Try our new research platform with insights from 80,000+ expert users

CrowdStrike Falcon vs ThreatLocker Zero Trust Endpoint Protection Platform comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 11, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
5.1
Cortex XDR offers cost-effective malware prevention, compliance, reduced operational costs, improved performance, and comprehensive threat identification.
Sentiment score
7.0
CrowdStrike Falcon boosts efficiency and ROI by reducing costs, enhancing security, and streamlining deployment and maintenance.
Sentiment score
7.7
ThreatLocker Zero Trust boosts ROI by blocking threats, reducing risks, and enhancing security with seamless integration and quick adaptation.
They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.
Cyber Security Manager at Welab bank
Cortex XDR by Palo Alto Networks helps to reduce my total cost of ownership significantly.
Detection and Response Consultant at Inovasys
I have seen a return on investment with Cortex XDR by Palo Alto Networks, as this product is offered at a minimal cost, and we can find a good ROI from it.
Cyber Security Information Security Specialist at MHM Holding GmbH
CrowdStrike Falcon saves time and offers good value for money, especially for enterprise companies, because it can stop breaches.
IT consultant at Asuransi Ramayana
It's very easy to deploy without many IT admins, saving time.
IT Manager at Jord International Pty Ltd
If something were to happen without ThreatLocker, the cost would be huge, and thus, having it is definitely worth it.
Tier 1 IT Engineer at a retailer with 11-50 employees
The main return on investment is peace of mind, knowing that with ThreatLocker on any endpoint, it will almost always block all malicious code or exploits, even zero-day exploits.
Project Engineer at Lutz M&A, LLC
It keeps malware, Trojans, and ransomware at bay.
Technical Engineer at Cloud 1 Solutions
 

Customer Service

Sentiment score
6.9
Cortex XDR's customer service receives mixed reviews, with experiences varying based on support plans and regional partner involvement.
Sentiment score
7.0
CrowdStrike Falcon offers efficient customer service with knowledgeable support, though some users report response time issues on weekends.
Sentiment score
7.7
ThreatLocker offers exceptional 24/7 customer service with fast issue resolution, highly rated by users for speed and expertise.
The technical support from Palo Alto deserves a mark of ten because they reach out within an hour whenever assistance is needed.
Head of data centers at a non-profit with 10,001+ employees
There is no back and forth, and they know what we are asking for and come up with the best resolution for a solution.
Senior Process Expert at A.P. Moller - Maersk
If any of these services are missed, it becomes a problem in terms of support tickets, follow-up, or special configuration that needs to be done in the system.
Chief of IT Architecture at a financial services firm with 10,001+ employees
On a scale of one to ten, I would rate the technical support as a 10 because they resolve many issues for us.
CyberSecurity Architects at VaporVM
The CrowdStrike team is very efficient; I would rate them ten out of ten.
Security Analyst at NTT Ltd
They could improve by initiating calls for high-priority cases instead of just opening tickets.
Information Security Specialist at Arab Open University
They have been very responsive, helpful, and knowledgeable.
Systems Security Analyst & Deputy Security Officer at a financial services firm with 201-500 employees
I would rate their customer support a ten out of ten.
Director, Managed Services at a consultancy with 11-50 employees
Their support is world-class.
Supervisor, Client Security at a consultancy with 11-50 employees
 

