We compared Cortex XDR by Palo Alto Networks and Darktrace based on our users’ reviews in four categories. After reading the collected data, you can find our conclusion below.
Comparison of Results: Based on the parameters we compared, Cortex XDR by Palo Alto Networks seems to be the superior solution. Our reviewers feel that because Darktrace is lacking where security is concerned, Cortex XDR is a better investment.
"It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"The product's initial setup phase is very easy."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"The setup is pretty simple."
"Forensics is a valuable feature of Fortinet FortiEDR."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"It can automatically correlate events and logs, which is very helpful for an IT administrator. It can correlate different kinds of malware activities over a network, agent, or host system. You do not need to do it manually. It is a good feature. It is also a user-friendly solution. We have deployed it on the cloud because our space does not provide any flexibility for on-premises deployment, but Palo Alto has added some flexibility to install it on-premises. It must be like the same Cortex XDR agent for all the VPN services, web filtering services, and everything else."
"The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical."
"It's very stable. I've never experienced downtime for the ASM console or ASM core."
"The interface is easy to use and it is more up to date than our previous solution."
"Monitoring is most valuable."
"If there are multiple alerts, the app will automatically create and rate an event instead of going through each one."
"The initial setup is pretty easy."
"Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place."
"The ability to see what we have not seen before is most valuable. It is very interesting to find out the most vulnerable devices in our network."
"The AI-based pattern is the most valuable feature."
"It is a stable solution."
"The most valuable feature is the solution's ability to trim out the false positives and point your attention to the real important stuff."
"Darktrace is very useful for us because it has a large number of models for detecting threats."
"The ability to detect activity on the network is very useful to us. Even if it's not necessarily an illegal activity, if it is abnormal activity, it is able to detect it and notify us."
"We allow customers to access our Wi-Fi as guests, and some of them were going to restricted sites. Darktrace showed us what they were doing so we could block them."
"The most valuable feature of Darktrace is the AI that detects abnormal network activity."
"We find the solution to be a bit expensive."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"Making the portal mobile friendly would be helpful when I am out of office."
"It takes about two business days for initial support, which is too slow in urgent situations."
"The dashboard isn't easy to access and manage."
"The solution could improve by providing better integration with their own products and others."
"The setup is quite easy. We had appropriate support from the manager. One thing that was missing was the integration part."
"Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."
"Cortex XDR by Palo Alto Networks can improve mobile integration to allow access to the console."
"It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control. Currently, Cortex is good in terms of the security of the endpoints, but it is not as good as other vendors in terms of the management of the endpoint."
"It should support more mobile operating systems. That is one of the cons of their infrastructure right now."
"The connection to the internet has not performed as expected."
"Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want."
"I believe their network monitoring device licensing module could use some improvement."
"It should be easier to access the Darktrace portal and its documentation. Only the customer can access their portal and support. It could be cheaper."
"The price point for the product was too high for what our possible use case could be."
"We'd like threat hunting, and we'd like to see a global solution that can automate vulnerability scans. I know it is something they are working on."
"I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools."
"A reporting portal could be a great addition to help customize reports."
"Needs to improve its collaboration with local partners."
"Darktrace requires numerous configurations. It would be beneficial if the configuration could be made simpler."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while Darktrace is ranked 11th in Email Security with 65 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Darktrace is rated 8.2. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Darktrace writes "Great autonomous support, offers an easy setup, and has responsive support". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Symantec Endpoint Security, Trellix Endpoint Security and Check Point Harmony Endpoint, whereas Darktrace is most compared with CrowdStrike Falcon, Vectra AI, SentinelOne Singularity Complete, Cisco Secure Network Analytics and ExtraHop Reveal(x).
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.