We performed a comparison between Cortex XDR by Palo Alto Networks and Trend Micro XDR based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Cortex XDR presents an intuitive interface, advanced identification of risks, expandability, and compatibility with various other solutions. Meanwhile, Cortex XDR could use enhancements in hard disk encryption, security integration, and customer education. Trend Micro XDR is commended for its holistic approach to preventing, real-time visualization, and ability to prioritize network-based detection and response. Trend Micro XDR should improve integration, overhaul its web interface, and strengthen its business relationships.
Service and Support: Some customers were impressed with Palo Alto's support, while others reported mixed experiences. Some customers have found Trend Micro’s customer service to be helpful and responsive, while others have encountered challenges with technical support in complex situations.
Ease of Deployment: Some users thought Cortex XDR’s deployment was fast and straightforward, while others consider it to be a complex and time-consuming task that requires thorough planning. The initial setup of Trend Micro XDR is straightforward and fast, but it may require the involvement of several technical professionals.
Pricing: Some reviewers said Cortex XDR is expensive, but others said it was reasonable for the robust feature set Cortex offers. Some reviews noted that Trend Micro XDR might be too costly for small organizations, but others found the price reasonable.
ROI: Cortex XDR creates value by ensuring system and data security rather than a financial return on investment. Trend Micro XDR delivers value through automation. Its efficient alerts ensure timely threat detection and prevention.
Comparison Results: Our users prefer Cortex XDR over Trend Micro XDR. Cortex XDR offers a robust and user-friendly platform with advanced features like threat identification and detection and seamless integration with other solutions. Users appreciate the simplicity and efficiency of its installation process. Trend Micro XDR falls short in terms of integration capabilities and receives mixed reviews regarding technical support.
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"The ability to isolate and address viruses is the most valuable feature of Microsoft Defender XDR."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"It provides a single pane of glass within the 365 admin interface, streamlining our experience by consolidating information in one place and eliminating the need to navigate through multiple interfaces."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"The attack simulation is excellent; initially, this feature wasn't very robust, but Microsoft improved what we could achieve with it. We can now customize our practice phishing emails and include our company logo, for example. Attack simulation also helps integrate with third-party solutions where applicable and provides an overview of our security architecture through testing. The summary includes areas for improvement in our protection and what steps we need to take to get there."
"Threat identification and detection are the most valuable features of this solution."
"They have a new GUI which is just fantastic."
"The initial setup is pretty easy."
"Traps is quite a stable product. Once it was properly deployed and configured, you have nothing to be worried about."
"Provides behavior-based detection which offers many benefits over signature-based detection."
"Being a cloud solution it is very flexible in serving internal and external connections and a broad range of devices."
"When the pandemic started, Palo Alto came up with many solutions, which helped with the quick shift from on-premises to the cloud."
"It's a nice product that's stable and scalable."
"It helps a lot to understand where the threat is coming from, where is it going, how is it being dealt with, et cetera."
"It has the feature to track an attack back. If there is an incident or an attack occurs, you can get a bird's eye view of that attack. You can see how the attackers came in and how they managed the attack. You can trace an attack. If you are giving a presentation to the management, you can easily show it to them in a live environment how the attackers came, which is amazing."
"They were one of the companies, early on, that spent a lot of time integrating their toolsets, and I was really impressed with that... the endpoint management system could reach out to the Deep Discovery system on the network and pick up something that it perceived as a suspicious object."
"One of the features I like in Trend Micro XDR is that you can drill down on the root-cause analysis for anything you find on the solution. I also like that it works for detection purposes. Behavior analytics is also what I like most about Trend Micro XDR. I love that it has features such as behavior detection, program detection, and memory scanning. By default, the solution protects against spyware, apart from the normal virus scan. Smart Scan and DLP are also available in Trend Micro XDR which I like as well."
"We can scale the product as needed."
"The integration is also nice because there are many external tools that we can connect to the platform, such as configuration management tools. Because the platform is integrated, I can manage almost the whole company across our global organization."
"The automatic EDR system that notifies us when something is wrong is valuable."
"Its detection rate is valuable. It is really an easy product to install and manage. It is quite effective at what it does, and if needed, it can also be co-managed, which means 24 hours and seven days a week monitoring through a SOC."
"There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"Stability could be improved by avoiding frequent changes to the interface."
"It would be helpful if the solution could scan faster when it comes to scanning attachments to emails."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process."
"The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."
"Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well."
"There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration."
"The playbooks could be improved to include more functionalities or actions."
"Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files. It was unable to retrieve new file verdicts. It was using a thing called "local analysis" to determine if something was a malicious file or not. There was no dynamic analysis."
"It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue."
"It is an enterprise-level solution. Its price could be less expensive."
"The product's pricing could be better."
"I would like to see better protection, specifically to protect email applications."
"The zero trust is a bit complicated compared to other parts of the solution."
"They are planning on adding the Security Playbooks as a complete feature. In the preview mode, it is available; however, it is not released."
"We do use the automation capability a little. However, we noticed some limitations, especially on the playbook side."
"The price could be lower."
"The integration with third-party tools and with on-premises Active Directory needs improvement."
"It is very expensive."
"A room for improvement is Trend Micro XDR's website. It's a very complicated website since finding the right point one wants to see is difficult."
"Vision One's search could be improved. While the platform is very user-friendly, the search feature uses terms that aren't as intuitive."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Extended Detection and Response (XDR) with 80 reviews while Trend Vision One is ranked 6th in Extended Detection and Response (XDR) with 43 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Trend Vision One is rated 8.6. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Trend Vision One writes "The integration of toolsets is key, enabling automation, and vendor has been tremendous partner for us". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Fortinet FortiClient, whereas Trend Vision One is most compared with CrowdStrike Falcon, Trend Vision One Endpoint Security, SentinelOne Singularity Complete, Microsoft Defender for Endpoint and Fortinet FortiEDR. See our Cortex XDR by Palo Alto Networks vs. Trend Vision One report.
See our list of best Extended Detection and Response (XDR) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.