We performed a comparison between Cortex XDR by Palo Alto Networks and CrowdStrike Falcon based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both products receive high marks from reviewers. However, CrowdStrike Falcon comes out on top in this comparison due to its robust performance, ease of deployment, reasonable cost, and impressive ROI.
"In Microsoft 365 vendor products, monitoring and connectivity across all Microsoft and third-party connectors enable viewing of all activity within those environments."
"The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
"The most valuable feature depends on the scenario. For compliance, I like Microsoft Purview Information Protection and Data Loss Prevention. Sentinel is the most helpful feature for security. 365 Defender helps us prioritize threats across an enterprise. It's a crucial feature for the managed services team."
"The solution is well integrated with applications. It is easy to maintain and administer."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"If there are multiple alerts, the app will automatically create and rate an event instead of going through each one."
"Cortex XDR by Palo Alto Networks should be a stable solution."
"The protection offered by this product is good, as is the endpoint reporting."
"It is easy to use."
"It'll not slow down your system when compared to others."
"Being a cloud solution it is very flexible in serving internal and external connections and a broad range of devices."
"One thing that I like about Cortex XDR by Palo Alto Networks, it is detecting all the suspicious or malicious binaries, and it has integration with Palo Alto Firewall."
"One of the things that I enjoy the most is using policy extensions. It's like having host firewalls to control USB connections. I think it's a wonderful tool to restrict use when connecting to our computers. Another important tool is Home Insights. That is an add-on to the Cortex solution. I like that because we can see all the vulnerabilities in the environment and control what assets are connected to our network."
"CrowdStrike Falcon's scalability is good. We have thousands of students using this solution."
"The EDR is amazing and ease of integration with Splunk is a big plus. Integration with BigQuery is also a plus for me and workflow creation is easy. Overall, CrowdStrike Falcon is a great product."
"The most valuable features of Crowdstrike Falcon XDR are Spotlight and Discovery, they are helpful. Additionally, the console is user-friendly, with fewer false positives than other solutions."
"The most valuable features in CrowdStrike Falcon are the full EDR with antivirus, hunting, reporting, and RTR remote control."
"The most valuable feature of CrowdStrike Falcon is its accuracy. That's very important for me. False-positive are very bad for everyone. As we are a financial institution, it's even worse. I like Falcon because it's very accurate."
"This solution consistently releases improvements. They have communicated their next two years of development which is powerful and covers all of our needs."
"The anomaly detection is the most valuable feature."
"The most valuable feature is the machine learning that they use to check certain patterns in the endpoint devices. It checks the whole ecosystem or entire environment."
"There are a few technical issues with Defender XDR that can be improved. Sometimes, the endpoint devices are not reporting properly to the Defender 365 portal. When you're getting all the information from the Microsoft portal, the devices are sometimes not in sync. We have hundreds of endpoint devices, some needing to be onboarded again."
"The price could be better. It'll also help if they can continuously update and upgrade the solution. Every day there's a new virus uploaded into the network, and we have to keep updating it to identify all these things."
"The tool gives inconsistent answers and crashes a lot."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"Advanced attacks could use an improvement."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"Stability could be improved by avoiding frequent changes to the interface."
"It is a complex solution to implement."
"The solution can never really be an on-premises solution based simply on the way it is set up. It needs metadata to run and improve. Having an on-premises solution would cut it off from making improvements."
"Cortex XDR is trickier to configure than other Palo Alto products. This is one area where we are not so satisfied."
"I don't like that they have different types of licenses. For example, if users select a license, they think they will have all the platforms they need to improve their network or security. But after some time, Palo Alto Networks changed their licensing, and some of the features that, for example, were free at the beginning now have a cost. I think the integration can be improved. For example, a lot of tools are just integrated through APIs."
"There are some default policies which sometimes affect our applications and cause them to run around. In the hotel industry, we use a different type of data versus Oracle and SQL. By default, there are some policies which stop us from running properly. Because of this, the support level is also not that strong. We have to wait to get a results."
"The GUI could be improved."
"There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, is not user-friendly."
"Dashboards do not allow everyone to see what's happening."
"Unfortunately, native applications are not supported."
"The pricing is a bit too high."
"To simplify the budgeting process for our clients, CrowdStrike should consider offering bundled packages that include essential features."
"We encounter occasional issues, such as when disabling network access for a host that uses CrowdStrike."
"The technical support could improve because I am in India and the support I receive is from the UK or Australia. It is difficult to manage the time difference. The service could be faster. However, when we do have the support they are knowledgeable."
"They should provide us with good visibility for everything."
"Too many false positives."
"CrowdStrike Falcon could improve the EDR functionality. Once the functionality of the solution improves, it will be even better in the market and able to compete with Carbon Black."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 107 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while CrowdStrike Falcon is rated 8.8. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, Darktrace, Symantec Endpoint Security, Trellix Endpoint Security and Trend Micro Apex One, whereas CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and Symantec Endpoint Security. See our Cortex XDR by Palo Alto Networks vs. CrowdStrike Falcon report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Extended Detection and Response (XDR) vendors, and best Ransomware Protection vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.