We performed a comparison between Cortex XDR by Palo Alto Networks and CrowdStrike Falcon based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both products receive high marks from reviewers. However, CrowdStrike Falcon comes out on top in this comparison due to its robust performance, ease of deployment, reasonable cost, and impressive ROI.
"Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"Microsoft Defender's most critical component is its CASB solution. It has many built-in policies that can improve your organization's cloud security posture. It's effective regardless of where your users are, which is critical because most users are working from home. It's cloud-based, so nothing is on-premise."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"The product integrates security into one tool instead of having third-party security tools."
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"The integrations are out-of-the-box, as are the playbooks."
"They have a new GUI which is just fantastic."
"Monitoring is most valuable."
"The tool's use cases are relevant to security."
"The most valuable feature is that you can select remote access of any machine for sandboxing."
"The solution's most valuable feature is its ability to rapidly detect certain hardware files."
"Provides behavior-based detection which offers many benefits over signature-based detection."
"The multi-layered approach to the product gives you confidence that it will stop exploits, ransomware, worms, or viruses from compromising endpoints, essentially providing peace of mind."
"Everything is automatic. I install the sensor and renew the service. Periodically, I get a notice that they've shut something down."
"I like Falcon's threat detection and endpoint investigation features. It's a user-friendly solution."
"The initial setup was straightforward."
"The features I like the most are the response time and the dashboard are both excellent."
"The most valuable features are the complete IPS and IDS."
"The most valuable feature is the machine learning that they use to check certain patterns in the endpoint devices. It checks the whole ecosystem or entire environment."
"I like the dashboard nature of it. Everything is clickable, linkable, and information is easy to obtain and find. How it presents that information is probably the biggest win as far as the information correlation aspect. The presentation of it is very good."
"CrowdStrike Falcon has done an excellent job at detecting breaches. It has allowed us to stay in business and keep our systems up."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"Sometimes, configurations take much longer than expected."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"The solution does not offer a unified response and standard data."
"The only issue I've had is, when it comes to deployment, the steps I must take around policy setup. That is challenging."
"The data recovery and backup could be improved."
"I would like to see better protection, specifically to protect email applications."
"The connection to the internet has not performed as expected."
"Traps doesn't work with McAfee. You need to remove McAfee to install Traps. This is very common, and its nothing that should be an issue. Some antivirus engines recognize Traps as an threat component, so maybe they need to shake hands somewhere."
"It is not a suitable solution if you are looking for a single product with multiple features such as DLP, encryption, rollback, etc."
"There are some third-party solutions that are difficult to integrate with, which is something that can be improved."
"The product's pricing needs improvement. They could provide more discounts. Additionally, the dashboard and control panel could be enhanced."
"The server sometimes stops continuously to check things so it would be helpful to receive access updates or technical reasons."
"There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration."
"The installation process for this software needs to be simplified."
"CrowdStrike Suites and the way that it bundles things can be a bit challenging. It should be easier to integrate with the other stuff that they sell or be included with what they sell. We have one piece, then they are talking about another piece on vulnerability management all of the sudden, and we don't own that piece. We can see it in the console, but nothing shows up. It simply appears within the tool as an option, but we can't use it without purchasing it."
"The console is a little cluttered and at times, finding what you're looking for is not intuitive."
"The pricing is a bit too high."
"The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool."
"I would like CrowdStrike to provide some correlation in the threat analysis, so we can visualize things better."
"CrowdStrike Falcon could improve by adding manual scanning or serverless scanning. It is not available at this time."
"This solution could be improved with greater scope for admins to make changes to the solution."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 107 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while CrowdStrike Falcon is rated 8.8. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, Darktrace, Symantec Endpoint Security, Trellix Endpoint Security and Trend Micro Apex One, whereas CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and Symantec Endpoint Security. See our Cortex XDR by Palo Alto Networks vs. CrowdStrike Falcon report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Extended Detection and Response (XDR) vendors, and best Ransomware Protection vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.