Trellix XDR and Wazuh compete in the cybersecurity domain, with Trellix XDR having an edge due to its robust integration and automation capabilities.
Features: Trellix XDR delivers advanced threat detection, automated response, and seamless integration with various third-party tools, catering well to enterprises needing comprehensive security operations. Wazuh stands out with extensive threat intelligence, host-based anomaly detection, and customizable dashboards, attracting organizations desiring more personalized solutions. Trellix's strength lies in its integration abilities, while Wazuh offers unmatched flexibility through its open-source model.
Ease of Deployment and Customer Service: Trellix XDR simplifies deployment with strong vendor support and straightforward integration, making it attractive for businesses seeking quick implementation. Wazuh, although backed by a significant open-source community, may pose a more complex deployment due to its high degree of flexibility. Trellix's exceptional customer service and ease of setup offer a competitive advantage in environments requiring rapid deployment.
Pricing and ROI: Trellix XDR demands a higher initial investment but promises substantial long-term ROI, thanks to its extensive features and support, fitting larger enterprises. Wazuh, a cost-effective choice, presents a lower setup cost while offering significant ROI potential through scalability and reduced ongoing expenses. The economic edge of Trellix is underlined by strong returns, while Wazuh's value is amplified by cost-efficiency and open-source benefits, making it a favorable option for budget-conscious entities.
They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.
Cortex XDR by Palo Alto Networks helps to reduce my total cost of ownership significantly.
In Cortex XDR by Palo Alto Networks, most of the remediation is automated and the accuracy is quite good.
The workload has been reduced and the ROI has improved by around 20 percent.
I have seen a return on investment because, in terms of employees, 15 were cut down to eight, and it was also saving us time from the whole dashboard automation.
Trellix helped us save our information, which is the most critical, and also save money.
I have seen value in security cost savings with Wazuh, as using proprietary EDR versions could save us substantial money.
The technical support from Palo Alto deserves a mark of ten because they reach out within an hour whenever assistance is needed.
There is no back and forth, and they know what we are asking for and come up with the best resolution for a solution.
If any of these services are missed, it becomes a problem in terms of support tickets, follow-up, or special configuration that needs to be done in the system.
If I require remote support, they will send a link to join a session and help me resolve any issues I have faced.
Technical support is crucial, especially when facing critical issues.
The most basic thing that you need from the vendor is support, and by the time they resolve it, you probably would have figured it out by yourself because the resolution came after weeks or months.
They responded quickly, which was crucial as I was on a time constraint.
We use the open-source version of Wazuh, which does not provide paid support.
The documentation is good and provides clear instructions, though it's targeted at those with technical backgrounds.
You can onboard 10,000 endpoints in just hours, which demonstrates the excellent scalability of this product.
Activating the newly purchased licenses is instantaneous, allowing installations without adjustments since it's cloud-based.
Cortex XDR by Palo Alto Networks can be expanded anytime by purchasing another license without any issues related to scalability.
Trellix XDR has good scalability because it can handle multiple security sources and multiple logs.
in our environment, we have fed a lot of data logs into the tool, and it has been reliable and scalable with no issues.
You can scale from ten licenses to several thousand.
It can accommodate thousands of endpoints on one instance, and multiple instances can run for different clients.
Currently, I don't see any limitations in terms of scalability as Wazuh can still connect many endpoints.
Scalability depends on the configuration and the infrastructure resources like compute and memory we allocate.
Cortex remains fast and responsive, even with increasing data and alerts.
The thresholds we've seen on our firewall boxes at some instances reached 80% to 85%, but even at that level of utilization, we don't observe any latency or any issues reported with respect to accessing the application.
Cortex XDR by Palo Alto Networks can be trusted completely.
Support and stability are good. They are continuously improving.
The system would go down for half an hour, an hour, or two hours in the off-hours which would then impact the business, impact the alerts, and the flow of alert.
There is no downtime, or if there is, prior notification is sent to us so we can prepare accordingly.
The stability of Wazuh is strong, with no issues stemming from the solution itself.
The stability of Wazuh is largely dependent on maintenance.
The indexer frequently times out, requiring system restarts.
Improving reporting and dashboard customization, along with the addition of real-time and exportable reports, would help SOC teams greatly.
The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products.
If the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better.
Trellix support team is not highly regarded because they follow a whole hierarchical process to escalate the complaints and the feedback requests, and the resolution can take very long, from two to three weeks to a month, which is not really viable in a cybersecurity landscape which is moving this fast.
Continuous enhancement to automation and AI-driven threat prioritization would further reduce analysts' workflow and improve response effectiveness.