Scalability Issues

Sentiment score
7.5
Cortex XDR offers scalable, adaptable cloud-based security, supporting diverse workloads and smooth deployment across numerous endpoints and environments.
Sentiment score
7.8
CrowdStrike Falcon offers scalable, cloud-based security with seamless deployment, efficiently handling numerous endpoints while maintaining stable performance.
Sentiment score
8.0
ThreatLocker scales efficiently, handling thousands of endpoints easily, with updates and flexible deployment supporting diverse organizational needs.
Cortex XDR by Palo Alto Networks can be expanded anytime by purchasing another license without any issues related to scalability.
Head of data centers at a non-profit with 10,001+ employees
I think scalability for Cortex XDR by Palo Alto Networks is good.
Threat Analyst II at a tech vendor with 1,001-5,000 employees
It has adequate coverage and is easy to deploy.
Senior Principal Information Security Analyst at Veritas Technologies LLC
In terms of scalability, I find CrowdStrike to be stable, and I have not encountered any limitations with it.
CyberSecurity Architects at VaporVM
There's no scalability limitation from CrowdStrike itself, as it just requires agent deployment.
Large account Manager at Softcell Technologies Limited
I started off with just the servers, and within a month and a half, I set up the entire company with ThreatLocker.
Technical Engineer at Cloud 1 Solutions
It seems to primarily operate on the endpoints rather than at a central location pushing out policies.
Systems Security Analyst & Deputy Security Officer at a financial services firm with 201-500 employees
I would rate it a ten out of ten for scalability.
Project Engineer at Lutz M&A, LLC
 

Stability Issues

Sentiment score
8.0
Cortex XDR by Palo Alto Networks is stable, reliable under heavy loads, with few bugs and continuous performance improvements.
Sentiment score
8.1
CrowdStrike Falcon offers stable, reliable performance with minimal downtime, promptly addressing minor glitches, ensuring seamless upgrades and protection.
Sentiment score
7.4
ThreatLocker Zero Trust Platform offers stable performance, minimal downtime, quick issue resolution, and seamless integration with operating systems.
Cortex remains fast and responsive, even with increasing data and alerts.
Final Year Student at Gitam University
The thresholds we've seen on our firewall boxes at some instances reached 80% to 85%, but even at that level of utilization, we don't observe any latency or any issues reported with respect to accessing the application.
Senior Process Expert at A.P. Moller - Maersk
Cortex XDR is stable, offering high quality and reliable performance.
Cyber Security Manager at Welab bank
I have never seen instability in the CrowdStrike tool.
Security Analyst at NTT Ltd
We are following N-1 versions across our environment, which is stable.
Senior Principal Information Security Analyst at Veritas Technologies LLC
The biggest issue occurred when every computer worldwide experienced a blue screen.
Information Security Specialist at Arab Open University
For five years, we have not had a problem.
Supervisor, Client Security at a consultancy with 11-50 employees
Once deployed, it downloads the policies locally, so even if the computer doesn't have internet, it doesn't matter.
Information Cybersecurity Technology Specialist at Freez.it
It has been very stable, reliable, and accessible.
COO at Panda Technology
 

Room For Improvement

Cortex XDR needs UI simplification, improved integration, better reporting, and training, while users face high costs and configuration challenges.
CrowdStrike Falcon could improve by enhancing features, reducing false positives, user interface complexity, and offering better support and pricing.
ThreatLocker could improve by enhancing training, UI, reporting, integration, and support to address approval and update challenges.
Improving reporting and dashboard customization, along with the addition of real-time and exportable reports, would help SOC teams greatly.
Final Year Student at Gitam University
The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products.
Pre-Sales Architect at network techlab
If the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better.
Cyber Security Information Security Specialist at MHM Holding GmbH
Simplifying the querying process, such as using double quote queries or directly obtaining logs based on IP addresses or usernames, would be beneficial.
Security Analyst at NTT Ltd
Another concern is CrowdStrike's GUI. It changes annually, making it hard to work and find options.
Senior Principal Information Security Analyst at Veritas Technologies LLC
Threat prevention should be their first priority.
Group Manager at HCLSoftware
Controlling the cloud environment, not just endpoints, is crucial.
COO at Panda Technology
This is problematic when immediate attention is needed.
Senior System Administrator at Molders Group Limited
Comprehensive 24-hour log monitoring is a valuable enhancement for both business and enterprise-level users.
IMS ENGINEER at a tech vendor with 1,001-5,000 employees
 

