We just raised a $30M Series A: Read our story

Compare Palo Alto Networks Cortex XSOAR vs. SentinelOne

Cancel
You must select at least 2 products to compare!
Featured Review
Find out what your peers are saying about Palo Alto Networks, Critical Start, Splunk and others in Security Orchestration Automation and Response (SOAR). Updated: November 2021.
554,873 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"The most valuable features are simplicity and ease of integration.""Palo Alto has gotten the investigators more presence to actually go in the report because being that the platform will email the investigator that it's been assigned to, now the investigators will jump in there and start going through the review process a lot quicker.""The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work.""The automation is excellent.""The pricing is very good.""It has an extensive list of integrations that are available out of the box which makes it easy to start.""The solution is very reliable.""The most valuable features are the orchestration because of the way in which it coordinates the loss from all the devices and it provides us with a high-level overview of the critical log information."

More Palo Alto Networks Cortex XSOAR Pros »

"The best thing SentinelOne has done for us is that it gives us insight into the endpoints. We never had insight into lateral movement threats before. Once a threat known as Qbot gets on the network, it actually spreads throughout sub-networks quickly. SentinelOne has detected that and saved our bacon. We were able to get in there and stop the threat, lock it down, and prevent it from actually spreading through. It would have been 50 or 60 computers. It had spread through in a few minutes. We have a lot of HIPAA data and FERPA data that we need to keep protected.""For me, the most valuable feature is the Deep Visibility. It gives you the ability to search all actions that were taken on a specific machine, like writing register keys, executing software, opening, reading, and writing files. All that stuff is available from the SentinelOne console. I'm able to see which software is permanent on a machine, and how that happened, whether by registry keys or writing it to a special folder on the machine.""Another valuable feature is that if a machine is infected, one that may infect other computers within the network, we have the capability of segregating that machine in the network so that it remains connected to the internet but is cut off from the other machines in the network. That helps prevent spreading of the infection. That's a very unique feature, one I have not seen in the last 10 to 15 years from any other antivirus program. That's amazing.""The most valuable feature is that it just unintrusively works in the background to carry out the protection.""Previously, we had some processes related to incident response which required more steps. We needed to upload to VirusTotal, Sandbox, et cetera. Now, this process is shortened because all of the information we need is already in SentinelOne. We can briefly analyze and even respond from one management console. If someone has SOC, using the API, they can control everything. It's very cool. I think this is the future.""The most valuable feature varies from client to client but having absolute clarity of what happened and the autonomous actions of SentinelOne are what most people find the most assuring.""It delivers the type of security which we were hoping for, since we have a lot of different endpoint users utilizing different types of software. We have people who only use Office software, like email, Word, and PDFs. Then, we have people who use some applications that other people wrote. We also write applications in-house using people who develop software. Therefore, we have some machines using very high-end developer software for mechanical development, electronic development, and software development. Those users are used to managing their PC on their own. The centralize platform allows us to differentiate between those three groups of people. We have overall control and can oversee the security levels at all the endpoints. They have not yet been blocked in any way when performing the functions""When there is an incident, the solution's Storyline feature gives you a timeline, the whole story, what it began with, what it opened, et cetera. You have the whole picture in one minute. You don't need someone to analyze the system, to go into the logs. You get the entire picture in the dashboard. The Storyline feature has made our response time very fast because we don't need to rely on outside help."

More SentinelOne Pros »

Cons
"Implementing this solution requires a lot of involvement from the vendor and it should be made easier for the partners.""The solution is very expensive.""For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective. There should be an improvement in this area. I don't see issues with anything else. In terms of new features, I have heard that other products have EBA functionality. It would be good if this functionality could be added.""The user interface could be a bit better.""When Palo Alto bought the solution, the pricing increased by 1.5 times. There's been a 50% increase, which is a lot.""I would love to see more flexibility on what we can display and design on the dashboards.""There should be an on-premise version available for customers to have different choices.""In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts. I can't take a tab and say I want to use this tab on these other layouts. I have to physically go in there and recreate it from scratch, which is maddening."

More Palo Alto Networks Cortex XSOAR Cons »

"Generally, the stability is good, but I would like to see better stability from the solution. The stability issue is partially a con of a behavioral-based product, but being behavioral-based, it also has a lot of pros.""The role-based access is in dire need of improvement. We actually discussed this on a roadmap call and were informed that it was coming, but then it was delayed. It limits the roles that you can have in the platform, and we require several custom roles. We work with a lot of third-parties whom we rely on for some of our IT services. Part of those are an external SOC function where they are over-provisioned in the solution because there isn't anything relevant for the level of work that they do.""The solution’s distributed intelligence at the endpoint is pretty effective, but from time to time I see that the agent is not getting the full execution history or command-line parameters. I would estimate the visibility into an endpoint is around 80 percent. There is 20 percent you don't see because, for some reason, the agents don't get all of the information.""We have had one or two occasions when we had to roll back off our Windows machine. Then, we had an issue with SentinelOne where we couldn't let the client make contact with the cloud service anymore. Therefore, the integration with the Windows Service Recovery could be improved in the future.""In terms of improvement, they should work on agents' updates because that is not a strong part. It's not their strong point. It's not straightforward to upgrade agents. I send them questions about it. They already worked on this and they promised that in the next release that they will show me their solution for it. But this year I have had complaints about agents' updates, that they aren't clear.""We are now using an external monitoring tool to monitor the services of SentinelOne, because apparently they don't have any solution for that. When the SentinelOne agent is down, you can go to the interface and see a mark on SentinelOne that something is not correct or the server needs to be rebooted, but you will not get an alert. You will not be warned that there is an issue with the SentinelOne agent. I have found that a little bit disturbing, because then we need to use a third-party monitoring tool to make sure that all services of SentinelOne are up and running.""One of the areas which would benefit from being improved is the policies. There are still software programs where we need to manually program in the policies to tell the system, "This program is legitimate." Some level of AI-based automation in creating those policies would go a long way in improving the amount of time it takes to deploy the system.""I would like to improve the reports because they are not so customizable and we would like more info from them."

