No more typing reviews! Try our Samantha, our new voice AI agent.

SanerNow CyberHygiene Platform vs Trellix Active Response comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
SanerNow CyberHygiene Platform
Ranking in Endpoint Detection and Response (EDR)
42nd
Average Rating
9.6
Reviews Sentiment
7.6
Number of Reviews
2
Ranking in other categories
Vulnerability Management (49th), Patch Management (17th), Risk-Based Vulnerability Management (19th)
Trellix Active Response
Ranking in Endpoint Detection and Response (EDR)
49th
Average Rating
7.0
Reviews Sentiment
5.1
Number of Reviews
5
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of SanerNow CyberHygiene Platform is 0.7%, up from 0.1% compared to the previous year. The mindshare of Trellix Active Response is 0.6%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
SanerNow CyberHygiene Platform0.7%
Trellix Active Response0.6%
Other95.1%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
JU
Information Technology Supervisor at DMCI Homes, Inc.
Can automate updates and manage software licenses more effectively
Our team uses the SanerNow CyberHygiene Platform for threat detection, focusing on features like vulnerabilities and asset exposure. The asset exposure feature is packaged with software licenses and machines. We get the latest updates and patches for Windows workstations and applications for remediation. We can automate these updates, which greatly improves our previous manual and scripting-based tools. Before, we struggled with setting policies and making changes to workstations. Now, we can automate updates and manage software licenses more effectively. We monitor who's using various licenses like Office, CAD, Visio, and Lumion.
ED
Senior Manager Operational Technology and Cyber Security at Eskom Ltd
Operational efficiencies increase with immediate threat alerts for endpoints
We use Trellix Active Response primarily for our endpoints, including desktop computers. It monitors all the tools that our users use for their day-to-day work The alerts provided by Trellix Active Response are its most valuable feature. They notify us immediately of any vulnerabilities on the…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"One of the main benefits of the solution is its intelligence to correlate the events into an incident."
"The normal protection was really effective, and we detected situations that if we didn't have Cortex XDR by Palo Alto Networks, it's highly likely that we would have been affected, but it protected the infrastructure."
"Cortex XDR by Palo Alto Networks saves time in various ways, although the user interface is fairly standard."
"Automation and playbooks have helped me significantly, as Cortex Xnor's playbooks predefine the workflow of the automation, such as response processes, alert triggering, and enriching the context, efficiently detecting and blocking malicious attacks with firewalls while eliminating workload and speeding responses for next-generation operations."
"This software helps us understand any issues that may arise when someone is not at work."
"Traps pays for itself within the first 16 months of a three-year subscription."
"The solution's most valuable feature is its ability to rapidly detect certain hardware files."
"The initial setup isn't too bad."
"Our team uses the SanerNow CyberHygiene Platform for threat detection, focusing on features like vulnerabilities and asset exposure. The asset exposure feature is packaged with software licenses and machines. We get the latest updates and patches for Windows workstations and applications for remediation. We can automate these updates, which greatly improves our previous manual and scripting-based tools."
"Although it is, in fact, a complete vulnerability management solution, the most valuable feature is the patch management functionality. Most of our customers give preference to this tool over other tools when it comes to patch management."
"The continuous monitoring component of this solution allows Trellix to launch the MDR solution, which correlates all incidents and provides investigation reports within a short period of time, hence offering an advantage to the customers using Trellix Active Response and its integrated products."
"With the ADR parts of it or the Active Response parts of it, we're able to get a little more information compared to the older version, such as analytics, user behavior analytics, triaging, and meaningful reporting."
"It's a little lighter compared to the older version, which was mostly signature-based."
"We are hoping to automate detection and response and take advantage of user behavior analytics, given that we are working from home. About half of our workers are still remote, so Active Response gives us that visibility and lets us automate a number of those events."
"The solution is scalable."
"The alerts provided by Trellix Active Response are its most valuable feature."
 

