Try our new research platform with insights from 80,000+ expert users

Cortex XDR by Palo Alto Networks vs Microsoft Defender for Cloud comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 12, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.7
Cortex XDR secures data, reduces malware, lowers costs, and replaces systems, enhancing user satisfaction and operational efficiency.
Sentiment score
7.2
Microsoft Defender for Cloud offers cost-effective security, enhancing efficiency and preventing breaches through seamless Azure integration and proactive features.
They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.
Defender proactively indexes and analyzes documents, identifying potential threats even when inactive, enhancing preventative security.
Identifying potential vulnerabilities has helped us avoid costly data losses.
The biggest return on investment is the rapid improvement of security posture.
 

Customer Service

Sentiment score
6.6
Cortex XDR support is praised for responsiveness but criticized for delayed responses and knowledge gaps in certain regions.
Sentiment score
6.6
Microsoft Defender for Cloud support is effective, but satisfaction varies based on support tier and representative expertise.
Every vendor has similar support; it depends on how the case is handled and raised.
Their support is efficient and responsive whenever I raise a ticket through my portal.
Since security is critical, we prefer a quicker response time.
The support team was very responsive to queries.
They understand their product, but much like us, they struggle with the finer details, especially with new features.
 

Scalability Issues

Sentiment score
7.6
Cortex XDR offers scalable, efficient data handling across Linux, Mac, and Windows, praised for simplifying large enterprise management.
Sentiment score
7.8
Microsoft Defender for Cloud is praised for its scalability, supporting diverse organization sizes and efficient handling of workloads.
We are using infrastructure as a code, so we do not have any scalability issues with Microsoft Defender for Cloud implementation because our cloud automatically does it.
Defender won't replace our endpoint XDR, but it will likely adapt and support any growth in the Microsoft Cloud space.
There might be scalability issues as you scale up to large enterprises.
 

Stability Issues

Sentiment score
8.1
Cortex XDR is praised for its stability and reliability, with minor issues noted but generally offering seamless protection.
Sentiment score
7.7
Microsoft Defender for Cloud is stable and reliable, with minor issues in portal access and agent deployment noted.
Cortex XDR is stable, offering high quality and reliable performance.
Defender's stability has been flawless for us.
Microsoft Defender for Cloud is very stable.
Microsoft sometimes changes settings or configurations without transparency.
 

Room For Improvement

Cortex XDR struggles with integration, high memory, false positives, limited features, complex setup, and lacks enhanced support and customization.
Microsoft Defender for Cloud needs improvements in usability, integration, customization, pricing, and comprehensive documentation to enhance its utility.
The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products.
Cortex XDR could improve its sales support team, including better commission structures and referral programs.
Microsoft, in general, could significantly improve its communication and support.
It would be beneficial to streamline recommendations to avoid unnecessary alerts and to refine the severity of alerts based on specific environments or environmental attributes.
The artificial intelligence features could be expanded to allow the system to autonomously manage security issues without needing intervention from admins.
 

Setup Cost

Enterprise buyers view Cortex XDR as expensive yet flexible, offering scalable licensing with varying costs based on features and users.
Microsoft Defender for Cloud offers competitive pricing but may incur hidden costs, affecting budgeting and cost-effectiveness evaluations.
Cortex XDR is perceived as expensive by some customers, yet offers dynamic pricing.
Compared to competitors such as CrowdStrike and Sophos, the pricing of Cortex XDR by Palo Alto Networks is similar to CrowdStrike but more expensive than Sophos.
Every time we consider expanding usage, we carefully evaluate the necessity due to cost concerns.
We appreciate the licensing approach based on employee count rather than a big enterprise license.
Microsoft Defender for Cloud is pricey, especially for Kubernetes clusters.
 

