No more typing reviews! Try our Samantha, our new voice AI agent.

BlackBerry Cylance Cybersecurity vs CrowdStrike Falcon comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 11, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Protection Platform (EPP)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
113
Ranking in other categories
Endpoint Detection and Response (EDR) (6th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
BlackBerry Cylance Cybersec...
Ranking in Endpoint Protection Platform (EPP)
32nd
Average Rating
8.0
Reviews Sentiment
4.6
Number of Reviews
44
Ranking in other categories
No ranking in other categories
CrowdStrike Falcon
Ranking in Endpoint Protection Platform (EPP)
2nd
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
140
Ranking in other categories
Security Information and Event Management (SIEM) (5th), Threat Intelligence Platforms (TIP) (2nd), Endpoint Detection and Response (EDR) (1st), Extended Detection and Response (XDR) (1st), Attack Surface Management (ASM) (2nd), Identity Threat Detection and Response (ITDR) (1st), AI-Powered Cybersecurity Platforms (2nd)
 

Mindshare comparison

As of July 2026, in the Endpoint Protection Platform (EPP) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.8%, up from 3.7% compared to the previous year. The mindshare of BlackBerry Cylance Cybersecurity is 1.5%, up from 1.1% compared to the previous year. The mindshare of CrowdStrike Falcon is 5.9%, down from 10.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP) Mindshare Distribution
ProductMindshare (%)
CrowdStrike Falcon5.9%
Cortex XDR by Palo Alto Networks3.8%
BlackBerry Cylance Cybersecurity1.5%
Other88.8%
Endpoint Protection Platform (EPP)
 

Q&A Highlights

Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot
Jun 27, 2019
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Sooraj Makkancherrry - PeerSpot reviewer
Security Operations Manager at Philips
Doesn't have daily updates, which is important for healthcare IT
I face challenges with the exclusion policy - it still scans folders we told it not to, causing issues. When we contact support, they tell us to update the latest agent, but we can't do that immediately due to medical device protocols and validation testing. I wish support would try to understand our issues better instead of giving this standard response. The machine learning feature they use often tells us to upgrade the agent or add things to the exclusion list, which isn't unacceptable. It's a very good and new technology as a tool and antivirus. But sometimes, it doesn't work properly with our medical devices and products, quarantining files it shouldn't even after we add them to exclusions. This is tricky for us.
Chetan Bhati - PeerSpot reviewer
Network Security Engineer at Arrow PC Network Pvt Ltd
Cloud-native security has improved real-time threat detection and streamlined daily operations
While CrowdStrike Falcon is strong overall, there are a few areas where it could be improved. First, the user interface can be a bit complex for new users. Sometimes, navigating through different sections and understanding detailed alerts takes time, especially for teams without deep security expertise. The cost is also something to consider, as the features and additional modules can increase pricing, which may be a challenge for smaller teams. Additionally, some integrations with simpler reporting would be helpful. The onboarding process for new users is a bit challenging for beginners to understand all features and workflows in the product. More simplified documentation, step-by-step guides, and real-world examples could help new users get comfortable faster. A structured onboarding or basic training module would be very useful for teams who are new to endpoint security tools. In addition, having more in-product guidance and tooltips within the dashboard could make navigation easier and reduce the learning curve. Overall, improving training resources and onboarding support would make the platform more user-friendly, especially for new users.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The policy configuration is great, the granularity of policies that are available is very helpful, it is straightforward to set up, and it has pretty much everything we need and works well within the Palo Alto ecosystem."
"Stability is one of the features we like the most."
"The most valuable for us is the correlation feature."
"The multi-layered approach to the product gives you confidence that it will stop exploits, ransomware, worms, or viruses from compromising endpoints, essentially providing peace of mind."
"The solution allows us to make investigations. Other XDR solutions also provide similar capabilities but for investigation, Cortex XDR is better."
"If the user leaves our premises or network, Palo Alto Traps will still be on that endpoint and will still apply our policies."
"The protection offered by this product is good, as is the endpoint reporting."
"I like the centralized console and the predictive analysis it does of malware. It is very stable and also scalable."
"CylancePROTECT works on AI technology, is always up to date, and uses very few resources on your devices."
"What's most valuable in CylancePROTECT is the optics feature. I also like its easy-to-use and user-friendly dashboard and monitoring system."
"We have been trained to learn how to use the product and now we have a very good experience with it."
"The initial setup of CylancePROTECT is very easy."
"The most functional item that we use is the process to turn off the false flags that it causes."
"It works well and covers a good number of the bases you need covered for general cybersecurity and vulnerability management."
"The solution is stable."
"CylancePROTECT works really well with the way we work."
"There's almost no maintenance required. It's very low if there's any at all."
"Everything we've done with CrowdStrike is due to Arctic Wolf. We don't even need to get alerts from CrowdStrike anymore. It'll send those to Arctic Wolf, and then Arctic Wolf analyzes those and let us know if there's a major issue."
"The feature that I find to be the most valuable, is being able to look at the system analysis and being able to baseline what is installed on the system."
"Falcon's best feature is its detection and blocking of threats."
"There are two things which customers really like about CrowdStrike. If they buy managed services from CrowdStrike, it offers them detection of security issues in one minute. If you buy their professional services, they offer insurance where you can claim up to $5 million if there's a breach. This is a huge upsell for customers."
"It has good features for threat detection."
"We have seen a reduction to the performance hit to our operating systems."
"The CS falcon agent is a lightweight agent compared with other agents of EDR products."
 

