No more typing reviews! Try our Samantha, our new voice AI agent.

BlackBerry Cylance Cybersecurity vs CrowdStrike Falcon comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 11, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Protection Platform (EPP)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Detection and Response (EDR) (6th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
BlackBerry Cylance Cybersec...
Ranking in Endpoint Protection Platform (EPP)
32nd
Average Rating
8.0
Reviews Sentiment
4.6
Number of Reviews
44
Ranking in other categories
No ranking in other categories
CrowdStrike Falcon
Ranking in Endpoint Protection Platform (EPP)
2nd
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
139
Ranking in other categories
Security Information and Event Management (SIEM) (5th), Threat Intelligence Platforms (TIP) (2nd), Endpoint Detection and Response (EDR) (1st), Extended Detection and Response (XDR) (1st), Attack Surface Management (ASM) (2nd), Identity Threat Detection and Response (ITDR) (1st), AI-Powered Cybersecurity Platforms (2nd)
 

Mindshare comparison

As of July 2026, in the Endpoint Protection Platform (EPP) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.8%, up from 3.7% compared to the previous year. The mindshare of BlackBerry Cylance Cybersecurity is 1.5%, up from 1.1% compared to the previous year. The mindshare of CrowdStrike Falcon is 5.9%, down from 10.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP) Mindshare Distribution
ProductMindshare (%)
CrowdStrike Falcon5.9%
Cortex XDR by Palo Alto Networks3.8%
BlackBerry Cylance Cybersecurity1.5%
Other88.8%
Endpoint Protection Platform (EPP)
 

Q&A Highlights

Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot
Jun 27, 2019
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Sooraj Makkancherrry - PeerSpot reviewer
Security Operations Manager at Philips
Doesn't have daily updates, which is important for healthcare IT
I face challenges with the exclusion policy - it still scans folders we told it not to, causing issues. When we contact support, they tell us to update the latest agent, but we can't do that immediately due to medical device protocols and validation testing. I wish support would try to understand our issues better instead of giving this standard response. The machine learning feature they use often tells us to upgrade the agent or add things to the exclusion list, which isn't unacceptable. It's a very good and new technology as a tool and antivirus. But sometimes, it doesn't work properly with our medical devices and products, quarantining files it shouldn't even after we add them to exclusions. This is tricky for us.
Chetan Bhati - PeerSpot reviewer
Network Security Engineer at Arrow PC Network Pvt Ltd
Cloud-native security has improved real-time threat detection and streamlined daily operations
While CrowdStrike Falcon is strong overall, there are a few areas where it could be improved. First, the user interface can be a bit complex for new users. Sometimes, navigating through different sections and understanding detailed alerts takes time, especially for teams without deep security expertise. The cost is also something to consider, as the features and additional modules can increase pricing, which may be a challenge for smaller teams. Additionally, some integrations with simpler reporting would be helpful. The onboarding process for new users is a bit challenging for beginners to understand all features and workflows in the product. More simplified documentation, step-by-step guides, and real-world examples could help new users get comfortable faster. A structured onboarding or basic training module would be very useful for teams who are new to endpoint security tools. In addition, having more in-product guidance and tooltips within the dashboard could make navigation easier and reduce the learning curve. Overall, improving training resources and onboarding support would make the platform more user-friendly, especially for new users.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"WildFire AI is the best option for this product."
"It is a simple platform to use."
"The positive impacts I see from Cortex XDR by Palo Alto Networks include a complete 360-degree view of our security posture altogether, being a uniform platform where we are ingesting logs from multiple resources."
"I recognize that Cortex XDR by Palo Alto Networks is one of the best products in its category regarding capabilities."
"Once you become familiar with it, Cortex XDR by Palo Alto Networks is a more powerful tool and I would say that I prefer it over MDE because it is a stronger tool for me."
"It's very stable. I've never experienced downtime for the ASM console or ASM core."
"Based on my experience, I would recommend Cortex XDR by Palo Alto Networks to other people."
"There are a lot of lead solutions in this space, however, Palo Alto is number one."
"The solution is pretty easy to scale."
"Two or three years ago when the WannaCry virus struck, the people that were on Cylance were the ones that weren't affected."
"​Very easy to deploy. It can be done one by one or deployed by customizing an MSI file for GPO push.​"
"It is a good endpoint solution. It is very easy to manage and detect the threat immediately. It will take the necessary actions."
"The quick installation would be the most valuable aspect of this solution."
"Does malware analysis. Blocks WannaCry and other attacks that have come out."
"The deployment of updates is easy."
"With Cylance AI and Machine Learning, it's ensuring that all types of malware, PUP (Potential Unwanted Programs) and Memory Protection your endpoint devices are fully protected, even with day zero threats."
"We rely on our environmental security and we haven't had any infections so that's valuable for us."
"The most valuable feature of CrowdStrike Falcon is its accuracy. That's very important for me. False-positive are very bad for everyone. As we are a financial institution, it's even worse. I like Falcon because it's very accurate."
"The 10 hours a week that we are freeing up from having to manage and monitor our AV solution has really allowed us to focus on other areas of the business. This has been a huge return on investment."
"I have found the connection to search the hosts for detections very useful in CrowdStrike Falcon."
"Falcon has the capacity to identify potential problems quickly. The administrator can deploy the agent, and the users cannot change it. This assures you that the agent remains on this device. Also, the agent can act preemptively to provide alerts about potential problems."
"It has good features for threat detection."
"CrowdStrike displays a threat score when it detects an infection. This is helpful because not all detections are the same. It will classify them as ransomware, malware, phishing, etc. This feature helps us prioritize and cross-check with other EDR tools."
"I like the dashboard nature of it. Everything is clickable, linkable, and information is easy to obtain and find. How it presents that information is probably the biggest win as far as the information correlation aspect. The presentation of it is very good."
 

