We performed a comparison between Cortex XDR by Palo Alto Networks and CrowdStrike Falcon based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both products receive high marks from reviewers. However, CrowdStrike Falcon comes out on top in this comparison due to its robust performance, ease of deployment, reasonable cost, and impressive ROI.
"The EDR features are valuable. By getting the EDR features, we have more control over the device. We have information about events in real-time and more protection against zero-day threats and zero-day vulnerabilities. We can monitor every event or action that a device is going through. We can get an idea if it is something malicious or if we have to take any actions."
"Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"I like the easy integration and advanced possibilities. We can implement it at customer sites in a few clicks, but we can also dive deep and drill down to extended features. There's a very good starting point to get into this product and all the features from Defender."
"It's a great threat intelligence source for us, providing alerts for things it detects on the network and on the machines. We've used it often when there is a potential incident to see what was done on a computer. That works quite nicely because you can see everything that the user has done..."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"The summarization of emails is a valuable feature."
"It's a very scalable tool that can be used in a very small environment or in a very large environment. Everything can be managed from a simple dashboard and can be scaled up or down depending on the customer's environment."
"Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing."
"The user interface of the solution is sophisticated and straightforward."
"If there are multiple alerts, the app will automatically create and rate an event instead of going through each one."
"I've found the solution to be highly scalable for enterprises."
"We can visualize and control the activities in the environment from anywhere."
"The one feature of Palo Alto Networks Traps that our organization finds most valuable is the App ID service."
"The protection offered by this product is good, as is the endpoint reporting."
"Monitoring is most valuable."
"The dashboard is customizable."
"The most valuable features of CrowdStrike Falcon are the AI in detecting and real-time detections."
"Its integration capability is valuable. It integrates easily with any OS."
"I have found the connection to search the hosts for detections very useful in CrowdStrike Falcon."
"Enables us to understand what processes are running on the system, what registry keys have been enabled."
"The solution can scale easily."
"CrowdStrike Falcon offers a comprehensive dashboard that is highly effective in protecting against and blocking external infiltration attempts."
"CrowdStrike displays a threat score when it detects an infection. This is helpful because not all detections are the same. It will classify them as ransomware, malware, phishing, etc. This feature helps us prioritize and cross-check with other EDR tools."
"The most valuable features of Crowdstrike Falcon XDR are Spotlight and Discovery, they are helpful. Additionally, the console is user-friendly, with fewer false positives than other solutions."
"The patching capability should be there. Patching is something that you cannot do even though you see the vulnerabilities present in your environment. For patching, you have to depend on another solution."
"We should be able to use the product on devices like Apple, Linux, etc."
"It would be highly beneficial if CoPilot could identify anomalies within the network and notify the IT team."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"Intrusion detection and prevention would be great to have with 365 Defender."
"The interface could be improved. For example, if you want to do a phishing simulation for your employees, it can take a while to figure out what to do. The interface is a bit messy and could be updated. It isn't too bad, but doing some things can be a long process."
"The message trace feature for investigating mail flow issues should add more detailed information to the summary report... if they could extend the summary report a little bit, make it more descriptive, ordinary administrators could understand what happened and that the emails failed at this or that point. That way they would know the location to go to try to correct it and to prevent it from occurring again."
"I would like to see some additional features related to email protection included."
"The solution should force customers to integrate with network traffic to see the full benefits of XDR."
"When it comes to core analysis, and security analysis, Cortex needs to provide more information."
"I don't like that they have different types of licenses. For example, if users select a license, they think they will have all the platforms they need to improve their network or security. But after some time, Palo Alto Networks changed their licensing, and some of the features that, for example, were free at the beginning now have a cost. I think the integration can be improved. For example, a lot of tools are just integrated through APIs."
"The GUI could be improved."
"There are a large number of false positives."
"The solution lacks real-time, on-demand antivirus."
"There's an overall lack of features."
"CrowdStrike needs to quit making up stuff about its features and functionality to bash its competition."
"There are some areas where some customers would prefer a different service."
"An improvement would be to extend support to legacy and unsupported servers."
"The pricing structure should allow for some flexibility."
"I would like to see equal support across all versions. Aside from that, I would say most of the features are there."
"In the future release of CrowdStrike Falcon, they should add a sandbox feature."
"CrowdStrike Falcon could improve by having an easier way to search and use the interface for extracting queries from the data. The interface could improve."
"I have worked with their technical support on several problems that were never fully resolved."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 107 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while CrowdStrike Falcon is rated 8.8. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, Darktrace, Symantec Endpoint Security, Trellix Endpoint Security and Trend Vision One Endpoint Security, whereas CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and Symantec Endpoint Security. See our Cortex XDR by Palo Alto Networks vs. CrowdStrike Falcon report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Extended Detection and Response (XDR) vendors, and best Ransomware Protection vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.