Setup Cost

Cortex XDR is seen as an expensive yet flexible solution with scalable pricing varying from $20 to $90 per user.
CrowdStrike Falcon's pricing is flexible but often higher than competitors, with customizable features and straightforward setup.
ThreatLocker offers a cost-effective Zero Trust solution with flexible pricing, appreciated for transparency and easy setup across clients.
The pricing on SentinelOne is far more reasonable and cheaper than Cortex XDR by Palo Alto Networks.
Consultant at a tech services company with 1,001-5,000 employees
I would say it is definitely not a cheap product, considering how mature it is and how scalable all Palo Alto products are together.
Senior Process Expert at A.P. Moller - Maersk
Cortex XDR is perceived as expensive by some customers, yet offers dynamic pricing.
Cyber Security Manager at Welab bank
It is expensive compared to SentinelOne, but as the market leader, it is worth it.
Senior Principal Information Security Analyst at Veritas Technologies LLC
The licensing cost and setup costs are affordable.
Computer Engineer at OIC, Alshirawi
The solution is a bit expensive.
Information Security Specialist at Arab Open University
After conversations with other partners, it became clear we underpriced it initially, which caused most of our issues.
Director, Managed Services at a consultancy with 11-50 employees
We are moving towards the Unified solution, where they basically bundle everything together, providing us better stability with the ability to bring in new product offerings without having to go back to the customer and say, 'This is going to cost you.'
Supervisor, Client Security at a consultancy with 11-50 employees
I had a really good deal at the time, and it continues to be cost-effective.
Cyber Security Specialist at Bremmar Consulting
 

Valuable Features

Cortex XDR enhances threat detection and response with AI, seamless integration, and efficient threat intelligence for improved risk management.
CrowdStrike Falcon offers exceptional endpoint visibility, low impact performance, advanced AI threat detection, and effective global threat remediation.
ThreatLocker enhances security and reduces costs with application control, instant support, intuitive interface, and comprehensive training resources.
It incorporates AI for normal behavior detection, distinguishing unusual operations.
Cyber Security Manager at Welab bank
The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.
Pre-Sales Architect at network techlab
It includes machine learning to easily analyze data and detect complex threats across endpoints, networks, or clouds.
Final Year Student at Gitam University
I can investigate by accessing the customer's host based on the RTR environment and utilize host search to know details for the past seven days, including logins, processes, file installations, malicious processes, and network connections.
Security Analyst at NTT Ltd
The real-time analytics aspect of CrowdStrike performs well because we get all logs in real-time, with no delay, allowing us to take action immediately.
CyberSecurity Architects at VaporVM
Being an EDR solution, it helps us identify attacks in real-time.
Information Security Specialist at Arab Open University
ThreatLocker Zero Trust Endpoint Protection Platform's ability to block access to unauthorized applications has been excellent.
Cyber Security Specialist at Bremmar Consulting
It protects our customers.
CTO at Zettabytes
The major benefit is fewer breaches overall, as nothing can be run without prior approval. This helps my company protect its data and secure itself effectively.
Tier 1 IT Engineer at a retailer with 11-50 employees
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Protection Platform (EPP)
5th
Average Rating
8.4
Reviews Sentiment
6.9
Number of Reviews
105
Ranking in other categories
Endpoint Detection and Response (EDR) (8th), Extended Detection and Response (XDR) (7th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (2nd)
CrowdStrike Falcon
Ranking in Endpoint Protection Platform (EPP)
1st
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
137
Ranking in other categories
Security Information and Event Management (SIEM) (6th), Threat Intelligence Platforms (TIP) (1st), Endpoint Detection and Response (EDR) (1st), Extended Detection and Response (XDR) (1st), Attack Surface Management (ASM) (1st), Identity Threat Detection and Response (ITDR) (1st), AI-Powered Cybersecurity Platforms (1st)
ThreatLocker Zero Trust End...
Ranking in Endpoint Protection Platform (EPP)
6th
Average Rating
9.2
Reviews Sentiment
7.4
Number of Reviews
41
Ranking in other categories
Network Access Control (NAC) (4th), Advanced Threat Protection (ATP) (6th), Application Control (1st), ZTNA (4th), Ransomware Protection (1st)
 

