BlackBerry Cylance Cybersecurity vs CrowdStrike Falcon comparison

BlackBerry Cylance Cybersecurity vs. CrowdStrike Falcon

Download the complete report

Helped 892,487 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cortex XDR by Palo Alto Net...

Mindshare comparison

As of May 2026, in the Endpoint Protection Platform (EPP) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of BlackBerry Cylance Cybersecurity is 1.5%, up from 1.1% compared to the previous year. The mindshare of CrowdStrike Falcon is 6.2%, down from 11.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Endpoint Protection Platform (EPP) Mindshare Distribution
Product	Mindshare (%)
CrowdStrike Falcon	6.2%
Cortex XDR by Palo Alto Networks	3.6%
BlackBerry Cylance Cybersecurity	1.5%
Other	88.7%

Endpoint Protection Platform (EPP)

Q&A Highlights

Miriam Tover

Service Delivery Manager at PeerSpot

Jun 27, 2019

What is the biggest difference between CrowdStrike and Cylance?

Both Cylance and CrowdStrike are amongst the few top of the market in terms or endpoint protection. CrowdStrike was considered among the top 5 in 2017 and Cylance was considered the same in 2019. As they are both highly effective, CrowdStrike is very unique in its user-friendliness, while Cylance is very unique for its minimum utilization of computer's resources. If you compare initial pricing, you would go with Cylance, but you can always negotiate with both to get the best offers.

Gained full visibility and streamlined threat detection through behavior-based insights and AI integration

Featured Reviews

ABHISHEK_SINGH

Senior Process Expert at A.P. Moller - Maersk

Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.

Read full review

Sooraj Makkancherrry

Security Operations Manager at Philips

Doesn't have daily updates, which is important for healthcare IT

I face challenges with the exclusion policy - it still scans folders we told it not to, causing issues. When we contact support, they tell us to update the latest agent, but we can't do that immediately due to medical device protocols and validation testing. I wish support would try to understand our issues better instead of giving this standard response. The machine learning feature they use often tells us to upgrade the agent or add things to the exclusion list, which isn't unacceptable. It's a very good and new technology as a tool and antivirus. But sometimes, it doesn't work properly with our medical devices and products, quarantining files it shouldn't even after we add them to exclusions. This is tricky for us.

Read full review

Chetan Bhati

Human Toxicology Engineer at Arrow PC Network Pvt Ltd

Cloud-native security has improved real-time threat detection and streamlined daily operations

While CrowdStrike Falcon is strong overall, there are a few areas where it could be improved. First, the user interface can be a bit complex for new users. Sometimes, navigating through different sections and understanding detailed alerts takes time, especially for teams without deep security expertise. The cost is also something to consider, as the features and additional modules can increase pricing, which may be a challenge for smaller teams. Additionally, some integrations with simpler reporting would be helpful. The onboarding process for new users is a bit challenging for beginners to understand all features and workflows in the product. More simplified documentation, step-by-step guides, and real-world examples could help new users get comfortable faster. A structured onboarding or basic training module would be very useful for teams who are new to endpoint security tools. In addition, having more in-product guidance and tooltips within the dashboard could make navigation easier and reduce the learning curve. Overall, improving training resources and onboarding support would make the platform more user-friendly, especially for new users.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The solution allows us to gain remote access without the user's knowledge and take the necessary actions on the device."

"Cortex XDR is a very capable solution for protecting large networks and a lot of endpoints. It's very useful because the automation is very high, and if you combine it with the features on Palo Alto firewalls, it provides very strong protection."

"There has been a significant reduction of approximately 70% to 80% in our internal MTTR and MTTD metrics, now around five to eight minutes whereas previously it was hours, which has helped tremendously."

"It has absolutely improved the way our organization functions, we are more secure, it is giving us more peace of mind, and it has found malicious activity happening on our endpoints that probably would not have been detected if we didn't have it."

"The stability of the solution is very good, we have about 100 users on it right now, and we use it twice a week."

"The product has an intuitive dashboard."

"The protection offered by this product is good, as is the endpoint reporting."

