No more typing reviews! Try our Samantha, our new voice AI agent.

BlackBerry Cylance Cybersecurity vs CrowdStrike Falcon comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 11, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Protection Platform (EPP)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Detection and Response (EDR) (6th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
BlackBerry Cylance Cybersec...
Ranking in Endpoint Protection Platform (EPP)
32nd
Average Rating
8.0
Reviews Sentiment
4.6
Number of Reviews
44
Ranking in other categories
No ranking in other categories
CrowdStrike Falcon
Ranking in Endpoint Protection Platform (EPP)
2nd
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
139
Ranking in other categories
Security Information and Event Management (SIEM) (5th), Threat Intelligence Platforms (TIP) (2nd), Endpoint Detection and Response (EDR) (1st), Extended Detection and Response (XDR) (1st), Attack Surface Management (ASM) (2nd), Identity Threat Detection and Response (ITDR) (1st), AI-Powered Cybersecurity Platforms (2nd)
 

Mindshare comparison

As of July 2026, in the Endpoint Protection Platform (EPP) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.8%, up from 3.7% compared to the previous year. The mindshare of BlackBerry Cylance Cybersecurity is 1.5%, up from 1.1% compared to the previous year. The mindshare of CrowdStrike Falcon is 5.9%, down from 10.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP) Mindshare Distribution
ProductMindshare (%)
CrowdStrike Falcon5.9%
Cortex XDR by Palo Alto Networks3.8%
BlackBerry Cylance Cybersecurity1.5%
Other88.8%
Endpoint Protection Platform (EPP)
 

Q&A Highlights

Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot
Jun 27, 2019
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Sooraj Makkancherrry - PeerSpot reviewer
Security Operations Manager at Philips
Doesn't have daily updates, which is important for healthcare IT
I face challenges with the exclusion policy - it still scans folders we told it not to, causing issues. When we contact support, they tell us to update the latest agent, but we can't do that immediately due to medical device protocols and validation testing. I wish support would try to understand our issues better instead of giving this standard response. The machine learning feature they use often tells us to upgrade the agent or add things to the exclusion list, which isn't unacceptable. It's a very good and new technology as a tool and antivirus. But sometimes, it doesn't work properly with our medical devices and products, quarantining files it shouldn't even after we add them to exclusions. This is tricky for us.
Chetan Bhati - PeerSpot reviewer
Network Security Engineer at Arrow PC Network Pvt Ltd
Cloud-native security has improved real-time threat detection and streamlined daily operations
While CrowdStrike Falcon is strong overall, there are a few areas where it could be improved. First, the user interface can be a bit complex for new users. Sometimes, navigating through different sections and understanding detailed alerts takes time, especially for teams without deep security expertise. The cost is also something to consider, as the features and additional modules can increase pricing, which may be a challenge for smaller teams. Additionally, some integrations with simpler reporting would be helpful. The onboarding process for new users is a bit challenging for beginners to understand all features and workflows in the product. More simplified documentation, step-by-step guides, and real-world examples could help new users get comfortable faster. A structured onboarding or basic training module would be very useful for teams who are new to endpoint security tools. In addition, having more in-product guidance and tooltips within the dashboard could make navigation easier and reduce the learning curve. Overall, improving training resources and onboarding support would make the platform more user-friendly, especially for new users.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It blocks malicious files, prevents attacks, and doesn't require many updates because it is a very light application."
"Its ability to react to cyber data attacks is awesome."
"Stability is one of the features we like the most."
"The one feature of Palo Alto Networks Traps that our organization finds most valuable is the App ID service."
"Stability-wise, it is good; I did not hear about any issues in terms of stability, and Cortex XDR by Palo Alto Networks can be trusted completely."
"Traps is quite a stable product. Once it was properly deployed and configured, you have nothing to be worried about."
"It's very stable. I've never experienced downtime for the ASM console or ASM core."
"Cortex XDR by Palo Alto Networks saves time in various ways, although the user interface is fairly standard."
"I find the actual overall endpoint malware protection the most valuable feature of CylancePROTECT."
"CylancePROTECT is going to tell you if there are any issues and you are going to be able to see everything from one single dashboard."
"The most valuable feature of CylancePROTECT is the support."
"The solution is very quick at easily changing the levels of protection for each computer and the server."
"The ROI is immense, particularly in less dedicated labor hours, and much more in terms of security, particularly when new security flaws have recently appeared."
"Its setup is simple if you have a Windows device; it is executable."
"We chose the solution because it doesn't have daily updates, which is important for us in healthcare IT, where network usage and connectivity to hospitals matter."
"The initial endpoint cost may seem a little high (~$55/device/year), but when you look at the total peace of mind that the solution of Cylance endpoint protection provides, with no reboots for updates, and negligible performance impact, it is well worth it."
"CrowdStrike Falcon has helped my customers predict and prevent potential breaches because of its proactive approach."
"Having CrowdStrike take that responsibility is a load off our backs."
"CrowdStrike Falcon has positively impacted my organization by providing good protection, logs, and reports, which I find very good."
"Among CrowdStrike Falcon's most valuable capabilities are its UEBA and SOAR functionalities, along with its seamless integration with any other SIEM solution."
"The most valuable feature of CrowdStrike Falcon for me is its unified sensor, applicable across all models."
"CrowdStrike Falcon helps with endpoint protection by having very low memory utilization and processor usage, so it doesn't impact the computer system performance, and the computer system works very fast compared to all other endpoint protection solutions."
"Everything we've done with CrowdStrike is due to Arctic Wolf. We don't even need to get alerts from CrowdStrike anymore. It'll send those to Arctic Wolf, and then Arctic Wolf analyzes those and let us know if there's a major issue."
"The automatic alert feature is the most important feature of the solution."
 

