No more typing reviews! Try our Samantha, our new voice AI agent.

Microsoft Defender for Endpoint vs Sangfor Endpoint Secure comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Microsoft Defender for Endp...
Ranking in Endpoint Detection and Response (EDR)
3rd
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
212
Ranking in other categories
Endpoint Protection Platform (EPP) (1st), Advanced Threat Protection (ATP) (5th), Anti-Malware Tools (1st), Microsoft Security Suite (3rd)
Sangfor Endpoint Secure
Ranking in Endpoint Detection and Response (EDR)
36th
Average Rating
8.2
Reviews Sentiment
7.4
Number of Reviews
11
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of Microsoft Defender for Endpoint is 5.7%, down from 10.4% compared to the previous year. The mindshare of Sangfor Endpoint Secure is 0.7%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Microsoft Defender for Endpoint5.7%
Cortex XDR by Palo Alto Networks3.6%
Sangfor Endpoint Secure0.7%
Other90.0%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
Robert Arbuckle - PeerSpot reviewer
Security Analyst III at a healthcare company with 10,001+ employees
Automatically isolates threats and integrates with logging to reduce response time
Overall, I would evaluate the Microsoft support level that I receive at probably about a seven, but that depends on the day. It has been spotty. We have had issues where the urgency level of the Microsoft support is not as high as ours, especially during a data breach or potential data breach situation. We have had issues with some of the offshore support being lackluster. One specific thing that comes to mind is we were on a support call with our CISO on the call, and the Microsoft agent, who did not actually work for Microsoft, is one of the vendors that Microsoft uses for support, said, "Just to set expectations, my lunch break is in an hour and I am going to go away then." For us, it was already ten o'clock at night and we had been working on this for a couple of hours, trying to get a security engineer on with us. For him to tell us that he was going to go away and have lunch, it was, "Okay, but go find somebody else if you need to." It was just the lackluster approach, and it seemed like he did not really care. We seem to get a lot of this when we get non-Microsoft support. I can identify areas for improvement with Microsoft Defender for Endpoint, as it is kind of a convoluted mess to try to take care of false positives. Especially when they have been identified as false positives but they keep going off over and over again. It is great for my pocketbook because it generates a lot of on-call action, but I would really prefer more sleep at two o'clock in the morning than dealing with false positives. I would say that the unified portal for managing Microsoft Defender for Endpoint is suitable for both teams as they are all in there. It would be great if they would stop moving things around and renaming things, which makes sense. The new XDR portal is pretty nice. Being able to have it central again inside of the regular Security Center without having to open up two windows is helpful. Overall, I think it is pretty good. There is always going to be something that could be improved, such as alerting and the ability to modify alerts would be a little bit helpful to have. Being able to add more data into the alerts and turn off alerts that are not as useful would be beneficial. It is hard to say what the quantitative impact the security exposure management feature has had on our company's security, because a lot of it is kind of subjective. I think we are sitting at around a fifty percent score still, and a lot of it is just kind of unusual circumstances that we cannot really implement without breaking the organization.
OA
Coordinator Associate at National Institute of Cardiovascular Diseases
Quick threat response and behavior analysis while enhancing network security
The main use case is usually related to security. It deals with attacks that come day-to-day such as zero-day attacks and APT attacks. Our main task is to secure the network infrastructure in the hospital where I work It facilitates the departments of IT and other departments to procure and…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The biggest positive impact I see from Cortex XDR by Palo Alto Networks is a significant reduction in the number of people required to manage it."
"I recommend this solution to others because it is easy to manage, reliable, and overall good to use."
"I like the centralized console and the predictive analysis it does of malware. It is very stable and also scalable."
"The most valuable aspect of Cortex XDR by Palo Alto Networks for me is its integration with AI detection, where we get to know the behavioral detection based on users, traffic patterns, and different services that we consume."
"Technical support is the best in class, in my opinion, because they have invested heavily in research and development."
"The best feature of Cortex XDR by Palo Alto Networks is that it collects logs from different sections such as the endpoint, the network, and the cloud, making it easy to investigate alerts, collect some of the investigation packages related to the infected machines, and provide live response."
"Cortex XDR features advanced threat detection capabilities."
"If the user leaves our premises or network, Palo Alto Traps will still be on that endpoint and will still apply our policies."
"The intelligence mechanisms are good."
"The virus scanning capability is excellent, and it feeds all the logs into the Microsoft 365 Defender portal, making them easy to search for."
"I like the real-time protection features. Windows Defender will detect if there's a threat like a Trojan or something like that but Kaspersky lets it run normally."
"We are totally satisfied with performance and price."
"It's effective against most types of infection, and the firewall is perfect for protection."
"It can reach our applications and PC activities in the cloud."
"The initial setup is quite simple and quite straightforward; it's not overly complex or difficult, the deployment is fast and only takes a minute or so, and you only need one person, an engineer, to manage the product once it is up and running."
"The main benefits are compliance and protection from threats, helping us avoid disruption in the business and maintain uptime while prioritizing threats across our enterprise, which is very important for us."
"Sangfor Endpoint Secure has some good policy certificates."
"The user-friendliness of Sangfor Endpoint Secure is particularly impressive. Even with basic technical knowledge, users can easily navigate the system, make changes, and implement updates."
"What stands out to me is the dual-end user interface they provide."
"The most valuable feature I have found in the system is its comprehensive end-to-end protection."
"It has a quick response time, threat intelligence, cybersecurity features, quick report generation, behavior analysis, dynamic detection, and quarantine features."
"The real-time monitoring feature of Sangfor Endpoint Secure is truly real-time, with no delay compared to other solutions."
"The tool's most valuable features are control access, endpoint security, and load balancing of ISPs."
"The product's initial setup phase was straightforward."
 

