No more typing reviews! Try our Samantha, our new voice AI agent.

Cortex Xpanse vs Darktrace comparison

Palo Alto Networks and Darktrace are both solutions in the Attack Surface Management (ASM) category. Palo Alto Networks is ranked #6 with an average rating of 8.5, while Darktrace is ranked #4 with an average rating of 8.1. Palo Alto Networks holds a 2.8% mindshare in ASM, compared to Darktrace’s 4.3% mindshare. Additionally, 100% of Palo Alto Networks users are willing to recommend the solution, compared to 95% of Darktrace users who would recommend it.
Cortex Xpanse
Read 6 Cortex Xpanse reviews
  • 1,924 Views
  • 1,905 Comparison Views
100% willing to recommend
Darktrace
Read 84 Darktrace reviews
  • 26,968 Views
  • 2,966 Comparison Views
95% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Jun 3, 2026

Darktrace and Cortex Xpanse are cybersecurity solutions competing in threat detection and response. Darktrace appears to have the upper hand with its AI-driven analytics and comprehensive network visibility, providing advanced features like Antigena that enable autonomous threat responses.

Features: Darktrace offers machine learning and AI-driven analytics, comprehensive network visibility, and proactive threat mitigation tools such as Antigena. Its AI engine significantly enhances phishing detection and alerts on data exfiltration. Cortex Xpanse focuses on attack surface management, highlighting detailed vulnerability reporting, detection of exposed assets, and digital brand protection.

Room for Improvement: Darktrace should improve its handling of false positives and offer better integration with endpoint solutions while simplifying its user interface. Pricing and complexity of visualizations are other points of concern. Cortex Xpanse could benefit from enhanced dark-web scanning and better cloud connectivity, along with more appealing customization options and pricing strategies.

Ease of Deployment and Customer Service: Darktrace provides multiple deployment options, including on-premises and cloud, with users appreciating its comprehensive technical support although setup can be challenging for non-technical users. Cortex Xpanse allows straightforward deployments in hybrid and public clouds, and while its technical support is rated excellent, it isn't as frequently mentioned as Darktrace's.

Pricing and ROI: Darktrace is perceived as expensive, but users find it worthwhile due to its advanced capabilities and improved threat identification, contributing to strong ROI through better visibility. Similarly, Cortex Xpanse is also considered costly, especially in comparison to firewall tools, yet its investment is justified by efficient attack surface management. Pricing competitiveness is an area both solutions could enhance.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Cortex Xpanse vs. Darktrace Report (Updated: April 2026).
Buyer's Guide
Cortex Xpanse vs. Darktrace
April 2026
Download the complete report
Helped 900,644 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex Xpanse
Ranking in Attack Surface Management (ASM)
6th
Average Rating
8.8
Reviews Sentiment
7.2
Number of Reviews
6
Ranking in other categories
No ranking in other categories
Darktrace
Ranking in Attack Surface Management (ASM)
4th
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
84
Ranking in other categories
Email Security (10th), Intrusion Detection and Prevention Software (IDPS) (2nd), Network Traffic Analysis (NTA) (1st), Network Detection and Response (NDR) (1st), Extended Detection and Response (XDR) (7th), Cloud Security Posture Management (CSPM) (10th), Cloud-Native Application Protection Platforms (CNAPP) (9th), AI-Powered Cybersecurity Platforms (5th), AI Observability (6th)
 

Mindshare comparison

As of June 2026, in the Attack Surface Management (ASM) category, the mindshare of Cortex Xpanse is 2.8%, down from 4.3% compared to the previous year. The mindshare of Darktrace is 4.3%, down from 10.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Attack Surface Management (ASM) Mindshare Distribution
ProductMindshare (%)
Darktrace4.3%
Cortex Xpanse2.8%
Other92.9%
Attack Surface Management (ASM)
 

