We performed a comparison between Forescout Platform and Cortex XDR by Palo Alto Networks based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Forescout Platform stands out for its agentless visibility and advanced features like device fingerprinting. Forescout users say the product could be better at resolving connectivity and license issues. Users also want more compatibility with different devices and operating systems, along with better logging and troubleshooting capabilities. Cortex XDR presents an intuitive interface, advanced identification of risks, expandability, and compatibility with various other solutions. Meanwhile, Cortex XDR could use enhancements in hard disk encryption, security integration, and customer education.
Service and Support: Some users reported positive experiences with Forescout support, but others requested better responsiveness and training. Some customers were impressed with Palo Alto’s support, while others reported mixed experiences.
Ease of Deployment: Some users found Forescout’s setup to be simple and adaptable, while others perceived it as more complex and time-intensive. Some users thought Cortex XDR’s deployment was fast and straightforward, while others consider it to be a complex and time-consuming task that requires thorough planning.
Pricing: The total cost of Forescout Platform can be high depending on the level of customization and integration required. Some reviewers said Cortex XDR is expensive, but others said it was reasonable for the robust feature set Cortex offers.
ROI: Forescout Platform yields a solid ROI by improving network access control and overall security. Cortex XDR creates value by ensuring system and data security rather than a financial return on investment.
Comparison Results: Our users prefer Forescout Platform over Cortex XDR for its agentless visibility, comprehensive device fingerprinting, and easy deployment. Forescout provides outstanding visibility, flexibility, and excellent customer service. Cortex XDR lacks some features like hard disk encryption and received mixed feedback about its customer support.
"Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
"The integration between all the Defender products is the most valuable feature."
"There is also one dashboard that shows us the status of many controls at once and the details I can get... It gives a great overview of many areas, such as files, emails, chats, and links. Even with the apps, it gives you a great overview. In one place you can see where you should look into things more deeply..."
"The most valuable feature depends on the scenario. For compliance, I like Microsoft Purview Information Protection and Data Loss Prevention. Sentinel is the most helpful feature for security. 365 Defender helps us prioritize threats across an enterprise. It's a crucial feature for the managed services team."
"It has great stability."
"Microsoft Defender XDR provides strong identity protection with comprehensive insights into risky user behavior and potential indicators of compromise."
"The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"The product's most valuable features are massive user and feature intelligence exploit detection."
"Threat identification and detection are the most valuable features of this solution."
"The most valuable feature is that you can select remote access of any machine for sandboxing."
"The integrations are out-of-the-box, as are the playbooks."
"The product has an intuitive dashboard."
"Cortex XDR is a very capable solution for protecting large networks and a lot of endpoints. It's very useful because the automation is very high, and if you combine it with the features on Palo Alto firewalls, it provides very strong protection."
"Palo Alto is constantly adding new features."
"Cortex XDR is a simple platform that's easy for administrators and users. You have a lot of flexibility to change or customize the features."
"The product is very easy to work with and easy to deploy."
"Forescout Platform has granular features and one of the most impressive features is the agentless feature."
"The most valuable feature of Forescout Platform is that it has everything that Aruba has at significantly less cost."
"Forescout has a feature that blocks the endpoint at the point of collection. It sets preconditions and will block the system if those aren't met."
"Vulnerability remediation is valuable. We can narrow down a system and its properties. We can go granular on the properties of each endpoint, such as which operating system you're using."
"Forescout Platform has made it possible to block people working near our construction sites who should not have access to our network."
"Ease of deployment There's a great support team that becomes actively engaged whenever we encounter issues. Their technical support is amazing. Good documentation is available. The product is stable. The solution is highly scalable. I recommend using the solution because it gives verified control over the environment. It has a great visibility feature."
"It allows for good detection of all the vendor products we have on-site."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"Improving scalability, especially for very large tenants, could be beneficial for Microsoft Defender XDR."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
"The support could be more knowledgable to improve their offering."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"The management features could be improved, particularly in terms of better integration with Intune, Microsoft's cloud-based management solution."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"The dashboard is the area that needs to improve so that we can have the ability to drill down without having to go elsewhere to verify results."
"There's an overall lack of features."
"I would like to see them include NDR (Network Detection Response)."
"The setup is quite easy. We had appropriate support from the manager. One thing that was missing was the integration part."
"The product's pricing needs improvement. They could provide more discounts. Additionally, the dashboard and control panel could be enhanced."
"The encryption is not up to the mark."
"There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration."
"The solution should force customers to integrate with network traffic to see the full benefits of XDR."
"Regarding pricing, there is room for improvement to enhance competitiveness with other vendors and solutions."
"The solution does have a bit of complexity, and there's some complexity in the deployment. Users need to be trained before undertaking an initial setup."
"It does not support the TACACS+ protocol."
"Initially, the implementation of the Forescout Platform took some time to figure out. The reason is we are a manufacturing unit and we have certain silos that are insulated areas where certain systems will not connect to the internet or to the LAN. Since there are many parts of it, we have to have an inclusive view of all those systems. It took a while for us to initially implement, but after a few months, everything worked well."
"Multitenancy should be included in the next version so it could be used as a managed service provider."
"This solution is not that easy to scale but this depends on a company's needs."
"Other solutions have TACACS+, but Forescout does not. In the next release, I would like to see Forescout have accounting."
"Although Forescout manages endpoints and network devices, there is no capability for user management."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Extended Detection and Response (XDR) with 80 reviews while Forescout Platform is ranked 12th in Extended Detection and Response (XDR) with 69 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Forescout Platform is rated 8.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Forescout Platform writes "We can go granular on each endpoint, quarantine non-compliant machines, and target vulnerabilities through scripting". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Trellix Endpoint Security, whereas Forescout Platform is most compared with Cisco ISE (Identity Services Engine), Aruba ClearPass, Fortinet FortiNAC, Nozomi Networks and Armis. See our Cortex XDR by Palo Alto Networks vs. Forescout Platform report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
