Cisco Secure Endpoint (formerly Cisco AMP) vs Palo Alto Networks Cortex XDR

Likelihood to Recommend

Specific tool for specific need. If you have a gap in your security infrastructure (protection from malware) you might think to use Cisco Advanced Malware Protection (AMP) for Endpoints to make sure your company's devices are safe. But also you can go beyond and enforce your SOC with Cisco AnyConnect where Cisco Advanced Malware Protection (AMP) for Endpoints is used as one of modules.

Read full review

Oleksandr Tsapenko

IT Project Manager

SvitSoftInformation Technology & Services, 11-50 employees

View all 9 answers on this topic

For those with some investment in Palo Alto already in particular I would say that you can do well with Cortex XDR. People already using the Wildfire machine learning antimalware service in the firewall will find a nice overlap of visibility here. But I would say they may either want to consider a higher license tier than just Protect or consider something like Crowdstrike which seems to do a better job of showing what a given alert means and therefore how you might want to respond. We will probably POC Crowdstrike at the end of our license.

Read full review

Allan Crittenden Edwards

Security Analyst

Eastern Michigan UniversityHigher Education, 1001-5000 employees

View all 1 answers on this topic

Feature Rating Comparison

Cisco Secure Endpoint (formerly Cisco AMP)

Palo Alto Networks Cortex XDR

Anti-Exploit Technology

Endpoint Detection and Response (EDR)

Centralized Management

Hybrid Deployment Support

Infection Remediation

Vulnerability Management

Malware Detection

Cisco Secure Endpoint (formerly Cisco AMP)

Palo Alto Networks Cortex XDR

Company-wide Incident Reporting

Integration with Other Security Systems

Attack Chain Visualization

Centralized Dashboard

Machine Learning to Prevent Incidents

Live Response for Rapid Remediation

Pros

lightweight connector
great integration with other security products
highly effective
will also alert for vulnerable software being used on your systems

Read full review

Wouter Hindriks

Technical Team Lead Network & Security

Missing Piece BVInformation Technology and Services, 11-50 employees

View all 9 answers on this topic

Protection from advanced malware threats.
Cloud hosted service with good management interface.
Supports Windows, Mac, Linux (and Android, but I haven't tried that).

Read full review

Allan Crittenden Edwards

Security Analyst

Eastern Michigan UniversityHigher Education, 1001-5000 employees

View all 1 answers on this topic

Cons

Sometimes during whitelisting, other files from security tools get isolated even if it's not user intended.
Re-syncing policies also take some time, albeit in a straightforward process.
As with all security software, false-positives are still detected.
Hoping that once the library is expanded further, the false positives will be fewer.

Read full review

Ericson Aragoza

Unified Communications Engineer

VisionsConnectedTelecommunications, 501-1000 employees

View all 9 answers on this topic

Showing the significance of behavior based alerts. It is hard to understand what is implicated by these alerts.
Rollout to Macs was a challenge for us because of the permissions that have to be allowed. Endpoint management could have helped with this.
Still waiting for support in the Palo Alto Splunk app for logs from Cortex.

Read full review

Allan Crittenden Edwards

Security Analyst

Eastern Michigan UniversityHigher Education, 1001-5000 employees

View all 1 answers on this topic

Usability

Cisco Secure Endpoint (formerly Cisco AMP) 8.5

Based on 4 answers

I give it a very good score due to its simplicity in deployment, actually being able to do everything remotely is very good. Also noteworthy is the low consumption of resources compared to other competitive products.

Cisco support is really very remarkable and the tool has a good integration with other products, a very good work dashboard and very useful reporting.

Read full review

Sebastián Sarasate

Infrastructure Manager

Grupo Logístico AndreaniLogistics and Supply Chain, 5001-10,000 employees

View all 4 answers on this topic

Palo Alto Networks Cortex XDR 9.0

Based on 1 answer

Cortex has a beautiful dashboard that is fairly easy to configure once you understand how policies work. My suggestion would be to definitely watch some of their training videos on copying and modifying the default policies before attempting to set anything up. But once you know, it is easy. Using endpoint management software (SCCM/JAMF/etc) for deployment is a must.

Read full review

Allan Crittenden Edwards

Security Analyst

Eastern Michigan UniversityHigher Education, 1001-5000 employees

View all 1 answers on this topic

Support Rating

Cisco Secure Endpoint (formerly Cisco AMP) 8.1

Based on 12 answers

We have needed very little support, but anytime we need to reach out for assistance they have always been helpful and knowledgeable about the product and helped us resolve any issues or needs we may have

Read full review

Nicole McMillian

Cyber Security Analyst

Associated Wholesale GrocersWholesale, 1001-5000 employees

View all 12 answers on this topic

Palo Alto Networks Cortex XDR 8.0

Based on 1 answer

Cortex XDR ranks high for its abilities in prevention. We do see malware that Cortex is able to stop that is undetected by Microsoft's endpoint protection. But it seems comparable products such as Crowdstrike may do better in providing details around alerts. Without this context we can't mount a more thorough response to alerts because we don't have the appropriate information to do so.

Read full review

Allan Crittenden Edwards

Security Analyst

Eastern Michigan UniversityHigher Education, 1001-5000 employees

View all 1 answers on this topic

Alternatives Considered

AMP is far superior to Symantec in my opinion. It is much more robust and customizable. It is much easier to manage systems and to spot trouble areas. Deploying and upgrading clients is much simpler. It is a much more lightweight client on the desktop. Overall a much better product in my opinion.

Read full review

Verified User

Engineer in Information Technology

Education Management Company, 1001-5000 employees

View all 9 answers on this topic

We had MS Endpoint Protection in place. It is still useful for catching basic known commodity malware. But Palo Alto Cortex XDR shines in the fact that it can capture malware that has never been seen before. It has caused pen testers to get stopped in their tracks rather than pivoting to another system. That said, we are still very interested in Crowdstrike next license cycle so we can better visualize the attack timeline and understand the significance of alerts.

Read full review

Allan Crittenden Edwards

Security Analyst

Eastern Michigan UniversityHigher Education, 1001-5000 employees

View all 1 answers on this topic

Return on Investment

HAMP has allowed the team to focus on value added activities instead of constant cleanup of workstations and servers.
AMP is probably not the most cost effective solution, but is very good at protecting your systems.

Read full review

Scott Shipley

Senior IT Manager - Global Infrastructure

Tennant CompanyMachinery, 1001-5000 employees

View all 9 answers on this topic

Cortex XDR has stopped malware from executing on EMU machines.
Cortex XDR has saved time managing endpoint protection.

Read full review

Allan Crittenden Edwards

Security Analyst

Eastern Michigan UniversityHigher Education, 1001-5000 employees

View all 1 answers on this topic

Pricing Details

General

Free Trial

—

Free/Freemium Version

—

Premium Consulting/Integration Services

—

Entry-level set up fee?

No

General

Free Trial

—

Free/Freemium Version

—

Premium Consulting/Integration Services

—

Entry-level set up fee?

No

Rating Summary

Cisco Secure Endpoint (formerly Cisco AMP)

Palo Alto Networks Cortex XDR

Cisco Secure Endpoint (formerly Cisco AMP)

Palo Alto Networks Cortex XDR

Cisco Secure Endpoint (formerly Cisco AMP)

Palo Alto Networks Cortex XDR