Cybereason Endpoint Detection &amp; Response vs Lookout comparison

Cybereason Endpoint Detection & Response vs. Lookout

Download the complete report

Helped 884,933 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cortex XDR by Palo Alto Net...

Mindshare comparison

As of March 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.4%, down from 4.0% compared to the previous year. The mindshare of Cybereason Endpoint Detection & Response is 1.2%, up from 1.0% compared to the previous year. The mindshare of Lookout is 0.7%, up from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Endpoint Detection and Response (EDR) Mindshare Distribution
Product	Mindshare (%)
Cortex XDR by Palo Alto Networks	3.4%
Cybereason Endpoint Detection & Response	1.2%
Lookout	0.7%
Other	94.7%

Endpoint Detection and Response (EDR)

Featured Reviews

ABHISHEK_SINGH

Senior Process Expert at A.P. Moller - Maersk

Gained full visibility and streamlined threat detection through behavior-based insights and AI integration

Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.

Read full review

Ivan Burke

Head of Research Development and Innovation at CSIR

Offers useful threat hunting and response capabilities but struggles to justify cost for smaller deployments

I mostly work with incident response, so I work with a bunch of them interchangeably, but mostly with the EDR components; I also get involved with some of the XDR components, especially for the cloud. Regarding analysis features, such as deep behavioral detection, I do use it sometimes; I usually don't use the automated version of it, as I prefer threat hunting directly, depending on if the season is available. I know some of them have pretty good analytics engines, but I tend to do the threat hunting on my own. I manage incident response for a bunch of companies, so some of them have Cybereason Endpoint Detection & Response integrated into Sentinel, some into Fortinet, and others into various tools. When considering cost-effectiveness, their pricing structure works such that if you're a large organization with more than a thousand endpoints to deploy to, then Cybereason Endpoint Detection & Response is worthwhile. But for anything less than 300, it's too expensive; obviously, the more you buy, the better the price, making it cheaper for you. Cybereason Endpoint Detection & Response best fits enterprise-level businesses such as huge corporations; however, we are in the process of removing it from many of our endpoint clients because it's not really showing enough value for them at the moment. We're trying to see how we can improve it with some of our clients, but at the moment, it's struggling compared to other EDR solutions that we have deployed. On a scale of one to ten, I rate Cybereason Endpoint Detection & Response a six.

Read full review

David Baynton

IT Manager at NHS Trust

Enhanced mobile security with visibility into app and website usage, but installation challenges remain

We use Lookout for mobile devices, such as phones It has reduced our risk around mobile devices. I like the security features and being able to see what apps and websites people are using. There is nothing we have come across that we've desired. We have been using Lookout for one year. The…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The one feature of Palo Alto Networks Traps that our organization finds most valuable is the App ID service."

"Based on my experience, I would recommend Cortex XDR by Palo Alto Networks to other people."

"I generally believe that Cortex XDR by Palo Alto Networks is probably the best in the market right now."

"This software helps us understand any issues that may arise when someone is not at work."

"Cortex XDR by Palo Alto Networks should be a stable solution."

"It can automatically correlate events and logs, which is very helpful for an IT administrator. It can correlate different kinds of malware activities over a network, agent, or host system. You do not need to do it manually. It is a good feature. It is also a user-friendly solution. We have deployed it on the cloud because our space does not provide any flexibility for on-premises deployment, but Palo Alto has added some flexibility to install it on-premises. It must be like the same Cortex XDR agent for all the VPN services, web filtering services, and everything else."

"One of the main benefits of the solution is its intelligence to correlate the events into an incident."

"The initial setup isn't too bad."

More Cortex XDR by Palo Alto Networks pros

"I haven't had any issues with the solution. Stability-wise, I rate the solution a ten out of ten."

"The initial setup was straightforward."

"The solution is efficient."

"They do a very good job of providing multi-stage visualizations of malicious operations that immediately show all attack details across all devices and users. Since it is MalOp-centric model, you can see if there has been a similar operation across multiple machines. If it is the same thing appearing on multiple machines, you see all the machines and users affected in one screen."

"To get my Cybereason instance up and running, I just install it; it takes less than a minute or two to actually install and run the installer."

"Immediately we can pick up the computers in the network if any malicious operation that is triggered."

"The interface is user-friendly."

"It gives all the information in a clear response."

More Cybereason Endpoint Detection & Response pros

"The most valuable features are the antivirus as a whole, the anti-malware, and all of the protection features that scan our enterprise devices."

