Cortex XDR by Palo Alto Networks and Microsoft Defender for Endpoint are both strong endpoint security solutions with different strengths. Cortex XDR offers advanced threat detection and investigation capabilities with a focus on extended detection and response (XDR). Microsoft Defender for Endpoint emphasizes robust security measures and leverages tight integration with other Microsoft products for a comprehensive security posture.
The summary above is based on 214 interviews we conducted recently with Cortex XDR by Palo Alto Networks and Microsoft Defender users. To access the review's full transcripts, download our report.
"The product's initial setup phase is very easy."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"The stability is very good."
"Fortinet is very user-friendly for customers."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"It is stable and scalable."
"Cortex covers everything I need. It's a perfect solution. Cortex provides a different level of visibility because it's an extended EDR, allowing you to grab logs from the network and firewalls. Palo Alto invented the concept of the extended EDR or XDR."
"The initial setup is pretty easy."
"The user interface of the solution is sophisticated and straightforward."
"Traps is quite a stable product. Once it was properly deployed and configured, you have nothing to be worried about."
"They did what they said. This solution could apply to any scenario."
"Their XDR agent and their behavioral indicators of compromise (BIOC) are pretty nice. Their managed threat hunting is also pretty nice. They also have WildFire, which is a service for actively looking for malware. It's quite useful."
"Cortex XDR is a very capable solution for protecting large networks and a lot of endpoints. It's very useful because the automation is very high, and if you combine it with the features on Palo Alto firewalls, it provides very strong protection."
"It's very stable. I've never experienced downtime for the ASM console or ASM core."
"DFE organizational security posture has been a positive experience. We're a Microsoft house. It works. Once it's deployed and once it's configured, it works and our clients tend to be happy with it. I haven't really experienced anyone who has been so unsatisfied with the platform that they wanted to go a couple of different directions, that has never happened to me."
"We had certain compliance and usage issues. For example, our company wanted to go with CIS, but we didn't have a proper way of measuring whether the endpoints have the right standards in place or whether they were compliant with CIS. Microsoft Defender was like a one-stop for most things because it gave us the vulnerability and patching scores so that our vulnerability management teams can focus on covering up the vulnerabilities and the patching team can check the vulnerable versions and deploy the right versions."
"The protection that it provides is quite good."
"What I found most valuable in Microsoft Defender for Endpoint is that it's out-of-the-box, which brings more value to the customer. The technical support for the product is also one of the best parts, because it's good, in terms of the product knowledge of the technical engineers."
"The comprehensiveness of Microsoft threat-protection products is great... Today, Microsoft Sentinel by itself is a leading Gartner SIEM tool. It has advantages over competitors because of the ability to integrate with Microsoft solutions and automate continuous monitoring of Microsoft AD and Office 365 data."
"The best thing I like about it is its interaction with the other Defender products. It provides the ability to push telemetry up. It gives me endpoint visibility and allows me to take automated actions."
"This is a very go, proactive solution to threat protection using advanced analysis."
"Defender has very little impact on the end-user and the agent works quite well with a minimal impact on the client and server."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"Cannot be used on mobile devices with a secure connection."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"Making the portal mobile friendly would be helpful when I am out of office."
"The dashboard isn't easy to access and manage."
"The solution should address emerging threats like SQL injection."
"There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, is not user-friendly."
"There are some default policies which sometimes affect our applications and cause them to run around. In the hotel industry, we use a different type of data versus Oracle and SQL. By default, there are some policies which stop us from running properly. Because of this, the support level is also not that strong. We have to wait to get a results."
"It's not an ideal choice for smaller businesses, as you need a minimum of 200 endpoints to even use the solution at all."
"There are some third-party solutions that are difficult to integrate with, which is something that can be improved."
"If they had pulse rate detection, it would be better."
"It's very time-consuming to log support issues and the people that answer the tickets aren't very knowledgeable."
"It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control. Currently, Cortex is good in terms of the security of the endpoints, but it is not as good as other vendors in terms of the management of the endpoint."
"I don't like that they have different types of licenses. For example, if users select a license, they think they will have all the platforms they need to improve their network or security. But after some time, Palo Alto Networks changed their licensing, and some of the features that, for example, were free at the beginning now have a cost. I think the integration can be improved. For example, a lot of tools are just integrated through APIs."
"The time it takes to implement policies has room for improvement."
