We performed a comparison between Cortex XDR by Palo Alto Networks and CrowdStrike Falcon based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both products receive high marks from reviewers. However, CrowdStrike Falcon comes out on top in this comparison due to its robust performance, ease of deployment, reasonable cost, and impressive ROI.
"The most valuable feature is the network security."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."
"It has great stability."
"The EDR features are valuable. By getting the EDR features, we have more control over the device. We have information about events in real-time and more protection against zero-day threats and zero-day vulnerabilities. We can monitor every event or action that a device is going through. We can get an idea if it is something malicious or if we have to take any actions."
"The most valuable feature is probably the aggregation and correlation of the different telemetry points with Defender for Identity, Defender for Endpoint, and Defender for Cloud Apps. All of these various things are part of that portal. We've wanted that single pane of glass for years."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"The comprehensiveness of Microsoft's threat detection is good."
"The tool's use cases are relevant to security."
"Cortex XDR can integrate the firewalls and determine the tendencies of the attacks. It's a new generation antivirus, with protection endpoints and detection response. It is very easy to use and everybody can operate the solution."
"From a single pane of glass, you can easily manage all of your endpoints."
"One thing that I like about Cortex XDR by Palo Alto Networks, it is detecting all the suspicious or malicious binaries, and it has integration with Palo Alto Firewall."
"It integrates well into the environment."
"The most valuable feature is that you can select remote access of any machine for sandboxing."
"Stability is a primary factor, and then there's the ease of distribution and policy management."
"Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."
"This solution has made the lives of the IT staff much easier, compared to the previous one."
"Among CrowdStrike Falcon's most valuable capabilities are its UEBA and SOAR functionalities, along with its seamless integration with any other SIEM solution."
"The automatic alert feature is the most important feature of the solution."
"Because it is security product and acts like an AIML smart product, not merely based on daily/weekly updates and signatures."
"It has definitely minimized resources. When everything was on-prem, there was a lot more work maintaining it. One of the big value tickets: I don't have lists of hundreds of exceptions for certain applications that I have to maintain, add, delete, and move. The very nature of the product has lessened my workload considerably."
"The most valuable feature is that we don't need to re-image machines as much as we had to."
"The feature I like the most is the solution's detection."
"The detection is very effective."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"It would be beneficial to have a more seamless experience with everything consolidated in one place, particularly when dealing with aspects related to the Exchange console."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"Correctly updated records are the most significant area for improvement. There have been times when we were notified of a required fix; we would carry out the fix and confirm it but still get the same notification a week later. This seems to be a delay in records being updated and leads to false reporting, which is something that needs to be fixed."
"There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the road map, and we ware waiting for that feature."
"We should be able to use the product on devices like Apple, Linux, etc."
"The installation should be easier and the Palo Alto pre-sales and sales teams should have more information on the product because they don't know what they are selling."
"Currently, we are monitoring all USB drives and ports but we would like to improve our device control capabilities."
"The price could be a little lower."
"In general, the price could be more competitive."
"Limited remote connection."
"Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."
"The product's pricing needs improvement. They could provide more discounts. Additionally, the dashboard and control panel could be enhanced."
"The product's pricing could be better."
"The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool."
"As the company has grown, the technical support has felt less personal."
"If CrowdStrike can further expand its support for XDR compatibility, that would give it an edge over all the other competing new products."
"Too many false positives."
"The detection time has room for improvement."
"The installation process for this software needs to be simplified."
"I would like CrowdStrike to provide some correlation in the threat analysis, so we can visualize things better."
"The solution needs to have integration with on-premises security devices and security facilities. That means all the security products, including the perimeter firewall, the DMZ."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 105 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while CrowdStrike Falcon is rated 8.8. The top reviewer of Cortex XDR by Palo Alto Networks writes "It provides a whole new level of visibility and integrates with most other vendors". On the other hand, the top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, Darktrace, Symantec Endpoint Security, Trend Micro Apex One and Trellix Endpoint Security, whereas CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Tanium. See our Cortex XDR by Palo Alto Networks vs. CrowdStrike Falcon report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Extended Detection and Response (XDR) vendors, and best Ransomware Protection vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.