Cons

"I would like to see improvement in the tool's user interface, particularly in the area of managing alerts and providing more reporting capabilities."
"Cortex XDR could improve its sales support team, including better commission structures and referral programs."
"This is a very costly product."
"Currently, we are monitoring all USB drives and ports but we would like to improve our device control capabilities."
"It takes time to scan the servers and devices."
"As an improvement, I would like to see enhanced connection speeds."
"Limited remote connection."
"While using Cortex, I noticed some aspects that could be improved, such as increasing the synchronization speed between XDR and Xnor."
"The solution’s technical support could be improved."
"​It needs real analysis of quarantined files. The EDR product isn't showing much right now."
"Making the dashboards a bit modern to make them easier to search would also be helpful."
"The solution needs better dashboards that are easier to use."
"It is hard to manage."
"They could improve on the false positives, reporting and whitelisting features."
"The OPTICS component could be made more user-friendly with respect to giving people more information."
"The product needs to continue to offer better alerts, in particular around false positives, and it needs to reduce them from happening."
"The solution could improve by providing more types of reports because it's in the detection span you cannot re-export anything. If it could be exported to a CSV file directly there it would help a lot. I currently need to do this by API to get what I need."
"Whenever there is a feature release (upgrade) where we push to all the endpoints, it causes something to be blocked without us knowing."
"The technical support could improve because I am in India and the support I receive is from the UK or Australia. It is difficult to manage the time difference. The service could be faster. However, when we do have the support they are knowledgeable."
"CrowdStrike should add support for ransomware protection."
"It is cloud-based, and this does make some weary of the data being held on the cloud. Privacy requirements must be taken into account."
"They respond quickly on the weekdays, but the weekend response times are slower."
"With CrowdStrike, we have found that there are a few missed detections. We would not say it is completely reliable or 100% reliable, however, the ratio of missed detection is more in CrowdStrike."
"For CrowdStrike to work, all the machines need to have an internet connection. This makes it challenging to assist customers without an internet connection. We would like to have a mechanism or relay to make this possible."
 