Cons

"This product has not improved my organization - in fact, we are in the process of moving back to another product as a result of Cortex's horrible impact on system performance."
"A little bit more automation would be nice."
"The solution eats memory of the computer, unlike anything I've ever seen."
"The solution lacks real-time, on-demand antivirus."
"In general, the price could be more competitive."
"I feel that it should not be a licensed activity because a feature should allow us to see applications running on end devices."
"I would like to see some additional features related to email protection included."
"It tends to do 99.9% of things. The only thing I'd like is single sign-on authentication into their cloud platform so that my users can be properly authenticated against it."
"SanerNow CyberHygiene Platform needs to incorporate more documentation."
"SanerNow has good integration with the more well known ITSM tools, but at the same time there are many other ITSM (IT Service Management) tools available in the market, including local tools here in India, and I'm not sure how SanerNow plans to integrate with them all out of the box."
"While the product is good, we are currently facing support issues."
"I also expected Active Response 's user interface to be much more analytical."
"The only area for improvement is regarding operational technology devices, specifically the engineering automation systems."
"I would rate technical support from Trellix Active Response as a seven because sometimes we face difficulties finding engineers quickly, leading to customer frustration."
"The truth, however, is that I was really looking for something much more advanced with user behavior analytics and some AI features that the other competitor's next-gen AV does offer."
"There are some components on the cloud that should also reside in the on-prem deployment models but don't."
 

Pricing and Cost Advice

"I don't like that they have different types of licenses."
"Licensing for Palo Alto Networks Cortex XDR can be costly, especially when it comes to a hundred users. A license is required for each user, and the subscription must be renewed on a yearly basis."
"It is cost-effective compared to similar solutions. It fits for the small businesses through to the big businesses."
"The price of the product is not very economical."
"Every customer has to pay for a license because it doesn't work with what you get from a managed services provider."
"The price of the solution could be reduced. I have customers that have voiced that the solution is good for the value but if I want to sell more of the solution the price reduction would help."
"Compared to CrowdStrike, Cortex XDR is an expensive solution."
"I don't recall what the cost was, but it wasn't really that expensive."
"As with several other solutions such as Microsoft MECM and SCCM, the licensing for SanerNow involves per-device pricing for each kind of product or service on offer."
"The pricing is reasonable - we paid about 2.5 million for 3,500 nodes."
"Our costs were somewhere around $600K in Trinidad dollars, which might be about $100K US. We have the ETP plus the EDR. Our recent renewal was 1800 licenses as opposed to the full amount. Our transaction cost was about $600K Trinidad dollars, which is somewhere around $90-100K US."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
903,067 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Outsourcing Company
14%
Construction Company
8%
Retailer
8%
Financial Services Firm
8%
Construction Company
18%
Financial Services Firm
18%
Comms Service Provider
12%
Performing Arts
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
No data available
No data available
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What is your experience regarding pricing and costs for SanerNow?
The pricing is reasonable - we paid about 2.5 million for 3,500 nodes.
What needs improvement with SanerNow?
SanerNow CyberHygiene Platform needs to incorporate more documentation.
What is your primary use case for SanerNow?
We use the tool for patch, application, and vulnerability management.
What is your experience regarding pricing and costs for McAfee Active Response?
Based on our evaluations, Trellix Active Response's pricing was the most feasible from a cost perspective. I rate the...
What needs improvement with McAfee Active Response?
For Trellix Active Response, there is room for improvement in the platform area and security area to make the dashboa...
What is your primary use case for McAfee Active Response?
The typical use case for Trellix Active Response is to provide quick incident response, as the product collects and c...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
SecPod SanerNow, SanerNow RP
McAfee Active Response
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Siemens, Aruba, SironLabs, POS Aviation, Kotak, Kaizen Automotive, Amagi, McNeilus Steel, Claremont, Glassbeam, Marlabs, Amazon Web Services
Liquor Control Board of Ontario
Find out what your peers are saying about SanerNow CyberHygiene Platform vs. Trellix Active Response and other solutions. Updated: June 2026.
903,067 professionals have used our research since 2012.