Try our new research platform with insights from 80,000+ expert users

Cortex XDR by Palo Alto Networks vs Vectra AI comparison

Palo Alto Networks and Vectra AI are both solutions in the Extended Detection and Response (XDR) category. Palo Alto Networks is ranked #7 with an average rating of 8.6, while Vectra AI is ranked #9 with an average rating of 8.2. Additionally, 95% of Palo Alto Networks users are willing to recommend the solution, compared to 97% of Vectra AI users who would recommend it.
Cortex XDR by Palo Alto Net...
Read 91 Cortex XDR by Palo Alto Networks reviews
  • 9,588 Views
  • 5,551 Comparison Views
95% willing to recommend
Vectra AI
Read 43 Vectra AI reviews
  • 5,073 Views
  • 2,566 Comparison Views
97% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Oct 8, 2024

Vectra AI and Cortex XDR by Palo Alto Networks compete in the cybersecurity category. Cortex XDR seems to have the upper hand due to its robust feature set and comprehensive integration, although Vectra AI's pricing and support are well-regarded.

Features: Vectra AI is known for effective threat detection, AI-driven analysis, and scalability. Cortex XDR stands out with seamless data integration, advanced analytics, and broad coverage of security endpoints, providing a holistic security solution.

Room for Improvement: Vectra AI requires better reporting functionalities, improved system compatibility, and quicker response times. Cortex XDR needs enhanced alert customization, faster response time, and a more intuitive alert system.

Ease of Deployment and Customer Service: Vectra AI is straightforward to deploy with generally helpful customer service, though some delays are noted. Cortex XDR's deployment is complex, but customer service is praised for responsiveness and expertise.

Pricing and ROI: Vectra AI's competitive initial setup cost is favored, with users noting satisfactory ROI. Cortex XDR users encounter higher setup costs but justify them with impressive ROI from comprehensive threat management, seeing it as a worthwhile investment despite the higher price point.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Cortex XDR by Palo Alto Networks vs. Vectra AI Report (Updated: December 2024).
Buyer's Guide
Cortex XDR by Palo Alto Networks vs. Vectra AI
December 2024
Download the complete report
Helped 825,566 peers since 2012
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Ranking in Extended Detection and Response (XDR)
7th
Ranking in AI-Powered Cybersecurity Platforms
4th
Average Rating
8.4
Reviews Sentiment
7.4
Number of Reviews
91
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Ransomware Protection (2nd)
Vectra AI
Ranking in Extended Detection and Response (XDR)
9th
Ranking in AI-Powered Cybersecurity Platforms
5th
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
43
Ranking in other categories
Intrusion Detection and Prevention Software (IDPS) (2nd), Network Detection and Response (NDR) (2nd), Identity Threat Detection and Response (ITDR) (5th)
 