"We have not had any issues with bugs or breakdowns."

"The protection offered by the product is the most valuable feature. It detects vulnerabilities or traps on our users' phones and then prompts them to clean up their devices. Tools we used previously would only discover, which required us to gather information on the backend, so Lookout is a welcome upgrade."

Cons

"Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer."

"The solution lacks real-time, on-demand antivirus."

"Cortex XDR could improve its sales support team, including better commission structures and referral programs."

"I would like to see better protection, specifically to protect email applications."

"Managing the product should be easier."

"It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue."

"The price could be a little lower."

"Whenever the tool releases a new version when deploying the product across the organization, I feel like there are some disturbances in the CPU usage after upgrading the tool to the latest version."

More Cortex XDR by Palo Alto Networks cons

"The deployment on individual endpoints is more geared toward larger organizations. It might prove to be a bit too complicated for a smaller organization. You need to know what you're doing when you're deploying the sensor."

"Compared to our previous endpoint, we have a lot more false positives and a lot more duplication of alerts. So we're chasing more alerts."

"Reporting could be a bit more granular so that we had the ability to check regions and countries. I just noticed that, for instance, if I look at our servers, it's either "contained" or it's "not contained". I don't have the option, for instance, to look at countries. It only allows me to look at users as one big group."

"While the product is very good, there are still some areas for improvement. The initial triage area could be a bit simpler. They get into the weeds real fast; it gets very detailed very fast. I am still looking for an easier triage layer on top with the ability to dig deeper."

"I feel it is a shame that I cannot create groups of groups with inheritance."

"It initially took some time to deploy."

"The technical support will need to be improved."

"I feel that the product lacks reporting features and needs improvement."

More Cybereason Endpoint Detection & Response cons

"The initial setup requires a little bit of experience with configuration."

"From the analysis that we've done, they do seem to be maybe a step behind in trying to enter the market with a new solution. But when they do pick up, they do come out with some good products."

"We just submitted an enhancement request reflecting the main area we want to see improvement in; the APIs. Currently, we're able to build dashboards, but it's somewhat backward because we use our MDM API to create them. Lookout should provide API to customers so we can query our data and use it in our cloud, and this is the only outstanding area for improvement with the product right now."

Pricing and Cost Advice

"I am using the Community edition."

"It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff."

"Cortex XDR's pricing is ok."

"Cortex XDR by Palo Alto Networks is quite an expensive solution."

"The pricing is a little high. It is per user per year."

"In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage."

"The solution is expensive. It's pricing is on a yearly-basis."

"The cost depends on your chosen license type, like Pro or other licenses."

More Cortex XDR by Palo Alto Networks pricing and cost advice

"This product is somewhat expensive and should be cheaper."

"I had to go through a third-party to purchase it, which I wasn't really pleased about."

"In terms of cost, this is a good choice for our needs."

"The pricing is manageable."

"In terms of pricing, it's a good solution."

"I do not have experience with the licensing of the product."

"We considered a few other solutions. Some were ridiculously overpriced, while others didn't have solutions for Mac endpoints. That was a deal-breaker because most of our organization is on Mac. It came down to two vendors: Cybereason and another. They had similar pitches and almost identical approaches, but in the end, Cybereason gave us the best value for our money."

"Though it is not the cheapest solution but it fits our budget. We pay an annual licensing fee."

More Cybereason Endpoint Detection & Response pricing and cost advice

"The pricing is fair; it's comparable to our previous solution, and we carried out multiple POCs and POVs (proof of value). The product is worth the money we pay for it."

"Lookout is definitely on the lower end when it comes to price point and that seems to be the only differentiator. The technology is in place in this space and it's really about who is coming in at the better price point now."

See which vendors are best for you

Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.

See recommendations

884,933 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

Manufacturing Company

Financial Services Firm

Comms Service Provider

Financial Services Firm

12%

Computer Software Company

11%

Manufacturing Company

10%

Outsourcing Company

Computer Software Company

15%

Manufacturing Company

10%

Financial Services Firm

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	44
Midsize Enterprise	20
Large Enterprise	47

By reviewers
Company Size	Count
Small Business	5
Midsize Enterprise	4
Large Enterprise	13

By reviewers
Company Size	Count
Small Business	2
Large Enterprise	5

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One

Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...

Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)

Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...

How is Cortex XDR compared with Microsoft Defender?

Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...

What is your primary use case for Cybereason Endpoint Detection & Response?

My main use case for Cybereason Endpoint Detection & Response is mostly for incident response.

What needs improvement with Cybereason Endpoint Detection & Response?

When it comes to advanced threats, it sometimes helps me with finding them and hunting them down with threat detectio...

What advice do you have for others considering Cybereason Endpoint Detection & Response?

I mostly work with incident response, so I work with a bunch of them interchangeably, but mostly with the EDR compone...

What is your experience regarding pricing and costs for Lookout?

The pricing is a little expensive. We are currently looking at comparisons with other solutions, including Umbrella.

What needs improvement with Lookout?

There is nothing we have come across that we've desired.

What is your primary use case for Lookout?

We use Lookout for mobile devices, such as phones.

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks

Comparisons

Compared 9% of the time

SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks

Compared 6% of the time

CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Cortex XSIAM vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks

Compared 3% of the time

More Cortex XDR by Palo Alto Networks Competitors

CrowdStrike Falcon vs Cybereason Endpoint Detection & Response

Compared 10% of the time

SentinelOne Singularity Complete vs Cybereason Endpoint Detection & Response

Compared 7% of the time

Fortinet FortiEDR vs Cybereason Endpoint Detection & Response

Compared 4% of the time

Intercept X Endpoint vs Cybereason Endpoint Detection & Response

Compared 4% of the time

ESET Inspect vs Cybereason Endpoint Detection & Response

Compared 3% of the time

More Cybereason Endpoint Detection & Response Competitors

Zimperium vs Lookout

Compared 14% of the time

Microsoft Defender for Endpoint vs Lookout

Compared 5% of the time

CrowdStrike Falcon vs Lookout

Compared 5% of the time

Check Point Harmony Mobile vs Lookout

Compared 5% of the time

Workspace ONE UEM vs Lookout

Compared 3% of the time

More Lookout Competitors

Product Reports

Cortex XDR by Palo Alto Networks

Download Cortex XDR by Palo Alto Networks product report

Cybereason Endpoint Detection & Response

Download Cybereason Endpoint Detection & Response product report

Cybereason Endpoint Detection & Response report

Mobile Threat Defense

Download Lookout product report

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps

Cybereason EDR, Cybereason Deep Detect & Respond

CipherCloud

Overview

Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.

Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.

What are the key features of Cortex XDR?

Advanced Threat Detection: Uses AI and machine learning for proactive threat identification.
Multi-layered Security: Combines various security measures for comprehensive protection.
Endpoint Protection: Safeguards against malware and exploits.
Behavioral Analysis: Monitors suspicious activity for early detection.
Automatic Threat Response: Automates responses to neutralize threats.

What benefits should users expect?

Ease of Use: Simplifies security management with intuitive design.
Resource Efficiency: Minimizes impact on system resources.
Integration Capabilities: Works well with existing security setups.
Reduced Analyst Workload: Automates processes to decrease manual intervention.

Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.

Palo Alto Networks

Cybereason's Endpoint Detection and Response platform detects in real-time both signature and non-signature-based attacks and accelerates incident investigation and response. Cybereason connects together individual pieces of evidence to form a complete picture of a malicious operation.

LevelBlue

Lookout’s mobile EDR solution goes beyond traditional endpoint solutions by addressing the unique architecture, behaviors, and risks of iOS and Android devices. It provides industry-leading mobile threat defense on employee devices while also granting security teams the visibility and actionability needed to align mobile risk with traditional endpoint risk. By leveraging the world's largest AI-driven mobile security dataset, Lookout utilizes artificial intelligence (AI) and behavioral analysis to detect threats before they escalate, ensuring comprehensive protection for sensitive data and enabling secure mobile productivity.

Recognizing that employees using mobile devices are the new frontline, attackers are increasingly employing sophisticated social engineering techniques like phishing and smishing. These tactics exploit basic human instincts—trust, curiosity, and urgency—to trick users into revealing sensitive credentials, allowing threats to bypass traditional legacy security solutions. To combat this, Lookout provides AI-first protection against advanced social engineering attacks, device compromises, vulnerabilities, mobile malware, network threats.

Lookout

Sample Customers

CBI Health Group, University Honda, VakifBank

Lockheed Martin, Spark Capital, DocuSign, Softbank Capital

Information Not Available

Cybereason Endpoint Detection & Response vs. Lookout