More SentinelOne Cons »

Pricing and Cost Advice
"There is a perception that it is priced very high compared to other solutions.""There is a yearly license required for this solution and it is expensive.""From the cost perspective, I have heard that its price is a bit high as compared to other similar products.""It is approx $10,000 or $20,000 per year for two user licenses.""When I first looked at Demisto, it had a price tag of $250,000 but when we finally purchased it, it was $345,000."

More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice »

"The pricing level for this service and application was very interesting for us. I don't know exactly what the price was, but apparently it was a big surprise that the SOC was also included in our pricing model.""SentinelOne is more affordable than some competing products, and it's not overly expensive for what you're getting.""The larger count you have, the deeper discount you will receive in your contract.""It was cheaper than McAfee, which was a way to convince management to go with the solution.""The pricing is very reasonable.""You have to look at the kinds of problems you can end up with and the fact that you want security against them, and then SentinelOne is not expensive.""Pricing is a bit of a pain point. That's where we have not been able to convince all of our customers to use SentinelOne. The pricing is still on the higher side. It's almost double the price, if not more, of a normal antivirus, such as NOD32, Kaspersky, or Symantec.""The solution's price/performance ratio is reasonable."

More SentinelOne Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
554,873 professionals have used our research since 2012.
Questions from the Community
Top Answer: I think Swimlane is a better cost. It's small and doesn't focus on only integrating with it's own products like other XSoar competitors. 
Top Answer: It has an extensive list of integrations that are available out of the box which makes it easy to start.
Top Answer: We have a concurrent user license. The licensing is a pretty high price for a user license per year. The base product is very cheap, you can even get it for free, but the fee per user is expensive. It… more »
Top Answer: Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to… more »
Top Answer: Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for… more »
Top Answer: IMO, it depends on whether you have abilities to validate and/or correlate telemetries - these guys brings out quite a lot of telemetry alerts for you to work on...
Ranking
Views
10,450
Comparisons
7,698
Reviews
6
Average Words per Review
678
Rating
8.5
Views
44,387
Comparisons
30,121
Reviews
19
Average Words per Review
1,870
Rating
9.7
Comparisons
Also Known As
Demisto Enterprise, Cortex XSOAR, Demisto
Sentinel Labs
Learn More
Overview

Demisto Enterprise delivers a complete solution that helps Tier-1 through Tier-3 analysts and SOC managers to optimize the entire incident life cycle while auto documenting and journaling all the evidence. More than 100+ integrations enable security orchestration workflows for incident management and other critical security operation tasks.

SentinelOne delivers autonomous endpoint protection through a single agent that successfully prevents, detects, responds, and hunts attacks across all major vectors. Designed for extreme ease of use, the S1 platform saves customers time by applying AI to automatically eliminate threats in real-time for both on-premise and cloud environments and is the only solution to provide full visibility across networks directly from the endpoint. To learn more visit www.sentinelone.com or follow us at @SentinelOne, on LinkedIn or Facebook.

Offer
Learn more about Palo Alto Networks Cortex XSOAR
Learn more about SentinelOne
Sample Customers
Cellcom Israel, Blue Cross and Blue Shield of Kansas City, esri, Cylance, Flatiron Health, Veeva, ADT Cybersecurity
Havas, Flex, Estee Lauder, McKesson, Norfolk Southern, JetBlue, Norwegian airlines, TGI Friday, AVX, Fim Bank
Top Industries
VISITORS READING REVIEWS
Computer Software Company30%
Comms Service Provider19%
Financial Services Firm7%
Government7%
REVIEWERS
Retailer19%
Manufacturing Company13%
Healthcare Company13%
Energy/Utilities Company13%
VISITORS READING REVIEWS
Computer Software Company24%
Comms Service Provider23%
Government6%
Retailer4%
Company Size
REVIEWERS
Small Business22%
Midsize Enterprise33%
Large Enterprise44%
REVIEWERS
Small Business29%
Midsize Enterprise18%
Large Enterprise54%
VISITORS READING REVIEWS
Small Business24%
Midsize Enterprise52%
Large Enterprise25%
Find out what your peers are saying about Palo Alto Networks, Critical Start, Splunk and others in Security Orchestration Automation and Response (SOAR). Updated: November 2021.
554,873 professionals have used our research since 2012.

Palo Alto Networks Cortex XSOAR is ranked 1st in Security Orchestration Automation and Response (SOAR) with 8 reviews while SentinelOne is ranked 2nd in Endpoint Protection for Business (EPP) with 20 reviews. Palo Alto Networks Cortex XSOAR is rated 8.6, while SentinelOne is rated 9.8. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of SentinelOne writes "Made a tremendous difference in our ability to protect our endpoints and servers". Palo Alto Networks Cortex XSOAR is most compared with Splunk Phantom, Fortinet FortiSOAR, IBM Resilient, ServiceNow Security Operations and DFLabs IncMan SOAR, whereas SentinelOne is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Carbon Black CB Defense, Darktrace and Cortex XDR by Palo Alto Networks.

We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.