Cortex XDR by Palo Alto Networks and Microsoft Defender for Endpoint are both strong endpoint security solutions with different strengths. Cortex XDR offers advanced threat detection and investigation capabilities with a focus on extended detection and response (XDR). Microsoft Defender for Endpoint emphasizes robust security measures and leverages tight integration with other Microsoft products for a comprehensive security posture.
The summary above is based on 214 interviews we conducted recently with Cortex XDR by Palo Alto Networks and Microsoft Defender users. To access the review's full transcripts, download our report.
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"The product's initial setup phase is very easy."
"NGAV and EDR features are outstanding."
"We have FortiEDR installed on all our systems. This protects them from any threats."
"Fortinet is very user-friendly for customers."
"The stability is very good."
"This is stable and scalable."
"The dashboard is customizable."
"Best solution for avoiding security breaches, malware attacks, and other kinds of security issues."
"The multi-layered approach to the product gives you confidence that it will stop exploits, ransomware, worms, or viruses from compromising endpoints, essentially providing peace of mind."
"The one feature of Palo Alto Networks Traps that our organization finds most valuable is the App ID service."
"It blocks malicious files. It prevents attacks. It doesn't require many updates, it's a very light application."
"Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."
"Cortex XDR lets us manage several clients from the same console, and its endpoint defense is more advanced than traditional antivirus."
"The information the dashboard provides is very clear."
"This is a very go, proactive solution to threat protection using advanced analysis."
"I like the process visibility. This ability to visualize how something was executed is valuable, and the fact that Defender ATP is also linked to the threat intelligence that they have is also valuable. So, even if you have something that doesn't have a conventional signature, the fact that you get this strange execution means that you can detect things that are normally not visible."
"It is quite stable. We have not had any cases, i.e., viruses, that would require a reboot, etc. We have never had a situation where we needed to reinstall the tools as a result of the Defender application or a feature being corrupt."
"The endpoint detection of threats is valuable. The initial detection of things like ransomware and viruses and being able to shut down machines immediately and stop a threat is valuable. We can stop a threat at a source versus allow it to propagate it across the network."
"It integrates very well with all Windows workstations or other Microsoft Endpoint products. It also works quite well. So far, I have not had any issue that hasn't been sorted out. It doesn't use too many resources, so you don't have to install different things."
"The patch updates and version updates are very good. Those happen on an automated basis whenever I'm connecting to the organization network, either through LAN or through the VPN."
"The ransomware and malware protection is the most valuable feature."
"What I found most valuable in Microsoft Defender for Endpoint is that it's out-of-the-box, which brings more value to the customer. The technical support for the product is also one of the best parts, because it's good, in terms of the product knowledge of the technical engineers."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"FortiEDR can be improved by providing more detailed reporting."
"Cannot be used on mobile devices with a secure connection."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"We find the solution to be a bit expensive."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms."
"The playbooks could be improved to include more functionalities or actions."
"We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky."
"I don't like that they have different types of licenses. For example, if users select a license, they think they will have all the platforms they need to improve their network or security. But after some time, Palo Alto Networks changed their licensing, and some of the features that, for example, were free at the beginning now have a cost. I think the integration can be improved. For example, a lot of tools are just integrated through APIs."
"Dashboards do not allow everyone to see what's happening."
"In general, the price could be more competitive."
"In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are the big company, so they can improve the UI a little bit. The UI, the reports, the log system can all be improved."
"Managing the product should be easier."
"The product should reduce updates since it is hard to keep up."
"The detection of viruses could be a little bit better."
"The onboarding and deployment could be more user-friendly, and there is room to grow in some of the reports. I don't want them to be oversimplified or overly complex, but there is room for improvement in the reporting it can do. It's relatively minor."
"I would like to see improvement from a management perspective. We have had to depend on Intune for certain tasks."