Cons

"The product's pricing could be better."
"Palo Alto Networks Cortex XDR does not detect malicious activity like in other anti-virus solutions like Trend Micro and Windows with Cisco."
"The solution can never really be an on-premises solution based simply on the way it is set up. It needs metadata to run and improve. Having an on-premises solution would cut it off from making improvements."
"There are some third-party solutions that are difficult to integrate with, which is something that can be improved."
"Cortex XDR by Palo Alto Networks could improve its user interface, which is more complicated compared to competitors such as SentinelOne."
"Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms."
"The solution should offer more dashboards and they should be better customized."
"Cortex XDR by Palo Alto Networks could improve by adding a sandbox feature to better compete with their competitors which have it."
"Technical support is bad. I am not happy with the level of support they offer."
"For example, the interface and the Cylance Optics need to be improved a fair bit."
"Reporting is an area with shortcomings in CylancePROTECT that needs to be improved."
"I would say one thing that they might need to bring in is protection for mobile devices."
"The management console needs a little maturity in how it presents data and allows the administrator to drill down or search across systems."
"It's a good solution but some features just need to be updated."
"The company that sells us the licenses sometimes doesn't know how to do certain things."
"The product does not do a lot of reporting on what it is taking care of. Enhanced reporting would be a welcome improvement."
"We would like to be able to perform on-demand scanning, rather than relying on the scheduler."
"The product is quite expensive."
"Whenever there is a feature release (upgrade) where we push to all the endpoints, it causes something to be blocked without us knowing."
"I would like a centralized deployment where I could roll out or push it to all endpoints."
"I would like them to improve the correlation of data in the search algorithms. When we run an investigation, malware, phishing, etc., I want to look at multiple endpoints at once to correlate that data to see the likenesses, e.g., how are they not alike or what systems and processes are running across those systems? I don't want to have to run the same search in their Spotlight module five, 10, 15, or 100 times to get 100 different results, copy that data out, and then correlate it on my own. In a very simple way, I want to be able to load up a comma-delimited list giving me the spotlight data on these X amount of hosts, letting me search for it quickly. We have had to go back to CrowdStrike, and say, "Our search are taking far too long for even one host." They did bump up the cores and that did improve performance, but it is still kind of slow to get that Spotlight data. That is probably our biggest pain point. I think that needs some help. I understand this kind of information access is probably not the easiest thing to do. It is probably a big ask depending on how their back-end is setup."
"They don't really have anything when it comes to scanning attachments."
"CrowdStrike Falcon by itself does not supply in-depth reporting."
"CrowdStrike Falcon could improve by adding manual scanning or serverless scanning. It is not available at this time."
 

