We compared Cortex XDR by Palo Alto Networks and Darktrace based on our users’ reviews in four categories. After reading the collected data, you can find our conclusion below.
Comparison of Results: Based on the parameters we compared, Cortex XDR by Palo Alto Networks seems to be the superior solution. Our reviewers feel that because Darktrace is lacking where security is concerned, Cortex XDR is a better investment.
"The setup is pretty simple."
"Forensics is a valuable feature of Fortinet FortiEDR."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"The solution was relatively easy to deploy."
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"Cortex covers everything I need. It's a perfect solution. Cortex provides a different level of visibility because it's an extended EDR, allowing you to grab logs from the network and firewalls. Palo Alto invented the concept of the extended EDR or XDR."
"Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."
"The product's most valuable features are massive user and feature intelligence exploit detection."
"Has great threat detection capabilities."
"Being a cloud solution it is very flexible in serving internal and external connections and a broad range of devices."
"Traps is quite a stable product. Once it was properly deployed and configured, you have nothing to be worried about."
"The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine."
"We can visualize and control the activities in the environment from anywhere."
"The main valuable feature is that we don't need a lot of analysts. With few analysts, we have all the network monitored, 24/7."
"The Dynamic Threat Dashboard is very nice, as it lists all of your threats and rates them, and then you can choose whether to investigate further."
"The models, triggers, and alerts are customizable."
"The solution can scale."
"Darktrace is very useful for us because it has a large number of models for detecting threats."
"The most valuable feature of this solution is that it does not require human intervention to eliminate a threat."
"It is very easy to work with Darktrace once you know how it works and the type of permissions that you need to get related to the security over a network. The interface is awesome. I'm sure that you have seen Ironman, and you know Jarvis, the computer of Tony Stark. The interface of Darktrace is very similar, and you can see in 3D, like a hologram, the whole network, traffic, and all the traces inside the network. The interface is awesome, and it provides a lot of information. At least for us, it is very easy to handle this interface, get the reports, and do the interpretation of those reports. Darktrace also provides mobile monitoring. With an app on your mobile phone, you can view the information live, which is very useful for area directors and field engineers. Darktrace can be also correlated with any type of big data solution, such as Splunk."
"Artificial intelligence and machine learning functionalities are valuable."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"It takes about two business days for initial support, which is too slow in urgent situations."
"I haven't seen the use of AI in the solution."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."
"We find the solution to be a bit expensive."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"ZTNA can improve latency."
"Cortex XDR by Palo Alto Networks could improve by offering remote management. It would be useful to look at the client's issue to fix it."
"I don't like that they have different types of licenses. For example, if users select a license, they think they will have all the platforms they need to improve their network or security. But after some time, Palo Alto Networks changed their licensing, and some of the features that, for example, were free at the beginning now have a cost. I think the integration can be improved. For example, a lot of tools are just integrated through APIs."
"Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well."
"It is a complex solution to implement."
"Limited remote connection."
"The tool needs to be improved in terms of integration and interface."
"Managing the product should be easier."
"Cortex XDR should have a lightweight agent, and the agent size should not be heavy."
"The solution would benefit from automation. Currently, you have to know what you are searching for."
"The main portal needs improvement as it is difficult to use."
"The interface and dashboards could be improved for ease-of-use."
"I would like to see more protection in the endpoint. Especially because we have a lot of people using VPNs. If they would improve end point security, it would give more control there."
"I would like to see a feature where the tool ingests information from an anti-malware product that is present at the endpoint."
"It would be good if they can include some endpoint protection for remote workers. Nowadays, most people are working remotely. Therefore, they should include some type of sensors that can be installed on the endpoint in order to directly report the main usage and protect remotely. Phone protection will also be a great feature to add to Darktrace."
"It would be useful if there was a way to check to see if there are certain devices that are not in sync with the solution. I'm not sure if this is an option or not."
"Darkforce could be improved in the range of the interface; how to interact with the actions it's taking or not taking."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while Darktrace is ranked 11th in Email Security with 65 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Darktrace is rated 8.2. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Darktrace writes "Great autonomous support, offers an easy setup, and has responsive support". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Symantec Endpoint Security, Trellix Endpoint Security and Check Point Harmony Endpoint, whereas Darktrace is most compared with CrowdStrike Falcon, Vectra AI, SentinelOne Singularity Complete, Cisco Secure Network Analytics and ExtraHop Reveal(x).
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.