Mindshare comparison

As of February 2026, in the Endpoint Protection Platform (EPP) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.4%, down from 4.1% compared to the previous year. The mindshare of CrowdStrike Falcon is 6.7%, down from 11.2% compared to the previous year. The mindshare of ThreatLocker Zero Trust Endpoint Protection Platform is 1.1%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Protection Platform (EPP) Market Share Distribution
ProductMarket Share (%)
CrowdStrike Falcon6.7%
Cortex XDR by Palo Alto Networks3.4%
ThreatLocker Zero Trust Endpoint Protection Platform1.1%
Other88.8%
Endpoint Protection Platform (EPP)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Waleed Omar - PeerSpot reviewer
Information Security Specialist at Arab Open University
Provides effective real-time threat detection with potential for cost optimization
Some features such as device control, firewall management, and file analysis are standalone products that we need to purchase separately. If these features came out of the box within the product, it would be much more beneficial for us. Other providers such as SentinelOne include these features in their base product. We attended a CrowdStrike Falcon event where they discussed some shallow AI features, but we cannot see these in our panel yet. We work with different solutions such as Darktrace and SocRadar, where AI features are automatically displayed in our dashboards after release. However, for CrowdStrike Falcon, we cannot see these features.
CL
Supervisor, Client Security at a consultancy with 11-50 employees
World-class support and highly effective for application control and elevation
Their product is solid. I have a hard time complaining much about it because when we do find little things, they are usually interface-related or related to things that would be nice to have. Their idea portal, unlike so many other vendors we deal with, shows movement. At least four to eight features of ThreatLocker exist because I made a request in the last five years, and it became a feature of the actual product. When it comes to improvements, we moved the product as customers, and we got to move the product by making suggestions. They seem to be very reactive to it, so there is not a whole lot that they actively need to change right now. It is one of those situations where when we run into something that would be nice to have, it happens. They make it work.
report
Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.
882,886 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
10%
Financial Services Firm
10%
Manufacturing Company
8%
Government
6%
Computer Software Company
11%
Financial Services Firm
10%
Manufacturing Company
9%
Government
6%
Computer Software Company
19%
Retailer
9%
Manufacturing Company
8%
Financial Services Firm
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business42
Midsize Enterprise21
Large Enterprise47
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise34
Large Enterprise62
By reviewers
Company SizeCount
Small Business33
Midsize Enterprise4
Large Enterprise3
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing u...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never pu...
Is Crowdstrike Falcon better than Trend Micro Deep Security?
I like that Crowdstrike allows me to easily correlate data between my firewalls. What’s most useful for my needs is t...
What do you like most about ThreatLocker Allowlisting?
The interface is clean and well-organized, making it simple to navigate and find what we need.
What is your experience regarding pricing and costs for ThreatLocker Allowlisting?
Pricing, setup costs, and licensing have been pretty accessible and manageable. It was not too expensive to get start...
What needs improvement with ThreatLocker Allowlisting?
Going with the theme of ThreatLocker Zero Trust Endpoint Protection Platform being a one-stop shop where they have ju...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
CrowdStrike Falcon XDR, CrowdStrike Falcon Threat Intelligence, CrowdStrike Identity Protection, CrowdStrike Falcon Surface, CrowdStrike Falcon Platform
Protect, Allowlisting, Network Control, Ringfencing
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Information Not Available
Information Not Available
Find out what your peers are saying about CrowdStrike Falcon vs. ThreatLocker Zero Trust Endpoint Protection Platform and other solutions. Updated: February 2026.
882,886 professionals have used our research since 2012.