Pricing and Cost Advice

"The pricing seems fair, and I do like the licensing model. You use wherever they are, and it is elastic."
"It is "expensive" and flexible."
"Cortex XDR by Palo Alto Networks is quite an expensive solution."
"If one wishes to work with another team or large number of users at a future point, he must purchase a license for them."
"The price of the solution could be reduced. I have customers that have voiced that the solution is good for the value but if I want to sell more of the solution the price reduction would help."
"I did PoCs on products called Cylance and CrowdStrike. Although, I consider these products and they were also good, when it come to cost and budgetary factors, Traps has been proven to be better than the other two products. It is quite cost-effective and delivers all the entire solution which we require."
"I don't have any issues with the pricing. We are satisfied with the price."
"The solution is expensive. It's pricing is on a yearly-basis."
"I think that the price we are paying is good for what it is."
"My company is on a yearly CylancePROTECT subscription. Price-wise, the solution is slightly expensive, so I'd rate it as eight out of ten."
"The product cost is about $5, per user, per month."
"On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven out of ten."
"We pay our license on a yearly basis and have just renewed for two years."
"It is expensive, but not unreasonable."
"We would just add more if there are new users, but right now you just need one license for per user."
"The price is reasonable for us at the moment. I rate the overall solution an eight out of ten."
"CrowdStrike Falcon is more expensive than other EDR solutions with similar features."
"The pricing will depend upon your volume of usage."
"It is an expensive product, but I think it is well worth the investment."
"I do not have experience with the cost or licensing of the product."
"The pricing could be reduced. If it was more reasonable that would be great."
"The solution isn't very costly; it's affordable."
"The pricing is good and there are no costs in addition to the standard licensing fees."
"The product is expensive."
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
904,680 professionals have used our research since 2012.
 

Answers from the Community

Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot
Jun 27, 2019
Jun 27, 2019
Both Cylance and CrowdStrike are amongst the few top of the market in terms or endpoint protection. CrowdStrike was considered among the top 5 in 2017 and Cylance was considered the same in 2019. As they are both highly effective, CrowdStrike is very unique in its user-friendliness, while Cylance is very unique for its minimum utilization of computer's resources. If you compare initial pricing,...
2 out of 3 answers
Dan Brunnquell - PeerSpot reviewer
Director Of Information Technology at a financial services firm with 11-50 employees
Jun 25, 2019
I never used Cylance. We installed CrowdStrike on 6/6/19 and aside from a test file have had zero hits. CrowdStrike has some additional features available (at a cost). One that I am looking at is device control for USB storage devices for policy enforcement. Syslogs are being absorbed by my SIEM as well.
AA
IT Manager with 201-500 employees
Jun 26, 2019
Both Cylance and CrowdStrike are amongst the few top of the market in terms or endpoint protection. CrowdStrike was considered among the top 5 in 2017 and Cylance was considered the same in 2019. As they are both highly effective, CrowdStrike is very unique in its user-friendliness, while Cylance is very unique for its minimum utilization of computer's resources. If you compare initial pricing, you would go with Cylance, but you can always negotiate with both to get the best offers.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Construction Company
11%
Manufacturing Company
7%
Financial Services Firm
7%
Comms Service Provider
7%
Financial Services Firm
11%
Manufacturing Company
10%
Computer Software Company
9%
Government
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business33
Midsize Enterprise5
Large Enterprise14
By reviewers
Company SizeCount
Small Business55
Midsize Enterprise33
Large Enterprise63
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What is your experience regarding pricing and costs for Blackberry Protect?
The price is reasonable for us at the moment. I rate the overall solution an eight out of ten.
What needs improvement with Blackberry Protect?
I face challenges with the exclusion policy - it still scans folders we told it not to, causing issues. When we conta...
What is your primary use case for Blackberry Protect?
I am using CylancePROTECT as an active learning algorithm. We installed it on almost 20,000 servers and virtual machi...
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing u...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never pu...
Is Crowdstrike Falcon better than Trend Micro Deep Security?
I like that Crowdstrike allows me to easily correlate data between my firewalls. What’s most useful for my needs is t...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Blackberry Protect
CrowdStrike Falcon XDR, CrowdStrike Falcon Threat Intelligence, CrowdStrike Identity Protection, CrowdStrike Falcon Surface, CrowdStrike Falcon Platform
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Panasonic, Noble Energy, Apria Healthcare Group Inc., Charles River Laboratories, Rovi Corporation, Toyota, Kiewit
Information Not Available
Find out what your peers are saying about BlackBerry Cylance Cybersecurity vs. CrowdStrike Falcon and other solutions. Updated: June 2026.
904,680 professionals have used our research since 2012.