We compared Cortex XDR by Palo Alto Networks and Darktrace based on our users’ reviews in four categories. After reading the collected data, you can find our conclusion below.
Comparison of Results: Based on the parameters we compared, Cortex XDR by Palo Alto Networks seems to be the superior solution. Our reviewers feel that because Darktrace is lacking where security is concerned, Cortex XDR is a better investment.
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"This is stable and scalable."
"The most valuable feature is the analysis, because of the beta structure."
"The price is low and quite competitive with others."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"Being a cloud solution it is very flexible in serving internal and external connections and a broad range of devices."
"If there are multiple alerts, the app will automatically create and rate an event instead of going through each one."
"The product has an intuitive dashboard."
"It collects and caches and the knowledge of machine learning from different customers to take to the cloud. It makes it better to use for everybody. It allows for quick learning and updates and can, therefore, offer zero-day malware security. This sharing of metadata helps make the solution very safe."
"The most valuable feature of Cortex XDR by Palo Alto Networks is its machine-learning capabilities. Additionally, there is full integration with other solutions."
"WildFire AI is the best option for this product."
"Cortex XDR by Palo Alto Networks is easy to use and does not consume a lot of hardware resources."
"The one feature of Palo Alto Networks Traps that our organization finds most valuable is the App ID service."
"It is very easy to work with Darktrace once you know how it works and the type of permissions that you need to get related to the security over a network. The interface is awesome. I'm sure that you have seen Ironman, and you know Jarvis, the computer of Tony Stark. The interface of Darktrace is very similar, and you can see in 3D, like a hologram, the whole network, traffic, and all the traces inside the network. The interface is awesome, and it provides a lot of information. At least for us, it is very easy to handle this interface, get the reports, and do the interpretation of those reports. Darktrace also provides mobile monitoring. With an app on your mobile phone, you can view the information live, which is very useful for area directors and field engineers. Darktrace can be also correlated with any type of big data solution, such as Splunk."
"We are able to detect a lot of things, actually, and see what is happening in our network."
"The models, triggers, and alerts are customizable."
"The most valuable feature of Darktrace is the AI that detects abnormal network activity."
"Darktrace is very useful for us because it has a large number of models for detecting threats."
"I find the complete portfolio to be excellent."
"We have found the product to be stable and issue-free."
"I have found the automation and AI features to be valuable. If someone were to come in to the office at midnight and log in, Darktrace would flag it."
"I haven't seen the use of AI in the solution."
"The dashboard isn't easy to access and manage."
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, is not user-friendly."
"Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files. It was unable to retrieve new file verdicts. It was using a thing called "local analysis" to determine if something was a malicious file or not. There was no dynamic analysis."
"Cortex XDR is trickier to configure than other Palo Alto products. This is one area where we are not so satisfied."
"I would like to see better protection, specifically to protect email applications."
"It should support more mobile operating systems. That is one of the cons of their infrastructure right now."
"The GUI could be improved."
"In an upcoming release, the solution could improve by proving hard disk encryption. If it could support this it would be a complete solution."
"The solution could improve by providing better integration with their own products and others."
"This product needs more in terms of prevention. The detection capabilities work well but once a threat has been detected, Darktrace should work to prevent it from doing anything malicious."
"The solution would benefit from automation. Currently, you have to know what you are searching for."
"It can have more integration with orchestration or event management solutions. They can provide more knowledge or research information for analysts for investigating cases and detecting anomalies in networks."
"It would be good if they can include some endpoint protection for remote workers. Nowadays, most people are working remotely. Therefore, they should include some type of sensors that can be installed on the endpoint in order to directly report the main usage and protect remotely. Phone protection will also be a great feature to add to Darktrace."
"I think there is some MSSP missing."
"It would be useful if there was a way to check to see if there are certain devices that are not in sync with the solution. I'm not sure if this is an option or not."
"Upper management wasn't sold on the value proposition."
"A reporting portal could be a great addition to help customize reports."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while Darktrace is ranked 11th in Email Security with 65 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Darktrace is rated 8.2. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Darktrace writes "Great autonomous support, offers an easy setup, and has responsive support". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Symantec Endpoint Security, Trellix Endpoint Security and Check Point Harmony Endpoint, whereas Darktrace is most compared with CrowdStrike Falcon, Vectra AI, SentinelOne Singularity Complete, Cisco Secure Network Analytics and ExtraHop Reveal(x).
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.