No more typing reviews! Try our Samantha, our new voice AI agent.

BlackBerry Cylance Cybersecurity vs CrowdStrike Falcon comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 11, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Protection Platform (EPP)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Detection and Response (EDR) (6th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
BlackBerry Cylance Cybersec...
Ranking in Endpoint Protection Platform (EPP)
32nd
Average Rating
8.0
Reviews Sentiment
4.6
Number of Reviews
44
Ranking in other categories
No ranking in other categories
CrowdStrike Falcon
Ranking in Endpoint Protection Platform (EPP)
2nd
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
139
Ranking in other categories
Security Information and Event Management (SIEM) (5th), Threat Intelligence Platforms (TIP) (2nd), Endpoint Detection and Response (EDR) (1st), Extended Detection and Response (XDR) (1st), Attack Surface Management (ASM) (2nd), Identity Threat Detection and Response (ITDR) (1st), AI-Powered Cybersecurity Platforms (2nd)
 

Mindshare comparison

As of July 2026, in the Endpoint Protection Platform (EPP) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.8%, up from 3.7% compared to the previous year. The mindshare of BlackBerry Cylance Cybersecurity is 1.5%, up from 1.1% compared to the previous year. The mindshare of CrowdStrike Falcon is 5.9%, down from 10.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP) Mindshare Distribution
ProductMindshare (%)
CrowdStrike Falcon5.9%
Cortex XDR by Palo Alto Networks3.8%
BlackBerry Cylance Cybersecurity1.5%
Other88.8%
Endpoint Protection Platform (EPP)
 

Q&A Highlights

Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot
Jun 27, 2019
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Sooraj Makkancherrry - PeerSpot reviewer
Security Operations Manager at Philips
Doesn't have daily updates, which is important for healthcare IT
I face challenges with the exclusion policy - it still scans folders we told it not to, causing issues. When we contact support, they tell us to update the latest agent, but we can't do that immediately due to medical device protocols and validation testing. I wish support would try to understand our issues better instead of giving this standard response. The machine learning feature they use often tells us to upgrade the agent or add things to the exclusion list, which isn't unacceptable. It's a very good and new technology as a tool and antivirus. But sometimes, it doesn't work properly with our medical devices and products, quarantining files it shouldn't even after we add them to exclusions. This is tricky for us.
Chetan Bhati - PeerSpot reviewer
Network Security Engineer at Arrow PC Network Pvt Ltd
Cloud-native security has improved real-time threat detection and streamlined daily operations
While CrowdStrike Falcon is strong overall, there are a few areas where it could be improved. First, the user interface can be a bit complex for new users. Sometimes, navigating through different sections and understanding detailed alerts takes time, especially for teams without deep security expertise. The cost is also something to consider, as the features and additional modules can increase pricing, which may be a challenge for smaller teams. Additionally, some integrations with simpler reporting would be helpful. The onboarding process for new users is a bit challenging for beginners to understand all features and workflows in the product. More simplified documentation, step-by-step guides, and real-world examples could help new users get comfortable faster. A structured onboarding or basic training module would be very useful for teams who are new to endpoint security tools. In addition, having more in-product guidance and tooltips within the dashboard could make navigation easier and reduce the learning curve. Overall, improving training resources and onboarding support would make the platform more user-friendly, especially for new users.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We use it for malicious connections from malicious websites, to identify payloads that might be inside the traffic, to identify malicious processes or bugs that are running on the network, and any activities that tend to lead to data infiltration."
"One of the main benefits of the solution is its intelligence to correlate the events into an incident."
"Palo Alto is constantly adding new features."
"Palo Alto Networks Traps improves our security posture and lowers risk by providing next-gen methods to combat against modern threats on all the major platforms."
"Automation and playbooks have helped me significantly, as Cortex Xnor's playbooks predefine the workflow of the automation, such as response processes, alert triggering, and enriching the context, efficiently detecting and blocking malicious attacks with firewalls while eliminating workload and speeding responses for next-generation operations."
"This software helps us understand any issues that may arise when someone is not at work."
"The most valuable feature of Cortex XDR by Palo Alto Networks is its machine-learning capabilities. Additionally, there is full integration with other solutions."
"The most valuable feature is that you can select remote access of any machine for sandboxing."
"CylancePROTECT works on AI technology, is always up to date, and uses very few resources on your devices."
"The non-daily requirement to update signatures is the most valuable feature. From a functional point of view, it is pretty spot on. For instance, we compared an algorithm from five years ago to today's algorithm, and it was 98% accurate. It has the ability to detect and mitigate. In the industrial environment that we work in, there's what we call OT versus IT. You are IT Central, but this is OT. Generally, we don't have the same level of skillset as IT individuals or IT professionals have. This particular product doesn't require you to be a computer scientist to be able to understand its proprietary algorithm and to be able to deploy, use, and work within it. It integrates well with a robust SIEM or SOAR solution, and it plays nice with others. We use other detection solutions like CyberX or site provision with Cisco, and it plays nice. That's one of the things we really liked about it."
"The solution is stable; it was no problem and all went quite well, with no bugs or freezes."
"The most functional item that we use is the process to turn off the false flags that it causes."
"The stability is perfect, and it is leaps and bounds beyond our previous solution by McAfee."
"CylancePROTECT is very stable - we've had no issues with performance and no errors or bugs."
"The solution’s AI is its most valuable feature."
"I find the actual overall endpoint malware protection the most valuable feature of CylancePROTECT."
"The most valuable feature is the indicator of compromise, which show you what file was either quarantined or removed."
"The most valuable feature of CrowdStrike Falcon is its accuracy."
"The flexibility and always-on protection that is provided by a cloud-based solution are important to us; the cloud is everywhere, so with the agent on the laptop, wherever the user may go, including home, office, or traveling, it's protected 24x7, all the time."
"It has good features for threat detection."
"The stability is very good."
"The features I like the most are the response time and the dashboard are both excellent."
"There are great security features on offer that are much better than other options in India at this time."
"We have seen a reduction to the performance hit to our operating systems."
 

