BloodHound Enterprise vs Cortex XSIAM comparison

SpecterOps and Palo Alto Networks are both solutions in the Identity Threat Detection and Response (ITDR) category. SpecterOps is ranked #7 with an average rating of 8.0, while Palo Alto Networks is ranked #6 with an average rating of 8.5. SpecterOps holds a 6.3% mindshare in ITDR, compared to Palo Alto Networks’s 5.7% mindshare. Additionally, 100% of SpecterOps users are willing to recommend the solution, compared to 100% of Palo Alto Networks users who would recommend it.

BloodHound Enterprise

Read 1 BloodHound Enterprise review

1,708 Views
605 Comparison Views

100% willing to recommend

Cortex XSIAM

Read 11 Cortex XSIAM reviews

566 Views
415 Comparison Views

100% willing to recommend

BloodHound Enterprise

Cortex XSIAM

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between BloodHound Enterprise and Cortex XSIAM based on real PeerSpot user reviews.

Find out what your peers are saying about Microsoft, CrowdStrike, SentinelOne and others in Identity Threat Detection and Response (ITDR).

To learn more, read our detailed Identity Threat Detection and Response (ITDR) Report (Updated: March 2025).

Buyer's Guide

Identity Threat Detection and Response (ITDR)

March 2025

Download the complete report

Helped 845,040 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

BloodHound Enterprise

Ranking in Identity Threat Detection and Response (ITDR)

7th

Average Rating

8.0

Reviews Sentiment

6.2

Number of Reviews

Ranking in other categories

No ranking in other categories

Cortex XSIAM

Ranking in Identity Threat Detection and Response (ITDR)

6th

Average Rating

8.6

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (17th), AI-Powered Cybersecurity Platforms (7th)

Mindshare comparison

As of April 2025, in the Identity Threat Detection and Response (ITDR) category, the mindshare of BloodHound Enterprise is 6.3%, up from 4.9% compared to the previous year. The mindshare of Cortex XSIAM is 5.7%, up from 1.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Identity Threat Detection and Response (ITDR)

Featured Reviews

Hasan Abufreiha

Cyber security enthusiast at a university with 51-200 employees

Has significantly influenced our security strategy as it helps us plan attacks and take initial steps in compromising networks

I haven't explored cost-saving aspects or utilized integration capabilities within BloodHound. Additionally, I haven't used AI features in Broadcom for threat detection yet, leaving that to our IT team to handle. If you're already familiar with the field, learning to use BloodHound Enterprise shouldn't be too tricky as the UI is user-friendly and the features are straightforward. I'd rate my overall experience around an eight, mainly due to occasional performance issues and deeper operational concerns. However, in terms of features, UI, and ease of use, it's top-notch.

Read full review

Forrest Stevens

Senior Manager - Security Operations at First Advantage Corporation

A robust security operation that ensures achieving automation, stability, and scalability

There is room for improvement in some areas, and I would highlight three key aspects. Firstly, the Attack Surface Management (ASM) module could benefit from more contextual depth. Currently, it tends to provide a broad overview without enriched context, and there's room for enhancement in this regard. Secondly, further integration capabilities with various other software products that can seamlessly tie into Cortex XSIAM would be advantageous. This would enhance its versatility and interoperability within a broader ecosystem. Regarding performance, there's potential for optimization. When multiple tabs are open in Cortex XSIAM, it can experience slowdowns, leading to longer load times for web pages. It's worth noting that this isn't a severe issue, and it doesn't entail waiting for extended periods, but there is room for improvement in terms of performance optimization.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The custom Cypress queries in BloodHound Enterprise is the most valuable feature."

"Cortex XSIAM enhances our ability to apply endpoint protection policies, implement restrictions, conduct scans, and engage in sandboxing."

"The most valuable features of Cortex XSIAM are the machine learning used to identify threats, the complexity of the environment of products, and efficiency."

"One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities."

"It operates on a single, extensive database which enables it to excel in detecting threats and anomalies across the network and endpoints, delivering a highly effective and comprehensive security solution."

"The most valuable feature is the integration capability."

"It does a better job of identifying anomalies that are more likely to be incidents of compromise without as many false positives or false negatives."

"The automation capabilities significantly improve response times by allowing us to respond to incidents from a single dashboard rather than navigating multiple dashboards."

"The flexibility for creating manual workflows stands out."

More Cortex XSIAM pros

Cons

"A few months ago, there was a problem with the digesters having trouble importing data from the normal digesters, a significant issue that needed attention."

"Further integration capabilities with various other software products that can seamlessly tie into Cortex XSIAM would be advantageous."

"The support could be a bit faster."

"I would rate the overall stability a six or seven, as we have only used it for a few months and need a year of experience to provide a full assessment."

"Cortex could improve the detection and online resolution of security vulnerabilities."

"It could provide more integration with a large variety of products."

"The standard integrations are very limited, and the integrations available are not listed in the marketplace."

"I am not sure if any improvements are needed right now."

"The platform isn't very developer-friendly and it should provide more flexibility and ease."

