We compared Cortex XDR by Palo Alto Networks and Darktrace based on our users’ reviews in four categories. After reading the collected data, you can find our conclusion below.
Comparison of Results: Based on the parameters we compared, Cortex XDR by Palo Alto Networks seems to be the superior solution. Our reviewers feel that because Darktrace is lacking where security is concerned, Cortex XDR is a better investment.
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"The setup is pretty simple."
"Fortinet is very user-friendly for customers."
"The most valuable feature is the analysis, because of the beta structure."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"It can automatically correlate events and logs, which is very helpful for an IT administrator. It can correlate different kinds of malware activities over a network, agent, or host system. You do not need to do it manually. It is a good feature. It is also a user-friendly solution. We have deployed it on the cloud because our space does not provide any flexibility for on-premises deployment, but Palo Alto has added some flexibility to install it on-premises. It must be like the same Cortex XDR agent for all the VPN services, web filtering services, and everything else."
"We can visualize and control the activities in the environment from anywhere."
"Cortex XDR by Palo Alto Networks should be a stable solution."
"After deploying Traps, we saw the performance of the network improve by 65 to 70 percent."
"It integrates well into the environment."
"We can use Cortex XDR to get the entire graph of the incidents from source to destination, and we can take remedial action."
"The solution's most valuable feature is its ability to rapidly detect certain hardware files."
"It is easy to use."
"The ability to see what we have not seen before is most valuable. It is very interesting to find out the most vulnerable devices in our network."
"A simple, powerful AI solution that just does all the work for you when you turn it on."
"The product can scale."
"The solution is outstanding from a monitoring perspective."
"The platform has many modules, and each module examines a different situation in the behavior."
"One member of staff is enough for deployment and maintenance because Darkforce is AI-driven. It does a lot of things by itself."
"The most valuable feature has been the behavioral analytics that allows us to monitor all the traffic."
"The main valuable feature is that we don't need a lot of analysts. With few analysts, we have all the network monitored, 24/7."
"The only minor concern is occasional interference with desired programs."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"Cannot be used on mobile devices with a secure connection."
"The SIEM could be improved."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"The solution should address emerging threats like SQL injection."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are the big company, so they can improve the UI a little bit. The UI, the reports, the log system can all be improved."
"The dashboard is the area that needs to improve so that we can have the ability to drill down without having to go elsewhere to verify results."
"The server sometimes stops continuously to check things so it would be helpful to receive access updates or technical reasons."
"Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer."
"They've been having some issues with updating their endpoint agents, and it has been quite frustrating."
"Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well."
"The solution should offer more dashboards and they should be better customized."
"Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access."
"Although we haven't detected any network threats since implementing Darktrace, we are unsure of its efficacy. It would be beneficial if the solution could offer additional details to the user regarding any potential or prevented threats. Additionally, there could be better search tools and integration."
"It's a very complex platform."
"Needs to improve its collaboration with local partners."
"The initial setup is more complex and time-consuming than some solutions."
"The solution could be easier to use."
"One thing I would like is for Darktrace to flag SMB traffic more accurately. Currently, it only flags that SMB traffic has occurred, but it doesn't specify which file was being transferred. This makes it difficult to investigate incidents involving SMB traffic, as we don't have concrete evidence of what was being sent."
"The level of tracking within the network from the transmission level up to the machine level can use improvement."
"Darktrace could expand into EDR (endpoint detection and response) and combine it with its network detection."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while Darktrace is ranked 11th in Email Security with 65 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Darktrace is rated 8.2. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Darktrace writes "Great autonomous support, offers an easy setup, and has responsive support". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Symantec Endpoint Security, Trellix Endpoint Security and Check Point Harmony Endpoint, whereas Darktrace is most compared with CrowdStrike Falcon, Vectra AI, SentinelOne Singularity Complete, Cisco Secure Network Analytics and ExtraHop Reveal(x).
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.