No more typing reviews! Try our Samantha, our new voice AI agent.

CRITICALSTART vs Palo Alto Networks Cortex XSOAR comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Torq
Sponsored
Ranking in Security Orchestration Automation and Response (SOAR)
4th
Average Rating
8.6
Reviews Sentiment
6.4
Number of Reviews
8
Ranking in other categories
AI-SOC (2nd), AI-Powered Security Automation (2nd)
CRITICALSTART
Ranking in Security Orchestration Automation and Response (SOAR)
26th
Average Rating
9.4
Reviews Sentiment
7.3
Number of Reviews
10
Ranking in other categories
Managed Detection and Response (MDR) (30th)
Palo Alto Networks Cortex X...
Ranking in Security Orchestration Automation and Response (SOAR)
3rd
Average Rating
8.4
Reviews Sentiment
6.5
Number of Reviews
51
Ranking in other categories
SOC as a Service (2nd)
 

Mindshare comparison

As of May 2026, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Torq is 3.7%, down from 5.4% compared to the previous year. The mindshare of CRITICALSTART is 1.1%, up from 0.2% compared to the previous year. The mindshare of Palo Alto Networks Cortex XSOAR is 8.8%, down from 10.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR) Mindshare Distribution
ProductMindshare (%)
Palo Alto Networks Cortex XSOAR8.8%
Torq3.7%
CRITICALSTART1.1%
Other86.4%
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

