Cortex XDR by Palo Alto Networks and Microsoft Defender for Endpoint are both strong endpoint security solutions with different strengths. Cortex XDR offers advanced threat detection and investigation capabilities with a focus on extended detection and response (XDR). Microsoft Defender for Endpoint emphasizes robust security measures and leverages tight integration with other Microsoft products for a comprehensive security posture.
The summary above is based on 214 interviews we conducted recently with Cortex XDR by Palo Alto Networks and Microsoft Defender users. To access the review's full transcripts, download our report.
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"We have FortiEDR installed on all our systems. This protects them from any threats."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"The product detects and blocks threats and is more proactive than firewalls."
"NGAV and EDR features are outstanding."
"Ability to get forensics details and also memory exfiltration."
"The solution doesn't need a high level of technical training."
"It's a nice product that's stable and scalable."
"The stability of the solution is very good. We have about 100 users on it right now, and we use it twice a week."
"The interface is easy to use and it is more up to date than our previous solution."
"The initial setup is pretty easy."
"The solution is a new generation XDR that has a lot of artificial intelligence modules."
"We have a complete overview of all our PCs and it's very easy to handle and to use the interface. It has a lot of benefits for us."
"Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."
"The solution can scale as needed."
"It's a very solid security system, and the advanced hunting and everything really lets you dive deep into things."
"Provides good vulnerability assessment."
"It is a very advanced system based on AI. It has a very large database of places or sites on the internet where you should not go. It is continuously online."
"It shows us the risky sign-ins, and if a user's password has been compromised."
"It comes included with the Windows license."
"It is already integrated with Windows 10, so you don't need to worry about that."
"The solution's main antivirus capabilities are okay. So far, they have kept us safe."
"The dashboard isn't easy to access and manage."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"I haven't seen the use of AI in the solution."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"We'd like to see more one-to-one product presentations for the distribution channels."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"There are some third-party solutions that are difficult to integrate with, which is something that can be improved."
"It is not a suitable solution if you are looking for a single product with multiple features such as DLP, encryption, rollback, etc."
"In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are the big company, so they can improve the UI a little bit. The UI, the reports, the log system can all be improved."
"We would also like to have advanced tech protection and email scanning."
"It tends to do 99.9% of things. The only thing I'd like is single sign-on authentication into their cloud platform so that my users can be properly authenticated against it."
"There are some default policies which sometimes affect our applications and cause them to run around. In the hotel industry, we use a different type of data versus Oracle and SQL. By default, there are some policies which stop us from running properly. Because of this, the support level is also not that strong. We have to wait to get a results."
"The installation should be easier and the Palo Alto pre-sales and sales teams should have more information on the product because they don't know what they are selling."
"They have the worst support, as a company, that I have ever worked with, as they are difficult to get a hold of and keep on the phone. They don't know what they are talking about when you get them on the phone. They don't like to respond to messages when you send them to them. They like to "research problems" for weeks on end, then pass you off to somebody else."
"We encountered some issues when we were trying to enable automatic updates from our group policy."
"There is no behavior analytics for devices and endpoints. There is no behavior-based protection."
"The frequency of the patching, and the frequency of the updates, are not included with the free version."
"We would like to see more tools for managing on-premises security... Sometimes, we have the tools, like Defender, to manage security in the cloud, but because we are so focused on the cloud, we forget the fact that we need to be sure about the security of the on-premises environment, specifically Active Directory."
"I personally haven't experienced any pain points, but some of my coworkers feel that it isn't secure enough."
"I would like to see better integration with their other security products to give better visibility from a higher level."
"The solution can be more user-friendly."
"Notifications are always popping up — I hate that."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while Microsoft Defender for Endpoint is ranked 1st in Endpoint Protection Platform (EPP) with 182 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". Cortex XDR by Palo Alto Networks is most compared with CrowdStrike Falcon, Darktrace, Symantec Endpoint Security, Trellix Endpoint Security and Check Point Harmony Endpoint, whereas Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, SentinelOne Singularity Complete, CrowdStrike Falcon and Microsoft Intune. See our Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I have not used Microsoft Defender and only used Cortex XDR by Palo Alto Networks. My experience with Cortex is not good as you need to whitelist each and every exe file of each adn every computer. My recommendation for you is to go for Cynet360 MDR which is far better than Cortex in terms of auto detection and remediation. You will get genuine alert.
Choosing Microsoft Defender makes the most sense if you already have a Microsoft ecosystem. But in reality, you need an endpoint security solution that is proactive and comes with built-in artificial intelligence capabilities.
I value in-depth visibility across the endpoints, so I prefer CrowdStrike Falcon EDR. It’s the best solution for simplified endpoint detection and response. CrowdStrike EDR comes with advanced features and easily integrates with popular third-party solutions like Splunk and Palo Alto Networks. An easy-to-use and navigate interface reduces the learning curve. Personally, I think CrowdStrike Falcon is easier to use than Microsoft Defender.
MSSPs like ACE Managed Security Services provide Managed CrowdStrike EDR. If you’re looking for hassle-free deployment and a fully-managed solution, you should look into ACE.
Unless you are using Palo Alto elsewhere in your architecture, I would go with Microsoft if that were the only choice.
However, if you are using another network security issue such as Fortinet or Sophos, I would also look to their endpoint solutions. They both have EDR and XDR capabilities and the endpoint solutions facilitate synchronization between the endpoint and the network control.
Microsoft has done lots of work in the endpoint space and the Zero Trust world over the past several months. Defender integrates tightly with the Microsoft Cloud and there is much synchronization that occurs between the physical endpoint and the cloud infrastructure. This means that regardless where the endpoint is physically located it stays connected and controlled by the policies set in the Microsoft cloud. Very much like the Group Policy Options we became accustomed to with the on premises domain controller.
I know that's a scratch on the surface and there are many other considerations, but you need to seek the solutions that promise management simplicity and the ability to control and protect the endpoints wherever they may be located.
I would go for the one with the best independent threat intelligence, a platform that allows you to change, add, move IT and Security infrastructure without impacting your security platform. I would also place a close attention to storage costs, service levels and the number of resources providing human intelligence on top of machine intelligence for investigation and incident response, all in one platform. But I am biased ;-)