No more typing reviews! Try our Samantha, our new voice AI agent.

Tanium vs WatchGuard Firebox comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Tanium
Ranking in Endpoint Detection and Response (EDR)
23rd
Average Rating
7.8
Reviews Sentiment
6.2
Number of Reviews
22
Ranking in other categories
Server Monitoring (3rd), Vulnerability Management (26th), Endpoint Protection Platform (EPP) (15th), Unified Endpoint Management (UEM) (8th)
WatchGuard Firebox
Ranking in Endpoint Detection and Response (EDR)
10th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
140
Ranking in other categories
Data Loss Prevention (DLP) (11th), Firewalls (12th), Intrusion Detection and Prevention Software (IDPS) (4th), Anti-Malware Tools (6th), Application Control (3rd), Unified Threat Management (UTM) (3rd)
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of Tanium is 2.0%, down from 2.3% compared to the previous year. The mindshare of WatchGuard Firebox is 1.3%, up from 0.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
WatchGuard Firebox1.3%
Tanium2.0%
Other93.1%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
MA
Division Manager, Information Technology at a legal firm with 51-200 employees
Centralized policies have improved remote endpoint control and have simplified data visibility
The integration is not simple and easy. It requires experienced users or people who have done the implementation. When certain policies are applied, they do not immediately push the policies. For example, we manage endpoint device USB access. We set a policy to block it, but it does not come into effect immediately. Sometimes it takes three or four days for it to reflect. That is a pain point. I have raised this issue with support as well, but they said that I need to limit the number of devices in the policy. In terms of application deployment, for us, it was seamless.
Abhishek Saini - PeerSpot reviewer
Professional Services Engineer at Next7 IT
Centralized security management has improved VPN reliability and simplified daily operations
WatchGuard Firebox is a strong and reliable platform overall, but there are a few areas where improvements could make the experience even better. One area is the user interface and navigation in some management tools. While the platform is powerful, certain configurations and troubleshooting workflows can feel less intuitive compared to some newer cloud-native firewall platforms. Another point is reporting and log analysis. Although the logging features are very useful, deeper analytics and more customizable reporting dashboards would make security monitoring much more effective. Firmware upgrades and policy synchronization can sometimes require careful planning to avoid security interruptions. Overall, the core security and VPN functionality are very solid, but improving usability, reporting, and automation would make the platform even stronger. One area that could be improved is the learning curve for new administrators. While experienced engineers can work with the platform effectively, some advanced networking and security configurations can be a bit complex for junior technicians. More guided configuration workflows, smarter recommendations, and simplified troubleshooting tools would make onboarding easier. Another improvement would be more flexible reporting customization for executive-level and client-facing reports.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It'll not slow down your system when compared to others."
"The level of security I get for my endpoints and servers is extremely valuable."
"The positive impacts I see from Cortex XDR by Palo Alto Networks include a complete 360-degree view of our security posture altogether, being a uniform platform where we are ingesting logs from multiple resources."
"I have found the solution to be very easy in respect of the integration and configurable."
"The most valuable aspect of Cortex XDR by Palo Alto Networks for me is its integration with AI detection, where we get to know the behavioral detection based on users, traffic patterns, and different services that we consume."
"The product's most valuable features are massive user and feature intelligence exploit detection."
"It has a higher cost than other solutions, like CrowdStrike or Microsoft’s EDR tools, but it reduces the cost of our operations because it’s a new generation antivirus tool."
"Cortex XDR by Palo Alto Networks saves time in various ways, although the user interface is fairly standard."
"Tanium's most valuable features are patch management, inventory, and distribution software."
"It's definitely not complex, it is pretty user-friendly and it's a solid tool enterprise to use."
"I like the fact that you can create patching campaigns depending on the area of your network that you want to address first. I like the ability it has to make several campaigns that work in parallel."
"Tanium has made the process of detecting threats more proactive with its detection. So, the process is easier and more efficient."
"The most valuable features of this solution are the consolidation of all historical data on device endpoints, security drivers, firmware, and Software version gaps."
"For inventory purposes, it's from one of the best things on the scene, as you can get live inventory."
"The solution is scalable and helps to understand how infrastructure works. It helps to improve the health of the organization."
"The product is granular and can build complex roles compared to other EDR vendors."
"On a scale of one to 10, I would rate the technical support of the WatchGuard Firebox a 10."
"The alarm system is valuable."
"It provides us with Layer 2 and Layer 3 security."
"I appreciate the interface and the client of WatchGuard Firebox the most, since many firewalls do not have a client to connect and instead rely on CLI only, and I also use the fully managed management server and appreciate the feature to schedule operations."
"I sleep a lot better knowing that something is watching the few things that I do need to present to the internet."
"It has made firewall configuration really simple."
"The policy monitoring and allowing different traffic flows are the most useful features for us; regulating which traffic comes in and out."
"I like that this product has very few issues."
 