More Cortex XSIAM cons

Pricing and Cost Advice

Information not available

"In terms of pricing, we found Cortex XSIAM to offer a very reasonable and competitive rate."

"The solution is expensive compared to its competitors."

"Since Palo Alto is trying to get as many new customers as possible, they're offering very competitive pricing."

"The solution comes at a significant cost."

"The product cost could be considered value for money compared to other solutions in the market, though it is quite high."

See which vendors are best for you

Use our free recommendation engine to learn which Identity Threat Detection and Response (ITDR) solutions are best for your needs.

See recommendations

845,040 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

16%

Computer Software Company

11%

Manufacturing Company

Retailer

Computer Software Company

14%

Financial Services Firm

10%

Manufacturing Company

10%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What needs improvement with BloodHound Enterprise?

I don't have any specific improvements in mind, as I haven't encountered any significant issues with BloodHound Enterprise. However, a few months ago, there was a problem with the digesters having ...

See all answers

What is your primary use case for BloodHound Enterprise?

I mainly use BloodHound Enterprise for internal architecture planning, audits, and daily general testing engagements.

See all answers

What advice do you have for others considering BloodHound Enterprise?

See all answers

What do you like most about Cortex XSIAM?

It is an effective solution in terms of performance and functionalities.

See all answers

What is your experience regarding pricing and costs for Cortex XSIAM?

The product is very expensive. Additional integration and support are not provided by Cortex and must be purchased from partners. This adds to the cost and delays projects due to resource dependency.

See all answers

What needs improvement with Cortex XSIAM?

The standard integrations are very limited, and the integrations available are not listed in the marketplace. Obtaining validation for integrations from Palo Alto takes around eight months, which i...

See all answers

Comparisons

Microsoft Defender for Identity vs BloodHound Enterprise

Compared 34% of the time

Microsoft Entra ID Protection vs BloodHound Enterprise

Compared 29% of the time

CrowdStrike Falcon vs BloodHound Enterprise

Compared 19% of the time

Semperis Directory Services Protector vs BloodHound Enterprise

Compared 10% of the time

Veza vs BloodHound Enterprise

Compared 3% of the time

More BloodHound Enterprise Competitors

Palo Alto Networks Cortex XSOAR vs Cortex XSIAM

Compared 39% of the time

Microsoft Sentinel vs Cortex XSIAM

Compared 15% of the time

Splunk SOAR vs Cortex XSIAM

Compared 10% of the time

IBM Security QRadar vs Cortex XSIAM

Compared 10% of the time

CrowdStrike Falcon vs Cortex XSIAM

Compared 6% of the time

More Cortex XSIAM Competitors

Product Reports

Buyer's Guide

Identity Threat Detection and Response (ITDR)

March 2025

Download BloodHound Enterprise product report

Buyer's Guide

Security Information and Event Management (SIEM)

March 2025

Download Cortex XSIAM product report

Overview

BloodHound Enterprise is a powerful security tool designed to identify and mitigate potential risks within an organization's Active Directory environment. Its primary use case is to analyze the complex and interconnected relationships among users, groups, and computers, enabling administrators to proactively identify security vulnerabilities and prevent potential attacks.

The most valuable functionality of BloodHound Enterprise lies in its ability to map out the privilege escalation paths within an organization's network. By visualizing the paths attackers could take to gain unauthorized access, security teams can efficiently prioritize their remediation efforts.

BloodHound Enterprise offers advanced analytics to detect anomalies, such as users with excessive privileges or unusual access patterns, allowing for quick response and mitigation. This tool helps organizations by providing a comprehensive understanding of their Active Directory security posture. It empowers security teams to identify and remediate potential attack vectors, reducing the risk of data breaches and unauthorized access to critical systems. BloodHound Enterprise also aids in compliance efforts by highlighting security gaps and providing actionable insights to meet regulatory requirements.

With its ability to visualize and analyze complex relationships, identify privilege escalation paths, and detect anomalies, it helps organizations mitigate risks, enhance their security posture, and ensure compliance with industry regulations.

SpecterOps

Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.

Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.

What are Cortex XSIAM's key features?

Security Orchestration: Streamlines processes across security operations.
Automation and Response: Efficient incident response management.
Detection Enrichment: Enhances identification of threats.
Centralized Endpoint Security: Comprehensive protection and monitoring of endpoints.
Forensic Investigation: Automated investigation to expedite threat analysis.

What benefits are evident in Cortex XSIAM reviews?

Cost-Effectiveness: Provides economical options compared to other market players.
Comprehensive Integration: Seamlessly integrates with multiple data sources and vendors.
Reduced Management Effort: Simplifies the administration of security operations.
Enhanced Threat Detection: Strengthens identification and remediation processes.

Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.

Palo Alto Networks

Buyer's Guide

Identity Threat Detection and Response (ITDR)

March 2025

Download Free Report

Find out what your peers are saying about Microsoft, CrowdStrike, SentinelOne and others in Identity Threat Detection and Response (ITDR). Updated: March 2025.

DOWNLOAD NOW

845,040 professionals have used our research since 2012.

See our list of best Identity Threat Detection and Response (ITDR) vendors.

We monitor all Identity Threat Detection and Response (ITDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.