Featured Reviews

reviewer1442496 - PeerSpot reviewer
reviewer1442496
System Administrator at a retailer with 5,001-10,000 employees
Ensures robust security management with seamless integration
We work with the cloud version of Cortex Xpanse. We are working with Palo Alto products right at the moment. We have Cortex and GlobalProtect that we are using. I'm not sure if we utilize Cortex Xpanse's capability to identify internet-facing assets. I'm not sure about the automated threat assessment of Cortex helping prioritize vulnerabilities. I would assess the integration capabilities of Cortex Xpanse as good; no issues so far with integration with other tools from different vendors. Cortex Xpanse supports our organization's regulatory compliance efforts 100%, and it's what we need from it. Right now, I am working only with Palo Alto for security. I am not planning to work with some other vendors. On a scale of one to ten, I rate Cortex Xpanse a nine.
Read full review
Pasan Jayarathna - PeerSpot reviewer
Pasan Jayarathna
Network Security Engineer at Cyberwell Solution
Monitoring has improved data loss detection and now spots abnormal internal file transfers quickly
In my understanding, the best feature Darktrace offers is the identification of copying files, which acts as a DLP, and it is a main concern for companies because users sometimes copy data outside without knowing, especially those without a technical background. When I mention the DLP-like feature and file copying detection, the alerts have been very timely, as we get an alert within a couple of minutes, which is excellent. Even if some developers are working after hours and copying files, our SOC team detects this, and most of the time they call us so we can identify the users. The alerts are quite accurate and proactive.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable features of the solution are its firewall and antivirus."
"The best feature of the product is that it's easy to manage when we have set it up, and the beneficial impact of Cortex Xpanse for the company is security."
"As an attack surface manager, I highly recommend Cortex Xpanse, especially if there are many services exposed publicly on the internet."
"Cortex Xpanse is a strong solution for attack surface management, including digital brand protection and continuous monitoring."
"Cortex Xpanse has an easy-to-use user interface."
"The most valuable aspect is its ability to catch trojans and malware."
"When there is an alert from Cortex Xpanse regarding a certificate or surface, it prompts us to take immediate action."
"I find it very good in the way that they show the past events, including the attack history, and you are able to visualize all of the attack paths and connectivity to see what's happened."
"Provides great network protection."
"The active threat dashboard is the most valuable feature of this solution."
"Technical support is helpful and responsive."
"They've worked hard to be the top security control in terms of AI and machine learning, and their product works well."
"The most valuable feature in Darktrace is that it gives me a comprehensive, detailed view of my network and whatever is happening inside it."
"The autonomous response is also highly designed in Darktrace."
"It is a very simple product to use."
More Darktrace pros
 

Cons

"Cortex Xpanse needs to add dark-web scanning."
"Cortex Xpanse should offer better customization and configuration options on its dashboard."
"Regarding technical support, I would rate it as a seven."
"There is an issue with the old versions of Cortex, and so when we have an older one with Windows or any OS, we have a problem with its connectivity with the cloud."
"It's challenging to confirm the absolute coverage and penetration of Cortex Xpanse into the Dark Web. The solution lacks comprehensive intelligence on adversaries and risks, which other competitors might provide."
"Some improvements are needed in the user interface. It may require more enhancements."
"It can have more integration with orchestration or event management solutions. They can provide more knowledge or research information for analysts for investigating cases and detecting anomalies in networks."
"Darktrace could improve its features, such as monitoring and detecting ransomware."
"The price point for the product was too high for what our possible use case could be."
"The stability isn't good but I like the product."
"I am not so satisfied with the pricing model for Darktrace. The price is a little bit high compared to other solutions."
"There are numerous false positives."
"There is no dedicated salesperson in Egypt, and having one would help to improve focus on this market."
"I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools."
More Darktrace cons
 

Pricing and Cost Advice

"Cortex Xpanse is cheaper than other solutions."
"The tool's cost is too high."
"It was $3,600 a month or $2,000 plus or so. I am not sure. Its licensing is pretty simple."
"The tool's pricing is costly."
"If you consider the features and the cost of market leaders, we are satisfied with the pricing."
"Darktrace is quite an expensive solution."
"The pricing is very flexible for Darktrace. Sometimes, a customer does not have the appropriate budget, but Darktrace can handle that. They offer monthly payments, so the customer can acquire the solution very easily."
"The solution is about $6,000 per quarter."
"Darktrace is pricey, but the price is reasonable for what the solution does, and it's comparable to other products."
"We had an issue with pricing initially and had to cancel some of the features of the projects to fit the budget. I would like to see pricing that is not broken up into parts so that we can buy the whole package once. Darktrace is more expensive than an average solution, but it's functionality won't match that of an average solution."
More Darktrace pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Attack Surface Management (ASM) solutions are best for your needs.
See recommendations
900,644 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
12%
Computer Software Company
10%
Government
10%
Performing Arts
8%
Manufacturing Company
10%
Financial Services Firm
9%
Computer Software Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business44
Midsize Enterprise20
Large Enterprise29
 

Questions from the Community

What is your experience regarding pricing and costs for Cortex Xpanse?
I don't know the licensing or setup cost; I have no idea about the cost.
See all answers
What needs improvement with Cortex Xpanse?
I'm not sure right now; I have nothing to comment on regarding what could be improved in the product. We are using it and we are satisfied. I have nothing to comment right now on what other feature...
See all answers
What is your primary use case for Cortex Xpanse?
Cortex Xpanse is usually used for security from clients.
See all answers
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a cl...
See all answers
Which is better - SentinelOne or Darktrace?
Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for organ...
See all answers
What is your experience regarding pricing and costs for Darktrace?
Concerning pricing for the product, I would say it is somewhat expensive.
See all answers
 

