We performed a comparison between Cortex XDR by Palo Alto Networks and CrowdStrike Falcon based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both products receive high marks from reviewers. However, CrowdStrike Falcon comes out on top in this comparison due to its robust performance, ease of deployment, reasonable cost, and impressive ROI.
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."
"I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"We have a complete overview of all our PCs and it's very easy to handle and to use the interface. It has a lot of benefits for us."
"The solution's most valuable feature is its ability to rapidly detect certain hardware files."
"The solution doesn't need a high level of technical training."
"It blocks malicious files. It prevents attacks. It doesn't require many updates, it's a very light application."
"Being a cloud solution it is very flexible in serving internal and external connections and a broad range of devices."
"The solution allows us to make investigations. Other XDR solutions also provide similar capabilities but for investigation, Cortex XDR is better."
"The product's most valuable features are massive user and feature intelligence exploit detection."
"The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly. The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that."
"The initial setup is very simple."
"As an EDR tool, we can integrate log management and event management. The solution deals with threats automatically, that's the advantage."
"We have seen a reduction to the performance hit to our operating systems."
"The threat intelligence is the most valuable feature."
"Cyberattack detection is very good. We use it for detecting different vulnerabilities, such as ransomware, virus, and malware. It is a good product today when compared to Symantec that we used previously."
"It has definitely minimized resources. When everything was on-prem, there was a lot more work maintaining it. One of the big value tickets: I don't have lists of hundreds of exceptions for certain applications that I have to maintain, add, delete, and move. The very nature of the product has lessened my workload considerably."
"The most valuable feature of CrowdStrike Falcon for me is its unified sensor, applicable across all models."
"The 10 hours a week that we are freeing up from having to manage and monitor our AV solution has really allowed us to focus on other areas of the business. This has been a huge return on investment."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"The management and automation of the cloud apps have room for improvement."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
"There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use."
"It would be helpful if the solution could scan faster when it comes to scanning attachments to emails."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"They've been having some issues with updating their endpoint agents, and it has been quite frustrating."
"Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."
"Traps doesn't work with McAfee. You need to remove McAfee to install Traps. This is very common, and its nothing that should be an issue. Some antivirus engines recognize Traps as an threat component, so maybe they need to shake hands somewhere."
"The GUI could be improved."
"It would be better if they could educate the customers more. Some sort of seminars and roadshows will help educate the customers and show what the product can do. The price could be better. It would also help if they had a team for deployment and support."
"I would like to see them include NDR (Network Detection Response)."
"It is a complex solution to implement."
"Cortex XDR by Palo Alto Networks could improve by adding a sandbox feature to better compete with their competitors which have it."
"The price is too high."
"Forensic controls have room for improvement."
"It would be nice if the dashboard had some more information upfront, and looked a little better."
"The solution needs to have integration with on-premises security devices and security facilities. That means all the security products, including the perimeter firewall, the DMZ."
"In the future release of CrowdStrike Falcon, they should add a sandbox feature."
"CrowdStrike should provide better visibility in its reporting. There should be more forensic details about detected threats."
"The product could be more accurate in terms of performance."
"To simplify the budgeting process for our clients, CrowdStrike should consider offering bundled packages that include essential features."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 106 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while CrowdStrike Falcon is rated 8.8. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, Darktrace, Symantec Endpoint Security, Trend Micro Apex One and Trellix Endpoint Security, whereas CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and Symantec Endpoint Security. See our Cortex XDR by Palo Alto Networks vs. CrowdStrike Falcon report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Extended Detection and Response (XDR) vendors, and best Ransomware Protection vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.