We performed a comparison between CrowdStrike Falcon and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, SentinelOne, CrowdStrike and others in Endpoint Detection and Response (EDR)."The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"It is stable and scalable."
"Forensics is a valuable feature of Fortinet FortiEDR."
"NGAV and EDR features are outstanding."
"The most valuable feature is the analysis, because of the beta structure."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"This is stable and scalable."
"It has an extremely low footprint, so it has got minimum impact on the user end points in terms of CPU and memory usage."
"I like the feature called RTC, the remote time connector."
"The most valuable feature is the machine learning that they use to check certain patterns in the endpoint devices. It checks the whole ecosystem or entire environment."
"The most valuable features of CrowdStrike Falcon include Falcon Fusion workflows and endpoint detection capabilities."
"The Protect functionality on the laptops provides great visibility into what's occurring, and the cloud management of the platform is what we needed."
"The UI is simple and self-explanatory. Everything is easy to understand."
"The ability to execute real-time response, or, that you can connect to the agent and see exactly what processes are operating, is the most important feature of this solution."
"I like the detection rates of mobile threats."
"The most valuable feature is automation."
"The Palo Alto ecosystem has a marketplace offering integration with Sentinel or other products."
"It has an extensive list of integrations that are available out of the box which makes it easy to start."
"For organizations that are stable with their security operations, like those with around 50 members in their security team running full-phased operations 24/7, Cortex is necessary."
"It is quite scalable. I would rate it a ten out of ten."
"Palo Alto is easy to use."
"The most valuable features are simplicity and ease of integration."
"The repository of playbooks and the integration between Palo Alto and IBM QRadar are some useful features"
"ZTNA can improve latency."
"Intelligence aspects need improvement"
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"The support needs improvement."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"The only minor concern is occasional interference with desired programs."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"I would like them to improve the correlation of data in the search algorithms. When we run an investigation, malware, phishing, etc., I want to look at multiple endpoints at once to correlate that data to see the likenesses, e.g., how are they not alike or what systems and processes are running across those systems? I don't want to have to run the same search in their Spotlight module five, 10, 15, or 100 times to get 100 different results, copy that data out, and then correlate it on my own. In a very simple way, I want to be able to load up a comma-delimited list giving me the spotlight data on these X amount of hosts, letting me search for it quickly. We have had to go back to CrowdStrike, and say, "Our search are taking far too long for even one host." They did bump up the cores and that did improve performance, but it is still kind of slow to get that Spotlight data. That is probably our biggest pain point. I think that needs some help. I understand this kind of information access is probably not the easiest thing to do. It is probably a big ask depending on how their back-end is setup."
"The management of the solution could improve."
"The overall cost of CrowdStrike Falcon could be reduced."
"There are some aspects of the UI that could use some improvement, e.g., working in groups. I build a group, then I have to manually assign prevention policies, update policies, etc., but there is no function to copy that group. So, if I wanted to make a subgroup for troubleshooting or divide workstations into groups of laptops and desktops, then I have to manually build a brand new group. I can't just copy a build from one to another. Additionally, in order to do any work within a group, I have to first do the work on the respective prevention policy page or individual policy page, then remove the group if the group is assigned to a different prevention policy, remove the prevention policy, and then add the new one in. So, it can get a little hectic. It would be easier if I could add and remove things from the group page rather than having to go into the policy pages to do it."
"In the six months that I have been using CrowdStrike, it has not been able to detect anything."
"The biggest issue with Falcon as a standalone product is it doesn't have very much reporting."
"CrowdStrike Suites and the way that it bundles things can be a bit challenging. It should be easier to integrate with the other stuff that they sell or be included with what they sell. We have one piece, then they are talking about another piece on vulnerability management all of the sudden, and we don't own that piece. We can see it in the console, but nothing shows up. It simply appears within the tool as an option, but we can't use it without purchasing it."
"Technical support could be better than what is currently offered."
"The price of the solution could be improved."
"There is room for improvement in terms of the pricing model."
"With Palo Alto Networks Cortex XSOAR, managing its setup phase can be a complicated task."
"In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts. I can't take a tab and say I want to use this tab on these other layouts. I have to physically go in there and recreate it from scratch, which is maddening."
"The dashboard performance could be improved."
"It is not a very scalable solution."
"Its dashboard features need improvement."
"Corex XSOAR could be improved by reducing the time it takes to process large amounts of data and increasing the number of integrations."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 107 reviews while Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews. CrowdStrike Falcon is rated 8.8, while Palo Alto Networks Cortex XSOAR is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security and VMware Carbon Black Endpoint, whereas Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Microsoft Sentinel, Fortinet FortiSOAR and Torq.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.