We performed a comparison between Cortex XDR by Palo Alto Networks and SentinelOne based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both products receive high marks from reviewers. However, SentinelOne comes out on top in this comparison due to its impressive security and EDR features, attractive price, and impressive ROI.
"The integration, visibility, vulnerability management, and device identification are valuable."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging."
"I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"When the pandemic started, Palo Alto came up with many solutions, which helped with the quick shift from on-premises to the cloud."
"The behavior-based detection feature is valuable."
"The product's most valuable features are massive user and feature intelligence exploit detection."
"Stability is one of the features we like the most."
"Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."
"Being a cloud solution it is very flexible in serving internal and external connections and a broad range of devices."
"This software helps us understand any issues that may arise when someone is not at work."
"Traps is quite a stable product. Once it was properly deployed and configured, you have nothing to be worried about."
"SentinelOne’s Rollback is its best feature."
"The most valuable features are asset tracking, patching, endpoint tagging, and policy updates."
"The most valuable features are forensic investigation and ransomware prevention."
"It's a plug-and-play solution that works well with other out of box integrations that we have."
"I like Singularity's rollback features, threat-hunting, and Ranger Insights. The Ranger feature scans the network and provides visibility into all the unsecured assets."
"The most valuable feature of SentinelOne is the good graph it provides. It has a specific page where it detects the recent attacks on other machines or the hackers, for example, group APT28 and all."
"We opted for SentinelOne because it gives you visibility and control over all the devices on which you have the agent deployed. That is very valuable because, in the end, all the attacks enter only through one gateway, which is usually a user's computer."
"SentinelOne gives us visibility into various high-level vulnerabilities on every gateway on the network. It helps us prevent vulnerable devices from being compromised. We primarily use Singularity for its EDR functions. We're happy with that."
"The solution does not offer a unified response and standard data."
"Intrusion detection and prevention would be great to have with 365 Defender."
"Microsoft Defender XDR is not a full-fledged EDR or XDR."
"The user interface of Microsoft 365 Defender could improve. They could make it simpler."
"Sometimes, configurations take much longer than expected."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"The price should be adjustable by region."
"The dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard."
"The solution needs better reports. I think they should let the customer go in and customize the reports."
"Limited remote connection."
"It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control. Currently, Cortex is good in terms of the security of the endpoints, but it is not as good as other vendors in terms of the management of the endpoint."
"We would also like to have advanced tech protection and email scanning."
"Currently, we are monitoring all USB drives and ports but we would like to improve our device control capabilities."
"Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access."
"It's not an ideal choice for smaller businesses, as you need a minimum of 200 endpoints to even use the solution at all."
"Using the filters takes a little bit of time to get to used to."
"I would like to see the reports from SentinelOne more customizable, as there are very few options."
"They can improve the administrative interface. They can make it more user-friendly."
"We'd like to have a network map or scan to cover network security."
"Something we are looking forward to is the ability of the SentinelOne backend to ingest data from other sources. Now that they are moving to the Singularity data lake, we are looking forward to being able to query data that is not just collected by SentinelOne endpoint agents. We are looking forward to being able to query against all data that we are ingesting into that backend."
"It's good on Linux, and Windows is pretty good except that the Windows agents sometimes ask for a lot of resources on the endpoints. That could be in the fine-tuning for scanning. In Mac, they are complaining about the same problems, that it's using a lot of resources, but that could also be that we have to configure what it is scanning and what it should not scan. Currently it scans everything."
"While SentinelOne Singularity Complete effectively visualizes security data across our solutions, requiring extensive manual effort for analysis limits its effectiveness. I would therefore rate it a seven out of ten."
"We often experience interruptions to our investigations in SentinelOne Singularity Complete."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
More SentinelOne Singularity Complete Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while SentinelOne Singularity Complete is ranked 2nd in Endpoint Protection Platform (EPP) with 177 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while SentinelOne Singularity Complete is rated 8.8. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of SentinelOne Singularity Complete writes "Provides peace of mind and is good at ingesting data and correlating". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Microsoft Defender for Cloud, whereas SentinelOne Singularity Complete is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, ThreatLocker Protect and Trend Vision One. See our Cortex XDR by Palo Alto Networks vs. SentinelOne Singularity Complete report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Extended Detection and Response (XDR) vendors, and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I haven't used Cortex. My worry with it and every other solution is how well does it perform when disconnected from the cloud/ the internet?
S1 - I have been using it for a couple of years now without an issue. I had been using Cylance prior. I've been very happy with the S1 solution. Works with or without the Internet.
Depends on the size, scope and needs of your environment.
XDR is an ok monitoring/alerting tool, especially if you have a Palo Alto firewall already and everything can integrate well together. However, S1 is a superior tool IMHO and can catch and fix things automatically if you so choose (magic quadrant agrees).
Cost-wise XDR is probably cheaper but I don't know specifics on-prem vs cloud. S1 is a cloud tool but is extremely fast and responsive compared to some other tools we POC'd and can support legacy devices w2k8 and below or Linux or VDI without having to special of workarounds. So again, it depends on your needs, environment and cost.
Cortex XDR by Palo Alto vs. SentinelOne
SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to the environment is note-worthy. Sentinel One works inconspicuously in the background, continually providing protection. It has an automated active EDR that will not only find issues but can fix them. I don’t know that any other solution does that.
Cortex XDR by Palo Alto has a nice console and is easy to use. One of my favorite things about it is that it will automatically connect and log various kinds of suspicious behavior - you don’t need to do it manually. Cortex XDR is very secure but it is missing some basic features. It doesn’t offer an on-prem solution and it doesn’t integrate so well with some third-party solutions.
SentinelOne can be challenging to set up and there seem to be some applications that do not function properly when SentinelOne is installed. I would like to be able to make the reporting more specific to my needs. It would be a more attractive option if the cost was lower.
Conclusions
The find-and-fix option that SentinalOne provides was a huge win for us. We feel it provides a deeper and more thorough level of security.