SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to the environment is note-worthy. Sentinel One works inconspicuously in the background, continually providing protection. It has an automated active EDR that will not only find issues but can fix them. I don’t know that any other solution does that.
Cortex XDR by Palo Alto has a nice console and is easy to use. One of my favorite things about it is that it will automatically connect and log various kinds of suspicious behavior - you don’t need to do it manually. Cortex XDR is very secure but it is missing some basic features. It doesn’t offer an on-prem solution and it doesn’t integrate so well with some third-party solutions.
SentinelOne can be challenging to set up and there seem to be some applications that do not function properly when SentinelOne is installed. I would like to be able to make the reporting more specific to my needs. It would be a more attractive option if the cost was lower.
Conclusions
The find-and-fix option that SentinalOne provides was a huge win for us. We feel it provides a deeper and more thorough level of security.
Network & Security Engineer at a healthcare company with 51-200 employees
Real User
2021-09-27T14:55:30Z
Sep 27, 2021
I haven't used Cortex. My worry with it and every other solution is how well does it perform when disconnected from the cloud/ the internet?
S1 - I have been using it for a couple of years now without an issue. I had been using Cylance prior. I've been very happy with the S1 solution. Works with or without the Internet.
IT Security Coordinator at a healthcare company with 10,001+ employees
Real User
2021-09-27T12:56:44Z
Sep 27, 2021
Depends on the size, scope and needs of your environment.
XDR is an ok monitoring/alerting tool, especially if you have a Palo Alto firewall already and everything can integrate well together. However, S1 is a superior tool IMHO and can catch and fix things automatically if you so choose (magic quadrant agrees).
Cost-wise XDR is probably cheaper but I don't know specifics on-prem vs cloud. S1 is a cloud tool but is extremely fast and responsive compared to some other tools we POC'd and can support legacy devices w2k8 and below or Linux or VDI without having to special of workarounds. So again, it depends on your needs, environment and cost.
Find out what your peers are saying about Cortex XDR by Palo Alto Networks vs. SentinelOne Singularity Complete and other solutions. Updated: April 2025.
SentinelOne Singularity Complete and Cortex XDR by Palo Alto Networks are key players in advanced endpoint security. SentinelOne gains a slight edge with its ease of deployment and rollback functionality, while Cortex XDR shines through strong integration with network security infrastructure.Features: SentinelOne Singularity offers a standout rollback capability, AI-driven threat detection, and the ability to operate without cloud dependency which adds to its versatility. Cortex XDR provides...
Cortex XDR by Palo Alto vs. SentinelOne
SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to the environment is note-worthy. Sentinel One works inconspicuously in the background, continually providing protection. It has an automated active EDR that will not only find issues but can fix them. I don’t know that any other solution does that.
Cortex XDR by Palo Alto has a nice console and is easy to use. One of my favorite things about it is that it will automatically connect and log various kinds of suspicious behavior - you don’t need to do it manually. Cortex XDR is very secure but it is missing some basic features. It doesn’t offer an on-prem solution and it doesn’t integrate so well with some third-party solutions.
SentinelOne can be challenging to set up and there seem to be some applications that do not function properly when SentinelOne is installed. I would like to be able to make the reporting more specific to my needs. It would be a more attractive option if the cost was lower.
Conclusions
The find-and-fix option that SentinalOne provides was a huge win for us. We feel it provides a deeper and more thorough level of security.
I haven't used Cortex. My worry with it and every other solution is how well does it perform when disconnected from the cloud/ the internet?
S1 - I have been using it for a couple of years now without an issue. I had been using Cylance prior. I've been very happy with the S1 solution. Works with or without the Internet.
Depends on the size, scope and needs of your environment.
XDR is an ok monitoring/alerting tool, especially if you have a Palo Alto firewall already and everything can integrate well together. However, S1 is a superior tool IMHO and can catch and fix things automatically if you so choose (magic quadrant agrees).
Cost-wise XDR is probably cheaper but I don't know specifics on-prem vs cloud. S1 is a cloud tool but is extremely fast and responsive compared to some other tools we POC'd and can support legacy devices w2k8 and below or Linux or VDI without having to special of workarounds. So again, it depends on your needs, environment and cost.