Try our new research platform with insights from 80,000+ expert users

Cortex XDR by Palo Alto Networks vs Rapid7 InsightIDR comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Ranking in Extended Detection and Response (XDR)
7th
Average Rating
8.4
Reviews Sentiment
7.4
Number of Reviews
90
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (4th)
Rapid7 InsightIDR
Ranking in Extended Detection and Response (XDR)
14th
Average Rating
8.4
Reviews Sentiment
7.4
Number of Reviews
32
Ranking in other categories
Security Information and Event Management (SIEM) (9th), User Entity Behavior Analytics (UEBA) (2nd), Endpoint Detection and Response (EDR) (18th), Threat Deception Platforms (5th)
 

Mindshare comparison

As of April 2025, in the Extended Detection and Response (XDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 5.6%, down from 6.8% compared to the previous year. The mindshare of Rapid7 InsightIDR is 2.7%, up from 2.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR)
 

Featured Reviews

Mohammad Qaw - PeerSpot reviewer
Perfect correlation and XDR capabilities for network traffic plus endpoint security
The solution should force customers to integrate with network traffic to see the full benefits of XDR. If you are not integrating it or feeding in your network traffic, then you are just buying a normal antivirus which doesn't make any sense. You are paying double the price to use the antivirus feature or to say you have XDR, but in reality you are not using it. The solution should include an on-premises option because some customers want only on-premises. It would be hard, but good to do if possible. Open XDR would be beneficial in the future. Right now, the solution is Closed XDR so cannot communicate with the few new vendors in the Open XDR market.
Asim Naeem - PeerSpot reviewer
Providing comprehensive insight into alerts while working towards AI enhancement
I definitely recommend Rapid7 InsightIDR. It is becoming better, with improvements being continuously made to the product. Right now, I do not have any advice about Rapid7 for other users because every organization or user has different criteria or multiple use cases, so I refrain from commenting on that. I rate the overall solution seven out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It has pretty much everything we need and works well within the Palo Alto ecosystem."
"The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine."
"The product's most valuable features are massive user and feature intelligence exploit detection."
"The product's initial setup phase is very easy."
"One thing that I like about Cortex XDR by Palo Alto Networks, it is detecting all the suspicious or malicious binaries, and it has integration with Palo Alto Firewall."
"It's a nice product that's stable and scalable."
"Cortex XDR is a very capable solution for protecting large networks and a lot of endpoints. It's very useful because the automation is very high, and if you combine it with the features on Palo Alto firewalls, it provides very strong protection."
"The protection offered by this product is good, as is the endpoint reporting."
"Another very important part of insightIDR is the ability to collect data from endpoint devices via agent software. With a large remote workforce, this allows visibility into the endpoints that are connected to the internet, but not to the corporate network."
"It improved my organization by building a security alerting program."
"The ability to ingest Office 365 log files, then process them into events and display them on a map."
"The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days."
"The UI is very good."
"I definitely recommend Rapid7 InsightIDR."
"The solution is very scalable in terms of the licensing model."
"I rate Rapid7 nine out of 10 for affordability"
 

Cons

"The playbooks could be improved to include more functionalities or actions."
"In general, the price could be more competitive."
"The encryption is not up to the mark."
"Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want."
"A little bit more automation would be nice."
"They've been having some issues with updating their endpoint agents, and it has been quite frustrating."
"Product might have some bugs."
"The setup is quite easy. We had appropriate support from the manager. One thing that was missing was the integration part."
"The APIs can be further improved in Rapid7."
"The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in."
"One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."
"Needs a better ability to customize the check within the console."
"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
"Inability to get access to compliance reports within the solution."
"I feel it would greatly benefit from more supported log sources."
"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."
 

Pricing and Cost Advice

"Our license will require renewal in August, after which the maintenance will continue as usual."
"I don't like that they have different types of licenses."
"Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance."
"The pricing is a little bit on the expensive side."
"Its pricing is kind of in line with its competitors and everybody else out there."
"The pricing seems fair, and I do like the licensing model. You use wherever they are, and it is elastic."
"Cortex XDR by Palo Alto Networks is an expensive solution."
"It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff."
"The solution has a mid-range price point in the market"
"​I am sure that there are cheaper products out there, but none that meet so many of our needs whilst maintaining stability and usability.​"
"Rapid7 InsightIDR is priced very well and is cost-effective."
"Rapid7 InsightIDR charges us based on the endpoints we connect to."
"I rate Rapid7 InsightIDR's price a four on a scale of one to ten, where one is cheap, and ten is expensive."
"The pricing and licensing are competitive."
"Rapid7 InsightIDR's pricing is reasonable."
"Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help."
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
9%
Government
8%
Manufacturing Company
7%
Computer Software Company
16%
Financial Services Firm
9%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that are very scalable, secure, and user-friendly. Cortex XDR by Palo Alto offers ...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What do you like most about Rapid7 InsightIDR?
During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an applicati...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
InsightIDR
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Liberty Wines, Pioneer Telephone, Visier
Find out what your peers are saying about Cortex XDR by Palo Alto Networks vs. Rapid7 InsightIDR and other solutions. Updated: February 2025.
845,040 professionals have used our research since 2012.