Cons

"The MAC agent is not as robust feature-wise as the PC version."
"Dashboards do not allow everyone to see what's happening."
"The product's pricing could be better."
"This product has not improved my organization - in fact, we are in the process of moving back to another product as a result of Cortex's horrible impact on system performance."
"Enhancing UI simplicity and playbook flexibility are areas that could benefit from more low-code automation options for smoother integrations."
"The configuration could be simplified. I would like to see better protection, specifically to protect email applications."
"Cortex XDR by Palo Alto Networks is a very good product, but financially, it is very expensive, so the company should look into that area."
"In terms of areas of improvement, we have not completed our review of the product. We're also looking at other products. So, it's a little bit hard to tell what could be different because we have not completed the review of this product, but based on our experience so far, its implementation is quite complex."
"The solution lacks mobility."
"The problem or challenge is a pre-sales and go-to strategy for the SMB market delivered through a channel or model. It's very convoluted and vague, which leads to some confusion about the various types of modules, and the device-to-seat cost is extremely difficult to calculate."
"The most painful thing is the interface. It's a bit unclear sometimes."
"We set a policy to block USB access. The moment a device is being set up on the network, I apply the policy, but it does not come into effect immediately."
"Tanium’s scalability could be improved."
"I would like to have more integrations and custom plugins to input. Integration is always a big deal in a lot of different environments."
"It is not really additional functions, or the features that are needed, rather the complexity would be reduced based on the number of modules required to put together a comprehensive operational security and risk compliance model."
"When working with Tanium, there are some older devices that haven't been patched for a long time, and certain patches are not included in Tanium. I have to search outside to download patches, create bundles, and then perform the task."
"WatchGuard Firebox could improve the speed of updates, such as new features or improvements. However, they are frequently improving the solution in many areas, such as geo-locations, definitions, and web blocking."
"I believe there is a need for additional measures to connect mobile devices securely to the Firebox router."
"I would like to see faster automatation."
"There could also be better reporting. For example, there should be more out-of-the-box management reports."
"In terms of usefulness and reducing frustration, at my level, it's a three."
"I would like to see more simplified management of the firewall... It's a complicated system to use."
"The product can improve in terms of layout to provide easier access and viewing to users, especially for the reports."
"When it comes to live-monitoring, the user-interface could be improved to make things easier."
 

Pricing and Cost Advice

"Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance."
"In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage."
"It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff."
"The solution has one subscription for endpoint protection and one subscription for detection and response. The two licenses combined give you the BRO version."
"The pricing is okay, although direct support can be expensive."
"If one wishes to work with another team or large number of users at a future point, he must purchase a license for them."
"The price of the solution is high for the license and in general."
"Cortex XDR by Palo Alto Networks is an expensive solution."
"There is an annual license required to use this solution."
"The solution offers value for money."
"Tanium is a more expensive solution in Latin America than some of the competitors, such as BigFix."
"It is higher than some competitors in the market."
"It's an expensive solution. It would be nice if the cost were lower."
"The solution is expensive but it's a good investment."
"The product's pricing differs from region to region depending on negotiations and the number of endpoints."
"We paid $4000 in AUD for WatchGuard Firebox per year. There were no additional costs."
"I would rate the pricing at seven out of ten. As for the licensing costs, we typically have yearly licenses for our clients, but there are no additional costs beyond the standard licensing fees."
"The cost was somewhere in the vicinity of $2,000 to $3,000 for each one..."
"The price of the solution is not expensive, it is less than FortiGate."
"The solution is not expensive and customers pay for a yearly license."
"The licensing model for WatchGuard Application Control is based on the number of users. WatchGuard Application Control also has licensing models with several features."
"WatchGuard had a very competitive price. It was only 10 to 20 percent more than a single instance device but with that extra cost it provided a second load balancing device... unlike other brands whose method of hardware and software licensing would have doubled our cost."
"It's an affordable tool"
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
14%
Government
10%
Manufacturing Company
9%
Healthcare Company
6%
Comms Service Provider
12%
Manufacturing Company
8%
Computer Software Company
8%
Construction Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise3
Large Enterprise12
By reviewers
Company SizeCount
Small Business101
Midsize Enterprise30
Large Enterprise17
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What needs improvement with Tanium?
While there is always room for improvement, I am pleased with Tanium.
What is your primary use case for Tanium?
The primary use case for Tanium ( /products/tanium-reviews ) is compliance, patching, and inventory as part of the co...
What advice do you have for others considering Tanium?
For smaller companies, Tanium is quite a big investment, and one needs to have a considerable setup to make it econom...
What is your primary use case for WatchGuard Firebox?
We are providing our services to all WatchGuard customers in the region.
What is your primary use case for WatchGuard Firebox?
We just use it as a secondary WiFi device. We're a small office and we needed to set up a WiFi device for a few of ou...
What is your primary use case for WatchGuard Firebox?
We're a hospital and we use it for developing our incoming and outgoing policies, and we also use it for VPN.
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Tanium Inc Cloud, Tanium XEM
WatchGuard Threat Detection and Response, WatchGuard Application Control, WatchGuard Data Loss Prevention, WatchGuard Gateway AntiVirus, WatchGuard Intrusion Prevention Service
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
JPMorgan Chase, eBay, Amazon, US Bank, MetLife, pwc, Cerner, Delphi, MGM Grand, New York Life
Ellips, Diecutstickers.com, Clarke Energy, NCR, Wrest Park, Homeslice Pizza, Fortessa Tableware Solutions, The Phoenix Residence
Find out what your peers are saying about Tanium vs. WatchGuard Firebox and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.