Cons

"Cortex XDR by Palo Alto Networks could improve its user interface, which is more complicated compared to competitors such as SentinelOne."
"Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well."
"Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats."
"There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration."
"There are some third-party solutions that are difficult to integrate with, which is something that can be improved."
"This product has not improved my organization - in fact, we are in the process of moving back to another product as a result of Cortex's horrible impact on system performance."
"It is not easy to sell Cortex XDR, not because it isn't a good tool. Its marketing needs to be improved."
"The connection to the internet has not performed as expected."
"It could have integration with industrial base HMIS or Human Machine Interfaces Solutions."
"If they can add more features on top of their Persona feature that would be ideal."
"​Work on the math model. We are catching a lot of false positives, which gets to be a pain at the start of a deployment."
"The problem is, for me, sometimes it creeps into the computers and into the servers that we want to get running."
"I would say one thing that they might need to bring in is protection for mobile devices."
"Making the dashboards a bit modern to make them easier to search would also be helpful."
"For example, the interface and the Cylance Optics need to be improved a fair bit."
"I'd like them to do software distribution too, but they said that that's architecturally not at the product line."
"The technical support could improve because I am in India and the support I receive is from the UK or Australia. It is difficult to manage the time difference. The service could be faster. However, when we do have the support they are knowledgeable."
"There are some aspects of the UI that could use some improvement, e.g., working in groups."
"They don't really have anything when it comes to scanning attachments."
"Improvement could be made in the number of false positives we get, there are more than there needs to be."
"The product is quite expensive."
"CrowdStrike Falcon could improve if it became an XDR. When we look only to an end-point, we lost the context of the environment. I know it's another line of design of the product. However, if CrowdStrike becomes an XDR, it could be very good."
"The console is a little cluttered and at times, finding what you're looking for is not intuitive."
"Technical support could be better than what is currently offered."
 

