We performed a comparison between Cortex XDR by Palo Alto Networks and CrowdStrike Falcon based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both products receive high marks from reviewers. However, CrowdStrike Falcon comes out on top in this comparison due to its robust performance, ease of deployment, reasonable cost, and impressive ROI.
"Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing."
"We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."
"We can automate routine tasks and write scripts to carry out difficult tasks, which makes things easier for us."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"The product integrates security into one tool instead of having third-party security tools."
"It provides a single pane of glass within the 365 admin interface, streamlining our experience by consolidating information in one place and eliminating the need to navigate through multiple interfaces."
"The protection offered by this product is good, as is the endpoint reporting."
"The dashboard is customizable."
"Being a cloud solution it is very flexible in serving internal and external connections and a broad range of devices."
"Cortex XDR is a very capable solution for protecting large networks and a lot of endpoints. It's very useful because the automation is very high, and if you combine it with the features on Palo Alto firewalls, it provides very strong protection."
"The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly. The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that."
"Its interface and pricing are most valuable. It is better than other vendors in terms of security."
"The stability of the solution is very good. We have about 100 users on it right now, and we use it twice a week."
"It is easy to use."
"It's very easy to set up."
"The EDR and XDR features have been most valuable."
"CrowdStrike Falcon's most valuable features are the lightweight agent which has absolutely zero performance issues. There is no performance deterioration on the laptop on the network. It is a signature-less antivirus and anti-malware solution, it doesn't depend on signatures which better protects the systems."
"We haven't had any infections or down time."
"The most valuable feature is the indicator of compromise, which show you what file was either quarantined or removed."
"The DLP is the most valuable feature of CrowdStrike Falcon."
"The 10 hours a week that we are freeing up from having to manage and monitor our AV solution has really allowed us to focus on other areas of the business. This has been a huge return on investment."
"CrowdStrike displays a threat score when it detects an infection. This is helpful because not all detections are the same. It will classify them as ransomware, malware, phishing, etc. This feature helps us prioritize and cross-check with other EDR tools."
"The user interface of Microsoft 365 Defender could improve. They could make it simpler."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"The mobile app support for Android and iOS is difficult and needs improvement."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense."
"The data recovery and backup could be improved."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"I would like to see better protection, specifically to protect email applications."
"It is a complex solution to implement."
"It'll help if customization was easier."
"I would like to see some additional features related to email protection included."
"I don't like that they have different types of licenses. For example, if users select a license, they think they will have all the platforms they need to improve their network or security. But after some time, Palo Alto Networks changed their licensing, and some of the features that, for example, were free at the beginning now have a cost. I think the integration can be improved. For example, a lot of tools are just integrated through APIs."
"They've been having some issues with updating their endpoint agents, and it has been quite frustrating."
"It's very time-consuming to log support issues and the people that answer the tickets aren't very knowledgeable."
"The licensing model is complex to understand. It requires expertise to explain how the licensing works. You need expertise to guide you through the subscription plan."
"In the future release of CrowdStrike Falcon, they should add a sandbox feature."
"The product could be more accurate in terms of performance."
"In terms of features, I would like them to add detailed logging functionality in CrowdStrike. Currently, CrowdStrike detects the threats immediately based on the IOCs and the signature-based policies or many threat behaviors, but in terms of logging those threats, it is not very good. The information that they provide in the logs is very little. They can build more analytics into it."
"CrowdStrike needs to quit making up stuff about its features and functionality to bash its competition."
"They don't really have anything when it comes to scanning attachments."
"If CrowdStrike can further expand its support for XDR compatibility, that would give it an edge over all the other competing new products."
"CS Falcon sensing capabilities for non-domain machines should be enhanced since the agent doesn't detect the neighbor's IP Address and/or any anomaly which was identified in the network for the non-domain machine."
"Tighter integration around XDR could be included."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 107 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while CrowdStrike Falcon is rated 8.8. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, Darktrace, Symantec Endpoint Security, Fortinet FortiEDR and Trellix Endpoint Security, whereas CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and Check Point Harmony Endpoint. See our Cortex XDR by Palo Alto Networks vs. CrowdStrike Falcon report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Extended Detection and Response (XDR) vendors, and best Ransomware Protection vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.