We performed a comparison between Cortex XDR by Palo Alto Networks and SentinelOne based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both products receive high marks from reviewers. However, SentinelOne comes out on top in this comparison due to its impressive security and EDR features, attractive price, and impressive ROI.
"The product is very easy to use."
"In Microsoft 365 vendor products, monitoring and connectivity across all Microsoft and third-party connectors enable viewing of all activity within those environments."
"The most valuable features are spam filtering, attachment filtering, and antivirus protection."
"Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"The comprehensiveness of Microsoft's threat detection is good."
"The portal is quite user-friendly. There is integration with Office, Intune, and other products from the same portal. From there, we can see which policies are installed on a particular machine. We also can manage devices, groups, and tagging."
"Its most significant advantage lies in its affordability."
"The advantage of Microsoft Defender XDR has over other XDRs in the market is that it's easy to use. You can quickly differentiate between alerts, incidents, devices, software, etc. It's easier to investigate an incident, and you have so many options. You can automate investigations and use playbooks. There's also the live response session, which is something you can't find in any other XDR."
"Cortex XDR is a very capable solution for protecting large networks and a lot of endpoints. It's very useful because the automation is very high, and if you combine it with the features on Palo Alto firewalls, it provides very strong protection."
"It integrates well into the environment."
"Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place."
"One of the main benefits of the solution is its intelligence to correlate the events into an incident."
"The initial setup isn't too bad."
"The tool's use cases are relevant to security."
"Cortex XDR's most valuable feature is its intelligence-based dashboards."
"The dashboard is customizable."
"The tool's most valuable feature is EDR."
"SentinelOne is the next-generation EDR solution."
"What I like best about SentinelOne Singularity Complete is its web-based admin interface, which allows me to go into the platform, look at the entire organization, particularly all of the sentinels or endpoints, and manage everything from there."
"The tool's most valuable feature is Vigilance Respond Pro monitoring. You don't have to have a dedicated SOC and worry about staffing."
"SentinelOne also provides equal protection across Windows, Linux, and macOS. I have all of them and every flavor of them you could possibly imagine. They've done a great job because I still have a lot of legacy infrastructure to support. It can support legacy environments as well as newer environments, including all the latest OS's... There are cost savings not only on licensing but because I don't have to have different people managing different consoles."
"SentinelOne is very simple to install and very simple to manage. It's very aggressive, so it does protection well, and it seems to be stopping attacks that other solutions cannot."
"It is purely cloud-based, meaning you don't need to have something installed, such as a server on-prem. You have cloud management and can access it from anywhere, with integration with SSO, with one click. It's also very lightweight."
"The most valuable feature of SentinelOne is the EDR functionality. We are protected against threats, such as ransomware."
"Stability could be improved by avoiding frequent changes to the interface."
"Microsoft tends to provide too many features, which makes the solution prone to bugs."
"The licensing is a nightmare and has room for improvement."
"The mobile app support for Android and iOS is difficult and needs improvement."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"Cortex XDR by Palo Alto Networks could improve by adding a sandbox feature to better compete with their competitors which have it."
"The server sometimes stops continuously to check things so it would be helpful to receive access updates or technical reasons."
"Limited remote connection."
"Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats."
"The solution should force customers to integrate with network traffic to see the full benefits of XDR."
"It is an enterprise-level solution. Its price could be less expensive."
"Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer."
"The installation should be easier and the Palo Alto pre-sales and sales teams should have more information on the product because they don't know what they are selling."
"One area of SentinelOne that definitely has room for improvement is the reporting. The canned reports are clunky and we haven't been able to pull a lot of good information directly from them."
"Set up is very labor-intensive."
"Using the filters takes a little bit of time to get to used to."
"The ability to have more direct purchasing for smaller groups and smaller businesses would be great."
"It has all the features that other leading products in the market provide. They should keep enhancing it based on the challenges in the market. I am fine with its detection capability, but they can work more on deep inspection."
"The training for SentinelOne Singularity should be free. The solution has a lot of features but we do not know how to use them all. The moment someone purchases the solution they should contact them and provide them with a feature session on how to use the features."
"The previous vendor had a lot more features and capabilities under the license. For example, I lost DLP as Sentinel One does not have DLP."
"They have tiers of support like most companies do. For the first three years, we had the top tier of their support and we would get a response from a technician quickly. We didn't have many things we had to ask of them. They would be very quick. We are now one tier down from that. The SLA for us is no longer within an hour or two. It's within half a day or something like that. As far as if I do ask a question of them, it is a little slower than what it used to be. I understand that we're at a lesser tier, but sometimes it feels like that could be a little better. I have to preface that by specifying that we're no longer paying for their top tier support."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
More SentinelOne Singularity Complete Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while SentinelOne Singularity Complete is ranked 2nd in Endpoint Protection Platform (EPP) with 176 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while SentinelOne Singularity Complete is rated 8.8. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of SentinelOne Singularity Complete writes "Provides peace of mind and is good at ingesting data and correlating". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Microsoft Defender for Cloud, whereas SentinelOne Singularity Complete is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, ThreatLocker Protect and Trend Vision One. See our Cortex XDR by Palo Alto Networks vs. SentinelOne Singularity Complete report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Extended Detection and Response (XDR) vendors, and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I haven't used Cortex. My worry with it and every other solution is how well does it perform when disconnected from the cloud/ the internet?
S1 - I have been using it for a couple of years now without an issue. I had been using Cylance prior. I've been very happy with the S1 solution. Works with or without the Internet.
Depends on the size, scope and needs of your environment.
XDR is an ok monitoring/alerting tool, especially if you have a Palo Alto firewall already and everything can integrate well together. However, S1 is a superior tool IMHO and can catch and fix things automatically if you so choose (magic quadrant agrees).
Cost-wise XDR is probably cheaper but I don't know specifics on-prem vs cloud. S1 is a cloud tool but is extremely fast and responsive compared to some other tools we POC'd and can support legacy devices w2k8 and below or Linux or VDI without having to special of workarounds. So again, it depends on your needs, environment and cost.
Cortex XDR by Palo Alto vs. SentinelOne
SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to the environment is note-worthy. Sentinel One works inconspicuously in the background, continually providing protection. It has an automated active EDR that will not only find issues but can fix them. I don’t know that any other solution does that.
Cortex XDR by Palo Alto has a nice console and is easy to use. One of my favorite things about it is that it will automatically connect and log various kinds of suspicious behavior - you don’t need to do it manually. Cortex XDR is very secure but it is missing some basic features. It doesn’t offer an on-prem solution and it doesn’t integrate so well with some third-party solutions.
SentinelOne can be challenging to set up and there seem to be some applications that do not function properly when SentinelOne is installed. I would like to be able to make the reporting more specific to my needs. It would be a more attractive option if the cost was lower.
Conclusions
The find-and-fix option that SentinalOne provides was a huge win for us. We feel it provides a deeper and more thorough level of security.