Pricing and Cost Advice

"It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."
"If one wishes to work with another team or large number of users at a future point, he must purchase a license for them."
"The solution has one subscription for endpoint protection and one subscription for detection and response. The two licenses combined give you the BRO version."
"I feel it is fairly priced."
"The pricing is a little high. It is per user per year."
"It has a higher cost than other solutions, like CrowdStrike or Microsoft’s EDR tools, but it reduces the cost of our operations because it’s a new generation antivirus tool."
"We pay about $50,000 USD per year for a bundle that includes Cortex XDR."
"I don't like that they have different types of licenses."
"CylancePROTECT is an affordable solution."
"CylancePROTECT's pricing is reasonable, at about €18 per user, per year."
"It is expensive, but not unreasonable."
"The product cost is about $5, per user, per month."
"The initial end-point cost may seem a little high (~$55/device/year) but when you look at the total peace of mind that the solution provides, with no reboots for updates, and negligible performance impact, it is well worth it."
"The licensing part of the product is too expensive compared to other solutions in the market."
"I think that the price we are paying is good for what it is."
"The price is reasonable for us at the moment. I rate the overall solution an eight out of ten."
"We bought a very small number of licenses, then ran it for a year. We bought a 100 licenses for a year, so we didn't actually do a proof of concept. We just bought them. Then, the next year, we bought 10,000 licenses."
"There are three to four licensing models available to choose from for CrowdStrike Falcon. The price of CrowdStrike Falcon depends on the distributor and the reseller partner. The price we received was good."
"The price of CrowdStrike Falcon is expensive."
"In my opinion, the pricing of CrowdStrike Falcon seems aggressive."
"It has an annual license, and it is not that expensive."
"The price is high in comparison to similar brands."
"The price is too high."
"The pricing is definitely high but you get what you pay for, and it's not so high that it prices itself out of the market."
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
904,054 professionals have used our research since 2012.
 

Answers from the Community

Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot
Jun 27, 2019
Jun 27, 2019
Both Cylance and CrowdStrike are amongst the few top of the market in terms or endpoint protection. CrowdStrike was considered among the top 5 in 2017 and Cylance was considered the same in 2019. As they are both highly effective, CrowdStrike is very unique in its user-friendliness, while Cylance is very unique for its minimum utilization of computer's resources. If you compare initial pricing,...
2 out of 3 answers
Dan Brunnquell - PeerSpot reviewer
Director Of Information Technology at a financial services firm with 11-50 employees
Jun 25, 2019
I never used Cylance. We installed CrowdStrike on 6/6/19 and aside from a test file have had zero hits. CrowdStrike has some additional features available (at a cost). One that I am looking at is device control for USB storage devices for policy enforcement. Syslogs are being absorbed by my SIEM as well.
AA
IT Manager with 201-500 employees
Jun 26, 2019
Both Cylance and CrowdStrike are amongst the few top of the market in terms or endpoint protection. CrowdStrike was considered among the top 5 in 2017 and Cylance was considered the same in 2019. As they are both highly effective, CrowdStrike is very unique in its user-friendliness, while Cylance is very unique for its minimum utilization of computer's resources. If you compare initial pricing, you would go with Cylance, but you can always negotiate with both to get the best offers.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
11%
Comms Service Provider
9%
Construction Company
11%
Manufacturing Company
7%
Financial Services Firm
7%
Comms Service Provider
7%
Financial Services Firm
11%
Manufacturing Company
10%
Computer Software Company
9%
Government
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business33
Midsize Enterprise5
Large Enterprise14
By reviewers
Company SizeCount
Small Business55
Midsize Enterprise33
Large Enterprise63
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What is your experience regarding pricing and costs for Blackberry Protect?
The price is reasonable for us at the moment. I rate the overall solution an eight out of ten.
What needs improvement with Blackberry Protect?
I face challenges with the exclusion policy - it still scans folders we told it not to, causing issues. When we conta...
What is your primary use case for Blackberry Protect?
I am using CylancePROTECT as an active learning algorithm. We installed it on almost 20,000 servers and virtual machi...
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing u...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never pu...
Is Crowdstrike Falcon better than Trend Micro Deep Security?
I like that Crowdstrike allows me to easily correlate data between my firewalls. What’s most useful for my needs is t...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Blackberry Protect
CrowdStrike Falcon XDR, CrowdStrike Falcon Threat Intelligence, CrowdStrike Identity Protection, CrowdStrike Falcon Surface, CrowdStrike Falcon Platform
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Panasonic, Noble Energy, Apria Healthcare Group Inc., Charles River Laboratories, Rovi Corporation, Toyota, Kiewit
Information Not Available
Find out what your peers are saying about BlackBerry Cylance Cybersecurity vs. CrowdStrike Falcon and other solutions. Updated: June 2026.
904,054 professionals have used our research since 2012.