Cons

"A better pricing plan would make this product more competitive."
"There are some default policies which sometimes affect our applications and cause them to run around. In the hotel industry, we use a different type of data versus Oracle and SQL. By default, there are some policies which stop us from running properly. Because of this, the support level is also not that strong. We have to wait to get a results."
"If they had pulse rate detection, it would be better."
"Cortex XDR should have a lightweight agent, and the agent size should not be heavy."
"The product's pricing needs improvement. They could provide more discounts. Additionally, the dashboard and control panel could be enhanced."
"In general, the price could be more competitive."
"However, if you do not have Palo Alto in your environment, you are paying these additional services just for Cortex XDR by Palo Alto Networks, so it is not a cost-effective solution."
"The price could be a little lower."
"If they can improve the technical support SLA, that aspect of the product will be much appreciated."
"Having worked with SentinelOne, Cylance is good, however, it probably needs to add a feature similar to SentinelOne's rollback functionality. With this feature, if you get infected, with a click, you can go back to the pre-infection state. If Cylance could add this functionality to their offering as well, that would be ideal."
"I would not rate this solution in the top five for things like presenting information, or ease of use."
"The initial setup was quite complicated, it took us a month or two with the reseller doing a good job assisting us with the initial configuration."
"The high price of the product is an area of concern where improvements are required. The product's price should be more competitive."
"Making the dashboards a bit modern to make them easier to search would also be helpful."
"I find the price for Blackberry Protect expensive, so that's an area for improvement."
"It could have integration with industrial base HMIS or Human Machine Interfaces Solutions. This is the industrial environment where you have a control center for all the automation that's happening, whether it is oil, gas, or chemical manufacturing. They often have to set up a computer at the back and watch the other stuff to get alerts. In these autonomous or on-premises environments, they often don't have access to email readily. Integration with other industrial solutions, such as HMIS, will allow them to communicate and get an alert that something has been found. This way, they can react to it sooner than having somebody watch the screen and keep checking the screen. Rockwell has its own suite. Similarly, Honeywell has its own suite. There's also an independent HMI/historian solution provider out there called VTSCADA. We actually get asked if we can get it to show up on a screen, which is difficult. Getting those alerts to work within an industrial environment would be a huge plus."
"With CrowdStrike, we have found that there are a few missed detections. We would not say it is completely reliable or 100% reliable, however, the ratio of missed detection is more in CrowdStrike."
"I don't think anything is missing in CrowdStrike Falcon, but if they can manage their SOC solution instead of users or the end users or customers doing that, it will be very useful, just as Sophos does."
"CrowdStrike should add support for ransomware protection."
"As of now, CrowdStrike Falcon does not have application control and web control."
"CrowdStrike Suites and the way that it bundles things can be a bit challenging. It should be easier to integrate with the other stuff that they sell or be included with what they sell. We have one piece, then they are talking about another piece on vulnerability management all of the sudden, and we don't own that piece. We can see it in the console, but nothing shows up. It simply appears within the tool as an option, but we can't use it without purchasing it."
"We can't do scanning audits or device blocking or application control."
"CrowdStrike needs to quit making up stuff about its features and functionality to bash its competition."
"The solution should have included remote wipe capability out of the box."
 

