No more typing reviews! Try our Samantha, our new voice AI agent.

Darktrace vs Stellar Cyber Open XDR comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Extended Detection and Response (XDR)
4th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Endpoint Detection and Response (EDR) (6th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Darktrace
Ranking in Extended Detection and Response (XDR)
7th
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
84
Ranking in other categories
Email Security (10th), Intrusion Detection and Prevention Software (IDPS) (2nd), Network Traffic Analysis (NTA) (1st), Network Detection and Response (NDR) (1st), Cloud Security Posture Management (CSPM) (10th), Cloud-Native Application Protection Platforms (CNAPP) (9th), Attack Surface Management (ASM) (4th), AI-Powered Cybersecurity Platforms (5th), AI Observability (6th)
Stellar Cyber Open XDR
Ranking in Extended Detection and Response (XDR)
40th
Average Rating
0.0
Reviews Sentiment
7.0
Number of Reviews
2
Ranking in other categories
Security Information and Event Management (SIEM) (44th), User Entity Behavior Analytics (UEBA) (28th), Endpoint Detection and Response (EDR) (58th), Network Traffic Analysis (NTA) (16th), Security Orchestration Automation and Response (SOAR) (24th), Network Detection and Response (NDR) (20th), Identity Threat Detection and Response (ITDR) (21st)
 

Mindshare comparison

As of July 2026, in the Extended Detection and Response (XDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 4.6%, down from 5.1% compared to the previous year. The mindshare of Darktrace is 4.4%, down from 7.7% compared to the previous year. The mindshare of Stellar Cyber Open XDR is 2.1%, up from 1.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Extended Detection and Response (XDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks4.6%
Darktrace4.4%
Stellar Cyber Open XDR2.1%
Other88.9%
Extended Detection and Response (XDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Pasan Jayarathna - PeerSpot reviewer
Network Security Engineer at Cyberwell Solution
Monitoring has improved data loss detection and now spots abnormal internal file transfers quickly
In my understanding, the best feature Darktrace offers is the identification of copying files, which acts as a DLP, and it is a main concern for companies because users sometimes copy data outside without knowing, especially those without a technical background. When I mention the DLP-like feature and file copying detection, the alerts have been very timely, as we get an alert within a couple of minutes, which is excellent. Even if some developers are working after hours and copying files, our SOC team detects this, and most of the time they call us so we can identify the users. The alerts are quite accurate and proactive.
Hrishiraj Bhattacharjee - PeerSpot reviewer
Founder & CEO at Team Karimganj
Correlates incidents, allows for quicker identification and helps prioritize investigations
The only challenge is, and that’s where we come into play, it’s a pretty high-tech platform. So, it’s difficult for small and medium-sized organizations to manage it on their own. It’s a very complex system. It requires a lot of expertise. All my guys who work on it have gone through certification from Stellar itself. There are three different certifications that you need to complete. Only then are you certified by Stellar to work on it. It’s a very complex platform. Not everyone can use it. A simple IT engineer or system admin won’t be able to handle it because it’s quite complex. You need to have an understanding of the industry, the subject, and the tool. So, just purchasing this tool or license and then using it on your own would be very difficult to configure and manage on a day-to-day basis. The pricing model is not suitable for small and medium companies, particularly small companies. The minimum pricing model they have is suitable for companies with more than one thousand users. So, if someone has 50 to 100 users, like typical small companies, it’s difficult for them because the cost involved is high. Stellar would charge you for those thousand users, but you do not need all those users. So what are they going to do? I guess Stellar does not want to target small companies directly and maybe relies on resellers and MSPs like us to sell it. So, that is something I would recommend changing. Otherwise, it’s a great tool, but because of the pricing model, small companies are unable to leverage the advantage of this beautiful tool. So, the pricing model should be suitable for small and medium businesses. The product currently has vulnerability monitoring and everything. But if they could also do something about vulnerability management and maybe patch management, that would be nice.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The policy configuration is great, the granularity of policies that are available is very helpful, it is straightforward to set up, and it has pretty much everything we need and works well within the Palo Alto ecosystem."
"What I like about Cortex XDR by Palo Alto Networks is that it is a comprehensive solution that contains everything the organization may need when using endpoints."
"After deploying Traps, we saw the performance of the network improve by 65 to 70 percent."
"If you are looking to deploy a security solution as a whole, this is a good option."
"The most valuable feature of Cortex XDR by Palo Alto Networks is its machine-learning capabilities. Additionally, there is full integration with other solutions."
"One of the things that I enjoy the most is using policy extensions. It's like having host firewalls to control USB connections. I think it's a wonderful tool to restrict use when connecting to our computers. Another important tool is Home Insights. That is an add-on to the Cortex solution. I like that because we can see all the vulnerabilities in the environment and control what assets are connected to our network."
"Cortex XDR by Palo Alto Networks has changed the way my security team detects, investigates, and responds to threats, as we are able to see the files, unwanted files, unsecured files, and unauthorized files, so we are quarantining them."
"The most valuable for us is the correlation feature."
"The solution is stable. We've never had any problems with it."
"The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in the environment. It can detect any type of attack that hits the environment because it understands what normal looks like for the network. It is very useful for an autonomous response."
"I am impressed with the product's ability to give insights into network traffic."
"The technical support is excellent; they walk you through the process and do a great job."
"I find the complete portfolio to be excellent."
"I have found the automation and AI features to be valuable. If someone were to come in to the office at midnight and log in, Darktrace would flag it."
"The solution is outstanding from a monitoring perspective."
"The autonomous response is also highly designed in Darktrace."
"It can integrate with almost any cybersecurity tool available in the market."
"Stellar Cyber Open XDR offers these functionalities at a more affordable price, making it easier for me to position it with price-sensitive customers."
 