Pricing and Cost Advice

"The cost depends on your chosen license type, like Pro or other licenses."
"This is an expensive solution."
"Cortex XDR's pricing is ok."
"It is cost-effective compared to similar solutions. It fits for the small businesses through to the big businesses."
"We pay about $50,000 USD per year for a bundle that includes Cortex XDR."
"The price of the solution could be reduced. I have customers that have voiced that the solution is good for the value but if I want to sell more of the solution the price reduction would help."
"The price of the product is not very economical."
"Cortex XDR’s pricing is very reasonable."
"The product cost is about $5, per user, per month."
"​Shop around for sure and be assured the price you pay will be close to other solutions available, but even at a slight mark-up from the other solutions, you are getting real endpoint protection versus nothing more than a cheap security blanket that might keep you warm at night."
"The price is reasonable for us at the moment. I rate the overall solution an eight out of ten."
"The licensing part of the product is too expensive compared to other solutions in the market."
"My company is on a yearly CylancePROTECT subscription. Price-wise, the solution is slightly expensive, so I'd rate it as eight out of ten."
"Our licensing cost for the solution is around $4,000 for six months. There are no costs in addition to the standard licensing fees."
"Currently, we have competitive pricing for Cylance, which is affordable enough to consider."
"The solution provides me with competitive pricing."
"I'm not directly involved in sales, so I can't comment on the exact price, but I know the price decreases the higher the quantity we purchase."
"I do not have experience with the cost or licensing of the product."
"The other administrator and I can log in to check the exact details of what happened, what was running, and what caused the detection. We know exactly what was happening on the end users PC and we can tell if it's something that we actually need or something that's malicious."
"CrowdStrike Falcon is one of the more expensive endpoint solutions on the market."
"I am not aware of the price, but I believe that it is among the most expensive XDRs out there. Of course, this is dependent on the features you choose. Depending on the features, the price might increase."
"The solution isn't very costly; it's affordable."
"The more endpoints an organization adds the cheaper the cost."
"While CrowdStrike Falcon offers significant security benefits, its high price point might make it prohibitively expensive for many small and medium-sized businesses, including companies like ours."
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
904,146 professionals have used our research since 2012.
 

Answers from the Community

Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot
Jun 27, 2019
Jun 27, 2019
Both Cylance and CrowdStrike are amongst the few top of the market in terms or endpoint protection. CrowdStrike was considered among the top 5 in 2017 and Cylance was considered the same in 2019. As they are both highly effective, CrowdStrike is very unique in its user-friendliness, while Cylance is very unique for its minimum utilization of computer's resources. If you compare initial pricing,...
2 out of 3 answers
Dan Brunnquell - PeerSpot reviewer
Director Of Information Technology at a financial services firm with 11-50 employees
Jun 25, 2019
I never used Cylance. We installed CrowdStrike on 6/6/19 and aside from a test file have had zero hits. CrowdStrike has some additional features available (at a cost). One that I am looking at is device control for USB storage devices for policy enforcement. Syslogs are being absorbed by my SIEM as well.
AA
IT Manager with 201-500 employees
Jun 26, 2019
Both Cylance and CrowdStrike are amongst the few top of the market in terms or endpoint protection. CrowdStrike was considered among the top 5 in 2017 and Cylance was considered the same in 2019. As they are both highly effective, CrowdStrike is very unique in its user-friendliness, while Cylance is very unique for its minimum utilization of computer's resources. If you compare initial pricing, you would go with Cylance, but you can always negotiate with both to get the best offers.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Construction Company
11%
Manufacturing Company
7%
Financial Services Firm
7%
Comms Service Provider
7%
Financial Services Firm
11%
Manufacturing Company
10%
Computer Software Company
9%
Government
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business33
Midsize Enterprise5
Large Enterprise14
By reviewers
Company SizeCount
Small Business55
Midsize Enterprise33
Large Enterprise63
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What is your experience regarding pricing and costs for Blackberry Protect?
The price is reasonable for us at the moment. I rate the overall solution an eight out of ten.
What needs improvement with Blackberry Protect?
I face challenges with the exclusion policy - it still scans folders we told it not to, causing issues. When we conta...
What is your primary use case for Blackberry Protect?
I am using CylancePROTECT as an active learning algorithm. We installed it on almost 20,000 servers and virtual machi...
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing u...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never pu...
Is Crowdstrike Falcon better than Trend Micro Deep Security?
I like that Crowdstrike allows me to easily correlate data between my firewalls. What’s most useful for my needs is t...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Blackberry Protect
CrowdStrike Falcon XDR, CrowdStrike Falcon Threat Intelligence, CrowdStrike Identity Protection, CrowdStrike Falcon Surface, CrowdStrike Falcon Platform
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Panasonic, Noble Energy, Apria Healthcare Group Inc., Charles River Laboratories, Rovi Corporation, Toyota, Kiewit
Information Not Available
Find out what your peers are saying about BlackBerry Cylance Cybersecurity vs. CrowdStrike Falcon and other solutions. Updated: June 2026.
904,146 professionals have used our research since 2012.