We performed a comparison between Forescout Platform and Cortex XDR by Palo Alto Networks based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Forescout Platform stands out for its agentless visibility and advanced features like device fingerprinting. Forescout users say the product could be better at resolving connectivity and license issues. Users also want more compatibility with different devices and operating systems, along with better logging and troubleshooting capabilities. Cortex XDR presents an intuitive interface, advanced identification of risks, expandability, and compatibility with various other solutions. Meanwhile, Cortex XDR could use enhancements in hard disk encryption, security integration, and customer education.
Service and Support: Some users reported positive experiences with Forescout support, but others requested better responsiveness and training. Some customers were impressed with Palo Alto’s support, while others reported mixed experiences.
Ease of Deployment: Some users found Forescout’s setup to be simple and adaptable, while others perceived it as more complex and time-intensive. Some users thought Cortex XDR’s deployment was fast and straightforward, while others consider it to be a complex and time-consuming task that requires thorough planning.
Pricing: The total cost of Forescout Platform can be high depending on the level of customization and integration required. Some reviewers said Cortex XDR is expensive, but others said it was reasonable for the robust feature set Cortex offers.
ROI: Forescout Platform yields a solid ROI by improving network access control and overall security. Cortex XDR creates value by ensuring system and data security rather than a financial return on investment.
Comparison Results: Our users prefer Forescout Platform over Cortex XDR for its agentless visibility, comprehensive device fingerprinting, and easy deployment. Forescout provides outstanding visibility, flexibility, and excellent customer service. Cortex XDR lacks some features like hard disk encryption and received mixed feedback about its customer support.
"Microsoft Defender's most critical component is its CASB solution. It has many built-in policies that can improve your organization's cloud security posture. It's effective regardless of where your users are, which is critical because most users are working from home. It's cloud-based, so nothing is on-premise."
"In Microsoft 365 vendor products, monitoring and connectivity across all Microsoft and third-party connectors enable viewing of all activity within those environments."
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"The comprehensiveness of Microsoft's threat detection is good."
"Microsoft 365 Defender's most valuable feature is the ability to control the shadow IP."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"Provides behavior-based detection which offers many benefits over signature-based detection."
"Cortex XDR by Palo Alto Networks should be a stable solution."
"The behavior-based detection feature is valuable."
"The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical."
"The information the dashboard provides is very clear."
"The initial setup is easy."
"The stability of this product is very good."
"It's a nice product that's stable and scalable."
"It's one of the tools that has given the federal government visibility into network devices and everything."
"I have noticed that in the last year the license model has changed from licensing the whole appliance to licensing the number of devices. It's more simple for a large installation, or a user to have CounterACT as their peripheral site in the company. It's a good choice to have changed the license policy."
"Forescout is easy to integrate with a lot of end systems."
"The actions that the agentless visibility, allow us to perform on the endpoint, are really amazing, especially in the way that it is done."
"Forescout Platform's most valuable features are that it is very granular. We are able to cull out a lot of information about our particular device or endpoint. The configuration and the visibility are very seamless. Overall the solution is very easy to handle and it's very comprehensive."
"Within three or four days, we have complete visibility of your infrastructure on the network. Compared to other solutions, the deployment of the solution is easier and we can close the project quickly."
"The visibility is the main benefit. We now know how many devices are connected, what the use for each device is and what kind of devices we have in our environment."
"The stability is amazing for the Forescout Platform. We have been using Forescout for four years, and no one complained about the stability."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"We should be able to use the product on devices like Apple, Linux, etc."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"The web filtering solution needs to be improved because currently, it is very simple."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense."
"Intrusion detection and prevention would be great to have with 365 Defender."
"The solution can never really be an on-premises solution based simply on the way it is set up. It needs metadata to run and improve. Having an on-premises solution would cut it off from making improvements."
"The server sometimes stops continuously to check things so it would be helpful to receive access updates or technical reasons."
"It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control. Currently, Cortex is good in terms of the security of the endpoints, but it is not as good as other vendors in terms of the management of the endpoint."
"The GUI could be improved."
"The solution lacks real-time, on-demand antivirus."
"Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats."
"When it comes to core analysis, and security analysis, Cortex needs to provide more information."
"It tends to do 99.9% of things. The only thing I'd like is single sign-on authentication into their cloud platform so that my users can be properly authenticated against it."
"It does not support the TACACS+ protocol."
"Custom integrations need to be better."
"We have found that the agent-based authentication, available within this solution could be improved."
"Forescout Platform needs to improve how the device works in preventing rogue servers."
"The solution does have a bit of complexity, and there's some complexity in the deployment. Users need to be trained before undertaking an initial setup."
"I should be able to integrate my Forescout with any other third party security technology, to build that connected security strategy."
"The fact that Forescout Platform doesn't have a presence in the South African region is a weakness because of which you can't ask for help from them if you have any problems."
"Forescout Platform could improve the costs of integrations."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Extended Detection and Response (XDR) with 80 reviews while Forescout Platform is ranked 14th in Extended Detection and Response (XDR) with 69 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Forescout Platform is rated 8.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Forescout Platform writes "We can go granular on each endpoint, quarantine non-compliant machines, and target vulnerabilities through scripting". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Fortinet FortiEDR, whereas Forescout Platform is most compared with Cisco ISE (Identity Services Engine), Aruba ClearPass, Fortinet FortiNAC, Nozomi Networks and Armis. See our Cortex XDR by Palo Alto Networks vs. Forescout Platform report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.