We performed a comparison between Trellix Endpoint Security and Cortex XDR by Palo Alto Networks based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Trellix Endpoint Security is highly valued for its easy administration options and reliability. Reviews suggest that Trellix could reduce resource consumption and improve user-friendliness. Cortex XDR by Palo Alto Networks presents an intuitive interface, advanced identification of risks, expandability, and compatibility with various other solutions. However, Cortex XDR could use enhancements in hard disk encryption, security integration, and customer education.
Service and Support: Some users have found the support for Trellix Endpoint Security helpful and reliable, while others have encountered ineffective assistance and communication problems. Some customers were impressed with Palo Alto support, while others reported mixed experiences.
Ease of Deployment: The setup process for Trellix Endpoint Security varies in difficulty, depending on the user's experience with McAfee and general technical expertise. Some users thought Cortex XDR’s deployment was fast and straightforward, while others consider it to be a complex and time-consuming task that requires thorough planning.
Pricing: Some find Trellix’s price reasonable and competitive, while others believe it could be lowered. Some reviewers said Cortex XDR is expensive, but others said it was reasonable for the robust feature set Cortex offers.
ROI: Trellix Endpoint Security provides significant time savings. Cortex XDR creates value by ensuring system and data security rather than a financial return on investment.
Comparison Results: Trellix Endpoint Security is preferred over Cortex XDR. Users said Trellix's comprehensive management capabilities enable effortless administration of all programs from a single console. Cortex XDR received mixed reviews for its initial setup, customer service, and pricing.
"It provides a single pane of glass within the 365 admin interface, streamlining our experience by consolidating information in one place and eliminating the need to navigate through multiple interfaces."
"The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics."
"The incident threat response and its ability to facilitate effective remediation against threats are the standout features."
"Defender is easy to use. It has a nice console, and everything is all in one place."
"I like Defender XDR's automation capabilities. XDR isn't automated by default, but you can automate it to respond. If an attack is performed anywhere within the organization, you can isolate that instance from the network. This is what I can figure out for it. When integrated with Sentinel, you can set up playbooks to automate all the alerts gathered on Sentinel from different Microsoft solutions. Sentinel has a wider range of capabilities than XDR."
"I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"The most valuable feature of the solution stems from the fact that Microsoft Defender XDR is easy to integrate with other Microsoft platforms or products."
"We are able to consolidate licences and make use of many Microsoft products using this solution. If we have any Microsoft customers, we encourage them to use this solution for enterprise defence."
"We can use Cortex XDR to get the entire graph of the incidents from source to destination, and we can take remedial action."
"The stability of this product is very good."
"Cortex XDR's most valuable feature is its intelligence-based dashboards."
"The protection offered by this product is good, as is the endpoint reporting."
"Stability is a primary factor, and then there's the ease of distribution and policy management."
"It is easy to use."
"The integrations are out-of-the-box, as are the playbooks."
"The management capabilities, allow an IT organization to get quite a good picture of attempted cyber attacks."
"The product’s stability and security features enhance user protection and organizational security."
"The installation is pretty straightforward."
"The initial setup of Trellix Endpoint Security was straightforward."
"The most valuable feature is ease of use."
"Threat prevention is valuable because most clients use other solutions like antivirus as part of web protection. I don't find that kind of solution useful."
"The most valuable feature is the centralized console where everything can be controlled by the administration."
"Trellix Endpoint Security's dashboard is very flexible, and I can create my own user-specific dashboard depending on user privilege or preference."
"It has improved my organization because it helps with visibility, in terms of security. We can see the actual attack and can contain it. The antivirus can detect that."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"For some scenarios, it provides good visibility into threats, and for some scenarios, it doesn't. For example, sometimes the URLs within the emails have destinations, and you do get a screenshot and all further details, but it's not always the case. It would be good if they did a better job of enabling that for all the emails that they identified as malicious. When you get an email threat, you can go into the email and see more details, but the URL destination feature doesn't always show you a screenshot of the URL in that email. It also doesn't always give you the characteristics relating to that URL. It would be quite good if the information is complete where it says that we identified this URL, and this is what it looks like. There should be some threat intel about it. It should give you more details."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"We should be able to use the product on devices like Apple, Linux, etc."
"There is definitely scope for improvement in the automation area. Because the solution is a SaaS platform, we don't have the overall ability to automate stuff.... There is no direct way to go ahead because it's a SaaS platform."
"There could be a way to proactively monitor unusual activity ."
"The solution could improve by having better machine learning and AI. Additionally, the interface, documentation, and integration could be better."
"The mobile app support for Android and iOS is difficult and needs improvement."
"Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats."
"The connection to the internet has not performed as expected."
"Palo Alto Networks Cortex XDR does not detect malicious activity like in other anti-virus solutions like Trend Micro and Windows with Cisco."
"In an upcoming release, the solution could improve by proving hard disk encryption. If it could support this it would be a complete solution."
"The installation should be easier and the Palo Alto pre-sales and sales teams should have more information on the product because they don't know what they are selling."
"There are some third-party solutions that are difficult to integrate with, which is something that can be improved."
"Cortex XDR is trickier to configure than other Palo Alto products. This is one area where we are not so satisfied."
"We had a problem with getting our older endpoints up to date, but their newest updates have been really good. I've been pleased with it in terms of what our needs are. It's doing what we want it to do."
"Patch management is unavailable"
"Users can just install software into their computers. We need some sort of application control system that, if there are any pieces of software that are not whitelisted, then the solution could flag it or maybe alert the administers. That would be very helpful."
"Trellix lacked email protection when it was a McAfee product. They added this feature during the merger with FireEye, but it hasn't been fully integrated. The core features will be integrated into the next release. FireEye has several solutions for EDR and sandboxing."
"We experienced some bad behavior when we first installed the product. The system also starts slowly in some instances. If for some reason this solution crashes, we could lose all our data."
"The initial setup isn't so easy. You need to know what you are doing."
"An area of improvement for this solution is to make it easier to manage."
"The solution could provide open XDR in addition to EDR."
"The initial setup is complex. It is a very complex product. You must have experience with it."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while Trellix Endpoint Security is ranked 10th in Endpoint Protection Platform (EPP) with 95 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Trellix Endpoint Security is rated 8.0. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of Trellix Endpoint Security writes "Good user behavioral analysis and helpful patching but needs better support services". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Trend Vision One Endpoint Security, whereas Trellix Endpoint Security is most compared with Microsoft Defender for Endpoint, Trellix Endpoint Security (ENS), CrowdStrike Falcon, Trend Micro Deep Security and Kaspersky Endpoint Security for Business. See our Cortex XDR by Palo Alto Networks vs. Trellix Endpoint Security report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Extended Detection and Response (XDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.