Cortex XDR by Palo Alto Networks and Microsoft Defender for Endpoint are both strong endpoint security solutions with different strengths. Cortex XDR offers advanced threat detection and investigation capabilities with a focus on extended detection and response (XDR). Microsoft Defender for Endpoint emphasizes robust security measures and leverages tight integration with other Microsoft products for a comprehensive security posture.
The summary above is based on 214 interviews we conducted recently with Cortex XDR by Palo Alto Networks and Microsoft Defender users. To access the review's full transcripts, download our report.
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"This is stable and scalable."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"The product detects and blocks threats and is more proactive than firewalls."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"It has pretty much everything we need and works well within the Palo Alto ecosystem."
"The protection offered by this product is good, as is the endpoint reporting."
"The most valuable feature of Cortex XDR by Palo Alto Networks is the low consumption of system resources. The solution uses a lot of AI and machine learning."
"The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine."
"The interface is easy to use and it is more up to date than our previous solution."
"Its interface and pricing are most valuable. It is better than other vendors in terms of security."
"Cortex XDR lets us manage several clients from the same console, and its endpoint defense is more advanced than traditional antivirus."
"Cortex XDR's most valuable feature is its intelligence-based dashboards."
"It's a very complete application. I have all the controls in one site. I can track emails, attacks, and threats, and I can research information. I really like this configuration because I have all the information in place."
"It is quite stable. We have not had any cases, i.e., viruses, that would require a reboot, etc. We have never had a situation where we needed to reinstall the tools as a result of the Defender application or a feature being corrupt."
"Microsoft Defender for Endpoint is beneficial because we are using Microsoft Windows and all the core solutions are made by Microsoft, such as the authentic platform, operating system, and antivirus protection. It is a heterogeneous environment. We had to use third-party solutions before and update everything separately. For example, the policy for antivirus. With Microsoft Defender for Endpoint, when Microsoft Windows receives updates it will update with it. This is one main advantage of this solution."
"The solution's latest features for threat analysis are updated to provide us with future protection against the latest threats worldwide."
"User-friendly, offering safety and security."
"It integrates very well with all Windows workstations or other Microsoft Endpoint products. It also works quite well. So far, I have not had any issue that hasn't been sorted out. It doesn't use too many resources, so you don't have to install different things."
"Defender is a part of Windows; you just need to enable it. There is no need to install anything."
"Microsoft Defender for Endpoint is different from other security tools because we can configure it to use multiple types of scanning or archiving."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"We find the solution to be a bit expensive."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"The solution should address emerging threats like SQL injection."
"I haven't seen the use of AI in the solution."
"It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control. Currently, Cortex is good in terms of the security of the endpoints, but it is not as good as other vendors in terms of the management of the endpoint."
"In general, the price could be more competitive."
"Palo Alto Networks Cortex XDR does not detect malicious activity like in other anti-virus solutions like Trend Micro and Windows with Cisco."
"The playbooks could be improved to include more functionalities or actions."
"The solution needs better reports. I think they should let the customer go in and customize the reports."
"Impact on system performance is horrible, adding a lot of delays for users."
"We had a problem with getting our older endpoints up to date, but their newest updates have been really good. I've been pleased with it in terms of what our needs are. It's doing what we want it to do."
"If they had pulse rate detection, it would be better."
"The automation could be simpler on the mitigation side. It has a learning curve. Otherwise, it's pretty easy."
"We'd like the stability to be better."
"At times, the other antivirus products are now doing AI, in terms of understanding the behavior of the system and determining when there's an anomaly. This is something that Defender can improve on."
"I would like MDE to have the ability to isolate a certain amount of time on the timeline."
"Microsoft Defender for Endpoint is not as robust, and you cannot customize it much, so that's a challenge."
"Its interface can be improved a little bit. We would like to have some sort of centralization. It should have something like a central server that is managing all the other clients. There are solutions from Kaspersky or ESET NOD32 that are really doing this kind of thing currently. We would like to see something similar from Microsoft."
"It would be helpful if they included XDR features, on top of the EDR functionality."
"I would like to see improvements made to how it secures activities on web pages."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while Microsoft Defender for Endpoint is ranked 1st in Endpoint Protection Platform (EPP) with 182 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of Cortex XDR by Palo Alto Networks writes "It provides a whole new level of visibility and integrates with most other vendors". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". Cortex XDR by Palo Alto Networks is most compared with CrowdStrike Falcon, Darktrace, Symantec Endpoint Security, Trend Micro Apex One and SentinelOne Singularity Complete, whereas Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, CrowdStrike Falcon, SentinelOne Singularity Complete and Fortinet FortiClient. See our Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I have not used Microsoft Defender and only used Cortex XDR by Palo Alto Networks. My experience with Cortex is not good as you need to whitelist each and every exe file of each adn every computer. My recommendation for you is to go for Cynet360 MDR which is far better than Cortex in terms of auto detection and remediation. You will get genuine alert.
Choosing Microsoft Defender makes the most sense if you already have a Microsoft ecosystem. But in reality, you need an endpoint security solution that is proactive and comes with built-in artificial intelligence capabilities.
I value in-depth visibility across the endpoints, so I prefer CrowdStrike Falcon EDR. It’s the best solution for simplified endpoint detection and response. CrowdStrike EDR comes with advanced features and easily integrates with popular third-party solutions like Splunk and Palo Alto Networks. An easy-to-use and navigate interface reduces the learning curve. Personally, I think CrowdStrike Falcon is easier to use than Microsoft Defender.
MSSPs like ACE Managed Security Services provide Managed CrowdStrike EDR. If you’re looking for hassle-free deployment and a fully-managed solution, you should look into ACE.
Unless you are using Palo Alto elsewhere in your architecture, I would go with Microsoft if that were the only choice.
However, if you are using another network security issue such as Fortinet or Sophos, I would also look to their endpoint solutions. They both have EDR and XDR capabilities and the endpoint solutions facilitate synchronization between the endpoint and the network control.
Microsoft has done lots of work in the endpoint space and the Zero Trust world over the past several months. Defender integrates tightly with the Microsoft Cloud and there is much synchronization that occurs between the physical endpoint and the cloud infrastructure. This means that regardless where the endpoint is physically located it stays connected and controlled by the policies set in the Microsoft cloud. Very much like the Group Policy Options we became accustomed to with the on premises domain controller.
I know that's a scratch on the surface and there are many other considerations, but you need to seek the solutions that promise management simplicity and the ability to control and protect the endpoints wherever they may be located.
I would go for the one with the best independent threat intelligence, a platform that allows you to change, add, move IT and Security infrastructure without impacting your security platform. I would also place a close attention to storage costs, service levels and the number of resources providing human intelligence on top of machine intelligence for investigation and incident response, all in one platform. But I am biased ;-)