"The main benefit of using Cortex XDR by Palo Alto Networks while employing Palo Alto Firewall at the internet edge is that it improves security on our endpoint devices, integrating seamlessly with Palo Alto Firewalls to deliver comprehensive network, analyst, and security details all in a single dashboard, which allows us to manage everything from our network devices."

More Cortex XDR by Palo Alto Networks pros

"Blackberry Protect offers endpoint protection. It's easy to deploy. It's scalable and stable."

"Its setup is simple if you have a Windows device; it is executable."

"I've found the AI engine in CylancePROTECT to be particularly effective for technology and in preventing unknown threats."

"The solution is pretty easy to scale."

"Very easy to deploy. It can be done one by one or deployed by customizing an MSI file for GPO push."

"We have been trained to learn how to use the product and now we have a very good experience with it."

"Endpoints are protected in real-time without the need of a centralized server."

"I find the actual overall endpoint malware protection the most valuable feature of CylancePROTECT."

More BlackBerry Cylance Cybersecurity pros

"The most valuable feature is its threat analysis."

"From what we have seen, it is very scalable. We have recently acquired a company where someone had a ransomware attack when we joined networks. Within the course of just a few days, we were able to easily get CrowdStrike rolled out to about 300 machines. That also included the removal of that company's legacy anti-malware tool."

"The threat intelligence is the most valuable feature."

"I like its detection capabilities, number one."

"CrowdStrike Falcon has helped my customers predict and prevent potential breaches because of its proactive approach."

"Among CrowdStrike Falcon's most valuable capabilities are its UEBA and SOAR functionalities, along with its seamless integration with any other SIEM solution."

"I like the Overwatch feature the most."

"My advice for others is to purchase the solution it is simple to use and effective."

More CrowdStrike Falcon pros

Cons

"The dashboard could use some significant improvement, just making it more useful with more information."

"The main issue I could point out is the offline agents and the way that it is missing."

"The solution should force customers to integrate with network traffic to see the full benefits of XDR."

"Traps doesn't work with McAfee. You need to remove McAfee to install Traps. This is very common, and its nothing that should be an issue. Some antivirus engines recognize Traps as an threat component, so maybe they need to shake hands somewhere."

"The complexity and confusion regarding product variants, such as XDR, Forexiant, and Forexon, must be addressed."

"The encryption is not up to the mark."

"We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky."

"We had a problem with getting our older endpoints up to date, but their newest updates have been really good."

More Cortex XDR by Palo Alto Networks cons

"The user interface could be improved, it's very outdated."

"There are a lot of false positives and it takes up a lot of time."

"I would like to see a little bit of additional reporting or insight as to what it is doing exactly."

"It should have better support for Windows and Mac."

"Making the dashboards a bit modern to make them easier to search would also be helpful."

"For advanced security, I wouldn't."

"Having worked with SentinelOne, Cylance is good, however, it probably needs to add a feature similar to SentinelOne's rollback functionality."

"The initial setup was quite complicated, it took us a month or two with the reseller doing a good job assisting us with the initial configuration."

More BlackBerry Cylance Cybersecurity cons

"I would also like to see the endpoint firewall component produce some level of logging and feedback."

"I would love to see more investment in Insight because CrowdStrike have an opportunity to potentially displace some of the vulnerability management vendors with the visibility they can see over time."

"CrowdStrike Suites and the way that it bundles things can be a bit challenging. It should be easier to integrate with the other stuff that they sell or be included with what they sell. We have one piece, then they are talking about another piece on vulnerability management all of the sudden, and we don't own that piece. We can see it in the console, but nothing shows up. It simply appears within the tool as an option, but we can't use it without purchasing it."

"The tool is more expensive than other products in the market."

"They respond quickly on the weekdays, but the weekend response times are slower."

"Forensic controls have room for improvement."

"Falcon could include more integrative features."

