We performed a comparison between Mandiant Advantage and Palo Alto Networks AutoFocus based on real PeerSpot user reviews.
Find out what your peers are saying about CrowdStrike, SentinelOne, Wazuh and others in Extended Detection and Response (XDR)."For me, the advanced hunting capabilities have been really great. It allowed querying the dataset with their own language, which is KQL or Kusto Query Language. That has allowed me to get much more insight into the events that have occurred. The whole power of 365 Defender is that you can get the whole story. It allows you to query an email-based activity and then correlate it with an endpoint-based activity."
"The most valuable feature depends on the scenario. For compliance, I like Microsoft Purview Information Protection and Data Loss Prevention. Sentinel is the most helpful feature for security. 365 Defender helps us prioritize threats across an enterprise. It's a crucial feature for the managed services team."
"The integration between all the Defender products is the most valuable feature."
"The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"Defender is easy to use. It has a nice console, and everything is all in one place."
"I like how Microsoft XDR and the other Microsoft products are integrated into a single unified security stack covering identity access management, endpoint protection, email, cloud applications, etc."
"We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence."
"The advantage of the solution is being able to go look up threat actors and get a lot of detailed information about different attacks and different tactics and general information about threats."
"The feature I have found most valuable is directory monitoring. We experienced an instance of threat actors trying to ensure a complex and massive attack against our customer's infrastructure on the forum. That is, they were animating people on a formum. The solution alerted us to this two days ahead of the attack, which gave us plenty of time to prepare for it."
"It is so valuable to have someone performing these functions outside of our business hours when we don't have staff in the building. We've seen a lot of solid metrics on the amount of malware that it's detecting and resolving. We're pleased with it so far."
"The logs play a crucial role as they contribute to blocking unwanted Internet traffic."
"The most valuable feature is alerting."
"It integrates well with other solutions and provides good threat intelligence in terms of external threats."
"I am impressed with the tool's integration of Palo Alto products which serves as a platform for security."
"The feature that I like best is the dashboard."
"The mobile app support for Android and iOS is difficult and needs improvement."
"At times, there may be delays in the execution of certain actions and their effects."
"The management and automation of the cloud apps have room for improvement."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"The only problem I find is that the use cases are built-in. There is no template available that you can modify according to your organization's standards. What they give is very generic, the market standard, but that might not be applicable to every organization."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense."
"They could have better support. Now that they've merged, they are moving towards a portal system, which isn't very helpful."
"Mandiant's on-prem client is too processor-intensive, so it's putting a strain on the local device's CPU. When a scan is running on the device, the other processing tasks slow to a crawl. We're still trying to figure out the correct settings for the client."
"I think that the data query that is used for data cloud language should be improved. It's really hard to query actual data from the platform."
"I would like the tool to see more integration with Cortex XDR. There is no real reason to keep them separate."
"It is a completely cloud-based product at present."
"I would like to have more technical documentation that contains greater detail on the types of threats that are occurring."
"It would be better if they used the threat intelligence feeds directly from their side and changing the verdict instead of us requesting it."
"It would be helpful to have better documentation for configuring and installing the solution."
Mandiant Advantage is ranked 20th in Extended Detection and Response (XDR) with 3 reviews while Palo Alto Networks AutoFocus is ranked 11th in Threat Intelligence Platforms with 5 reviews. Mandiant Advantage is rated 8.6, while Palo Alto Networks AutoFocus is rated 7.8. The top reviewer of Mandiant Advantage writes "It gives us peace of mind that issues can be addressed when our core IT team isn't working". On the other hand, the top reviewer of Palo Alto Networks AutoFocus writes "Impressive performance and monitoring capabilities but lacks in documentation". Mandiant Advantage is most compared with CrowdStrike Falcon, Cortex Xpanse, Cymulate, Microsoft Defender External Attack Surface Management and Group-IB Threat Intelligence, whereas Palo Alto Networks AutoFocus is most compared with ThreatConnect Threat Intelligence Platform (TIP), Anomali ThreatStream, VirusTotal, LogRhythm SIEM and Cisco Threat Grid.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.