Try our new research platform with insights from 80,000+ expert users

Palo Alto Networks Cortex XSOAR vs Tanium comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Palo Alto Networks Cortex X...
Average Rating
8.4
Reviews Sentiment
6.9
Number of Reviews
46
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (2nd), SOC as a Service (2nd)
Tanium
Average Rating
7.4
Reviews Sentiment
6.5
Number of Reviews
16
Ranking in other categories
Server Monitoring (10th), Vulnerability Management (22nd), Endpoint Protection Platform (EPP) (37th), Endpoint Detection and Response (EDR) (26th)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Palo Alto Networks Cortex XSOAR is designed for Security Orchestration Automation and Response (SOAR) and holds a mindshare of 11.0%, down 12.9% compared to last year.
Tanium, on the other hand, focuses on Endpoint Protection Platform (EPP), holds 2.5% mindshare, up 2.0% since last year.
Security Orchestration Automation and Response (SOAR)
Endpoint Protection Platform (EPP)
 

Featured Reviews

NikhilSharma2 - PeerSpot reviewer
Ability to multiple playbooks to fetch data from multiple firewalls and utomated several tasks, including vulnerability scans and SOCL (Security Orchestration, Automation
Recently, they started implementing microservices in XSOAR, which has improved quality and addressed previous issues. However, they should focus more on licensing costs. The user licensing fees are quite high. For example, I received a quote for XSOAR, and it was $12,000 per user per year. If you have a SOC team of 30 members/analysts, you're looking at a substantial expense. They should consider reducing these costs since this high pricing seems to be more about profit. So, there is room for improvement in the pricing. Moreover, the reporting and dashboard features are decent but could be improved. The user interface (UI) is quite heavy and takes time to load, which is a major drawback.
Mo Vermeiren - PeerSpot reviewer
Is able to make several campaigns work in parallel, but the user interface needs improvement
It's mainly used by the cybersecurity team for Windows patching and deployment of some software solutions I like the fact that you can create patching campaigns depending on the area of your network that you want to address first. I like the ability it has to make several campaigns that work in…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable features of Palo Alto Networks Cortex XSOAR are the remote controller from the workstation that can execute commands and isolate the systems outside of the network. Only the system with an internet connection can execute the task because the main console is in the cloud."
"The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."
"The solution is very reliable."
"They have a portal where you can find any kind of integration that you need."
"Each incident collected is orchestrated with automation that selects the security analyst to be involved, or provides complex execution plans for managing security incidents."
"I have found the solution very useful, it integrates well with other platforms."
"The most valuable features of Cortex XSOAR include its vast library of plugins, which allow us to integrate various tools and solutions seamlessly."
"Palo Alto is easy to use."
"I like the fact that you can create patching campaigns depending on the area of your network that you want to address first. I like the ability it has to make several campaigns that work in parallel."
"I like the tool's incident response and security patching."
"The most valuable features of this solution are the consolidation of all historical data on device endpoints, security drivers, firmware, and Software version gaps."
"Threat hunting is a very good feature on Tanium. We have just started using it and have not used it extensively."
"Tanium's most valuable features are patch management, inventory, and distribution software."
"For incident response tasks, all these tasks can get done in minutes with minimal disruption to the end-user."
"The interrogation piece was the most valuable feature because it was very detailed."
"The security features are very valuable."
 

Cons

"The tool’s multi-tenancy feature must be improved."
"The solution is complicated to learn."
"Its dashboard features need improvement."
"The configuration of the solution could improve it is difficult."
"The product can be tailored for each deployment to respond to specific customer needs, and this complexity may be seen as a downside."
"It's only one cloud right now. It might be helpful for some companies to have an on-premies option."
"Palo Alto Networks Cortex XSOAR could improve the look, feel, and management of the cloud console. Additionally, the user could be more easily integrated."
"In terms of improvement, it needs to be more modular. It's not. When you're working in layouts and you create specific apps within layouts, there's no portability right now in order to reuse that code across multiple layouts. I can't take a tab and say I want to use this tab on these other layouts. I have to physically go in there and recreate it from scratch, which is maddening."
"The solution lacks mobility."
"The main issues are the network connection because different customers have issues with their networks. It's difficult implementing this type of solution because the network is the main feature in the architecture for these types of solutions. Tanium could improve by creating some network optimization."
"Tanium’s scalability could be improved."
"Most of the time, agent-relative issues have to be more equipped with self-healing features. At times, the agent is there, but for some reason, it doesn't report a status. It gives certain problems that are obviously agent-based."
"When working with Tanium, there are some older devices that haven't been patched for a long time, and certain patches are not included in Tanium."
"We had some issues with the solution's OS upgrade."
"The reporting could be improved."
"The solution can give a lot of false positives."
 

Pricing and Cost Advice

"Cortex XSOAR's price could be lower."
"Palo Alto offers significant discounts to customers who purchase the products repeatedly."
"The solution is a bit on the expensive side."
"The price of Palo Alto Networks Cortex XSOAR is comparable to other solutions in the market."
"It is approx $10,000 or $20,000 per year for two user licenses."
"There is a perception that it is priced very high compared to other solutions."
"The solution's pricing needs improvement."
"The solution is based on an annual licensing model that is expensive."
"Tanium is a more expensive solution in Latin America than some of the competitors, such as BigFix."
"The solution offers value for money."
"The product's pricing differs from region to region depending on negotiations and the number of endpoints."
"It's an expensive solution. It would be nice if the cost were lower."
"There is an annual license required to use this solution."
"It is higher than some competitors in the market."
"The solution is expensive but it's a good investment."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Computer Software Company
12%
Manufacturing Company
9%
Government
9%
Financial Services Firm
17%
Government
13%
Computer Software Company
10%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What is your experience regarding pricing and costs for Palo Alto Networks Cortex XSOAR?
Even though customers often comment on the price, the potential savings come from managing a large number of security events with a limited number of analysts. This leads to economic advantages des...
What needs improvement with Palo Alto Networks Cortex XSOAR?
The complexity of Cortex XSOAR has a trade-off with its versatility. The product can be tailored for each deployment to respond to specific customer needs, and this complexity may be seen as a down...
What do you like most about Tanium?
Tanium’s linear-chain architecture is valuable.
What needs improvement with Tanium?
When working with Tanium, there are some older devices that haven't been patched for a long time, and certain patches are not included in Tanium. I have to search outside to download patches, creat...
What is your primary use case for Tanium?
We primarily use Tanium for patching, focusing on vulnerabilities. Our major goal with Tanium is to patch based on vulnerabilities detected by our other vulnerability tools.
 

Also Known As

Demisto Enterprise, Cortex XSOAR, Demisto
No data available
 

Overview

 

Sample Customers

Cellcom Israel, Blue Cross and Blue Shield of Kansas City, esri, Cylance, Flatiron Health, Veeva, ADT Cybersecurity
JPMorgan Chase, eBay, Amazon, US Bank, MetLife, pwc, Cerner, Delphi, MGM Grand, New York Life
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR). Updated: March 2025.
845,040 professionals have used our research since 2012.