"There are some aspects of the UI that could use some improvement, e.g., working in groups. I build a group, then I have to manually assign prevention policies, update policies, etc., but there is no function to copy that group. So, if I wanted to make a subgroup for troubleshooting or divide workstations into groups of laptops and desktops, then I have to manually build a brand new group. I can't just copy a build from one to another. Additionally, in order to do any work within a group, I have to first do the work on the respective prevention policy page or individual policy page, then remove the group if the group is assigned to a different prevention policy, remove the prevention policy, and then add the new one in. So, it can get a little hectic. It would be easier if I could add and remove things from the group page rather than having to go into the policy pages to do it."

More CrowdStrike Falcon cons

Pricing and Cost Advice

"Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance."

"I don't recall what the cost was, but it wasn't really that expensive."

"In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage."

"Cortex XDR’s pricing is very reasonable."

"We pay about $50,000 USD per year for a bundle that includes Cortex XDR."

"It has a higher cost than other solutions, like CrowdStrike or Microsoft’s EDR tools, but it reduces the cost of our operations because it’s a new generation antivirus tool."

"The solution has one subscription for endpoint protection and one subscription for detection and response. The two licenses combined give you the BRO version."

"It's the most expensive solution, but features-wise, it's quite strong. It's very good for protection, so the results are very good in the case of protection. I would rate it a two out of ten in terms of pricing."

More Cortex XDR by Palo Alto Networks pricing and cost advice

"The price is reasonable for us at the moment. I rate the overall solution an eight out of ten."

"The monthly fee is $55 USD per user."

"Our licensing cost for the solution is around $4,000 for six months. There are no costs in addition to the standard licensing fees."

"Review closely how many endpoints you actually need before buying into a pricing level. Deal and deal with the VAR of your choice."

"The solution's pricing is around the same as most EDRs but slightly behind some of the major ones."

"On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven out of ten."

"This cost of the license is approximately $5 USD monthly per user."

"CylancePROTECT is an affordable solution."

More BlackBerry Cylance Cybersecurity pricing and cost advice

"The tool is a little bit expensive compared to other products, but I think it's okay owing to its quality."

"All I can say about the licensing cost is that it's negotiable."

"The price is fixed with no room for negotiation."

"The solution isn't very costly; it's affordable."

"The price is high in comparison to similar brands."

"Our company pays approximately US$ 65,000 annually for 900 machines."

"The cost of CrowdStrike Falcon in Latin America seems high relative to the economic conditions in the region."

"Years ago, when we bought CrowdStrike, you got everything it had. I was a little concerned when they broke this out into a la carte modules where you can buy EDR, Spotlight, etc., picking and choosing off the menu. I was a little worried that the solution would get watered down. However, I realized in my previous organization when we had the full suite that there were a bunch of features in it that we didn't have time to operationalize. So, I warmed up to it. I get the whole, "Look, you can pick and choose. Okay, everybody buys a steak, but do you want mashed potatoes, or do you want lobster mac and cheese?" So, you can pick the sides that you want, so you can buy the solution that you want and operationalize versus paying a lot of money and getting a bunch of things, but not using 60 percent of the tools in the box."

More CrowdStrike Falcon pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.

See recommendations

892,487 professionals have used our research since 2012.

Answers from the Community

Miriam Tover

Service Delivery Manager at PeerSpot

Jun 27, 2019

What is the biggest difference between CrowdStrike and Cylance?

2 out of 3 answers

Dan Brunnquell

Director Of Information Technology at a financial services firm with 11-50 employees

Jun 25, 2019

I never used Cylance. We installed CrowdStrike on 6/6/19 and aside from a test file have had zero hits. CrowdStrike has some additional features available (at a cost). One that I am looking at is device control for USB storage devices for policy enforcement. Syslogs are being absorbed by my SIEM as well.

Read full answer

ABDULRAHMAN ALBATARNI

IT Manager with 201-500 employees

Jun 26, 2019

Read full answer

See all 3 answers

Top Industries

By visitors reading reviews

Construction Company

12%

Financial Services Firm

12%

Comms Service Provider

Manufacturing Company

Construction Company

10%

Manufacturing Company

Computer Software Company

Comms Service Provider

Financial Services Firm

11%

Computer Software Company

10%

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	45
Midsize Enterprise	20
Large Enterprise	48

By reviewers
Company Size	Count
Small Business	33
Midsize Enterprise	5
Large Enterprise	13

By reviewers
Company Size	Count
Small Business	56
Midsize Enterprise	33
Large Enterprise	63

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One

Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...

Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)

Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...

How is Cortex XDR compared with Microsoft Defender?

Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...

What do you like most about Blackberry Protect?

It is a good endpoint solution. It is very easy to manage and detect the threat immediately. It will take the necessa...

What is your experience regarding pricing and costs for Blackberry Protect?

The price is reasonable for us at the moment. I rate the overall solution an eight out of ten.

What needs improvement with Blackberry Protect?

I face challenges with the exclusion policy - it still scans folders we told it not to, causing issues. When we conta...

How does Crowdstrike Falcon compare with Darktrace?

Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing u...

How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?

The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never pu...

Is Crowdstrike Falcon better than Trend Micro Deep Security?

I like that Crowdstrike allows me to easily correlate data between my firewalls. What’s most useful for my needs is t...

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks

Comparisons

Compared 9% of the time

SentinelOne Singularity Endpoint vs Cortex XDR by Palo Alto Networks

Compared 5% of the time

Cortex XSIAM vs Cortex XDR by Palo Alto Networks

Compared 3% of the time

Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks

Compared 3% of the time

Trellix Endpoint Security Platform vs Cortex XDR by Palo Alto Networks

Compared 2% of the time

More Cortex XDR by Palo Alto Networks Competitors

VMware Carbon Black Endpoint vs BlackBerry Cylance Cybersecurity

Compared 7% of the time

Symantec Endpoint Security vs BlackBerry Cylance Cybersecurity

Compared 6% of the time

SentinelOne Singularity Endpoint vs BlackBerry Cylance Cybersecurity

Compared 6% of the time

Deep Instinct Prevention Platform vs BlackBerry Cylance Cybersecurity

Compared 5% of the time

Microsoft Defender for Endpoint vs BlackBerry Cylance Cybersecurity

Compared 4% of the time

More BlackBerry Cylance Cybersecurity Competitors

Microsoft Defender for Endpoint vs CrowdStrike Falcon

Compared 3% of the time

Fortinet FortiEDR vs CrowdStrike Falcon

Compared 3% of the time

Microsoft Defender XDR vs CrowdStrike Falcon

Compared 3% of the time

SentinelOne Singularity Endpoint vs CrowdStrike Falcon

Compared 2% of the time

Microsoft Sentinel vs CrowdStrike Falcon

Compared 2% of the time

More CrowdStrike Falcon Competitors

Product Reports

Cortex XDR by Palo Alto Networks

Download Cortex XDR by Palo Alto Networks product report

BlackBerry Cylance Cybersecurity

Download BlackBerry Cylance Cybersecurity product report

CrowdStrike Falcon

Download CrowdStrike Falcon product report

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps

Blackberry Protect

CrowdStrike Falcon XDR, CrowdStrike Falcon Threat Intelligence, CrowdStrike Identity Protection, CrowdStrike Falcon Surface, CrowdStrike Falcon Platform

Overview

Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.

Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.

What are the key features of Cortex XDR?

Advanced Threat Detection: Uses AI and machine learning for proactive threat identification.
Multi-layered Security: Combines various security measures for comprehensive protection.
Endpoint Protection: Safeguards against malware and exploits.
Behavioral Analysis: Monitors suspicious activity for early detection.
Automatic Threat Response: Automates responses to neutralize threats.

What benefits should users expect?

Ease of Use: Simplifies security management with intuitive design.
Resource Efficiency: Minimizes impact on system resources.
Integration Capabilities: Works well with existing security setups.
Reduced Analyst Workload: Automates processes to decrease manual intervention.

Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.

Palo Alto Networks

BlackBerry Cylance Cybersecurity leverages AI and machine learning for efficient malware detection and zero-day threat protection, offering robust endpoint security with high detection accuracy and low false positive rates.