Featured Reviews

Mohammad Qaw - PeerSpot reviewer
Perfect correlation and XDR capabilities for network traffic plus endpoint security
The solution should force customers to integrate with network traffic to see the full benefits of XDR. If you are not integrating it or feeding in your network traffic, then you are just buying a normal antivirus which doesn't make any sense. You are paying double the price to use the antivirus feature or to say you have XDR, but in reality you are not using it. The solution should include an on-premises option because some customers want only on-premises. It would be hard, but good to do if possible. Open XDR would be beneficial in the future. Right now, the solution is Closed XDR so cannot communicate with the few new vendors in the Open XDR market.
Read full review
Tony Whelton - PeerSpot reviewer
Integrates well with other security solutions and provides good technical support
The biggest feature for us, because we are heavy Microsoft users, is its integration with Office 365. On top of Vectra AI, we use all of the Microsoft security platforms, such as Defender ATP and Sentinel. Having full integration and a central platform to look at all of the threats that are coming through from the different platforms is a huge benefit for us. With one nice front dashboard, we can look at the high-volume threats rather than all of the noise. We do get a lot of noise as our students all own their own devices. With Vectra AI, we can look at threats in a controlled manner, which saves us an extraordinary amount of time. Even if I doubled the manpower, I doubt that I would still have the same visibility that I have with the correct security platform. Vectra AI's Threat Detection and Response platform has done remarkably well. We're well-versed in using the security dashboard from Microsoft Defender, and we're at the stage where we are checking both. We haven't fully switched to relying on only the Vectra dashboard yet. In terms of Vectra AI Attack Signal Intelligence for empowering security analysts within our organization, we have complete faith in the data that's coming through from Vectra. If we could also have what's happening at the front-end, that is, the firewall, then it would give us the complete security front dashboard.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We can use Cortex XDR to get the entire graph of the incidents from source to destination, and we can take remedial action."
"It is an easy-to-use tool."
"This software helps us understand any issues that may arise when someone is not at work."
"If any application performs suspicious activities, such as changing registries or modifying other applications, Cortex XDR detects and blocks the entire application."
"Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place."
"They have a new GUI which is just fantastic."
"The solution allows control over the user and his machine through Cortex XDR security policies."
"Cortex XDR is a simple platform that's easy for administrators and users. You have a lot of flexibility to change or customize the features."
More Cortex XDR by Palo Alto Networks pros
"It's important for us that the user interface is easy to understand and that is the biggest benefit we see from Vectra AI."
"It is doing some artificial intelligence. If it sees a server doing a lot of things, then it will assume that is normal. So, it is looking for anomalous behavior, things that are out of context which helps us reduce time. Therefore, we don't have to look in all the logs. We just wait for Vectra to say, "This one is behaving strange," then we can investigate that part."
"The most useful feature is the anomaly detection because it's not signature-based. It picks up the initial part of any attack, like the recon and those aspects of the kill chain, very well."
"Scalability wise, we have many sensors, and Vectra AI seems to handle them all very well."
"Vectra AI is the best. It is a major product in our cybersecurity."
"The packet-capturing feature is very useful."
"The key feature for me for Detect for Office 365 is that it can also concentrate all the information and detection at one point, the same as the network solution does. This is the key feature for me because, while accessing data from Office 365 is possible using Microsoft interfaces, they are not really user-friendly and are quite confusing to use. But Detect for Office 365 is aggregating all the info, and it's only the interesting stuff."
"The core product provides excellent visibility, but my favorite feature is Vectra Recall."
More Vectra AI pros
 

Cons

"It tends to do 99.9% of things. The only thing I'd like is single sign-on authentication into their cloud platform so that my users can be properly authenticated against it."
"There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, is not user-friendly."
"The encryption is not up to the mark."
"It's more focused on network communication. If a customer wants to increase the level of protection and start working with documents, it's impossible to integrate these features into the system. It's more of a communication-oriented system than a content security-oriented system."
"Currently, we are monitoring all USB drives and ports but we would like to improve our device control capabilities."
"The price could be a little lower."
"Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."
"Cortex XDR could improve its sales support team, including better commission structures and referral programs."
More Cortex XDR by Palo Alto Networks cons
"There could be an option where Vectra manages the solution remotely, and when there is an attack, there could be a notification center to give us information about the attack."
"We are using SMB 3.0, which is an encrypted protocol. When we get some alerts or something, we cannot go deep into the protocol to see what's wrong because it's encrypted. We need to decrypt the protocol in another way, which is quite difficult. We might go back to SMB 2.0 just for this reason, but that's not a good solution."
"You are always limited with visibility on the host due to the fact that it is a network based tool. It gives you visibility on certain elements of the attack path, but it doesn't necessarily give you visibility on everything. Specifically, the initial intrusion side of things that doesn't necessarily see the initial compromise. It doesn't see stuff that goes on the host, such as where scripts are run. Even though you are seeing traffic, it doesn't necessarily see the malicious payload. Therefore, it's very difficult for it to identify these type of host-driven complex attacks."
"Some of the customization could be improved. Everything is provided for you as an easy solution to use, but working with it and doing specific development could be worked on a bit more in the scope of an incident response team."
"I would like to see data processed onshore. Right now, the cloud components, like Office 365, must be processed on servers outside of Australia. I would like to see a future adoption of onshore processing."
"What is most important for us is to have one place where we can manage a few brains because we are based on a zero-trust network. As a result, each customer needs to have a separate brain. For the SOC team, we need to have one place where the SOC analyst can go to visit the website and from that site manage all of the customers. Right now, Vectra AI doesn't have this capability, and I would really like to have this feature."
"The rules for threats are not always precise and Vectra AI should improve this."
"One of the things that we are missing a bit is the capability to add our own rules to it. At the moment, the tech engine does its thing, but we have some cool ideas to make additional rules. There should be an option in the platform to add custom rules, or there should be some kind of user group where we can suggest them for the roadmap and see if they get evaluated and get transparent communication on whether they will be implemented in the product or not."
More Vectra AI cons
 