We are getting multiple types of CPU utilization from the EPP solution, with the EPP agent reaching as high as 80 percent CPU utilization.
Machine learning is needed along with understanding user behavior and behavioral patterns.
The integration modules are insufficiently developed, necessitating the creation of custom integration solutions using tools like Logstash and PubSub.
I think Wazuh should improve by introducing AI functionalities, as it would be beneficial to see AI incorporated in the threat hunting and detection functionalities.
The pricing on SentinelOne is far more reasonable and cheaper than Cortex XDR by Palo Alto Networks.
I would say it is definitely not a cheap product, considering how mature it is and how scalable all Palo Alto products are together.
Compared to CrowdStrike, which is very costly, and SentinelOne, which is also very costly, Cortex XDR by Palo Alto Networks is a medium cost-efficient solution.
But currently, they have bumped up the prices and that is why we have now moved to a different solution totally. We have left Trellix XDR.
My experience with pricing, setup cost, and licensing shows that the pricing is very competitive and not overly expensive.
Wazuh is completely free of charge.
I would definitely recommend Wazuh, especially considering Fortinet's licensing model which is confusing and overpriced in my opinion.
Totaling around two lakh Indian rupees per month.
It incorporates AI for normal behavior detection, distinguishing unusual operations.
The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.
It includes machine learning to easily analyze data and detect complex threats across endpoints, networks, or clouds.
Getting the telemetry data from the endpoint with Trellix XDR helps us detect the severity based on malware types, techniques, and tactics with MITRE mapping.
The core functionality includes EDR and NDR, and Trellix XDR gets threat detection on both the network and endpoint levels.
The second feature is its ability for cross-platform threat correlation, meaning the platform helps to correlate all events across endpoints, network activity, security controls, and threat intelligence sources, providing us with a more in-depth view in terms of threat detection and threat research.
Wazuh is a SIEM tool that is highly customizable and versatile.
The system allows us to monitor endpoints effectively and collect security data that can be utilized across other platforms such as SOAR.
With this open source tool, organizations can establish their own customized setup.
| Product | Mindshare (%) |
|---|---|
| Cortex XDR by Palo Alto Networks | 4.6% |
| Wazuh | 4.9% |
| Trellix XDR | 0.8% |
| Other | 89.7% |


| Company Size | Count |
|---|---|
| Small Business | 46 |
| Midsize Enterprise | 21 |
| Large Enterprise | 52 |
| Company Size | Count |
|---|---|
| Small Business | 5 |
| Midsize Enterprise | 3 |
| Large Enterprise | 6 |
| Company Size | Count |
|---|---|
| Small Business | 27 |
| Midsize Enterprise | 15 |
| Large Enterprise | 8 |
Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.
Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.
What are the key features of Cortex XDR?Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.
Trellix XDR provides a comprehensive approach to threat detection and response, enhancing security by integrating data from multiple sources into a single pane of glass for more effective incident management.
Leveraging robust analytics, Trellix XDR enables organizations to improve threat visibility and response capabilities. The platform streamlines security operations by centralizing data from networks, endpoints, and cloud resources. This integration helps security teams quickly identify, analyze, and mitigate threats, reducing the time to respond and improving overall security posture.
What are the most important features of Trellix XDR?In finance and healthcare, Trellix XDR is implemented to secure critical infrastructures, ensuring compliance with industry regulations and standards. Its scalability makes it ideal for retail, adapting to variable traffic patterns and data volumes, consistently safeguarding data and operations across sectors.
Wazuh offers an open-source platform designed for seamless integration into diverse environments, making it ideal for enhancing security infrastructure. Its features include log monitoring, compliance support, and real-time threat detection, providing effective cybersecurity management.
Wazuh stands out for its ability to integrate easily with Kubernetes, cloud-native infrastructures, and various SIEM platforms like ELK. It features robust MITRE ATT&CK correlation, comprehensive log monitoring capabilities, and detailed reporting dashboards. Users benefit from its file integrity monitoring and endpoint detection and response (EDR) capabilities, which streamline compliance and vulnerability assessments. While appreciated for its customization and easy deployment, room for improvement exists in scalability, particularly in the free version, and in areas such as threat intelligence integration, cloud integration, and container security. The platform is acknowledged for its strong documentation and technical support.
What are the key features of Wazuh?In industries like finance, healthcare, and technology, Wazuh is utilized for its capabilities in log aggregation, threat detection, and vulnerability management. Companies often implement its features to ensure compliance with stringent regulations and to enhance security practices across cloud environments. By leveraging its integration capabilities, organizations can achieve unified security management, ensuring comprehensive protection of their digital assets.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.