We performed a comparison between Cortex XDR by Palo Alto Networks and SentinelOne based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both products receive high marks from reviewers. However, SentinelOne comes out on top in this comparison due to its impressive security and EDR features, attractive price, and impressive ROI.
"The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics."
"I have found the ability to delete unwanted threats beneficial."
"Many people don't realize that Microsoft Azure, Exchange Online, and the security and compliance portal all sync together. For instance, within the Azure portal you can set security restrictions and policies to help secure your tenants... The good part of it is that these products have already been integrated. When you sign on as an admin you have global admin rights and that gives you access to all these features."
"Microsoft 365 Defender is a good solution and easy to use."
"The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"If there are multiple alerts, the app will automatically create and rate an event instead of going through each one."
"It's very stable. I've never experienced downtime for the ASM console or ASM core."
"The most valuable feature of Cortex XDR by Palo Alto Networks is the low consumption of system resources. The solution uses a lot of AI and machine learning."
"They did what they said. This solution could apply to any scenario."
"One of the things that I enjoy the most is using policy extensions. It's like having host firewalls to control USB connections. I think it's a wonderful tool to restrict use when connecting to our computers. Another important tool is Home Insights. That is an add-on to the Cortex solution. I like that because we can see all the vulnerabilities in the environment and control what assets are connected to our network."
"The most valuable feature is that you can select remote access of any machine for sandboxing."
"One of the main benefits of the solution is its intelligence to correlate the events into an incident."
"The tool's use cases are relevant to security."
"The most valuable features are asset tracking, patching, endpoint tagging, and policy updates."
"The best thing is it has a secure shell command that you can use to get into any endpoint and do some jobs."
"One of the features that convinced us to adopt SentinelOne was that the solution can recognize and respond to attacks with or without a network connection. That is very important."
"The most valuable feature is that it does what it says it will do. It fulfills its claims. It’s not really common for products to do that today."
"We love the API. We use it to generate robust reporting, and we also developed tools to perform agent actions remotely without needing to provide all IT staff with console access."
"It seamlessly integrates with other solutions, providing a high level of compatibility and effectiveness."
"SentinelOne's managed detection response service Vigilance Respond is convenient for companies like ours with small IT teams. If something happens on the weekend, SentinelOne steps in and resolves the issue. It's a false positive 97% of the time, but at least they're resolved instead of hanging around for us to find on Monday."
"The best part of the agent is that users can't remove or disable it, so endpoints will be safe. I can control it from the portal. I can see when it's updated and I can push updates from the portal. The greatness of SentinelOne is that our end-users don't see anything to do with the agents. Some of them don't even know it's on their laptops. And that's a good thing."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"Sometimes, configurations take much longer than expected."
"At times, there may be delays in the execution of certain actions and their effects."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"Cortex XDR by Palo Alto Networks could improve by offering remote management. It would be useful to look at the client's issue to fix it."
"I would like to see them include NDR (Network Detection Response)."
"I would like to see some additional features related to email protection included."
"The installation should be easier and the Palo Alto pre-sales and sales teams should have more information on the product because they don't know what they are selling."
"The price could be a little lower."
"It is a complex solution to implement."
"The licensing model is complex to understand. It requires expertise to explain how the licensing works. You need expertise to guide you through the subscription plan."
"The dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard."
"Everything is now offered as a service, so the console and the licensing model can be improved to make things easier, especially when updating new versions of the software."
"They could add “right click>scan” where most users were trained to do so in handling flash drives."
"Periodically we have an application that does not work correctly when SentinelOne is installed, yet performs as expected when SentinelOne is removed."
"SentinelOne can improve by having better integration with Active Directory."
"One of the areas which would benefit from being improved is the policies. There are still software programs where we need to manually program in the policies to tell the system, "This program is legitimate." Some level of AI-based automation in creating those policies would go a long way in improving the amount of time it takes to deploy the system."
"An area for improvement in SentinelOne is the search feature. You can't go beyond twenty thousand events, which ruins the task because it isn't enough when you're doing your investigation."
"The reporting needs improvement and I would like to see a more granular level of administrative privileges."
"They can improve the administrative interface. They can make it more user-friendly."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
More SentinelOne Singularity Complete Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while SentinelOne Singularity Complete is ranked 2nd in Endpoint Protection Platform (EPP) with 177 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while SentinelOne Singularity Complete is rated 8.8. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of SentinelOne Singularity Complete writes "Provides peace of mind and is good at ingesting data and correlating". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Microsoft Defender for Cloud, whereas SentinelOne Singularity Complete is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, ThreatLocker Protect and Trend Vision One. See our Cortex XDR by Palo Alto Networks vs. SentinelOne Singularity Complete report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Extended Detection and Response (XDR) vendors, and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I haven't used Cortex. My worry with it and every other solution is how well does it perform when disconnected from the cloud/ the internet?
S1 - I have been using it for a couple of years now without an issue. I had been using Cylance prior. I've been very happy with the S1 solution. Works with or without the Internet.
Depends on the size, scope and needs of your environment.
XDR is an ok monitoring/alerting tool, especially if you have a Palo Alto firewall already and everything can integrate well together. However, S1 is a superior tool IMHO and can catch and fix things automatically if you so choose (magic quadrant agrees).
Cost-wise XDR is probably cheaper but I don't know specifics on-prem vs cloud. S1 is a cloud tool but is extremely fast and responsive compared to some other tools we POC'd and can support legacy devices w2k8 and below or Linux or VDI without having to special of workarounds. So again, it depends on your needs, environment and cost.
Cortex XDR by Palo Alto vs. SentinelOne
SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to the environment is note-worthy. Sentinel One works inconspicuously in the background, continually providing protection. It has an automated active EDR that will not only find issues but can fix them. I don’t know that any other solution does that.
Cortex XDR by Palo Alto has a nice console and is easy to use. One of my favorite things about it is that it will automatically connect and log various kinds of suspicious behavior - you don’t need to do it manually. Cortex XDR is very secure but it is missing some basic features. It doesn’t offer an on-prem solution and it doesn’t integrate so well with some third-party solutions.
SentinelOne can be challenging to set up and there seem to be some applications that do not function properly when SentinelOne is installed. I would like to be able to make the reporting more specific to my needs. It would be a more attractive option if the cost was lower.
Conclusions
The find-and-fix option that SentinalOne provides was a huge win for us. We feel it provides a deeper and more thorough level of security.