, which can be challenging."
"Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want."
"Based on our experience so far, its implementation is quite complex."
"I don't like that they have different types of licenses. For example, if users select a license, they think they will have all the platforms they need to improve their network or security. But after some time, Palo Alto Networks changed their licensing, and some of the features that, for example, were free at the beginning now have a cost. I think the integration can be improved. For example, a lot of tools are just integrated through APIs."
"If Palo Alto reduces the pricing slightly for their products, it would make them more scalable in markets such as India and globally for cybersecurity."
"It would be good to have a better way to search for a file within the UI."
"As an improvement, I would like to see enhanced connection speeds."
"It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue."
"I would like to see better scanning capabilities."
"That's why I wouldn't recommend it for other systems. It works only with SAP clients. That's why I'm giving it a six. It would get higher if it worked on all networks without the help of SAP."
"The solution needs to provide better integration."
"I think the network forensics feature could be improved."
"It is not possible to buy it from the company itself, or resellers in other countries. If it is available, I see that it is offered as part of a larger service. For me, this was not suitable."
"The solution’s scalability and stability could be improved."
"Since Broadcom took over, we have not been satisfied by the way they are handling the end user's query or end-user support."
"In the future, it would be nice to have playbooks in the tool, to allow for some of the common activities to be automated. For example, some of the scannings of the malware can be too manual for a specific device. Additionally, a vulnerability manager would be beneficial."
"There are some bugs in the product. The tool needs to improve in the area of reporting."
"We had some issues with the solution's OS upgrade."
"Most of the time, agent-relative issues have to be more equipped with self-healing features. At times, the agent is there, but for some reason, it doesn't report a status. It gives certain problems that are obviously agent-based."
"It is not really additional functions, or the features that are needed, rather the complexity would be reduced based on the number of modules required to put together a comprehensive operational security and risk compliance model."
"The most painful thing is the interface. It's a bit unclear sometimes."
"We set a policy to block USB access. The moment a device is being set up on the network, I apply the policy, but it does not come into effect immediately."
"Tanium’s scalability could be improved."
"Tanium required local admin or root rights on Mac devices, which did not comply with our security policies. This made the solution less suitable for our restrictive environment."
 

Pricing and Cost Advice

"It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."
"I feel it is fairly priced."
"Our license will require renewal in August, after which the maintenance will continue as usual."
"It has a higher cost than other solutions, like CrowdStrike or Microsoft’s EDR tools, but it reduces the cost of our operations because it’s a new generation antivirus tool."
"Its pricing is kind of in line with its competitors and everybody else out there."
"Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance."
"We pay about $50,000 USD per year for a bundle that includes Cortex XDR."
"The pricing is a little high. It is per user per year."
"The price is reasonable."
"We have a yearly subscription, and the pricing is fair."
"The product is cheap."
"It's a yearly subscription."
"The price is really high and it should be lower."
"The price is okay, but it really depends on the customer's requirements."
"The more devices we have the more expensive it becomes, which is where the challenge is."
"Compared to the tools of competitors, Symantec Endpoint Detection and Response is a cheaply priced product."
"Tanium is a more expensive solution in Latin America than some of the competitors, such as BigFix."
"The product's pricing differs from region to region depending on negotiations and the number of endpoints."
"The solution offers value for money."
"It is higher than some competitors in the market."
"There is an annual license required to use this solution."
"It's an expensive solution. It would be nice if the cost were lower."
"The solution is expensive but it's a good investment."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
13%
Comms Service Provider
8%
Construction Company
8%
Manufacturing Company
8%
Financial Services Firm
14%
Government
10%
Manufacturing Company
9%
Healthcare Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business15
Midsize Enterprise7
Large Enterprise9
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise3
Large Enterprise12
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What is your experience regarding pricing and costs for Symantec Endpoint Detection and Response?
I am not aware of the pricing details, as that falls under the management's responsibility.
What needs improvement with Symantec Endpoint Detection and Response?
While the prices for technical issues in Symantec Endpoint Detection and Response are good, as a partner of Symantec,...
What is your primary use case for Symantec Endpoint Detection and Response?
Different companies such as banks and local government in Poland use Symantec Endpoint Detection and Response because...
What needs improvement with Tanium?
While there is always room for improvement, I am pleased with Tanium.
What is your primary use case for Tanium?
The primary use case for Tanium ( /products/tanium-reviews ) is compliance, patching, and inventory as part of the co...
What advice do you have for others considering Tanium?
For smaller companies, Tanium is quite a big investment, and one needs to have a considerable setup to make it econom...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
No data available
Tanium Inc Cloud, Tanium XEM
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Information Not Available
JPMorgan Chase, eBay, Amazon, US Bank, MetLife, pwc, Cerner, Delphi, MGM Grand, New York Life
Find out what your peers are saying about Symantec Endpoint Detection and Response vs. Tanium and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.