BlackBerry Cylance Cybersecurity delivers advanced threat protection with AI-driven algorithms and machine learning. Its lightweight design ensures low system resource usage, making it both efficient and effective. It's recognized for centralized management, easy deployment, and a clean interface, providing comprehensive endpoint protection against diverse threats. The integration of features like CylanceOPTICS and behavioral monitoring enhances security insights. While the system excels in malware detection, enhancements are needed in areas like user interface design, reporting, deeper threat analysis, and integration with third-party systems. Support and pricing improvements could also increase competitiveness.

What are the key features of BlackBerry Cylance Cybersecurity?

AI and Machine Learning: Utilizes cutting-edge technology for malware and threat detection.
Zero-Day Protection: Safeguards against emerging threats without the need for constant updates.
Centralized Management: Simplifies deployment and management across devices.
CylanceOPTICS: Provides advanced security insights and behavioral monitoring.
Low Resource Usage: Ensures efficient operation with minimal system impact.

What benefits should users expect from BlackBerry Cylance Cybersecurity?

High Detection Accuracy: Reduces risk with minimal false positives.
Efficient Resource Management: Enhances performance with its lightweight design.
Proactive Threat Defense: Protects against a wide range of threats with centralized management.
Advanced Insights: Offers unique features for detailed security analysis.

Organizations deploy BlackBerry Cylance Cybersecurity for threat analytics, log management, and endpoint protection. As an antivirus replacement, it protects against zero-day malware, ransomware, and various threats. Its AI algorithms detect anomalies, minimizing risks in both internet-connected and isolated environments. Many businesses incorporate it into wider security strategies, appreciating its centralized management and proactive defense capabilities.

BlackBerry

CrowdStrike Falcon provides cutting-edge endpoint detection with automatic alerts, real-time monitoring, and seamless integration capabilities. Cloud-native architecture and AI-driven processes ensure scalable protection and efficient threat remediation.

CrowdStrike Falcon is recognized for its robust EDR and threat intelligence features that enhance security and streamline operations. Its lightweight agent minimizes system impact while offering real-time monitoring and detailed reporting. This platform uses cloud-native architecture for scalable, consistent protection, significantly reducing administrative demands. AI and machine learning empower precise threat hunting and behavioral analysis, which mitigates false positives and boosts cybersecurity efficiency. Users seek improvements in integration with other systems, reporting functions, and compatibility with specific operating systems. While the solution handles malware mitigation and threat response efficiently, suggestions for on-demand scanning, enhanced visibility, and better dashboard features are noted.

What are the key features of CrowdStrike Falcon?

Automatic Alert System: Provides instant alerts to enhance threat detection.
Robust EDR: Offers advanced endpoint detection capabilities.
Threat Intelligence: Delivers detailed insights for proactive security measures.
Real-time Monitoring: Enables continuous security assessments.
Seamless Integration Options: Streamlines operations with existing infrastructure.
Lightweight Agent: Minimizes system impact, maintaining performance efficiency.
Cloud-native Architecture: Provides scalable, consistent protection against threats.
AI and ML-driven Processes: Offers accurate threat hunting and behavioral analysis.

What benefits or ROI should users expect from CrowdStrike Falcon?

Enhanced Security: Comprehensive protection for endpoints using cutting-edge technologies.
Reduced Administrative Burden: Simplifies management of security incidents.
Efficient Threat Remediation: Minimizes downtime with quick threat response actions.
Improved Threat Visibility: Provides detailed reports and insights.
Scalable Protection: Ensures adaptable security measures across multiple devices.

In technology sectors, CrowdStrike Falcon commonly supports endpoint protection and threat response initiatives, allowing companies to replace traditional antivirus systems with more advanced solutions. In finance, it secures sensitive data across multiple platforms, ensuring compliance. In healthcare, real-time security analysis protects patient data on critical devices like servers and laptops, utilizing AI to enhance cybersecurity defenses.

CrowdStrike

Sample Customers

CBI Health Group, University Honda, VakifBank

Panasonic, Noble Energy, Apria Healthcare Group Inc., Charles River Laboratories, Rovi Corporation, Toyota, Kiewit

Information Not Available

BlackBerry Cylance Cybersecurity vs. CrowdStrike Falcon