"Something that is unique to Microsoft is its licensing model. When you go out and you buy McAfee or Symantec, you know what you're getting out of the box, but with Microsoft, often, when you're looking to achieve a certain set of capabilities, those capabilities are spread across different products. You might try to do something you could do with CrowdStrike, but then find out that you also need to purchase Microsoft Defender for Identity or Microsoft Defender for Azure. You realize that when they talk about what they can offer within the Microsoft platform, it's really the suite of investments. So, sometimes, you may find yourself buying Defender for Endpoint thinking that it matches CrowdStrike, but then you find that Microsoft really needs to sell you something else. One plus one will equal three, but when you have a very concise platform, such as CrowdStrike, you know what you're going to get."
"I miss having an executive dashboard or a simple view for viewing things. Everything is extensive in this solution. Everything is configurable and manageable, but the environment of Microsoft 365 has about 13 administrative dashboards, and in each of the dashboards, there are a gazillion things to set up. It is good for a large enterprise, but for a 200-seat client, you need to see 5% of that."
"I wish they would extend the use of the Security Central portal, even for the free option of Defender. Because, as companies grow, it is labor intensive to manage the AV and detection part of it. For companies already subscribed to Office 365, I think this would be a good enhancement."
"The solution needs to improve its ransomware. It's not so good. It could also use some general performance optimization for the computers the solution operates on, to ensure it does not slow down the devices."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while Microsoft Defender for Endpoint is ranked 1st in Endpoint Protection Platform (EPP) with 182 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". Cortex XDR by Palo Alto Networks is most compared with CrowdStrike Falcon, Darktrace, Symantec Endpoint Security, Trend Micro Apex One and Check Point Harmony Endpoint, whereas Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, SentinelOne Singularity Complete, CrowdStrike Falcon and ESET Endpoint Protection Platform. See our Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I have not used Microsoft Defender and only used Cortex XDR by Palo Alto Networks. My experience with Cortex is not good as you need to whitelist each and every exe file of each adn every computer. My recommendation for you is to go for Cynet360 MDR which is far better than Cortex in terms of auto detection and remediation. You will get genuine alert.
Choosing Microsoft Defender makes the most sense if you already have a Microsoft ecosystem. But in reality, you need an endpoint security solution that is proactive and comes with built-in artificial intelligence capabilities.
I value in-depth visibility across the endpoints, so I prefer CrowdStrike Falcon EDR. It’s the best solution for simplified endpoint detection and response. CrowdStrike EDR comes with advanced features and easily integrates with popular third-party solutions like Splunk and Palo Alto Networks. An easy-to-use and navigate interface reduces the learning curve. Personally, I think CrowdStrike Falcon is easier to use than Microsoft Defender.
MSSPs like ACE Managed Security Services provide Managed CrowdStrike EDR. If you’re looking for hassle-free deployment and a fully-managed solution, you should look into ACE.
Unless you are using Palo Alto elsewhere in your architecture, I would go with Microsoft if that were the only choice.
However, if you are using another network security issue such as Fortinet or Sophos, I would also look to their endpoint solutions. They both have EDR and XDR capabilities and the endpoint solutions facilitate synchronization between the endpoint and the network control.
Microsoft has done lots of work in the endpoint space and the Zero Trust world over the past several months. Defender integrates tightly with the Microsoft Cloud and there is much synchronization that occurs between the physical endpoint and the cloud infrastructure. This means that regardless where the endpoint is physically located it stays connected and controlled by the policies set in the Microsoft cloud. Very much like the Group Policy Options we became accustomed to with the on premises domain controller.
I know that's a scratch on the surface and there are many other considerations, but you need to seek the solutions that promise management simplicity and the ability to control and protect the endpoints wherever they may be located.
I would go for the one with the best independent threat intelligence, a platform that allows you to change, add, move IT and Security infrastructure without impacting your security platform. I would also place a close attention to storage costs, service levels and the number of resources providing human intelligence on top of machine intelligence for investigation and incident response, all in one platform. But I am biased ;-)