Cons

"I have seen lagging with Cortex XDR by Palo Alto Networks. There was one time when we faced a threat actor trying to gain access to our system. When our team utilized the tool, we were all on the same dashboard and we faced a lag issue at that time of around five minutes, which was quite significant."
"If he is using a smaller company, he can depend on some other tools because Cortex XDR by Palo Alto Networks is a bit expensive."
"The dashboard is the area that needs to improve so that we can have the ability to drill down without having to go elsewhere to verify results."
"The solution lacks real-time, on-demand antivirus."
"They are charging for Network Traffic Analyzer (NTA) services, so if the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better."
"They've been having some issues with updating their endpoint agents, and it has been quite frustrating."
"Enhancing UI simplicity and playbook flexibility are areas that could benefit from more low-code automation options for smoother integrations."
"The tool needs to be improved in terms of integration and interface."
"Sometimes, there are difficulties in downloading a file considered as malicious."
"It could be easier when it comes to managing exceptions."
"One of the differences between other solutions I have used and Microsoft Defender for Endpoint is that the latter is not yet enterprise-ready to the same extent that the other vendors are."
"We would like more customization, actually."
"Other vendors provide a lot of customization when it comes to integration, which every big organization requires. No big organization depends on one particular tool. Defender lacks that at this point."
"Microsoft should improve support for third-party platforms, because not all functionality is available for all of them. It's a good product, but they should just extend the functionality for all platforms."
"The central console needs improvement."
"It should support non-Windows products better. Microsoft is now one of the leading vendors in the security area. So, they should be product-independent."
"Sangfor Endpoint Secure performs poorly."
"The interface has too many buttons, making it cluttered."
"Sangfor Endpoint Secure should include healing capabilities."
"Currently, the tool lacks reporting functionalities."
"Sometimes, the VPN is not secure and doesn't work properly in Sangfor Endpoint Secure."
"I face issues while migrating from Kaspersky to Sangfor Endpoint Secure."
"There are a few areas for improvement. We have encountered licensing issues on occasion, and sometimes updates don't apply properly."
"It would be much more convenient if the migration tool could be installed directly on the customer's VMs, enabling a smoother migration process to the new infrastructure, with potential restrictions addressed accordingly."
 

