We performed a comparison between Palo Alto Networks Cortex XSOAR and Tanium based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The automation feature is valuable."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"I am satisfied with the product overall."
"I chose Cortex XSOAR because the client also has Palo Alto firewalls. I can incorporate the data from the Palo Alto firewalls into Cortex and send it into the same data lake to manipulate that data. It lets me manage and monitor the data in one place."
"The most valuable feature is automation."
"For organizations that are stable with their security operations, like those with around 50 members in their security team running full-phased operations 24/7, Cortex is necessary."
"The most valuable feature is its capability to automate responses and collect information for any security event before you even delve into the details. It's a vast product with an active roadmap, so I'm satisfied with it for now. It's very efficient at data collection and correlation."
"It is a scalable solution."
"The repository of playbooks and the integration between Palo Alto and IBM QRadar are some useful features"
"It is a scalable solution. I would rate scalability a ten out of ten."
"For incident response tasks, all these tasks can get done in minutes with minimal disruption to the end-user."
"Tanium has made the process of detecting threats more proactive with its detection. So, the process is easier and more efficient."
"Tanium's most valuable feature is its instant discovery aspect."
"The most valuable features of this solution are the consolidation of all historical data on device endpoints, security drivers, firmware, and Software version gaps."
"Tanium's most valuable features are patch management, inventory, and distribution software."
"I'm not so familiar with the tool but I like the interaction of the console to the picture. Patching is the primary model I have been focusing on for the last couple of weeks. So I have created a proof of concept environment and have been checking the available features."
"I like the fact that you can create patching campaigns depending on the area of your network that you want to address first. I like the ability it has to make several campaigns that work in parallel."
"The product is granular and can build complex roles compared to other EDR vendors."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"The only thing is sometimes you can have a false positive."
"The solution should allow for a streamlined CI/CD procedure."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"We'd like also a better ticketing system, which is older."
"In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts. I can't take a tab and say I want to use this tab on these other layouts. I have to physically go in there and recreate it from scratch, which is maddening."
"Palo Alto needs to develop more AI-centric products."
"The formats are not compatible, are readily not available, and are not readable."
"The platform’s setup procedures could be streamlined compared to one of its competitors."
"The integration could be better. Cortex, for example, does not work with iPhone."
"The solution's correlation rules and playbooks should be improved."
"The dashboard performance could be improved."
"There should be an on-premise version available for customers to have different choices."
"Any movement into a SaaS solution has challenges since the processes and data flows are not well defined. Hence, you need to build it at the same time."
"The most painful thing is the interface. It's a bit unclear sometimes."
"Most of the time, agent-relative issues have to be more equipped with self-healing features. At times, the agent is there, but for some reason, it doesn't report a status. It gives certain problems that are obviously agent-based."
"Tanium’s scalability could be improved."
"They could improve the UI."
"The solution lacks mobility."
"The performance could improve in future releases. We have had performance issues in specialized web environments, but overall I think the problems are less than 2% of the computer systems being used."
"We had some issues with the solution's OS upgrade."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews while Tanium is ranked 37th in Endpoint Protection Platform (EPP) with 15 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while Tanium is rated 7.4. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of Tanium writes "Useful tool for vulnerability management and deploying applications, needing improvement in its OS upgrade". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and ServiceNow Security Operations, whereas Tanium is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Microsoft Configuration Manager, Qualys VMDR and ServiceNow Discovery.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.