We performed a comparison between Cortex XDR by Palo Alto Networks and CrowdStrike Falcon based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both products receive high marks from reviewers. However, CrowdStrike Falcon comes out on top in this comparison due to its robust performance, ease of deployment, reasonable cost, and impressive ROI.
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"The timeline feature is excellent. I also like the phishing simulation. We have phishing campaigns to educate employees and warn them about these threats."
"The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."
"The integration with other Microsoft solutions is the most valuable feature."
"The attack simulation is excellent; initially, this feature wasn't very robust, but Microsoft improved what we could achieve with it. We can now customize our practice phishing emails and include our company logo, for example. Attack simulation also helps integrate with third-party solutions where applicable and provides an overview of our security architecture through testing. The summary includes areas for improvement in our protection and what steps we need to take to get there."
"It gives a lot of flexibility in terms of configuration and customization as per the business requirements."
"All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"The most valuable feature of all is the full integration with the rest of the software in the operating system and Office 365, as well as Microsoft SCCM. It is quite easy for us to work with the whole instance of Microsoft products. This integration improves the benefits of the whole suite of products."
"Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place."
"The product's most valuable features are massive user and feature intelligence exploit detection."
"I've found the solution to be highly scalable for enterprises."
"One of the main benefits of the solution is its intelligence to correlate the events into an incident."
"Stability is a primary factor, and then there's the ease of distribution and policy management."
"The stability of the solution is very good. We have about 100 users on it right now, and we use it twice a week."
"Cortex covers everything I need. It's a perfect solution. Cortex provides a different level of visibility because it's an extended EDR, allowing you to grab logs from the network and firewalls. Palo Alto invented the concept of the extended EDR or XDR."
"Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."
"The most valuable feature of CrowdStrike Falcon is its accuracy. That's very important for me. False-positive are very bad for everyone. As we are a financial institution, it's even worse. I like Falcon because it's very accurate."
"The detection is very effective."
"The Protect functionality on the laptops provides great visibility into what's occurring, and the cloud management of the platform is what we needed."
"We have seen a reduction to the performance hit to our operating systems."
"The most valuable features of CrowdStrike Falcon are the AI in detecting and real-time detections."
"The CrowdStrike Falcon dashboard is good, and we haven't had any problems with it."
"The solution has improved my organization by automating the detection and reporting of unwanted applications so we're aware of them and can respond appropriately."
"The initial setup is a very fast process."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"There should be better information for experts on features in the solution. What I see when reading about features in Microsoft 365 Defender is that it is always general information. If Microsoft could go deeper into details for the experts about how to use the tools, usage of it would be more familiar and it would be easier to use."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"One of the biggest downsides of Microsoft products, in general, is that the menus are often difficult to find, as they tend to move from place to place between versions."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"At times, when we have an incident email and we click on the link for that incident, it opens a pop-up, but there is nothing. It has happened a couple of times."
"The connection to the internet has not performed as expected."
"In general, the price could be more competitive."
"Currently, we are monitoring all USB drives and ports but we would like to improve our device control capabilities."
"If they had pulse rate detection, it would be better."
"We had a problem with getting our older endpoints up to date, but their newest updates have been really good. I've been pleased with it in terms of what our needs are. It's doing what we want it to do."
"There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration."
"It would be good to have a better way to search for a file within the UI."
"Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want."
"CrowdStrike Falcon could improve the logs by making them free to the API."
"The price is too high."
"Whenever there is a feature release (upgrade) where we push to all the endpoints, it causes something to be blocked without us knowing."
"In the future release of CrowdStrike Falcon, they should add a sandbox feature."
"The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool."
"I have worked with their technical support on several problems that were never fully resolved."
"The pricing structure should allow for some flexibility."
"I would also like to see the endpoint firewall component produce some level of logging and feedback."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 105 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while CrowdStrike Falcon is rated 8.8. The top reviewer of Cortex XDR by Palo Alto Networks writes "It provides a whole new level of visibility and integrates with most other vendors". On the other hand, the top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, Darktrace, Symantec Endpoint Security, Trend Micro Apex One and Trellix Endpoint Security, whereas CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Tanium. See our Cortex XDR by Palo Alto Networks vs. CrowdStrike Falcon report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Extended Detection and Response (XDR) vendors, and best Ransomware Protection vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.