Pricing and Cost Advice

"The tool's price is moderate."
"Compared to CrowdStrike, Cortex XDR is an expensive solution."
"It's the most expensive solution, but features-wise, it's quite strong. It's very good for protection, so the results are very good in the case of protection. I would rate it a two out of ten in terms of pricing."
"The cost depends on your chosen license type, like Pro or other licenses."
"It's about $55 per license on a yearly basis."
"The pricing is a little high. It is per user per year."
"The return on investment is from the user side because we have seen the performance of it increase the delivery time of the product if we are using too many web-based and on-premise applications. In indirect ways, we saw the return of investment in terms of performance and user satisfaction increase."
"The price is on the higher side, but it's okay."
"Buying individual point products would've cost us a lot more money than one integrated solution that also capitalizes on Teams Voice and things of that nature. Given our size, buying individual products would have easily cost us a million dollars."
"Currently, for us, Windows Defender is free with the purchase of Windows Server. Pricing is an important point for us when we are looking at the competitors of this solution. If we choose to go with another vendor, we will have to pay some license fees."
"I do not have to purchase antivirus solutions anymore because Microsoft Defender for Endpoint is integrated into Windows and comes free."
"The price was a problem for me three years ago, but they improved their E3, E5, and a la carte licensing. In other words, you have to get all of E5. That used to be a problem because you had E3, Defender, and guardrails, but you needed an E5 license to get the management suite and the analytics. It's more flexible now. You can switch from a la carte to the entire suite when it starts to make sense. It's becoming more economically competitive to go that route."
"For most people, the price of the license is not something that they have to worry about."
"The price of Microsoft Defender for Endpoint is reasonable. Other solutions are more expensive, such as ClowdStrike."
"Most people don't realize M365/E5 licenses are an amazing deal. They think "Oh, it's expensive," and I'll ask, "Compared to what?" If you don't have it you will have to buy licenses for multiple products to fill the same security space that you would have gotten with the Microsoft product. Go figure out how much it costs you per product, per user, and then come back and tell me how things add up financially."
"We are required to pay for the data we ingest, and increasing the data amount incurs additional expenses."
"We were using Hyper-V. So, we switched to Sangfor because of the pricing."
"The solution is cheap. It is cheaper than other products by 15-20 percent."
"Sangfor Endpoint Secure's pricing is cheap. I rate it seven out of ten."
"Price-wise, Sangfor Endpoint Secure can be considered a competitively priced product in the market as it offers quite low prices compared to other solutions."
"The product is expensive compared to other vendors."
"Sangfor Endpoint Secure is not a cheap solution."
"Its "pay as you grow" model offers cost-effectiveness compared to major cloud providers."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
904,054 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
11%
Comms Service Provider
9%
Manufacturing Company
10%
Financial Services Firm
9%
Computer Software Company
9%
Comms Service Provider
8%
Financial Services Firm
18%
Comms Service Provider
12%
Media Company
7%
Computer Software Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business82
Midsize Enterprise45
Large Enterprise96
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise3
Large Enterprise3
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
Which offers better endpoint security - Symantec or Microsoft Defender?
We use Symantec because we do not use MS Enterprise products, but in my opinion, Microsoft Defender is a superior sol...
How does Microsoft Defender for Endpoint compare with Crowdstrike Falcon?
The CrowdStrike solution delivers a lot of information about incidents. It has a very light sensor that will never pu...
What is your experience regarding pricing and costs for Microsoft Defender for Endpoint?
We have been discussing pricing, setup cost, and licensing, and we are currently on an E3. We are discussing going to...
What needs improvement with Sangfor Endpoint Secure?
The interface has too many buttons, making it cluttered. It would be better if it were a simplified version with fewe...
What is your primary use case for Sangfor Endpoint Secure?
Sangfor Endpoint Secure is easy to handle with its user-friendly interface. The four engines it utilizes for endpoint...
What advice do you have for others considering Sangfor Endpoint Secure?
At first, people might not understand the interface, which is why it should be simplified. However, once they underst...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
Microsoft Defender ATP, Microsoft Defender Advanced Threat Protection, MS Defender for Endpoint, Microsoft Defender Antivirus
No data available
 

Interactive Demo

Demo not available
Demo not available
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Petrofrac, Metro CSG, Christus Health
Information Not Available
Find out what your peers are saying about Microsoft Defender for Endpoint vs. Sangfor Endpoint Secure and other solutions. Updated: June 2026.
904,054 professionals have used our research since 2012.