Pricing and Cost Advice

"The price of the solution could be reduced. I have customers that have voiced that the solution is good for the value but if I want to sell more of the solution the price reduction would help."
"We didn't have to pay any additional fee for the cloud instance. It just came with the renewal, which was nice."
"Our license will require renewal in August, after which the maintenance will continue as usual."
"Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance."
"The tool's price is moderate."
"The price of the product is not very economical."
"Cortex XDR’s pricing is very reasonable."
"The pricing is a little bit on the expensive side."
More Cortex XDR by Palo Alto Networks pricing and cost advice
"Vectra's licensing model could scale to our research network, which has multiple, 100-gigabit links."
"Their licensing model is antiquated. I'm not a fan of their licensing model. We have to pay for licensing based on four different things. You have to pay based on the number of unique IPs, the number of logs that we send through Recall and Stream, and the size of our environment. They need to simplify their licensing down to just one thing. It should be based on the amount of data, the number of devices, or something else, but there should be just one thing for everything. That's what they need to base their licensing on. Cost-wise, they're not cheap. They were definitely the most expensive option, but you get what you pay for. They're not the cheapest option."
"Vectra's pricing is too high. All schools will not be able to afford it. Vectra will only end up targeting higher education and higher value independence purely because of the price. A lot of schools would love to have a product like Vectra AI, but they simply can't because they struggle to even pay the high E5 licensing from Microsoft. When you're up against that, Vectra AI is never going to be within the sector's price range."
"We are running at about 90,000 pounds per year. The solution is a licensed cost. The hardware that they gave us was pretty much next to nothing. It is the license that we're paying for."
"From a licensing perspective, the Vectra detect platform is pretty doable. Also, the hardware prices are nothing that we're not used to. The stream part is a little overpriced compared to the detect part. The reason is that you need to stream data to detect events anyway, so the data is in there. The only thing that's not available is the UI to be able to look at the stream data, which is also on the appliances but is just not activated. That's mainly the thing that we want to improve on."
"There are additional features that can be purchased in addition to the standard licensing fee, such as Cognito Recall and Stream."
"Vectra AI's pricing is cheaper than that of Darktrace."
"Cost is a big factor, as always. However, I think we have a very good price–performance ratio."
More Vectra AI pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
See recommendations
825,566 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
9%
Government
8%
Manufacturing Company
7%
Computer Software Company
15%
Financial Services Firm
12%
Manufacturing Company
7%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. The ability to reverse damage caused by ransomware with minimal interruptions to...
See all answers
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions that are very scalable, secure, and user-friendly. Cortex XDR by Palo Alto offers ...
See all answers
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface, applies behavioral-based endpoint protection and response, and includes risk-ba...
See all answers
What is the biggest difference between Corelight and Vectra AI?
The two platforms take a fundamentally different approach to NDR. Corelight is limited to use cases that require the eventual forwarding of events and parsed data logs to a security team’s SIEM or ...
See all answers
What do you like most about Vectra AI?
The solution is currently used as a central threat detection and response system.
See all answers
What is your experience regarding pricing and costs for Vectra AI?
Vectra is cheaper in terms of pricing and features compared to Darktrace.
See all answers
 

Comparisons

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks Logo
Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks
Compared 13% of the time
Darktrace vs Cortex XDR by Palo Alto Networks Logo
Darktrace vs Cortex XDR by Palo Alto Networks
Compared 8% of the time
CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks Logo
CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks
Compared 7% of the time
Wazuh vs Cortex XDR by Palo Alto Networks Logo
Wazuh vs Cortex XDR by Palo Alto Networks
Compared 5% of the time
Check Point Harmony Endpoint vs Cortex XDR by Palo Alto Networks Logo
Check Point Harmony Endpoint vs Cortex XDR by Palo Alto Networks
Compared 4% of the time
More Cortex XDR by Palo Alto Networks Competitors
Darktrace vs Vectra AI Logo
Darktrace vs Vectra AI
Compared 35% of the time
ExtraHop Reveal(x) vs Vectra AI Logo
ExtraHop Reveal(x) vs Vectra AI
Compared 12% of the time
Cisco Secure Network Analytics vs Vectra AI Logo
Cisco Secure Network Analytics vs Vectra AI
Compared 6% of the time
Corelight vs Vectra AI Logo
Corelight vs Vectra AI
Compared 5% of the time
Arista NDR vs Vectra AI Logo
Arista NDR vs Vectra AI
Compared 5% of the time
More Vectra AI Competitors
 

Product Reports

Buyer's Guide
Cortex XDR by Palo Alto Networks
December 2024
Cortex XDR by Palo Alto Networks reportDownload Cortex XDR by Palo Alto Networks product report
Buyer's Guide
Vectra AI
December 2024
Vectra AI reportDownload Vectra AI product report
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Vectra Networks, Vectra AI NDR
 

Learn More

Palo Alto Networks
Vectra AI
 

Overview

Cortex XDR by Palo Alto Networks is the first threat detection and response software to combine both visibility across all types of data as well as autonomous machine learning analytics. Threat detection very often requires analysts to divide their attention among many different data streams. This platform unifies a vast variety of data flows, which allows analysts to assess threats from a single location. Users can now maintain a level of visibility that other threat detection programs simply cannot offer. This level of transparency lends itself to both quick identification of problems that arise and the equally quick development of a potential solution.

