CrowdStrike Falcon and Cortex XSIAM both compete in the cybersecurity solution space, with CrowdStrike having a stronger emphasis on interactive endpoint security and Cortex focusing on integration and automation. CrowdStrike currently holds the upper hand in endpoint security, whereas Cortex leads in integration capabilities.
Features: CrowdStrike Falcon stands out for its robust EDR capabilities, AI-driven features, and minimal system impact, which secure endpoints effectively. Cortex XSIAM excels in extensive third-party integration and automated forensic analysis, making it a strong contender in network security operations. Both platforms provide comprehensive security solutions.
Room for Improvement: CrowdStrike Falcon should enhance report functionalities, improve native application support, and reduce false positives. Cortex XSIAM could benefit from performance optimization and expanding integration options. Both solutions require enhancements in different areas, with Falcon focusing on integration and reporting, and Cortex on performance optimization.
Ease of Deployment and Customer Service: CrowdStrike Falcon offers deployment flexibility across public, private, and hybrid clouds, including on-premises, but has mixed feedback on customer support, needing improvement in response times and ownership of cases. Cortex XSIAM mainly deploys on public cloud platforms and is noted for competent technical support.
Pricing and ROI: CrowdStrike Falcon, although more expensive, provides good value for larger enterprises with operational savings and integration flexibility. Cortex XSIAM has high pricing but offers reasonable value given its advanced features and integration abilities. Both platforms justify their costs through robust security benefits, with Falcon delivering more direct ROI and Cortex offering a comprehensive security suite.
CrowdStrike Falcon saves time and offers good value for money, especially for enterprise companies, because it can stop breaches.
It's very easy to deploy without many IT admins, saving time.
With premium support, core Palo Alto technical experts handle issues directly.
It is ineffective in terms of responding to basic queries and addressing future requirements.
The Palo Alto support team is fully responsive and helpful.
On a scale of one to ten, I would rate the technical support as a 10 because they resolve many issues for us.
The CrowdStrike team is very efficient; I would rate them ten out of ten.
They could improve by initiating calls for high-priority cases instead of just opening tickets.
Without proper integration, scaling up with more servers is meaningless.
Cortex XSIAM is highly scalable.
It has adequate coverage and is easy to deploy.
In terms of scalability, I find CrowdStrike to be stable, and I have not encountered any limitations with it.
There's no scalability limitation from CrowdStrike itself, as it just requires agent deployment.
The product was easy to install and set up and worked right.
Overall, Cortex XSIAM is stable.
It works really nice and performs really efficiently after configuration.
I have never seen instability in the CrowdStrike tool.
We are following N-1 versions across our environment, which is stable.
The biggest issue occurred when every computer worldwide experienced a blue screen.
Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long.
Cortex XSIAM needs improvements in terms of data onboarding, parsers, and third-party integration supports.
Cortex XSIAM is on the expensive side and requires substantial improvement in pricing.
Simplifying the querying process, such as using double quote queries or directly obtaining logs based on IP addresses or usernames, would be beneficial.
Another concern is CrowdStrike's GUI. It changes annually, making it hard to work and find options.
Threat prevention should be their first priority.
The first impression is that XSIAM would be more expensive than others we tried.
The product is very expensive.
Cortex XSIAM is pretty expensive, and the licensing process is not very comfortable.
It is expensive compared to SentinelOne, but as the market leader, it is worth it.
The licensing cost and setup costs are affordable.
The solution is a bit expensive.
The advanced visualization capabilities of the product are important for understanding security trends in an organization.
One of the valued aspects of the product is its use of artificial intelligence to detect security vulnerabilities.
The flexibility for creating manual workflows stands out.
I can investigate by accessing the customer's host based on the RTR environment and utilize host search to know details for the past seven days, including logins, processes, file installations, malicious processes, and network connections.
The real-time analytics aspect of CrowdStrike performs well because we get all logs in real-time, with no delay, allowing us to take action immediately.
Being an EDR solution, it helps us identify attacks in real-time.
| Product | Market Share (%) |
|---|---|
| CrowdStrike Falcon | 4.1% |
| Cortex XSIAM | 3.0% |
| Other | 92.9% |
| Company Size | Count |
|---|---|
| Small Business | 9 |
| Midsize Enterprise | 2 |
| Large Enterprise | 4 |
| Company Size | Count |
|---|---|
| Small Business | 46 |
| Midsize Enterprise | 34 |
| Large Enterprise | 61 |
Cortex XSIAM acts as a critical element for SOC foundations, integrating SIEM and EDR capabilities, valued for threat detection and seamless security orchestration with Palo Alto Networks products.
Organizations find Cortex XSIAM beneficial for SOC foundations due to its capability to integrate SIEM and EDR tools, facilitating data collection, detection, and response. It connects with third-party data sources while reducing management effort and offering cost-effective alternatives to competitors like CrowdStrike and Trend Micro. Featuring automation and integration with Palo Alto Networks products, Cortex XSIAM enhances threat detection. Unified architecture allows a comprehensive view of attacks, further supported by machine learning and integration with existing vendor solutions, ensuring that users gain insights without significant manual log analysis.
What are Cortex XSIAM's key features?
What benefits are evident in Cortex XSIAM reviews?
Industries implement Cortex XSIAM mainly in technology-driven sectors where centralized endpoint protection and automation of forensic investigation are paramount. By integrating several third-party systems for incident response, companies in competitive markets leverage its attributes for heightened operational security efficiency. However, users note areas for improvement, such as Attack Surface Management and integration enhancements, to better suit tech-heavy industries needing extensive connectivity with cybersecurity solutions.
CrowdStrike Falcon offers comprehensive endpoint protection with real-time threat detection, AI-driven capabilities, and seamless integration with other platforms. Its cloud-native design provides robust security across diverse environments, making it a reliable choice for modern cybersecurity needs.
CrowdStrike Falcon is heralded for features like robust endpoint visibility, threat detection, and AI-driven capabilities. Users value its efficient real-time monitoring, which maintains low impact on performance while offering seamless integration with platforms. The lightweight design, coupled with comprehensive dashboards and automated threat responses, enhances security operations while reducing resource strain. CrowdStrike's cloud-native architecture ensures flexible, always-on protection, making it adaptable to a wide range of environments. However, improvements can be made in log management, compatibility with diverse operating systems, and integration with third-party technologies. Users also seek more robust reporting features, fewer false positives, and better support for legacy systems. Enhanced policy application, AI capabilities, and extended on-demand scanning are desired, while pricing and technical support responsiveness are concerns.
What are CrowdStrike Falcon's key features?CrowdStrike Falcon is implemented widely in industries relying on robust endpoint protection for monitoring, securing endpoints, forensic analysis, and malware detection. Its cloud-based AI capabilities ensure comprehensive security across devices, making it a preferred choice for networks, servers, and workstations globally. The efficient management of security threats and compliance with regulations is achieved with minimal resource consumption.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