Valuable Features

Cortex XDR excels in cybersecurity with advanced detection, ease of use, and integration, offering scalable, efficient threat management.
Microsoft Defender for Cloud enhances security with AI-driven detection, multi-cloud support, compliance management, and seamless integration with Microsoft Sentinel.
It incorporates AI for normal behavior detection, distinguishing unusual operations.
The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.
The most valuable feature for me is the variety of APIs available.
This feature significantly aids in threat detection and enhances the user experience by streamlining security management.
The most valuable feature is the recommendations provided on how to improve security.
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Average Rating
8.4
Reviews Sentiment
7.4
Number of Reviews
90
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (7th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (4th)
Microsoft Defender for Cloud
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
75
Ranking in other categories
Vulnerability Management (7th), Container Management (9th), Container Security (4th), Cloud Workload Protection Platforms (CWPP) (2nd), Cloud Security Posture Management (CSPM) (4th), Cloud-Native Application Protection Platforms (CNAPP) (4th), Data Security Posture Management (DSPM) (3rd), Microsoft Security Suite (4th), Compliance Management (3rd)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Cortex XDR by Palo Alto Networks is designed for Endpoint Protection Platform (EPP) and holds a mindshare of 3.9%, down 5.1% compared to last year.
Microsoft Defender for Cloud, on the other hand, focuses on Cloud Workload Protection Platforms (CWPP), holds 13.9% mindshare, down 17.0% since last year.
Endpoint Protection Platform (EPP)
Cloud Workload Protection Platforms (CWPP)
 

Featured Reviews

Mohammad Qaw - PeerSpot reviewer
Perfect correlation and XDR capabilities for network traffic plus endpoint security
The solution should force customers to integrate with network traffic to see the full benefits of XDR. If you are not integrating it or feeding in your network traffic, then you are just buying a normal antivirus which doesn't make any sense. You are paying double the price to use the antivirus feature or to say you have XDR, but in reality you are not using it. The solution should include an on-premises option because some customers want only on-premises. It would be hard, but good to do if possible. Open XDR would be beneficial in the future. Right now, the solution is Closed XDR so cannot communicate with the few new vendors in the Open XDR market.
Vibhor Goel - PeerSpot reviewer
A single tool for complete visibility and addressing security gaps
Currently, issues are structured in Microsoft Defender for Cloud at severity levels of high, critical, or warning, but these severity levels are not always right. For example, Microsoft might consider a port being open as critical, but that might not be the case for our company. Similarly, it might suggest closing some management ports, but you might need them to be able to log in, so the severity levels for certain things can be improved. Even though Microsoft Defender for Cloud provides a way to temporarily disable certain alerts or notifications without affecting our security score, it would be better to have more granularized control over these recommendations. Currently, we cannot even disable certain alerts or notifications. There should be an automated mechanism to design Azure policies based on the recommendations, possibly with AI integration. Instead of an engineer having to write a policy to fix security gaps, which is very time-consuming, there should be an inbuilt capability to auto-remediate everything and have proper control in place. Additionally, enabling Defender for Cloud at the resource group level, rather than only at the subscription level, would be beneficial.
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
844,944 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
9%
Government
8%
Manufacturing Company
7%
Computer Software Company
14%
Financial Services Firm
13%
Manufacturing Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that are very scalable, secure, and user-friendly. Cortex XDR by Palo Alto offers ...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
How is Prisma Cloud vs Azure Security Center for security?
Azure Security Center is very easy to use, integrates well, and gives very good visibility on what is happening across your ecosystem. It also has great remote workforce capabilities and supports a...
What do you like most about Microsoft Defender for Cloud?
The entire Defender Suite is tightly coupled, integrated, and collaborative.
What is your experience regarding pricing and costs for Microsoft Defender for Cloud?
Initially, the cost was reasonable, but additional services from Microsoft sometimes incur extra expenses that seem higher than expected.
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Microsoft Azure Security Center, Azure Security Center, Microsoft ASC, Azure Defender
 

Interactive Demo

Demo not available
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Microsoft Defender for Cloud is trusted by companies such as ASOS, Vatenfall, SWC Technology Partners, and more.
Find out what your peers are saying about Cortex XDR by Palo Alto Networks vs. Microsoft Defender for Cloud and other solutions. Updated: September 2023.
844,944 professionals have used our research since 2012.