Cortex XDR’s machine learning works on many different levels to detect and prevent threats. It is constantly scanning for threats and vulnerabilities. The solution can scan up to 5.4 billion IP addresses in three-quarters of an hour. This allows it to spot weak points in the system and notify administrators long before hackers can take advantage of vulnerabilities. Once the Artificial Intelligence (AI) discovers an issue or an area where an issue could potentially take place the system creates a log of the information and subsequently sends an alert to system administrators. The AI takes the information that it has gathered and uses it to assign threat levels to the issues that it detects. Following this, a human analyst will be assigned to manually assess the issue and deal with it accordingly. You can set it to automatically respond to the threat by isolating the issue while analysts investigate it.

Benefits of Cortex XDR

Some of Cortex XDR’s benefits include:

  • The use of advanced AI analytics, behavior analytics, and custom-made detection to detect advanced threats before they occur.
  • The ability to group similar threat alerts, reducing incoming alerts by as much as 98%. This allows analysts to avoid being overwhelmed by the volume of incoming alerts.
  • The ability to investigate threats as much as 8 times faster than would be possible with other software. The machine learning, when coupled with the unified data stream that Cortex XDR collects, significantly increases the ability to more quickly discover the root cause of a threat.

Reviews from Real Users

Cortex XDR by Palo Alto Networks software stands out among its competitors for a number of reasons. Two major ones are its ability to isolate threats while enabling them to be studied and the way that the software combines all of the data that it gathers into a single, more complete picture than other solutions offer.

PeerSpot users note the effectiveness of these features. A network designer at a computer software company wrote, “The solution has a very helpful isolation feature. If any system gets compromised, with one click I can access the system and isolate it from other networks, and then go into further forensic investigation of the current threat without compromising anything else.”

Jeff W., Vice President/CTO at Sinnott Wolach Technology Group, noted, “The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly.”



Vectra AI is used for detecting network anomalies and potential malicious activities, providing visibility into network traffic and enhancing threat detection across environments.

Organizations deploy Vectra AI mainly on-premises with additional cloud components. It helps with compliance, incident response, security monitoring, detecting insider threats, and correlating network events. Vectra AI captures and enriches network metadata, provides detailed dashboards, reduces false positives, and supports cross-environment behavioral analysis to enhance threat detection and prioritization. While valued for its high accuracy and alert aggregation, it has room for improvement in UI/UX, packet management, and integration with SIEMs and other tools. It is noted for expensive pricing and limited proactive threat response features.

What are Vectra AI's most valuable features?
  • High accuracy in identifying threat locations
  • Aggregation of alerts into single incidents
  • 24/7 threat detection
  • Visibility into the entire attack lifecycle
  • Risk score aggregation
  • Effective triaging of alerts
  • Integration with other tools
What benefits or ROI should users look for?
  • Enhanced threat detection and prioritization
  • Comprehensive network visibility
  • Reduction in false positives
  • Better incident response capabilities
  • Improved compliance monitoring

In specific industries, Vectra AI is deployed to monitor complex networks and alleviate challenges in threat detection. It is particularly effective in sectors requiring stringent compliance and security measures, offering insights and capabilities crucial for protecting sensitive data and maintaining operational integrity.

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Tribune Media Group, Barry University, Aruba Networks, Good Technology, Riverbed, Santa Clara University, Securities Exchange, Tri-State Generation and Transmission Association
Buyer's Guide
Cortex XDR by Palo Alto Networks vs. Vectra AI
December 2024
Free Report: Cortex XDR by Palo Alto Networks vs. Vectra AI
Find out what your peers are saying about Cortex XDR by Palo Alto Networks vs. Vectra AI and other solutions. Updated: December 2024.
DOWNLOAD NOW
825,566 professionals have used our research since 2012.
See our Cortex XDR by Palo Alto Networks vs. Vectra AI report.
See our list of best Extended Detection and Response (XDR) vendors and best AI-Powered Cybersecurity Platforms vendors.

We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.