We performed a comparison between Palo Alto Networks Cortex XSOAR and Proofpoint Threat Response based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"The product can integrate with any device."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The Log analytics are useful."
"Sentinel pricing is good"
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"I have no complaints about Cortex's stability."
"The solution is very reliable."
"From the security team's standpoint, the solution has improved our organization's overall cybersecurity."
"The most valuable features are simplicity and ease of integration."
"The most valuable feature is automation."
"The solution provides threat intelligence with EDR."
"The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."
"It is quite scalable. I would rate it a ten out of ten."
"The best part of Proofpoint Threat Response is the Auto-Pull feature. Being able to pull an email back from a user's mailbox is very useful, yet I have noticed that not a lot of organizations use this kind of feature."
"Support is very responsive."
"It has reduced our manual efforts to remove emails from each user's inbox, and in this case we do not have to ask our IT department or users to do so."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"The AI capabilities must be improved."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"The user interface could be a bit better."
"For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective. There should be an improvement in this area. I don't see issues with anything else. In terms of new features, I have heard that other products have EBA functionality. It would be good if this functionality could be added."
"There should be an on-premise version available for customers to have different choices."
"The price of the solution could be improved."
"In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts. I can't take a tab and say I want to use this tab on these other layouts. I have to physically go in there and recreate it from scratch, which is maddening."
"The integration could be better. Cortex, for example, does not work with iPhone."
"Implementing this solution requires a lot of involvement from the vendor and it should be made easier for the partners."
"I would love to see more flexibility on what we can display and design on the dashboards."
"Has some quirks."
"If the reporting gets improved then it would be better, but the product is running amazing as it is."
"The interface within Threat Response could be made simpler."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews while Proofpoint Threat Response is ranked 5th in Security Incident Response with 3 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while Proofpoint Threat Response is rated 8.4. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of Proofpoint Threat Response writes "Tracks and mitigates email security incidents with Auto-Pull, and has good stability and performance". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient, whereas Proofpoint Threat Response is most compared with ServiceNow Security Operations and Cofense Triage.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.