We compared Cortex XDR by Palo Alto Networks and Darktrace based on our users’ reviews in four categories. After reading the collected data, you can find our conclusion below.
Comparison of Results: Based on the parameters we compared, Cortex XDR by Palo Alto Networks seems to be the superior solution. Our reviewers feel that because Darktrace is lacking where security is concerned, Cortex XDR is a better investment.
"NGAV and EDR features are outstanding."
"The price is low and quite competitive with others."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"Ability to get forensics details and also memory exfiltration."
"Fortinet is very user-friendly for customers."
"The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"Cortex XDR can integrate the firewalls and determine the tendencies of the attacks. It's a new generation antivirus, with protection endpoints and detection response. It is very easy to use and everybody can operate the solution."
"The solution's most valuable feature is its ability to rapidly detect certain hardware files."
"Cortex XDR by Palo Alto Networks should be a stable solution."
"Stability is a primary factor, and then there's the ease of distribution and policy management."
"The most valuable feature is that you can select remote access of any machine for sandboxing."
"The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical."
"The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine."
"The anti-exploit is impenetrable. We chose Traps because it is the only product that we were not able to get anything past."
"I like the dashboards, which are cool. They are more user-friendly, in my experience. Its learning capabilities are really good."
"The solution is stable. We've never had any problems with it."
"Artificial intelligence and machine learning functionalities are valuable."
"It is a stable solution."
"A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time."
"We have found the product to be stable and issue-free."
"We allow customers to access our Wi-Fi as guests, and some of them were going to restricted sites. Darktrace showed us what they were doing so we could block them."
"It provides a comprehensive, detailed view of network activity and whatever is happening inside it."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"The only minor concern is occasional interference with desired programs."
"FortiEDR can be improved by providing more detailed reporting."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"Dashboards do not allow everyone to see what's happening."
"It tends to do 99.9% of things. The only thing I'd like is single sign-on authentication into their cloud platform so that my users can be properly authenticated against it."
"I would like to see better protection, specifically to protect email applications."
"I don't like that they have different types of licenses. For example, if users select a license, they think they will have all the platforms they need to improve their network or security. But after some time, Palo Alto Networks changed their licensing, and some of the features that, for example, were free at the beginning now have a cost. I think the integration can be improved. For example, a lot of tools are just integrated through APIs."
"The playbooks could be improved to include more functionalities or actions."
"Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer."
"Cortex XDR should have a lightweight agent, and the agent size should not be heavy."
"The connection to the internet has not performed as expected."
"I would like to see some additional enhancements."
"This product needs more in terms of prevention. The detection capabilities work well but once a threat has been detected, Darktrace should work to prevent it from doing anything malicious."
"In the next version, I'd like to see penetration testing."
"I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools."
"Its threat analyzer could be better. It should also have agents. They should improve this product by installing agents for the machine to get more visibility. Currently, they are monitoring only the network. They should also monitor the agents from inside. It should also have a better pricing plan because it is an expensive product."
"The cost is a bit on the higher side."
"The interface is too mathematical and it should be simplified."
"One thing that I would like to look at going forward is to have a fully automated network infrastructure that is monitored automatically real-time, and that gives me this kind of capability where I would be able to look at my network at any given time and see the state of my network. With Darktrace, at the moment, I have to almost put in a date and tell them that want you to give me data from this date to this date. I don't want that. I want a fast solution in which it doesn't matter when I log into the application. Whenever I log in, I must be able to see my network and run a report. In other words, if I go in now and I say, "Give me a full report of what happened today, it must be able to give me that. It mustn't just be limited to a seven-day period, for argument's sake. It must be able to give me real-time and day-to-day tracking of what has happened within my network."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while Darktrace is ranked 11th in Email Security with 65 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Darktrace is rated 8.2. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Darktrace writes "Great autonomous support, offers an easy setup, and has responsive support". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Symantec Endpoint Security, Trellix Endpoint Security and Check Point Harmony Endpoint, whereas Darktrace is most compared with CrowdStrike Falcon, Vectra AI, SentinelOne Singularity Complete, Cisco Secure Network Analytics and ExtraHop Reveal(x).
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.