Cortex XDR by Palo Alto Networks and Microsoft Defender for Cloud are leading products in the endpoint protection and cloud security category. While both offer comprehensive features, Cortex XDR seems to have a stronger focus on real-time threat detection and advanced endpoint protection, whereas Microsoft Defender excels in workload protection with a strong emphasis on integrating across cloud services, offering extensive compliance features and security recommendations.
Features: Cortex XDR provides advanced detection capabilities, endpoint protection, and integration with network security tools. It emphasizes real-time threat detection and sandboxing, maintaining policy enforcement regardless of device location. Microsoft Defender for Cloud focuses on comprehensive workload protection, especially with cloud services, and provides tools for compliance and security across multiple cloud environments.
Room for Improvement: Cortex XDR faces challenges with cross-platform functionalities and lacks specific integrations, causing issues with threat removal and reporting. Users also note higher memory usage and complexity in setting up endpoints. Microsoft Defender for Cloud needs enhanced integrations, fewer false positives, and better dashboard visibility and remediation guidance. Its pricing structure could also be streamlined for user clarity.
Ease of Deployment and Customer Service: Cortex XDR supports both cloud and on-premises environments, though its implementation process can be complex and customer support is inconsistent. Microsoft Defender for Cloud provides smoother deployment within the Azure ecosystem and is generally praised for its customer service, although support integration and clarity can be improved.
Pricing and ROI: Cortex XDR is seen as expensive but justified by its robust features. It offers licensing flexibility but high costs are a concern for users. Microsoft Defender for Cloud has more competitive pricing, especially with Azure integrations, but users find potential hidden costs in subscription management. Both products deliver strong ROI with security enhancements and operational efficiencies.
They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.
Defender proactively indexes and analyzes documents, identifying potential threats even when inactive, enhancing preventative security.
Identifying potential vulnerabilities has helped us avoid costly data losses.
The biggest return on investment is the rapid improvement of security posture.
Every vendor has similar support; it depends on how the case is handled and raised.
Their support is efficient and responsive whenever I raise a ticket through my portal.
Since security is critical, we prefer a quicker response time.
The support team was very responsive to queries.
They understand their product, but much like us, they struggle with the finer details, especially with new features.
We are using infrastructure as a code, so we do not have any scalability issues with Microsoft Defender for Cloud implementation because our cloud automatically does it.
Defender won't replace our endpoint XDR, but it will likely adapt and support any growth in the Microsoft Cloud space.
There might be scalability issues as you scale up to large enterprises.
Cortex XDR is stable, offering high quality and reliable performance.
Defender's stability has been flawless for us.
Microsoft Defender for Cloud is very stable.
Microsoft sometimes changes settings or configurations without transparency.
The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products.
Cortex XDR could improve its sales support team, including better commission structures and referral programs.
Microsoft, in general, could significantly improve its communication and support.
It would be beneficial to streamline recommendations to avoid unnecessary alerts and to refine the severity of alerts based on specific environments or environmental attributes.
The artificial intelligence features could be expanded to allow the system to autonomously manage security issues without needing intervention from admins.
Cortex XDR is perceived as expensive by some customers, yet offers dynamic pricing.
Compared to competitors such as CrowdStrike and Sophos, the pricing of Cortex XDR by Palo Alto Networks is similar to CrowdStrike but more expensive than Sophos.
Every time we consider expanding usage, we carefully evaluate the necessity due to cost concerns.
We appreciate the licensing approach based on employee count rather than a big enterprise license.
Microsoft Defender for Cloud is pricey, especially for Kubernetes clusters.
It incorporates AI for normal behavior detection, distinguishing unusual operations.
The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.
The most valuable feature for me is the variety of APIs available.
This feature significantly aids in threat detection and enhances the user experience by streamlining security management.
The most valuable feature is the recommendations provided on how to improve security.
Cortex XDR by Palo Alto Networks delivers comprehensive endpoint security, integrating well with other systems to offer robust threat detection and real-time protection through AI-driven analytics.
Cortex XDR by Palo Alto Networks offers advanced endpoint protection and threat detection through AI and behavior-based analytics. Its user-friendly design simplifies integration with firewalls, delivering multi-layered protection with low resource consumption. Valued for policy management, USB control, and incident correlation, Cortex XDR enhances threat management and real-time threat hunting capabilities. However, users note challenges with third-party integration, reporting, and dashboard automation. Agent performance across operating systems and memory consumption are areas for improvement, alongside reducing false positives and simplifying endpoint management and setup.
What features does Cortex XDR offer?Cortex XDR is crucial in industries requiring robust endpoint protection, such as finance, healthcare, and technology. It supports malware detection, behavioral analysis, and ransomware mitigation across endpoints, including remote work environments, providing comprehensive threat visibility and security policy management. The solution's integration with firewalls and specialized industry requirements enhances security posture in diverse operational settings.
Microsoft Defender for Cloud is a comprehensive security solution that provides advanced threat protection for cloud workloads. It offers real-time visibility into the security posture of cloud environments, enabling organizations to quickly identify and respond to potential threats. With its advanced machine learning capabilities, Microsoft Defender for Cloud can detect and block sophisticated attacks, including zero-day exploits and fileless malware.
The solution also provides automated remediation capabilities, allowing security teams to quickly and easily respond to security incidents. With Microsoft Defender for Cloud, organizations can ensure the security and compliance of their cloud workloads, while reducing the burden on their security teams.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.