"In the next release, I would like to see better management reporting."
"Right now, there's a portal for Azure, portals for Microsoft Office, and portals for endpoints. It would be good to have only one portal and integrate everything."
"I would like Microsoft to have some kind of direct integration for USB controls. They have GPO and other controls to control the access of the USB drives on devices, but if there is something that can be directly implemented into the portal, it would be good. There should be a way to control via a cloud portal or something like that in a dynamic way. USB control for data exfiltration would be a good feature to implement. Currently, there are ways to do it, but it involves too many different things. You have to implement it via GPOs and other stuff, and then you move or copy those big files via Defender ATP. If there is a simple way of implementing those features, it would be great."
"The GUI is very complex and could be more user friendly."
"In terms of the architecture of the management infrastructure, we found that other technologies are more simple. Microsoft Defender could be simpler too."
"I had some cases a while back and told an agent my issue. When I called the next day, I had to explain everything again to a different person, so I found it annoying to repeat myself all over."
"I would like to see online updates for patches for this solution. I would also like to see online information about what is trending in the market in terms of spams, viruses, or trojans. It takes some time to understand how this solution works. A few things are unclear at the beginning, such as whether it actually restricts the virus or spam at the initial stage, or when there is a security update, how will we come to know and how will it get synchronized. It would be really helpful if there is some kind of knowledge base in the form of video, audio, or document that can explain in a user-friendly way the setup, features, risks, and process to mitigate the risks. Currently, I have installed endpoint security for every individual system. I could not install it like other endpoint solutions where we have a server and a client. It would be really helpful if Microsoft Windows Defender has a server-client based model so that I can save some bandwidth when it downloads or uploads features. It will be helpful if we have a LAN-based or WAN-based controlling system."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while Microsoft Defender for Endpoint is ranked 1st in Endpoint Protection Platform (EPP) with 182 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". Cortex XDR by Palo Alto Networks is most compared with CrowdStrike Falcon, Darktrace, Symantec Endpoint Security, Trellix Endpoint Security and Check Point Harmony Endpoint, whereas Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, SentinelOne Singularity Complete, CrowdStrike Falcon and Microsoft Intune. See our Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I have not used Microsoft Defender and only used Cortex XDR by Palo Alto Networks. My experience with Cortex is not good as you need to whitelist each and every exe file of each adn every computer. My recommendation for you is to go for Cynet360 MDR which is far better than Cortex in terms of auto detection and remediation. You will get genuine alert.
Choosing Microsoft Defender makes the most sense if you already have a Microsoft ecosystem. But in reality, you need an endpoint security solution that is proactive and comes with built-in artificial intelligence capabilities.
I value in-depth visibility across the endpoints, so I prefer CrowdStrike Falcon EDR. It’s the best solution for simplified endpoint detection and response. CrowdStrike EDR comes with advanced features and easily integrates with popular third-party solutions like Splunk and Palo Alto Networks. An easy-to-use and navigate interface reduces the learning curve. Personally, I think CrowdStrike Falcon is easier to use than Microsoft Defender.
MSSPs like ACE Managed Security Services provide Managed CrowdStrike EDR. If you’re looking for hassle-free deployment and a fully-managed solution, you should look into ACE.
Unless you are using Palo Alto elsewhere in your architecture, I would go with Microsoft if that were the only choice.
However, if you are using another network security issue such as Fortinet or Sophos, I would also look to their endpoint solutions. They both have EDR and XDR capabilities and the endpoint solutions facilitate synchronization between the endpoint and the network control.
Microsoft has done lots of work in the endpoint space and the Zero Trust world over the past several months. Defender integrates tightly with the Microsoft Cloud and there is much synchronization that occurs between the physical endpoint and the cloud infrastructure. This means that regardless where the endpoint is physically located it stays connected and controlled by the policies set in the Microsoft cloud. Very much like the Group Policy Options we became accustomed to with the on premises domain controller.
I know that's a scratch on the surface and there are many other considerations, but you need to seek the solutions that promise management simplicity and the ability to control and protect the endpoints wherever they may be located.
I would go for the one with the best independent threat intelligence, a platform that allows you to change, add, move IT and Security infrastructure without impacting your security platform. I would also place a close attention to storage costs, service levels and the number of resources providing human intelligence on top of machine intelligence for investigation and incident response, all in one platform. But I am biased ;-)