Pricing and Cost Advice

"Our customers have expressed that the price is high."
"The solution is expensive. It's pricing is on a yearly-basis."
"Cortex XDR’s pricing is very reasonable."
"The price of the solution is high for the license and in general."
"The tool's price is moderate."
"I feel it is fairly priced."
"We didn't have to pay any additional fee for the cloud instance. It just came with the renewal, which was nice."
"If one wishes to work with another team or large number of users at a future point, he must purchase a license for them."
"The solution provides me with competitive pricing."
"We pay our license on a yearly basis and have just renewed for two years."
"Our licensing cost for the solution is around $4,000 for six months. There are no costs in addition to the standard licensing fees."
"My company is on a yearly CylancePROTECT subscription. Price-wise, the solution is slightly expensive, so I'd rate it as eight out of ten."
"The license price for this solution could be better. It's on the expensive side."
"We went through a third party initially to do the renewal, but we won't be renewing, we will move on to something else."
"The product cost is about $5, per user, per month."
"CylancePROTECT is worth the money, but I'm not sure of its exact price. I can't remember off the top of my head."
"Crowdstrike Falcon is relatively cheap."
"It is expensive compared to SentinelOne, but as the market leader, it is worth it."
"We pay 40,000 dirhams per 100 users."
"We have a yearly subscription and find the price to be good. I'd give it a rating of four out of five for price, we got a good discount."
"We pay between $30-50 per user for a yearly license, which is more expensive than SentinelOne or Bitdefender. However, CrowdStrike gives better value for money."
"CrowdStrike is well priced. On a yearly basis, it costs between $60 and $100 per user."
"The product is expensive."
"The more endpoints an organization adds the cheaper the cost."
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
902,588 professionals have used our research since 2012.
 

Answers from the Community

Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot
Jun 27, 2019
Jun 27, 2019
Both Cylance and CrowdStrike are amongst the few top of the market in terms or endpoint protection. CrowdStrike was considered among the top 5 in 2017 and Cylance was considered the same in 2019. As they are both highly effective, CrowdStrike is very unique in its user-friendliness, while Cylance is very unique for its minimum utilization of computer's resources. If you compare initial pricing,...
2 out of 3 answers
Dan Brunnquell - PeerSpot reviewer
Director Of Information Technology at a financial services firm with 11-50 employees
Jun 25, 2019
I never used Cylance. We installed CrowdStrike on 6/6/19 and aside from a test file have had zero hits. CrowdStrike has some additional features available (at a cost). One that I am looking at is device control for USB storage devices for policy enforcement. Syslogs are being absorbed by my SIEM as well.
AA
IT Manager with 201-500 employees
Jun 26, 2019
Both Cylance and CrowdStrike are amongst the few top of the market in terms or endpoint protection. CrowdStrike was considered among the top 5 in 2017 and Cylance was considered the same in 2019. As they are both highly effective, CrowdStrike is very unique in its user-friendliness, while Cylance is very unique for its minimum utilization of computer's resources. If you compare initial pricing, you would go with Cylance, but you can always negotiate with both to get the best offers.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Construction Company
11%
Financial Services Firm
7%
Manufacturing Company
7%
Comms Service Provider
7%
Financial Services Firm
11%
Manufacturing Company
10%
Computer Software Company
10%
Government
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise52
By reviewers
Company SizeCount
Small Business33
Midsize Enterprise5
Large Enterprise14
By reviewers
Company SizeCount
Small Business54
Midsize Enterprise34
Large Enterprise63
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What is your experience regarding pricing and costs for Blackberry Protect?
The price is reasonable for us at the moment. I rate the overall solution an eight out of ten.
What needs improvement with Blackberry Protect?
I face challenges with the exclusion policy - it still scans folders we told it not to, causing issues. When we conta...
What is your primary use case for Blackberry Protect?
I am using CylancePROTECT as an active learning algorithm. We installed it on almost 20,000 servers and virtual machi...
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing u...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never pu...
Is Crowdstrike Falcon better than Trend Micro Deep Security?
I like that Crowdstrike allows me to easily correlate data between my firewalls. What’s most useful for my needs is t...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Blackberry Protect
CrowdStrike Falcon XDR, CrowdStrike Falcon Threat Intelligence, CrowdStrike Identity Protection, CrowdStrike Falcon Surface, CrowdStrike Falcon Platform
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Panasonic, Noble Energy, Apria Healthcare Group Inc., Charles River Laboratories, Rovi Corporation, Toyota, Kiewit
Information Not Available
Find out what your peers are saying about BlackBerry Cylance Cybersecurity vs. CrowdStrike Falcon and other solutions. Updated: June 2026.
902,588 professionals have used our research since 2012.