We performed a comparison between Cortex XDR by Palo Alto Networks and Elastic Security based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature depends on the scenario. For compliance, I like Microsoft Purview Information Protection and Data Loss Prevention. Sentinel is the most helpful feature for security. 365 Defender helps us prioritize threats across an enterprise. It's a crucial feature for the managed services team."
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"Advanced hunting is good. I like that. We can drill down to lots of details."
"The integration, visibility, vulnerability management, and device identification are valuable."
"The most valuable feature is the network security."
"The most valuable aspect is undoubtedly the exploration capability"
"If there are multiple alerts, the app will automatically create and rate an event instead of going through each one."
"When the pandemic started, Palo Alto came up with many solutions, which helped with the quick shift from on-premises to the cloud."
"The behavior-based detection feature is valuable."
"Palo Alto is constantly adding new features."
"Cortex XDR can integrate the firewalls and determine the tendencies of the attacks. It's a new generation antivirus, with protection endpoints and detection response. It is very easy to use and everybody can operate the solution."
"Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."
"We can use Cortex XDR to get the entire graph of the incidents from source to destination, and we can take remedial action."
"The solution allows us to make investigations. Other XDR solutions also provide similar capabilities but for investigation, Cortex XDR is better."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"Elastic Security is a highly flexible platform that can be implemented anywhere."
"Elastic Security is very easy to adapt."
"It is the best open-source product for people working in SO, managing and analyzing logs."
"The feature that we have found the most valuable is scalability."
"Stability-wise, I rate the solution a ten out of ten."
"We chose the product based on the ability to scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as intensive."
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
"The support could be more knowledgable to improve their offering."
"In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"The documentation on their website is somewhat outdated and doesn't show properly. I wanted to try a query in Microsoft Defender 365. When I opened the related documentation from the security blog on the Microsoft website, the figures were not showing. It was difficult to understand the article without having the figures. The figures were there in the article, but they were not getting loaded, which made the article obsolete."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"Support is hit or miss. Microsoft wants you to buy premium support contracts. Though they call themselves professional support, it's almost like throwing questions into a black hole. You get an answer, but it's never helpful."
"We had a problem with getting our older endpoints up to date, but their newest updates have been really good. I've been pleased with it in terms of what our needs are. It's doing what we want it to do."
"They've been having some issues with updating their endpoint agents, and it has been quite frustrating."
"In an upcoming release, the solution could improve by proving hard disk encryption. If it could support this it would be a complete solution."
"It should support more mobile operating systems. That is one of the cons of their infrastructure right now."
"It automatically detects security issues. It should be able to protect our network devices while operating autonomously."
"There's an overall lack of features."
"The GUI could be improved."
"In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are the big company, so they can improve the UI a little bit. The UI, the reports, the log system can all be improved."
"One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty."
"We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there)."
"I would like more ways to manage permissions and restrict access to certain users."
"There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM."
"Sometimes, the solution isn't the easiest to use."
"There is room for improvement in the Kibana dashboard and in the asset management for the program."
"An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot."
"The solution could also use better dashboards. They need to be more graphical, more matrix-like."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Extended Detection and Response (XDR) with 80 reviews while Elastic Security is ranked 7th in Extended Detection and Response (XDR) with 59 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Elastic Security is rated 7.6. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Trellix Endpoint Security, whereas Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint. See our Cortex XDR by Palo Alto Networks vs. Elastic Security report.
See our list of best Extended Detection and Response (XDR) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.