Comparisons

Tenable Attack Surface Management vs Cortex Xpanse Logo
Tenable Attack Surface Management vs Cortex Xpanse
Compared 15% of the time
CyCognito vs Cortex Xpanse Logo
CyCognito vs Cortex Xpanse
Compared 11% of the time
Bitsight vs Cortex Xpanse Logo
Bitsight vs Cortex Xpanse
Compared 10% of the time
Censys Attack Surface Management vs Cortex Xpanse Logo
Censys Attack Surface Management vs Cortex Xpanse
Compared 6% of the time
IBM Security Randori Recon vs Cortex Xpanse Logo
IBM Security Randori Recon vs Cortex Xpanse
Compared 4% of the time
More Cortex Xpanse Competitors
Vectra AI vs Darktrace Logo
Vectra AI vs Darktrace
Compared 5% of the time
CrowdStrike Falcon vs Darktrace Logo
CrowdStrike Falcon vs Darktrace
Compared 4% of the time
Cisco Secure Network Analytics vs Darktrace Logo
Cisco Secure Network Analytics vs Darktrace
Compared 2% of the time
SentinelOne Singularity Endpoint vs Darktrace Logo
SentinelOne Singularity Endpoint vs Darktrace
Compared 2% of the time
ExtraHop Reveal(x) vs Darktrace Logo
ExtraHop Reveal(x) vs Darktrace
Compared 2% of the time
More Darktrace Competitors
 

Product Reports

Buyer's Guide
Attack Surface Management (ASM)
May 2026
Cortex Xpanse reportDownload Cortex Xpanse product report
Buyer's Guide
Darktrace
June 2026
Darktrace reportDownload Darktrace product report
 

Overview

Cortex Xpanse offers comprehensive security by identifying trojans, malware, and unknown exposed assets while providing digital brand protection and monitoring, benefiting organizations of all sizes.

Cortex Xpanse provides robust threat detection and management with features like real-time reporting and asset discovery. Its antivirus and firewall enhance security, while dark web monitoring facilitates swift action on vulnerabilities and certificates. However, improvements in cloud connectivity and dark web scanning are needed. Enterprises, especially those with Security Operations Centers, find it useful for its installation ease, device control, and security measures, despite firewall complexity.

What are key features of Cortex Xpanse?
  • Digital Brand Protection: Shields the organization's digital brand from threats.
  • Continuous Monitoring: Observes activities for quick threat detection.
  • Real-Time Reporting: Provides timely security insights through user-friendly interfaces.
  • Asset Discovery: Identifies vulnerable assets for proactive management.
  • Firewall and Antivirus: Strengthens overall security posture.
What benefits and ROI should users consider?
  • Proactive Threat Management: Allows organizations to react swiftly to emerging threats.
  • Ease of Installation: Supports seamless deployment across networks.
  • Comprehensive Device Control: Ensures effective management and monitoring of devices.
  • Actionable Vulnerability Insights: Enhances security decision-making processes.

Cortex Xpanse is predominantly applied in large enterprises for safeguarding applications and databases against ransomware and malware. Organizations with Security Operations Centers leverage its customizable policies for client security and vulnerability remediation. It aids in managing attack surfaces as a proactive security strategy.

Palo Alto Networks

Darktrace revolutionizes network security with AI-driven alerts, anomaly detection, and robust visibility across networks. It autonomously detects threats, minimizing the need for human oversight, and offers efficient IP identification with minimal false positives.

Darktrace uses advanced AI analytics to enhance network protection. Its powerful real-time threat response capabilities and self-learning enable thorough monitoring and insightful analysis of network activities. While providing scalable and reliable security, users seek improvements in false positive reduction, user-friendly interfaces, and pricing. Enhanced third-party integration, more effective dashboards, and centralized automation features remain top priorities. Users benefit greatly from its Antigena feature, offering automated responses like blocking suspicious connections for robust network defense.

What Are Darktrace's Key Features?
  • AI-Driven Alerts: Provides real-time alerts for threat detection.
  • Anomaly Detection: Identifies unusual network activities with precision.
  • Real-Time Threat Response: Autonomously counteracts potential threats.
  • Comprehensive Monitoring: Offers detailed network activity insights.
  • Scalability: Adapts to expanding network environments effectively.
Which Benefits Should Users Consider in Reviews?
  • Stability: Reliable performance ensures constant protection.
  • Efficient Cloud Protection: Safeguards data across cloud infrastructures.
  • Intuitive Interface: Facilitates easy navigation and efficient operations.
  • Network Visibility: Enhances understanding of network traffic and activities.
  • Automated Threat Blocking: Quick response to potential network breaches.

In industries employing Darktrace, it is pivotal in securing LAN networks, analyzing behavioral patterns, and detecting internal and external threats. Adoption alongside platforms like F5 and SAP enhances incident response, traffic analysis, and threat identification, utilizing Antigena for proactive security measures.

Darktrace
 

Sample Customers

Information Not Available
Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol, Allianz, KKR, AIRBUS, dpd, Billabong, Mclaren Group.
Buyer's Guide
Cortex Xpanse vs. Darktrace
April 2026
Free Report: Cortex Xpanse vs. Darktrace
Find out what your peers are saying about Cortex Xpanse vs. Darktrace and other solutions. Updated: April 2026.
DOWNLOAD NOW
900,644 professionals have used our research since 2012.
See our Cortex Xpanse vs. Darktrace report.
See our list of best Attack Surface Management (ASM) vendors.

We monitor all Attack Surface Management (ASM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.