Microsoft System Center Endpoint Protection vs. Palo Alto Networks Cortex XDR

If an organization is all Windows-based Active Directory systems, then System Center Endpoint Protection is worth deploying and using. If it's a hybrid of operating systems, then an alternative solution is best.

Incentivized

Malware that doesn’t leave files behind has become widely available. Anyone who can afford to reverse this trend should purchase technology. Application whitelisting isn’t for everyone, and Palo Alto Networks Traps can help. Enterprises looking for a low-affected, next-generation solution with high protection should consider it. PAN Traps is a great product at a reasonable price, and I highly recommend it.

Incentivized

• It is easy to use and configure. This is a benefit, not just for the IT/Admin team, but also for the end-user, as they can easily set how and when to run scans.
• It is good a identifying threats and removing these threats. When looking for a product such as this, it is important to really look at these two areas to really see how the software will work in a real-world environment. SCEP is one such product that does really well at both of these things.

Incentivized

• Direct Access to devices via Live Terminal which provides operations with scripting, triage, and preservation of artifacts.
• Behavioral Indicators of Compromise which provides alerts on events regarding groups of hosts and their signatures.
• Querying complex data sets involving a variety of devices for network connections, hashes, DNS, etc.

Incentivized

• Not so much a limitation on the software itself, but the fact that is primarily only "signature" based, it cannot detect threats that have mutated.
• This software provides virtually no protection against zero-day threats.
• The System Center Endpoint Protection does not offer protections based on behavioral analysis.

Incentivized

• Traps doesn't seem to function as a traditional A/V very well, so it's better as another layer to your endpoint protection
• Traps can cause issues with some legacy or custom programs, so exceptions may have to be made
• Traps falsely identifies things as malicious at times, this is not often though

Incentivized

It is integrated with Windows and SCCM, making it easy to use, license, manage, and update. Additionally, it is straightforward to diagnose when virus and ransomware alerts are detected on endpoints. IT Service Desk management is also easy.

Incentivized

Cortex XDR does a very good job of blocking suspicious and threatening items. However, as with all software of this nature, it will sometimes block known-good items. The difficulty is in manually whitelisting these known-good items. The interface to whitelist is confusing even for a seasoned IT professional and has been the single most frustrating experience of using Cortex XDR

Incentivized

Support is pretty good overall. Since it's a Microsoft product, there are a number of different options for either end-users or IT Admins to get help with this product. This includes phone support, email, web KB articles, community forums, etc. This support is also available 24/7, which can't be said the same for every AV product out there. Also, organizations can opt to buy into Enterprise support, which gives the added benefit of faster response times, training by the vendor, etc.

Incentivized

The support we receive from Palo Alto is one of the best aspects of Traps. It is very easy to recommend their support. It seems much easier to connect directly with someone with a deep understanding of the product rather than other companies where you basically have to make an airtight case that it is some kind of non-standard issue that can't be solved with existing documentation. Palo Alto digs deep and helps with advanced troubleshooting to get things working.

Incentivized

Microsoft System Center Endpoint Protection was the logical choice for our organization since we were utilizing so many other Microsoft solutions. We have since realized the need for more advanced threat protections and primarily use SCEP as an additional level of protection. Our primary protection is being provided by Carbon Black because of it's advanced heuristics and behavioral analysis capabilities

Incentivized

Traps is the slickest interface, easy to use and intuitive rule making, and the rest just didn't quite stack up to the performance level of Traps. McAfee and Kaspersky just hog processor and RAM power. I didn't like the interface and functionality of SentinelOne as much as Traps. Palo Alto really put a lot of time into the development of this software, and had some of the founding fathers of IT Security heading the development process. Can't beat that.

Incentivized

• The Windows 11 version of SCEP is significantly better than the Windows 10 and older iterations, and it has saved us from virus issues in the past.
• This is faster and less work to deploy to a pc when we build and deploy them.
• No extra admin and costs for AV licensing in our case, which makes renewal times easier on IT Management.

Incentivized

• After putting Palo Alto Networks Cortex XDR on a user's system, users came back with a positive response that there are no performance issues now.
• We are able to track and control granular suspicious and malicious activities.
• Web controls are missing, which if they would have been there would have been very helpful.

Incentivized