Cons

"The installation should be easier and the Palo Alto pre-sales and sales teams should have more information on the product because they don't know what they are selling."
"For Cortex XDR by Palo Alto Networks, if I had to point out improvements, I would say the UI is still somewhat difficult for beginners."
"They are charging for Network Traffic Analyzer (NTA) services, so if the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better."
"Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms."
"Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files. It was unable to retrieve new file verdicts. It was using a thing called "local analysis" to determine if something was a malicious file or not. There was no dynamic analysis."
"It's more focused on network communication. If a customer wants to increase the level of protection and start working with documents, it's impossible to integrate these features into the system. It's more of a communication-oriented system than a content security-oriented system."
"However, if you do not have Palo Alto in your environment, you are paying these additional services just for Cortex XDR by Palo Alto Networks, so it is not a cost-effective solution."
"Whenever the tool releases a new version when deploying the product across the organization, I feel like there are some disturbances in the CPU usage after upgrading the tool to the latest version."
"Darktrace needs to automate the reports of false positives, botnets and everything."
"It would be good if they can include some endpoint protection for remote workers."
"It's quite expensive to have."
"One area for improvement is the alerting system, which generates too many alerts and becomes labor-intensive for organizations not equipped with enough personnel in their SOC."
"It's sometimes a challenge getting logs from different sources."
"This product needs more in terms of prevention. The detection capabilities work well but once a threat has been detected, Darktrace should work to prevent it from doing anything malicious."
"The product doesn't have an endpoint agent that can react to triggers set on the device,"
"The pricing is based on the number of endpoints, so the program is rather expensive."
"Support is an issue because they have a limited number of resources."
"I would rate the stability at about five to six. The platform requires some fine-tuning, especially when integrating data sources and creating connectors."
 

Pricing and Cost Advice

"Its pricing is kind of in line with its competitors and everybody else out there."
"It is cost-effective compared to similar solutions. It fits for the small businesses through to the big businesses."
"Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance."
"It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."
"It is "expensive" and flexible."
"The price of the product is not very economical."
"It has a higher cost than other solutions, like CrowdStrike or Microsoft’s EDR tools, but it reduces the cost of our operations because it’s a new generation antivirus tool."
"Compared to CrowdStrike, Cortex XDR is an expensive solution."
"I'm unfamiliar with the exact cost, but we have a yearly license and had to pay for Darktrace's services before the deployment. The product is very expensive, so some organizations can't afford to pay the total amount directly, meaning they often seek a partner or pay in installments, which increases the price more."
"Prior to negotiating, Darktrace offered their appliance and service for $80,000 per year."
"The pricing is reasonable."
"I am using a demo of Darktrace for deployment and testing which is free."
"It is a very expensive product."
"There is an annual license to use Darktrace."
"Darktrace is pricey, but the price is reasonable for what the solution does, and it's comparable to other products."
"They are too expensive compared with other vendors."
"It’s a single license platform."
report
Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.
904,680 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Manufacturing Company
10%
Financial Services Firm
9%
Computer Software Company
8%
Comms Service Provider
7%
Manufacturing Company
13%
Comms Service Provider
9%
Computer Software Company
8%
Outsourcing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business44
Midsize Enterprise20
Large Enterprise29
No data available
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing u...
Which is better - SentinelOne or Darktrace?
Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is ...
What is your experience regarding pricing and costs for Darktrace?
Concerning pricing for the product, I would say it is somewhat expensive.
What is your experience regarding pricing and costs for Stellar Cyber Open XDR?
Pricing is a major benefit of Stellar Cyber Open XDR. I rate it between three and four on the cost scale. It offers f...
What needs improvement with Stellar Cyber Open XDR?
I am currently evaluating Stellar Cyber Open XDR in terms of their support. I do not see any major areas for improvem...
What is your primary use case for Stellar Cyber Open XDR?
I use Stellar Cyber Open XDR ( /products/stellar-cyber-open-xdr-reviews ) as a 24/7 security monitoring tool, especia...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
No data available
No data available
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol, Allianz, KKR, AIRBUS, dpd, Billabong, Mclaren Group.
Sumitomo Chemical USA, PlastiPak Packaging, University of Denver, Large California State Agency, Large Midwestern American City
Find out what your peers are saying about Darktrace vs. Stellar Cyber Open XDR and other solutions. Updated: June 2026.
904,680 professionals have used our research since 2012.