CrowdStrike Falcon vs Palo Alto Networks Cortex XDR

Likelihood to Recommend

There aren't many scenarios where I wouldn't recommend CrowdStrike. You'll have the ability to create protection policies for different parts of your environment so that sensitive machines have as much protection as possible, and low-risk machines aren't overly locked down. The only reason I can't see someone choosing CrowdStrike is over a matter of budget. It's not the most expensive, nor is it the cheapest.

Read full review

Randy Munroe

Information Security Analyst

Randall-ReillyMarketing and Advertising, 201-500 employees

View all 8 answers on this topic

For those with some investment in Palo Alto already in particular I would say that you can do well with Cortex XDR. People already using the Wildfire machine learning antimalware service in the firewall will find a nice overlap of visibility here. But I would say they may either want to consider a higher license tier than just Protect or consider something like Crowdstrike which seems to do a better job of showing what a given alert means and therefore how you might want to respond. We will probably POC Crowdstrike at the end of our license.

Read full review

Allan Crittenden Edwards

Security Analyst

Eastern Michigan UniversityHigher Education, 1001-5000 employees

View all 1 answers on this topic

Feature Rating Comparison

CrowdStrike Falcon

Palo Alto Networks Cortex XDR

Anti-Exploit Technology

Endpoint Detection and Response (EDR)

Centralized Management

Hybrid Deployment Support

Infection Remediation

Vulnerability Management

Malware Detection

CrowdStrike Falcon

Palo Alto Networks Cortex XDR

Company-wide Incident Reporting

Integration with Other Security Systems

Attack Chain Visualization

Centralized Dashboard

Machine Learning to Prevent Incidents

Live Response for Rapid Remediation

Pros

Detects and automatically blocks dangerous behavior on endpoints that could be indicative of malicious activity, like executing programs from the deleted items folder, executing a SSH command in silent mode from different places in the OS, etc.
Monitors endpoints continuously for known malware, evaluates dangerous behaviors and blocks execution based on risk tolerance settings, uses AI to draw correlations on multiple attack vectors, and has a human malware hunting element to detect known or newly detected attack vectors.
Is easy to deploy across a large organization and manage centrally by as few as 1 person part time.
This was the fastest and easiest implementation of an enterprise grade security system I have ever done. I pushed software to the endpoints on a Friday afternoon, and was complete by Noon on Monday, as each workstation came online, the installer completed, and we were protected.

Read full review

Mark Sauer

Director of Information Technology

TransPakPackage/Freight Delivery, 1001-5000 employees

View all 8 answers on this topic

Protection from advanced malware threats.
Cloud hosted service with good management interface.
Supports Windows, Mac, Linux (and Android, but I haven't tried that).

Read full review

Allan Crittenden Edwards

Security Analyst

Eastern Michigan UniversityHigher Education, 1001-5000 employees

View all 1 answers on this topic

Cons

Falcon isn't continuously scanning the machine, if something is downloaded and viewed as safe it won't be re-checked later.
More dashboards and information on vulnerabilities on the machines would be helpful.
More reports that could be given to executives would also be beneficial. There are some now, but the options are rather limited.

Read full review

Verified User

Analyst in Information Technology

Telecommunications Company, 1001-5000 employees

View all 8 answers on this topic

Showing the significance of behavior based alerts. It is hard to understand what is implicated by these alerts.
Rollout to Macs was a challenge for us because of the permissions that have to be allowed. Endpoint management could have helped with this.
Still waiting for support in the Palo Alto Splunk app for logs from Cortex.

Read full review

Allan Crittenden Edwards

Security Analyst

Eastern Michigan UniversityHigher Education, 1001-5000 employees

View all 1 answers on this topic

Usability

No score

No answers yet

No answers on this topic

Palo Alto Networks Cortex XDR 9.0

Based on 1 answer

Cortex has a beautiful dashboard that is fairly easy to configure once you understand how policies work. My suggestion would be to definitely watch some of their training videos on copying and modifying the default policies before attempting to set anything up. But once you know, it is easy. Using endpoint management software (SCCM/JAMF/etc) for deployment is a must.

Read full review

Allan Crittenden Edwards

Security Analyst

Eastern Michigan UniversityHigher Education, 1001-5000 employees

View all 1 answers on this topic

Support Rating

CrowdStrike Falcon 8.5

Based on 12 answers

Ease of implementation.
Overall protection capabilities.
Real-time system inventory function.
Insight and intelligence of not only the threat, but the potential of the threat.
Support staff of their managed service is excellent.

Read full review

Verified User

Analyst in Finance and Accounting

Financial Services Company, 1001-5000 employees

View all 12 answers on this topic

Palo Alto Networks Cortex XDR 8.0

Based on 1 answer

Cortex XDR ranks high for its abilities in prevention. We do see malware that Cortex is able to stop that is undetected by Microsoft's endpoint protection. But it seems comparable products such as Crowdstrike may do better in providing details around alerts. Without this context we can't mount a more thorough response to alerts because we don't have the appropriate information to do so.

Read full review

Allan Crittenden Edwards

Security Analyst

Eastern Michigan UniversityHigher Education, 1001-5000 employees

View all 1 answers on this topic

Alternatives Considered

Business requirements, mainly. The most important/useful items we appreciate is ease of use and customer service and this product exceeds expectations in that regard. Other offers cover legacy systems and remain with that solution. However, the granularity that you can introduce to an environment is outstanding, all that without losing the simplicity of use.

Read full review

Samuel Hadid

Security Specialist

AMRHealth, Wellness and Fitness, 10,001+ employees

View all 8 answers on this topic

We had MS Endpoint Protection in place. It is still useful for catching basic known commodity malware. But Palo Alto Cortex XDR shines in the fact that it can capture malware that has never been seen before. It has caused pen testers to get stopped in their tracks rather than pivoting to another system. That said, we are still very interested in Crowdstrike next license cycle so we can better visualize the attack timeline and understand the significance of alerts.

Read full review

Allan Crittenden Edwards

Security Analyst

Eastern Michigan UniversityHigher Education, 1001-5000 employees

View all 1 answers on this topic

Return on Investment

A significant increase in responsiveness to data security incidents.
The frequency and extent of data security issues have been drastically reduced.

Read full review

Verified User

Executive in Information Technology

Restaurants Company, 10,001+ employees

View all 8 answers on this topic

Cortex XDR has stopped malware from executing on EMU machines.
Cortex XDR has saved time managing endpoint protection.

Read full review

Allan Crittenden Edwards

Security Analyst

Eastern Michigan UniversityHigher Education, 1001-5000 employees

View all 1 answers on this topic

Pricing Details

General

Free Trial

Yes

Free/Freemium Version

—

Premium Consulting/Integration Services

Yes

Entry-level set up fee?

No

General

Free Trial

—

Free/Freemium Version

—

Premium Consulting/Integration Services

—

Entry-level set up fee?

No

Rating Summary

CrowdStrike Falcon

Palo Alto Networks Cortex XDR

CrowdStrike Falcon

Palo Alto Networks Cortex XDR

CrowdStrike Falcon

Palo Alto Networks Cortex XDR