Which product would you choose: Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks?

Hi community,

I work as an IT Security person at a large Logistics company.

At the moment, I'm researching these 2 products for my organization: Microsoft Defender for Endpoint and Cortex XDR by Palo Alto Networks.

Most comparisons and reviews I found were done in late 2021 and early 2022.

As of now, considering all Microsoft Updates on their Defender, which product would you prefer to use? What are the pros and cons of each solution?

Thanks for your help.

Ammar Jibarah - PeerSpot reviewer
IT Security at Aramex
  • 4
  • 220
PeerSpot user
4 Answers
Chief Manager at Arcil
Real User
Top 5Leaderboard
Sep 7, 2022

I have not used Microsoft Defender and only used Cortex XDR by Palo Alto Networks. My experience with Cortex is not good as you need to whitelist each and every exe file of each adn every computer. My recommendation for you is to go for Cynet360 MDR which is far better than Cortex in terms of auto detection and remediation. You will get genuine alert.

Product comparison that may be of interest to you
Remy Ma - PeerSpot reviewer
Network Security Services at ACE Managed Securty Services
Real User
Top 5
Dec 7, 2022

Choosing Microsoft Defender makes the most sense if you already have a Microsoft ecosystem. But in reality, you need an endpoint security solution that is proactive and comes with built-in artificial intelligence capabilities.

I value in-depth visibility across the endpoints, so I prefer CrowdStrike Falcon EDR. It’s the best solution for simplified endpoint detection and response. CrowdStrike EDR comes with advanced features and easily integrates with popular third-party solutions like Splunk and Palo Alto Networks. An easy-to-use and navigate interface reduces the learning curve. Personally, I think CrowdStrike Falcon is easier to use than Microsoft Defender.

MSSPs like ACE Managed Security Services provide Managed CrowdStrike EDR. If you’re looking for hassle-free deployment and a fully-managed solution, you should look into ACE.

Senior CyberSecurity Architect and Mentor at BlueTeamAssess LLC
Top 5
Sep 8, 2022

Unless you are using Palo Alto elsewhere in your architecture, I would go with Microsoft if that were the only choice.

However, if you are using another network security issue such as Fortinet or Sophos, I would also look to their endpoint solutions.  They both have EDR and XDR capabilities and the endpoint solutions facilitate synchronization between the endpoint and the network control.

Microsoft has done lots of work in the endpoint space and the Zero Trust world over the past several months.  Defender integrates tightly with the Microsoft Cloud and there is much synchronization that occurs between the physical endpoint and the cloud infrastructure. This means that regardless where the endpoint is physically located it stays connected and controlled by the policies set in the Microsoft cloud.  Very much like the Group Policy Options we became accustomed to with the on premises domain controller.

I know that's a scratch on the surface and there are many other considerations, but you need to seek the solutions that promise management simplicity and the ability to control and protect the endpoints wherever they may be located. 

Director, Customer Success at SecureWorks
Sep 7, 2022

I would go for the one with the best independent threat intelligence, a platform that allows you to change, add, move IT and Security infrastructure without impacting your security platform.  I would also place a close attention to storage costs, service levels and the number of resources providing human intelligence on top of machine intelligence for investigation and incident response, all in one platform.  But I am biased ;-)

Find out what your peers are saying about Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Endpoint and other solutions. Updated: September 2023.
735,226 professionals have used our research since 2012.
Related Questions
Ronald Chavez - PeerSpot reviewer
Cloud Services
Feb 20, 2023
Hi everyone,  What do you think of the integration of Azure AD Services, Defender for Endpoint, and Intune as comprehensive security solutions? I have demoed these solutions together. There are as well other alternatives that integrate with SaaS services. Thank you for your help.
2 out of 4 answers
James OConnor - PeerSpot reviewer
Sr. Solutions Sales Executive - Commercial/Charity/Healthcare/SMB Individual Contributor at Hypertec Direct
Feb 15, 2023
I believe it is a good first step, and I would say even a requirement, but in no way is it a comprehensive security solution, even for endpoints.   There are many things that need to be addressed for security. In addition to this, there is XDR, MDR, more comprehensive AV for endpoints & Servers that stop attacks, Threat Hunting, Mitigation, PEN Testing, Security Training for end users, Multi-Factor Authentication (Microsoft's MFA is good but only for Microsoft products), Patch Management for Endpoints, Servers and Cloud Workloads, Network Access Control, Firewalls for On-Premise and Cloud server workloads, Network Segmentation, Password Management, Data Backups (3-2-1-1 Rule) with Immutable Backups, Power Backups, Physical Security, Monitoring, NOC/SOC services, and working towards a Zero Trust architecture...   But there are no single-point solutions that will make you secure, so don't get complacent. And you can outspend your profits if you do everything. Just remember it's best to have a layered approach that works together and looks at everything from a security perspective and how it integrates with your overall security plans and objectives to help identify holes and possible mitigations. Healthcare must do Risk Assessments by law, but I recommend that all companies of all sizes do at least annual risk assessments since there is so such thing as being too small or inconspicuous to be hit with malware or have a cyber security attack since much of the delivery is automated and not just by the script-kiddies of years gone by... Nation States are actively engaging in cyber warfare daily, along with terrorists, and opportunists looking to make big money from you...
Gaurav Chandola - PeerSpot reviewer
Senior Associate Specialist at a financial services firm with 1,001-5,000 employees
Feb 16, 2023
It depends on your company's infrastructure. Check with your cyber team whether you can sync your endpoints to Cloud using Azure AD as Azure Registered/ Azure Hybrid AD join/ Azure AD join, etc.        1. So, if the ask is only to enroll them in Intune to leverage defender/BitLocker services - go directly to Azure AD's join approach.        2. If you still want to manage patch management/mcm BitLocker but Defender via cloud, the approach should be Azure Hybrid AD join.         3. You can still use autopilot using both of these approaches. 
Content Manager at PeerSpot (formerly IT Central Station)
Dec 15, 2022
Some people say it 's free and comes with Windows 10 and some people say it's expensive. So which is it?
See 1 answer
Navcharan Singh - PeerSpot reviewer
Senior Seo Executive at Ace Cloud Hosting
Dec 15, 2022
Microsoft Windows Defender is a part of Windows 10 and is available at no additional cost. It offers basic protection against malware and viruses. For more comprehensive protection, you can upgrade to a paid subscription to Microsoft Defender Advanced Threat Protection. ADTP is a cloud-based platform that delivers real-time security insights and advanced threat protection for endpoints across your enterprise. It features behavioral detection analytics, anti-ransomware, and anti-phishing technologies. Microsoft Defender ATP starts at $15 per user per month. Volume discounts are available.
Related Articles
Content Manager at PeerSpot (formerly IT Central Station)
Aug 5, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top Extended Detection and Response (XDR...
See 1 comment
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a retailer with 10,001+ employees
Aug 5, 2022
Well, some times ago, EDR agents was moved to XDR but now, XDR is on "peak of inflated expectations", the second of five phases in product development hype. I'd rather wait a little bit, may be ZDR :)
Product Comparisons
Related Articles
Content Manager at PeerSpot (formerly IT Central Station)
Aug 5, 2022
Top 8 Extended Detection and Response (XDR) Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Download Free Report
Download our FREE report comparing Cortex XDR by Palo Alto Networks and Microsoft Defender for Endpoint based on reviews, features, and more! Updated: September 2023.
735,226 professionals have used our research since 2012.