We performed a comparison between Trellix Endpoint Security and Cortex XDR by Palo Alto Networks based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Trellix Endpoint Security is highly valued for its easy administration options and reliability. Reviews suggest that Trellix could reduce resource consumption and improve user-friendliness. Cortex XDR by Palo Alto Networks presents an intuitive interface, advanced identification of risks, expandability, and compatibility with various other solutions. However, Cortex XDR could use enhancements in hard disk encryption, security integration, and customer education.
Service and Support: Some users have found the support for Trellix Endpoint Security helpful and reliable, while others have encountered ineffective assistance and communication problems. Some customers were impressed with Palo Alto support, while others reported mixed experiences.
Ease of Deployment: The setup process for Trellix Endpoint Security varies in difficulty, depending on the user's experience with McAfee and general technical expertise. Some users thought Cortex XDR’s deployment was fast and straightforward, while others consider it to be a complex and time-consuming task that requires thorough planning.
Pricing: Some find Trellix’s price reasonable and competitive, while others believe it could be lowered. Some reviewers said Cortex XDR is expensive, but others said it was reasonable for the robust feature set Cortex offers.
ROI: Trellix Endpoint Security provides significant time savings. Cortex XDR creates value by ensuring system and data security rather than a financial return on investment.
Comparison Results: Trellix Endpoint Security is preferred over Cortex XDR. Users said Trellix's comprehensive management capabilities enable effortless administration of all programs from a single console. Cortex XDR received mixed reviews for its initial setup, customer service, and pricing.
"The most valuable aspect is undoubtedly the exploration capability"
"The most valuable features are spam filtering, attachment filtering, and antivirus protection."
"Microsoft 365 Defender is simple to upgrade."
"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical."
"After deploying Traps, we saw the performance of the network improve by 65 to 70 percent."
"The interface is easy to use and it is more up to date than our previous solution."
"Their XDR agent and their behavioral indicators of compromise (BIOC) are pretty nice. Their managed threat hunting is also pretty nice. They also have WildFire, which is a service for actively looking for malware. It's quite useful."
"We have a complete overview of all our PCs and it's very easy to handle and to use the interface. It has a lot of benefits for us."
"The solution is a new generation XDR that has a lot of artificial intelligence modules."
"The user interface of the solution is sophisticated and straightforward."
"It's a nice product that's stable and scalable."
"The package of protection that it provides is useful. It has antivirus, malware protection, VPN, and a whole bunch of other features."
"The central management console is powerful. You can manage endpoints, DLP, encryption, and all the other features from a single console."
"I have found many of the features to be useful."
"The product is quite user-friendly."
"The new central console is better than the earlier one."
"It has a very simple like multi-tenancy option and scalability is outstanding."
"I feel McAfee Endpoint Security to be a good, mature product."
"Trellix Security Endpoint can promptly isolate any host machines directly from the console. If alerts are received and isolation is necessary, it can be accomplished through the console. The console itself holds significant value, accessible through a browser and allowing remote actions via cloud login."
"Microsoft Defender XDR is not a full-fledged EDR or XDR."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"Customers say they want absolutely seamless integration between other Microsoft solutions and Defender XDR, including the ability to change device settings within the Defender portal. They need to contact the IT team responsible for the device management tools to change some settings. They would prefer that those changes be initiated directly from the Defender portal or applied from Intune without involving the IT operations team."
"The solution does not offer a unified response and standard data."
"365 Defender has multiple subsets, including Defender for Cloud Apps. When integrating Defender for Cloud Apps with apps on third-party cloud platforms like AWS or GCP, there are limitations on our ability to control user activities. If Microsoft added more control over third-party products, that would be a game-changer and help us quite a lot."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"The encryption is not up to the mark."
"Cortex XDR by Palo Alto Networks could improve by offering remote management. It would be useful to look at the client's issue to fix it."
"Cortex XDR should have a lightweight agent, and the agent size should not be heavy."
"Dashboards do not allow everyone to see what's happening."
"Limited remote connection."
"The solution should force customers to integrate with network traffic to see the full benefits of XDR."
"It is a complex solution to implement."
"The price could be a little lower."
"Technical support from the vendor is very bad."
"On the next release, they should build an easier way to see a repair option within the McAfee icon on your system tray. If there was an issue, you should be able to contact the user or just right-click on "repair". That would be a very good feature to add. That could be a place of improvement, just adding that button, or customizing it."
"I would like this solution to do what Palo Alto traps does because I would only need to run this one product."
"McAfee Endpoint Protection could improve the word control feature."
"We don't like the solution since it requires much memory consumption and consumes much CPU resources."
"The software download features could stand improvement."
"Some agents become old and then they don't communicate well any longer."
"Sometimes, while installing the ePO, we were getting so many errors and I don't know why it happened."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while Trellix Endpoint Security is ranked 10th in Endpoint Protection Platform (EPP) with 94 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Trellix Endpoint Security is rated 8.0. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Trellix Endpoint Security writes "Good user behavioral analysis and helpful patching but needs better support services". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Fortinet FortiEDR, whereas Trellix Endpoint Security is most compared with Microsoft Defender for Endpoint, Trellix Endpoint Security (ENS), CrowdStrike Falcon, Trend Micro Deep Security and Kaspersky Endpoint Security for Business. See our Cortex XDR by Palo Alto Networks vs. Trellix Endpoint Security report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.