Nimrod Vardi - PeerSpot reviewer
Global IT Director at OpenWeb
Automation workflows have transformed our IT, enabling secure just-in-time access control
We work with them quite often, so we have a direct line regarding areas in Torq that have room for improvement. If we have a feature request, we can request it. I do not have anything in mind at the moment. We were a design partner for a short while, so we feel that they listen and that users of the system have an impact on the way the system is designed for the better. They have a new community, which is something that I personally suggested years ago. There are many people like me in different places and they might have already built the workflow that I need. Having the option to share workflows or to jump on a thread and say I have this need, did anyone ever build a workflow for it, is amazing. Someone would jump in and say yes, sure, here, take this workflow. I think this is an amazing thing and I really hope that the community will come alive because I think this is really powerful. This is something that I already suggested and it did happen eventually, and I am quite happy with it. I do not have any specific feature in mind that I have a need for at the moment.
JH
Sr. Manager, Security Engineering at a financial services firm with 501-1,000 employees
The transparency of data in the platform is perfect: You see everything as they are seeing it
Their Zero Trust Analytics Platform (ZTAP) engine, which is kind of their correlation engine, is by far and away one of the best in the business. We can filter and utilize different lists to build out different alerts, such as, what to alert on and when not to alert. This engine helps reduce our number of alerts and false positives. The service's Trusted Behavior Registry helps the provider solve every alert. The way that they have it built out is very intelligent. The way every alert comes in, it gets triaged one direction or another. If it is already a false positive, then it is still getting addressed and reviewed on a regular cadence. Also, true positive alerts get escalated to the appropriate personnel. Its mobile app is great. The ability just to be able to quick reference and see what's coming in when you're on the move or go. You don't always need to have your computer or laptop handy, because you can operate it just from the mobile app. It can communicate with analysts, which is great. The mobile app is great at affecting the efficiency of our security operations. Those guys are using it throughout the day, whether that be at the office, home, or off hours. Typically, they triage from the mobile app. Then, if an escalation needs to be done on a computer, they will pull out a computer. We were on the original UI for a few years, so the updated UI has been a refreshing change. It has significantly more ability to filter and translate data, then load that data. It is rather intuitive to click through for some of our junior analysts or interns, especially as we are starting to onboard and teach them different aspects of the security operations team.
CC
Enterprise Security Architect V at FirstEnergy
Customization supports seamless workflow while data influx challenges response time
What I appreciate most about Palo Alto Networks Cortex XSOAR is that it is very open, even more so than Anomali. I can create various custom automations and custom fields. There is significant customization ability in this platform. If I already have an established process, I do not have to change my process to fit into the tool. I can modify the tool to fit into my process, which makes things considerably easier. All of our alerts from different tools come into this central place as we have multiple SIEMs. We have items coming from Anomali and other platforms that are not SIEM tools. This serves as our central location where our SOC analysts can work and determine if incident response is needed. The platform provides data enrichment capabilities, offering information upfront so analysts do not have to search for it. They can access details such as username, phone number, email address, and workplace information. For malware files, they can retrieve details from VirusTotal, including file names and environment presence. We have built substantial automation around these features, which also helps us track case metrics, investigation time, and threat mitigation duration.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"As an analyst, it has demonstrated potential to reduce workforce requirements and time needed for related activities."
"Any request that comes in, regardless of how complex it is, I can accomplish it with Torq."
"If I review about 100 vendors that I might work with, Torq is definitely in the top five that gave me personally investment back, just because every bit of effort I put into Torq eventually became a workflow that gave it back to me."
"Using that one piece of AI, we auto-closed 511 cases in quarter four alone."
"What I appreciate most about Torq is that it is an essential part of our system."
"Since we started working with Torq, I am handling much fewer alerts, it is becoming really easy for me to handle an alert, I have all the information that I need, I do not need to connect to different vendors to receive this information, and the main thing I got from Torq is time, which now helps me to build another automated system and learn."
"Torq has helped a lot regarding SOC analyst efficiency."
"Once I started to use the system and I saw the potential, it changed all of our work in IT."
"CRITICALSTART makes us much more comfortable with knowing someone else is watching our data and our systems and knowing that professional security people are taking a look at any issues that do arise."
"The most valuable feature of their service is their tuning... If we were getting 1,000 alerts a day without them, they tune it until they know what to do for 999 of them, and one will make it through to us per day. That tuning is the most valuable part of their solution."
"The way that the user interface presents data enables our team to be able to make decisions significantly quicker, rather than have to dig into the details or go back to the original tools."
"It is a comfort to know that there is a team of professionals backing you up, especially in an area that you don't feel 100 percent comfortable."
"Their Zero Trust Analytics Platform (ZTAP) engine, which is kind of their correlation engine, is by far and away one of the best in the business. We can filter and utilize different lists to build out different alerts, such as, what to alert on and when not to alert. This engine helps reduce our number of alerts and false positives."
"Outside of using the platform to manage alerts, the feature of the service that we get the most value from is being able to reach out to them and say, "Hey, we might go buy a SIEM," for example. They give us their overview of what's out there, what they've dealt with, what they integrate with, and what that looks like. That's been pretty powerful over the years for us."
"There are two parts of CRITICALSTART's services that are most valuable to us. The MDR solution where they monitor our computers, laptops, and users across the board; and their knowledge of Palo Alto firewalls."
"We are absolutely seeing return on our investment from CRITICALSTART's services, as they're doing the job of a 24/7 SOC at a fraction of the price that it would cost me to run it myself."
"What I appreciate most about Palo Alto Networks Cortex XSOAR is that it is very open, even more so than Anomali."
"The product can automate security tasks."
"The most valuable features of Palo Alto Networks Cortex XSOAR are its overall track record and features that fit our use case."
"I'm using Cortex XSOAR to manage our network security."
"It was easy to integrate Cortex with existing infrastructure and other tech tools."
"Many different playbooks are available and can be customized."
"The performance is great."
"The solution has very good integration capabilities; it's really the best at integration, with commands inside every integration that make it very useful as a product, and the automation is excellent."
 

Cons

"The initial deployment of Torq was not easy."
"We have MCP that we are working with our cloud security platform, and we wanted to connect this MCP to the case management."
"Regarding the pricing of Torq, I would say it is expensive."
"It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet."
"Additionally, the documentation for Torq is not very clear. Most of the information is presented in videos, which are not ideal for reading; there are mostly paragraphs and other text-based content."
"The initial deployment of Torq was not easy."
"Even now, we have workflows that are in production that use AI steps and I get different results, making it unusable to some degree."
"Regarding stability, I have noticed some lagging, crashing, and downtime, which is one of my largest gripes."
"The biggest room for improvement is not necessarily in their service or offering, but in the products that they support."
"They could dig a little bit deeper into the Splunk alerts when they feel like they need to be escalated to us. For example, if a locked account shows up, they could do a little extra digging to verify that the locked account was due to a bad password on the local system. They could just do a little extra digging within the Splunk environment instead of pushing it onto us to go do that extra little digging."
"They could dig a little bit deeper into the Splunk alerts when they feel like they need to be escalated to us."
"They just did a user interface overhaul to the website portal that you use for troubleshooting tickets. The old one was fine. The new one is not intuitive and I hate it."
"During the six-month integration and rollout, there were some bumpy roads along the way. There were communication breakdowns between the project manager, CRITICALSTART leadership, and us (as the customer)."
"The UI has become slower but it's not something I would call them out on."
"The UI has become slower but it's not something I would call them out on."
"It costs a lot for what we felt comfortable to spend."
"The integration could be better. Cortex, for example, does not work with iPhone."
"Implementing this solution requires a lot of involvement from the vendor and it should be made easier for the partners."
"With Palo Alto Networks Cortex XSOAR, managing its setup phase can be a complicated task."
"The solution is very expensive."
"The solution is not a Palo Alto product so technical support is inadequate."
"I would like to see Cortex become less dependent on Active Directory and group policies to manage the deployment. Maybe I need to update my understanding of how to deploy it, but that's the way I know how to use it."
"The price of the solution could be improved."
"The solution should be made a bit cheaper."
 

