We performed a comparison between Forescout Platform and Cortex XDR by Palo Alto Networks based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Forescout Platform stands out for its agentless visibility and advanced features like device fingerprinting. Forescout users say the product could be better at resolving connectivity and license issues. Users also want more compatibility with different devices and operating systems, along with better logging and troubleshooting capabilities. Cortex XDR presents an intuitive interface, advanced identification of risks, expandability, and compatibility with various other solutions. Meanwhile, Cortex XDR could use enhancements in hard disk encryption, security integration, and customer education.
Service and Support: Some users reported positive experiences with Forescout support, but others requested better responsiveness and training. Some customers were impressed with Palo Alto’s support, while others reported mixed experiences.
Ease of Deployment: Some users found Forescout’s setup to be simple and adaptable, while others perceived it as more complex and time-intensive. Some users thought Cortex XDR’s deployment was fast and straightforward, while others consider it to be a complex and time-consuming task that requires thorough planning.
Pricing: The total cost of Forescout Platform can be high depending on the level of customization and integration required. Some reviewers said Cortex XDR is expensive, but others said it was reasonable for the robust feature set Cortex offers.
ROI: Forescout Platform yields a solid ROI by improving network access control and overall security. Cortex XDR creates value by ensuring system and data security rather than a financial return on investment.
Comparison Results: Our users prefer Forescout Platform over Cortex XDR for its agentless visibility, comprehensive device fingerprinting, and easy deployment. Forescout provides outstanding visibility, flexibility, and excellent customer service. Cortex XDR lacks some features like hard disk encryption and received mixed feedback about its customer support.
"Within advanced threat hunting, the tables that have already been defined by Microsoft are helpful. In the advanced threat hunting tab, there were different tables, and one of the tables was related to device info, device alert, and device events. That was very helpful. Another feature that I liked but didn't have access to was deep analysis."
"The product is very easy to use."
"Microsoft XDR's system of analysis and investigation is super convenient for our customers. It integrates with other Microsoft solutions like Defender for 365 to protect email traffic from malicious external web links and phishing."
"Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"The summarization of emails is a valuable feature."
"It has pretty much everything we need and works well within the Palo Alto ecosystem."
"Has great threat detection capabilities."
"Their XDR agent and their behavioral indicators of compromise (BIOC) are pretty nice. Their managed threat hunting is also pretty nice. They also have WildFire, which is a service for actively looking for malware. It's quite useful."
"The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical."
"Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."
"The interface is easy to use and it is more up to date than our previous solution."
"The stability of the solution is very good. We have about 100 users on it right now, and we use it twice a week."
"We can use Cortex XDR to get the entire graph of the incidents from source to destination, and we can take remedial action."
"The stability is amazing for the Forescout Platform. We have been using Forescout for four years, and no one complained about the stability."
"The user interface is quite simple."
"The scalability is good."
"The 802.1X compliance authentication feature of this solution is very good."
"Emergency response, risk assessment information to get a view of the of the vulnerability."
"Forescout Platform has made it possible to block people working near our construction sites who should not have access to our network."
"Forescout Platform is stable, it is great."
"It has helped with improving our security posture in terms of controlling the access of rogue devices into our network through identification. We have been able to prevent rogue device activities on the network, check the health of the system, and ensure remediation."
"Microsoft frequently changes the names of its products, sometimes even renaming entire portals or features."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"The mobile app support for Android and iOS is difficult and needs improvement."
"The support could be more knowledgable to improve their offering."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"The support team is not competent or responsive."
"Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files. It was unable to retrieve new file verdicts. It was using a thing called "local analysis" to determine if something was a malicious file or not. There was no dynamic analysis."
"The setup is quite easy. We had appropriate support from the manager. One thing that was missing was the integration part."
"The price could be a little lower."
"The dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard."
"Cortex XDR by Palo Alto Networks could improve by offering remote management. It would be useful to look at the client's issue to fix it."
"There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, is not user-friendly."
"It's more focused on network communication. If a customer wants to increase the level of protection and start working with documents, it's impossible to integrate these features into the system. It's more of a communication-oriented system than a content security-oriented system."
"The tool needs to be improved in terms of integration and interface."
"If older network devices are used there can be some compatibility issues while using the Forescout Platform. Additionally, if the switches that are deployed in your infrastructure are not captured properly to the endpoints there might be some difficulties with Forescout Platform trying to monitor the network traffic. Traffic management is an area the vendor should work on."
"Forescout Platform could improve the integration or compatibility with other solutions, such as Chinese-made solutions. They do not have any integration with S33 which is a switch. They do not have good integration with new solutions in the market. They do integrate well with Rocket, Cisco, Juniper, and quite a few more but they could expand the integration."
"The solution does have a bit of complexity, and there's some complexity in the deployment. Users need to be trained before undertaking an initial setup."
"They should improve features related to IT security. ForeScout should analyze behavior to see if the behavior is malicious behavior and block this device. They should develop the ability to analyze the behavior of the device in my environment."
"The system controls could be better."
"The solution could always improve by adding more features to make it more robust."
"Forescout Platform's technical support is slow to respond and could be more knowledgeable."
"Forescout Platform isn't flexible with connections to devices like printers and forces you to re-enter details like the MAC address after any breakdowns."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Extended Detection and Response (XDR) with 80 reviews while Forescout Platform is ranked 14th in Extended Detection and Response (XDR) with 69 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Forescout Platform is rated 8.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Forescout Platform writes "We can go granular on each endpoint, quarantine non-compliant machines, and target vulnerabilities through scripting". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Fortinet FortiEDR, whereas Forescout Platform is most compared with Cisco ISE (Identity Services Engine), Aruba ClearPass, Fortinet FortiNAC, Nozomi Networks and Armis. See our Cortex XDR by Palo Alto Networks vs. Forescout Platform report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.