Try our new research platform with insights from 80,000+ expert users

Google Security Operations vs Palo Alto Networks Cortex XSOAR comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 9, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Google Security Operations
Ranking in Security Orchestration Automation and Response (SOAR)
16th
Average Rating
9.0
Reviews Sentiment
7.7
Number of Reviews
4
Ranking in other categories
Security Information and Event Management (SIEM) (32nd), AI-Powered Cybersecurity Platforms (10th)
Palo Alto Networks Cortex X...
Ranking in Security Orchestration Automation and Response (SOAR)
2nd
Average Rating
8.4
Reviews Sentiment
6.9
Number of Reviews
46
Ranking in other categories
SOC as a Service (2nd)
 

Mindshare comparison

As of April 2025, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Google Security Operations is 1.6%, up from 1.3% compared to the previous year. The mindshare of Palo Alto Networks Cortex XSOAR is 11.0%, down from 12.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

reviewer2203269 - PeerSpot reviewer
Real-time threat detection and alarm management have improved security operations
Google SecOps is extremely useful for threat detection and hunting. It provides a detailed pipeline for detection and is beneficial for real-time threat monitoring when integrated with Mandiant. The tool's integration capabilities are effective, and it helps in managing alarms for normal threats efficiently. Overall, Google SecOps is a very useful service for security operations.
NikhilSharma2 - PeerSpot reviewer
Ability to multiple playbooks to fetch data from multiple firewalls and utomated several tasks, including vulnerability scans and SOCL (Security Orchestration, Automation
Recently, they started implementing microservices in XSOAR, which has improved quality and addressed previous issues. However, they should focus more on licensing costs. The user licensing fees are quite high. For example, I received a quote for XSOAR, and it was $12,000 per user per year. If you have a SOC team of 30 members/analysts, you're looking at a substantial expense. They should consider reducing these costs since this high pricing seems to be more about profit. So, there is room for improvement in the pricing. Moreover, the reporting and dashboard features are decent but could be improved. The user interface (UI) is quite heavy and takes time to load, which is a major drawback.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature of Siemplify is the playbooks that can be created."
"Overall, Google SecOps is a very useful service for security operations."
"Google SecOps is extremely useful for threat detection and hunting."
"The playbooks feature in Siemplify is crucial for automation. We've utilized both standard and custom integrations with other security operation solutions, enhancing our flexibility. The user interface is generally straightforward, although recent changes may require some adjustment and Siemplify's integrations and capabilities offer potential support for various compliance requirements."
"Without hyperbole, I have never, in my entire career, encountered a vendor or a vendor community as awesome as Siemplify. Siemplify and the Siemplify Community quite literally made it possible for our SOC to increase almost five-fold in our number of clients and number of analysts and to go from a Monday to Friday 9-5 shop to a 24/7 shop all in the span of under a year and a half and all while continually adding capabilities and improving the services we offer to our clients."
"The most valuable features of Palo Alto Networks Cortex XSOAR are the remote controller from the workstation that can execute commands and isolate the systems outside of the network. Only the system with an internet connection can execute the task because the main console is in the cloud."
"From the security team's standpoint, the solution has improved our organization's overall cybersecurity."
"The repository of playbooks and the integration between Palo Alto and IBM QRadar are some useful features"
"The orchestration in XSOAR is significantly easier compared to other SOAR tools I've used."
"Cortex XSOAR's playbook for incident management and automation is highly valuable."
"The product’s stability is good."
"The most valuable feature is its capability to automate responses and collect information for any security event before you even delve into the details. It's a vast product with an active roadmap, so I'm satisfied with it for now. It's very efficient at data collection and correlation."
"I am satisfied with the product overall."
 

Cons

"The main improvement could be in the accuracy and detail provided in threat descriptions."
"Building the playbooks could be easier and the integration could improve. It is a difficult process, such as what API connections need to be made."
"We often encounter minor issues that could be improved, but we maintain communication with the developers and submit feature requests. Recently, I requested enhancements such as improved search functionality within playbooks and expanded options for exporting case data."
"I'm inclined to say that I'd love to see some Machine Learning capabilities integrated into the platform, however, I just attended a demo this morning where Siemplify gave a sneak peek into some Machine Learning capabilities that they are currently developing and have roadmapped for release soon."
"The main improvement could be in the accuracy and detail provided in threat descriptions."
"The user interface could be a bit better."
"There is room for improvement in support. The response time could be faster."
"For building automation, there is not a lot of good documentation. The documentation is there, but it is not very good from my perspective. There should be an improvement in this area. I don't see issues with anything else. In terms of new features, I have heard that other products have EBA functionality. It would be good if this functionality could be added."
"The product can be tailored for each deployment to respond to specific customer needs, and this complexity may be seen as a downside."
"Implementing this solution requires a lot of involvement from the vendor and it should be made easier for the partners."
"Previously, when Demisto was, there was a community edition; we could use it, reinstall it, and customize it. Since Palo Alto took over, it has become more financially oriented. It's business, but they could offer a pro model and a lighter model for different needs."
"I would like to see Cortex become less dependent on Active Directory and group policies to manage the deployment. Maybe I need to update my understanding of how to deploy it, but that's the way I know how to use it."
"With Palo Alto Networks Cortex XSOAR, managing its setup phase can be a complicated task."
 

Pricing and Cost Advice

Information not available
"The solution is based on an annual licensing model that is expensive."
"It is approx $10,000 or $20,000 per year for two user licenses."
"When I first looked at Demisto, it had a price tag of $250,000 but when we finally purchased it, it was $345,000."
"The solution's cost is reasonable."
"There is a perception that it is priced very high compared to other solutions."
"It is expensive."
"The pricing is fair. The pricing reflects the value and feature set it offers."
"The solution is expensive."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
849,190 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
16%
Retailer
10%
Government
8%
Financial Services Firm
15%
Computer Software Company
13%
Manufacturing Company
9%
Government
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What do you like most about Siemplify?
The playbooks feature in Siemplify is crucial for automation. We've utilized both standard and custom integrations with other security operation solutions, enhancing our flexibility. The user inter...
What is your experience regarding pricing and costs for Siemplify?
The pricing for Google SecOps and Microsoft Sentinel is almost the same, with no significant differences.
What needs improvement with Siemplify?
The main improvement could be in the accuracy and detail provided in threat descriptions. Google SecOps reports could be more detailed, similar to the comprehensive descriptions provided by Microso...
What is your experience regarding pricing and costs for Palo Alto Networks Cortex XSOAR?
Even though customers often comment on the price, the potential savings come from managing a large number of security events with a limited number of analysts. This leads to economic advantages des...
What needs improvement with Palo Alto Networks Cortex XSOAR?
The complexity of Cortex XSOAR has a trade-off with its versatility. The product can be tailored for each deployment to respond to specific customer needs, and this complexity may be seen as a down...
 

Also Known As

Siemplify ThreatNexus
Demisto Enterprise, Cortex XSOAR, Demisto
 

Overview

 

Sample Customers

FedEx Mondelez Intenrational Check Point Trustwave Atos Cyberint Bae Systems Crowe Longwall Security Telefonica Nordea HCL
Cellcom Israel, Blue Cross and Blue Shield of Kansas City, esri, Cylance, Flatiron Health, Veeva, ADT Cybersecurity
Find out what your peers are saying about Google Security Operations vs. Palo Alto Networks Cortex XSOAR and other solutions. Updated: April 2025.
849,190 professionals have used our research since 2012.