Pricing and Cost Advice

Information not available
"The pricing has always been competitive. They have always been good to us. They will make it a fight. They don't try to hide anything; it's always been fully transparent and well-worth what we pay for it."
"As far as the expense goes, it's very competitive pricing and the services you get are almost like you have a person on your team."
"There are contractual penalties if their SLAs are not met. This commitment was very important in our decision to go with this service, because not having downtime is extremely important to us. The providers has not missed an SLA in the 18 months that I have worked with them."
"Overall, for what I'm paying for it, and the benefit I'm getting out of it, it is right where it needs to be, if not a little bit in my favor. For what it costs me to actually have this service, I could afford one internal person to do that job, but now I have a team of 10 or more who are doing that job, and they don't sleep because they work shifts."
"The pricing of other services was so insane that they weren't even an option."
"It costs a lot for what we felt comfortable to spend."
"I've told CRITICALSTART that I think the managed service they provide is cheaper than it should be. It's a really good deal."
"The solution's cost is high."
"On a scale of one to ten, where one is a low price, and ten is a high price, I rate the pricing a nine."
"When I first looked at Demisto, it had a price tag of $250,000 but when we finally purchased it, it was $345,000."
"The price of Palo Alto Networks Cortex XSOAR could be reduced. We are always looking for a discount. There is an annual license needed to use this solution."
"The price of Palo Alto Networks Cortex XSOAR is comparable to other solutions in the market."
"The solution's cost is reasonable."
"The pricing is fair. The pricing reflects the value and feature set it offers."
"The solution is based on an annual licensing model that is expensive."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
893,438 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Comms Service Provider
10%
Construction Company
10%
Manufacturing Company
9%
Real Estate/Law Firm
11%
Financial Services Firm
11%
Comms Service Provider
10%
Healthcare Company
7%
Financial Services Firm
13%
Computer Software Company
10%
Manufacturing Company
8%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business1
Midsize Enterprise3
Large Enterprise4
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise3
Large Enterprise4
By reviewers
Company SizeCount
Small Business21
Midsize Enterprise9
Large Enterprise26
 

Questions from the Community

What needs improvement with Torq?
This is exactly what we discussed two days ago with the Torq team. We told them where we want to see improvements. Fo...
What is your primary use case for Torq?
I use Torq as my case management and alert system. Working as a SOC analyst, the first thing I do every morning is ge...
What advice do you have for others considering Torq?
I would definitely recommend Torq. I have no doubt, really. When we looked for another vendor, Torq really answered a...
Ask a question
Earn 20 points
What is your experience regarding pricing and costs for Palo Alto Networks Cortex XSOAR?
Comparing pricing to Micro Focus, they were offering bundles, making it free with their SIEM. For customers, it is ze...
What needs improvement with Palo Alto Networks Cortex XSOAR?
Regarding areas for improvement in Palo Alto Networks Cortex XSOAR, I want to highlight one concern about playbook cr...
What is your primary use case for Palo Alto Networks Cortex XSOAR?
My primary use cases for Palo Alto Networks Cortex XSOAR are malware incidents, specifically phishing-related inciden...
 

Also Known As

No data available
Critical Start, CriticalStart
Demisto Enterprise, Cortex XSOAR, Demisto
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
Cellcom Israel, Blue Cross and Blue Shield of Kansas City, esri, Cylance, Flatiron Health, Veeva, ADT Cybersecurity
Find out what your peers are saying about CRITICALSTART vs. Palo Alto Networks Cortex XSOAR and other solutions. Updated: April 2026.
893,438 professionals have used our research since 2012.