We performed a comparison between Cortex XDR By Palo Alto Networks and Microsoft Defender for Cloud based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The main difference between the two solutions is that Cortex XDR users say the solution is expensive while Microsoft Defender for Cloud users consider the solution to be fairly priced.
"The most valuable feature is the analysis, because of the beta structure."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"The solution was relatively easy to deploy."
"NGAV and EDR features are outstanding."
"It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"Fortinet is very user-friendly for customers."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"We can visualize and control the activities in the environment from anywhere."
"Cortex XDR is a simple platform that's easy for administrators and users. You have a lot of flexibility to change or customize the features."
"It's very stable. I've never experienced downtime for the ASM console or ASM core."
"The most valuable feature of Cortex XDR by Palo Alto Networks is its machine-learning capabilities. Additionally, there is full integration with other solutions."
"The initial setup is pretty easy."
"We've had a significant increase in blocking with a decrease in false positives, because it's looking at how the files work, not just a list of files that it's been told to look for."
"The most valuable feature is that you can select remote access of any machine for sandboxing."
"Has great threat detection capabilities."
"We can create alerts that trigger if there is any malicious activity happening in the workflow and these alerts can be retrieved using the query language."
"The security alerts and correlated alerts are most valuable. It correlates the logs and gives us correlated alerts, which can be fed into any security information and event management (SIEM) tool. It is an analyzed correlation tool for monitoring security. It gives us alerts when there is any kind of unauthorized access, or when there is any malfunctioning in multifactor authentication (MFA). If our Azure is connected with Azure Security Center, we get to know what types of authentication are happening in our infra."
"This is a platform as a service provided by Azure. We don't need to install or maintain Azure Security Center. It is a ready-made service available in Azure. This is one of the main things that we like. If you look at similar tools, we have to install, maintain, and update services. Whereas, Azure Security Center manages what we are using. This is a good feature that has helped us a lot."
"One important security feature is the incident alerts. Now, with all these cyberattacks, there are a lot of incident alerts that get triggered. It is very difficult to keep monitoring everything automatically, instead our organization is utilizing the automated use case that we get from Microsoft. That has helped bring down the manual work for a lot of things."
"The most valuable features of this solution are the vulnerability assessments and the glossary of compliance."
"DSPM is the most valuable feature."
"It's quite a good product. It helps to understand the infections and issues you are facing."
"It isn't a highly complex solution. It's something that a lot of analysts can use. Defender gives you a broad overview of what's happening in your environment, and it's a great solution if you're a Microsoft shop."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"The support needs improvement."
"We'd like to see more one-to-one product presentations for the distribution channels."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"The solution is not stable."
"ZTNA can improve latency."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"Palo Alto Networks Cortex XDR does not detect malicious activity like in other anti-virus solutions like Trend Micro and Windows with Cisco."
"The price could be a little lower."
"The licensing model is complex to understand. It requires expertise to explain how the licensing works. You need expertise to guide you through the subscription plan."
"In general, the price could be more competitive."
"In an upcoming release, the solution could improve by proving hard disk encryption. If it could support this it would be a complete solution."
"It is a complex solution to implement."
"It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control. Currently, Cortex is good in terms of the security of the endpoints, but it is not as good as other vendors in terms of the management of the endpoint."
"It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue."
"One of the main challenges that we have been facing with Azure Security Center is the cost. The costs are really a complex calculation, e.g., to calculate the monthly costs. Azure is calculating on an hourly basis for use of the resource. Because of this, we found it really complex to promote what will be our costs for the next couple of months. I think if Azure could reduce the complex calculation and come up with straightforward cost mapping that would be very useful from a product point of view."
"The documentation and implementation guides could be improved."
"The documentation could be much clearer."
"I would suggest building a single product that addresses endpoint server protection, attack surface, and everything else in one solution. That is the main disadvantage with the product. If we are incorporating some features, we end up in a situation where this solution is for the server, and that one is for the client, or this is for identity, and that is for our application. They're not bundling it. Commercially, we can charge for different licenses, but on the implementation side, it's tough to help our end-customer understand which product they're getting."
"As an analyst, there is no way to configure or create a playbook to automate the process of flagging suspicious domains."
"The solution could improve by being more intuitive and easier to use requiring less technical knowledge."
"There is no perfect product in the world and there are always features that can be added."
"Customizing some of the compliance requirements based on individual needs seems like the biggest area of improvement. There should be an option to turn specific controls on and off based on how your solution is configured."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while Microsoft Defender for Cloud is ranked 3rd in Cloud Workload Protection Platforms (CWPP) with 46 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Microsoft Defender for Cloud is rated 8.0. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Microsoft Defender for Cloud writes "Provides multi-cloud capability, is plug-and-play, and improves our security posture". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and ESET Endpoint Protection Platform, whereas Microsoft Defender for Cloud is most compared with AWS GuardDuty, Prisma Cloud by Palo Alto Networks, Microsoft Defender XDR, Wiz and Check Point CloudGuard CNAPP. See our Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Cloud report.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.