We performed a comparison between Forescout Platform and Cortex XDR by Palo Alto Networks based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Forescout Platform stands out for its agentless visibility and advanced features like device fingerprinting. Forescout users say the product could be better at resolving connectivity and license issues. Users also want more compatibility with different devices and operating systems, along with better logging and troubleshooting capabilities. Cortex XDR presents an intuitive interface, advanced identification of risks, expandability, and compatibility with various other solutions. Meanwhile, Cortex XDR could use enhancements in hard disk encryption, security integration, and customer education.
Service and Support: Some users reported positive experiences with Forescout support, but others requested better responsiveness and training. Some customers were impressed with Palo Alto’s support, while others reported mixed experiences.
Ease of Deployment: Some users found Forescout’s setup to be simple and adaptable, while others perceived it as more complex and time-intensive. Some users thought Cortex XDR’s deployment was fast and straightforward, while others consider it to be a complex and time-consuming task that requires thorough planning.
Pricing: The total cost of Forescout Platform can be high depending on the level of customization and integration required. Some reviewers said Cortex XDR is expensive, but others said it was reasonable for the robust feature set Cortex offers.
ROI: Forescout Platform yields a solid ROI by improving network access control and overall security. Cortex XDR creates value by ensuring system and data security rather than a financial return on investment.
Comparison Results: Our users prefer Forescout Platform over Cortex XDR for its agentless visibility, comprehensive device fingerprinting, and easy deployment. Forescout provides outstanding visibility, flexibility, and excellent customer service. Cortex XDR lacks some features like hard disk encryption and received mixed feedback about its customer support.
"The comprehensiveness of Microsoft's threat detection is good."
"Advanced hunting is good. I like that. We can drill down to lots of details."
"The most valuable feature is the network security."
"We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"The integration, visibility, vulnerability management, and device identification are valuable."
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"One of the things that I enjoy the most is using policy extensions. It's like having host firewalls to control USB connections. I think it's a wonderful tool to restrict use when connecting to our computers. Another important tool is Home Insights. That is an add-on to the Cortex solution. I like that because we can see all the vulnerabilities in the environment and control what assets are connected to our network."
"Being a cloud solution it is very flexible in serving internal and external connections and a broad range of devices."
"The integrations are out-of-the-box, as are the playbooks."
"Its interface and pricing are most valuable. It is better than other vendors in terms of security."
"Cortex XDR lets us manage several clients from the same console, and its endpoint defense is more advanced than traditional antivirus."
"Cortex XDR can integrate the firewalls and determine the tendencies of the attacks. It's a new generation antivirus, with protection endpoints and detection response. It is very easy to use and everybody can operate the solution."
"Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."
"Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place."
"The most valuable feature is the blocking of USB devices."
"The most valuable feature of Forescout Platform is that it has everything that Aruba has at significantly less cost."
"We really like that we get full visibility of devices in the local network."
"The stability is amazing for the Forescout Platform. We have been using Forescout for four years, and no one complained about the stability."
"The most valuable features of the Forescout Platform are ease of management and outstanding visibility. The visibility is simple to obtain."
"Vulnerability remediation is valuable. We can narrow down a system and its properties. We can go granular on the properties of each endpoint, such as which operating system you're using."
"Forescout Platform has granular features and one of the most impressive features is the agentless feature."
"The initial setup is easy, taking no more than two or three weeks."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"The data recovery and backup could be improved."
"I personally have not seen much evidence of how Defender can enhance the story of zero trust for enterprises."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"Microsoft Defender XDR is not a full-fledged EDR or XDR."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
"Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."
"There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, is not user-friendly."
"There are some third-party solutions that are difficult to integrate with, which is something that can be improved."
"It automatically detects security issues. It should be able to protect our network devices while operating autonomously."
"Cortex XDR could be improved with more GUI features."
"Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer."
"Palo Alto Networks Cortex XDR does not detect malicious activity like in other anti-virus solutions like Trend Micro and Windows with Cisco."
"Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want."
"Forescout Platform could improve the vulnerability management as well as the control on the endpoint, which needs to be connected to my network."
"The solution could always improve by adding more features to make it more robust."
"Definitely, having more third-party integration would be an improvement."
"Regarding pricing, there is room for improvement to enhance competitiveness with other vendors and solutions."
"If older network devices are used there can be some compatibility issues while using the Forescout Platform. Additionally, if the switches that are deployed in your infrastructure are not captured properly to the endpoints there might be some difficulties with Forescout Platform trying to monitor the network traffic. Traffic management is an area the vendor should work on."
"The reporting feature needs improvement."
"Forescout Platform isn't flexible with connections to devices like printers and forces you to re-enter details like the MAC address after any breakdowns."
"When adding what is in scope to a policy, it would be nice if you could select multiple policies instead of one policy at a time to add what is in the scope for network segmentation. I have found that during the install and configuration of the policies that if you want to modify multiple policies or enable multiple policies that you need to define what is in the scope (IP range or segments) one rule at a time. This caused some slow downs when implementing policies."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Extended Detection and Response (XDR) with 80 reviews while Forescout Platform is ranked 12th in Extended Detection and Response (XDR) with 69 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Forescout Platform is rated 8.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Forescout Platform writes "We can go granular on each endpoint, quarantine non-compliant machines, and target vulnerabilities through scripting". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Trend Micro Apex One, whereas Forescout Platform is most compared with Cisco ISE (Identity Services Engine), Aruba ClearPass, Fortinet FortiNAC, Nozomi Networks and Armis. See our Cortex XDR by Palo Alto Networks vs. Forescout Platform report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.