We performed a comparison between Cortex XDR by Palo Alto Networks and SentinelOne based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both products receive high marks from reviewers. However, SentinelOne comes out on top in this comparison due to its impressive security and EDR features, attractive price, and impressive ROI.
"The best feature is threat hunting. There are a lot of other features I like, such as the alert mechanism. The chain alert mechanism has a huge impact. It combines all the alerts into one incident and automatically correlates them with AI."
"A crucial aspect for our team is the inclusion of identity and access management tools from the vendor."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"I like that it's stable. It's been stable for a long time, and Microsoft Defender has done a good job there."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"Advanced hunting is good. I like that. We can drill down to lots of details."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"The interface is easy to use and it is more up to date than our previous solution."
"Cortex covers everything I need. It's a perfect solution. Cortex provides a different level of visibility because it's an extended EDR, allowing you to grab logs from the network and firewalls. Palo Alto invented the concept of the extended EDR or XDR."
"Has great threat detection capabilities."
"Its interface and pricing are most valuable. It is better than other vendors in terms of security."
"After deploying Traps, we saw the performance of the network improve by 65 to 70 percent."
"The integrations are out-of-the-box, as are the playbooks."
"It can automatically correlate events and logs, which is very helpful for an IT administrator. It can correlate different kinds of malware activities over a network, agent, or host system. You do not need to do it manually. It is a good feature. It is also a user-friendly solution. We have deployed it on the cloud because our space does not provide any flexibility for on-premises deployment, but Palo Alto has added some flexibility to install it on-premises. It must be like the same Cortex XDR agent for all the VPN services, web filtering services, and everything else."
"Palo Alto is constantly adding new features."
"I have found the activity timeline and threat analysis to be particularly useful."
"The product can scale as needed."
"The detection rate for Sentinel One has been excellent and we have been able to resolve many potential threats with zero client impact. The ability to deploy via our RMM allows us to quickly secure new clients and provides peace of mind."
"The overview is valuable. There are a lot of instances out there, but Singularity Complete cuts the noise down by giving us graphics and color-coding information instead of massive tech dumps. It helps us concentrate on what is actually needed versus just the noise."
"We find the solution to be scalable."
"It protects your machine, and it does an excellent job using AI to determine an attack and stop the attack. Its most powerful feature is prevention, and it can unwind ransomware activity as well. So, it is a really useful product in that sense."
"The anti-ransomware capability to analyze the threats and user-friendliness are the most valuable features."
"The most valuable aspect of SentinelOne Singularity Complete is the protection it provides."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"The solution does not offer a unified response and standard data."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"Microsoft 365 Defender does not have a unique package with emerging endpoint security technologies, such as EDR and XDR."
"We should be able to use the product on devices like Apple, Linux, etc."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"Cortex XDR should have a lightweight agent, and the agent size should not be heavy."
"It tends to do 99.9% of things. The only thing I'd like is single sign-on authentication into their cloud platform so that my users can be properly authenticated against it."
"I would like to see better protection, specifically to protect email applications."
"Cortex XDR by Palo Alto Networks could improve by offering remote management. It would be useful to look at the client's issue to fix it."
"Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms."
"The solution could improve by providing better integration with their own products and others."
"I would like to see them include NDR (Network Detection Response)."
"The product's pricing could be better."
"The only concern we have is that there are a few features that were not readily available."
"In terms of improvement, they should work on agents' updates because that is not a strong part. It's not their strong point. It's not straightforward to upgrade agents. I send them questions about it. They already worked on this and they promised that in the next release that they will show me their solution for it. But this year I have had complaints about agents' updates, that they aren't clear."
"Email security should also integrate with it to get more visibility on it."
"The training for SentinelOne Singularity should be free. The solution has a lot of features but we do not know how to use them all. The moment someone purchases the solution they should contact them and provide them with a feature session on how to use the features."
"As a cloud-based product, there is a minimum number of licenses that need to be purchased, which is unfortunate."
"We are not utilizing all the features available with SentinelOne Singularity Complete, including the built-in XDR and Ranger, due to the substantial associated costs."
"I would like to see something a little more sophisticated than simply being able to mark a false positive as safe or there's usually just one or two options in certain areas and they're a little rudimentary at this stage."
"I encountered issues running Singularity Complete alongside other machine-learning tools."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
More SentinelOne Singularity Complete Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while SentinelOne Singularity Complete is ranked 2nd in Endpoint Protection Platform (EPP) with 177 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while SentinelOne Singularity Complete is rated 8.8. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of SentinelOne Singularity Complete writes "Provides peace of mind and is good at ingesting data and correlating". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Microsoft Defender for Cloud, whereas SentinelOne Singularity Complete is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, ThreatLocker Protect and Trend Vision One. See our Cortex XDR by Palo Alto Networks vs. SentinelOne Singularity Complete report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Extended Detection and Response (XDR) vendors, and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I haven't used Cortex. My worry with it and every other solution is how well does it perform when disconnected from the cloud/ the internet?
S1 - I have been using it for a couple of years now without an issue. I had been using Cylance prior. I've been very happy with the S1 solution. Works with or without the Internet.
Depends on the size, scope and needs of your environment.
XDR is an ok monitoring/alerting tool, especially if you have a Palo Alto firewall already and everything can integrate well together. However, S1 is a superior tool IMHO and can catch and fix things automatically if you so choose (magic quadrant agrees).
Cost-wise XDR is probably cheaper but I don't know specifics on-prem vs cloud. S1 is a cloud tool but is extremely fast and responsive compared to some other tools we POC'd and can support legacy devices w2k8 and below or Linux or VDI without having to special of workarounds. So again, it depends on your needs, environment and cost.
Cortex XDR by Palo Alto vs. SentinelOne
SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to the environment is note-worthy. Sentinel One works inconspicuously in the background, continually providing protection. It has an automated active EDR that will not only find issues but can fix them. I don’t know that any other solution does that.
Cortex XDR by Palo Alto has a nice console and is easy to use. One of my favorite things about it is that it will automatically connect and log various kinds of suspicious behavior - you don’t need to do it manually. Cortex XDR is very secure but it is missing some basic features. It doesn’t offer an on-prem solution and it doesn’t integrate so well with some third-party solutions.
SentinelOne can be challenging to set up and there seem to be some applications that do not function properly when SentinelOne is installed. I would like to be able to make the reporting more specific to my needs. It would be a more attractive option if the cost was lower.
Conclusions
The find-and-fix option that SentinalOne provides was a huge win for us. We feel it provides a deeper and more thorough level of security.