SentinelOne Singularity Complete vs Trellix XDR comparison

SentinelOne and Trellix are both solutions in the Extended Detection and Response (XDR) category. SentinelOne is ranked #2 with an average rating of 9.0, while Trellix is ranked #33 with an average rating of 8.0. SentinelOne holds a 5.8% mindshare in XDR, compared to Trellix’s 0.6% mindshare. Additionally, 98% of SentinelOne users are willing to recommend the solution, compared to 100% of Trellix users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between SentinelOne Singularity Complete and Trellix XDR based on real PeerSpot user reviews.

Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed SentinelOne Singularity Complete vs. Trellix XDR Report (Updated: February 2026).

Buyer's Guide

SentinelOne Singularity Complete vs. Trellix XDR

February 2026

Download the complete report

Helped 884,933 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cortex XDR by Palo Alto Net...

Mindshare comparison

As of March 2026, in the Extended Detection and Response (XDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 4.9%, down from 5.6% compared to the previous year. The mindshare of SentinelOne Singularity Complete is 5.8%, up from 5.3% compared to the previous year. The mindshare of Trellix XDR is 0.6%, up from 0.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Extended Detection and Response (XDR) Mindshare Distribution
Product	Mindshare (%)
SentinelOne Singularity Complete	5.8%
Cortex XDR by Palo Alto Networks	4.9%
Trellix XDR	0.6%
Other	88.7%

Extended Detection and Response (XDR)

Featured Reviews

ABHISHEK_SINGH

Senior Process Expert at A.P. Moller - Maersk

Gained full visibility and streamlined threat detection through behavior-based insights and AI integration

Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.

Read full review

Vaibhav Mahendra Kolhe

Soc Analyst at Softcell Technologies Limited

Automation has reduced alerts and freed the soc team to focus on faster incident response

Regarding mean time to respond, the improvements I see with SentinelOne Singularity Complete are that genuine files also get alerts. We are getting false positives, but we are also getting genuine true positive alerts. The improvement will be deep visibility because as I am using Splunk as a SIEM, I compare deep visibility with Splunk, but deep visibility has limited access with only a 14-day policy to retain logs. The improvement will be in overall policy management. The third point will be the complexity of policies. If we want some endpoints to use only USB or if we need to block USB on some points, the policy management is very complex. The fourth point will be that Mac OS and Linux don't have the rollback policy; that policy is only for Windows. These four points are improvements if SentinelOne Singularity Complete can address them. Data privacy and security when utilizing Purple AI is crucial for SentinelOne Singularity Complete, and SentinelOne Singularity Complete lacks in data security. Data security is very important in this world. In my organization, if we deploy SentinelOne Singularity Complete and we have integrated all the firewalls, all devices, and AWS devices to SentinelOne Singularity Complete, logs will be forwarded to SentinelOne Singularity Complete through SentinelOne Singularity Complete. However, SentinelOne Singularity Complete doesn't have data security solutions such as Forcepoint DLP or 48 layer; SentinelOne Singularity Complete doesn't have that DLP solution. From the data security point of view, SentinelOne Singularity Complete is not good.

Read full review

PankajKumar24

IT Manager at Gigabit Technologies Pvt Ltd

Centralized security console has unified threat telemetry and automated investigation playbooks

The CPU utilization is very high with Trellix XDR. We are getting multiple types of CPU utilization from the EPP solution, with the EPP agent reaching as high as 80 percent CPU utilization. This creates big challenges for us. The support experience is also concerning. When we require support from Trellix immediately with high priority, we receive multiple emails requesting logs of various types. After that, we have to escalate to Trellix higher management, and then their agent will come in for a remote session to resolve any issues. I would give them eight out of ten points because of the high CPU utilization and the delayed support we experience.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly. The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that."

"Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."

"Palo Alto is the core of the security infrastructure in the environment."

"Cortex XDR is stable, offering high quality and reliable performance."

"Cortex XDR by Palo Alto Networks should be a stable solution."

"The dashboard is customizable."

"If any application performs suspicious activities, such as changing registries or modifying other applications, Cortex XDR detects and blocks the entire application."

"The solution's most valuable feature is its ability to rapidly detect certain hardware files."

More Cortex XDR by Palo Alto Networks pros

"The offline protection offered by SentinelOne Singularity Complete for my devices is valuable."

"Their platform is really easy to work with."

"The solution offers very rich details surrounding threats or attacks."

"We opted for SentinelOne because it gives you visibility and control over all the devices on which you have the agent deployed. That is very valuable because, in the end, all the attacks enter only through one gateway, which is usually a user's computer."

"SentinelOne is preferred because of its great features and nominal cost."

"For me, the most valuable feature is the Deep Visibility. It gives you the ability to search all actions that were taken on a specific machine, like writing register keys, executing software, opening, reading, and writing files. All that stuff is available from the SentinelOne console. I'm able to see which software is permanent on a machine, and how that happened, whether by registry keys or writing it to a special folder on the machine."

"Previously, we had some processes related to incident response which required more steps. We needed to upload to VirusTotal, Sandbox, et cetera. Now, this process is shortened because all of the information we need is already in SentinelOne. We can briefly analyze and even respond from one management console. If someone has SOC, using the API, they can control everything. It's very cool. I think this is the future."

"SentinelOne Singularity Complete has a valuable feature that allows us to install the agent on every endpoint and extract all asset information for reporting purposes in our live inventory."

More SentinelOne Singularity Complete pros

"The analytics assessment and flexibility of the platform are valuable."

"Trellix XDR is an excellent solution that is continually improving."

"It contributes to our system's robust event detection and analysis, enabling us to respond effectively to incidents."

"Because Trellix gives us multiple types of modules, we are using a single ePO console for multiple solutions including application control, DLP, and XDR."

Cons

"In reporting they should have a customizable dashboard due to the fact that C-level people don't like reporting to the IT department. They prefer to have a real-time dashboard. That kind of dashboard needs to have various customizations."

"Cortex XDR could improve its sales support team, including better commission structures and referral programs."

"The solution needs better reports. I think they should let the customer go in and customize the reports."

"Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want."

"There are some limitations on the Traps agents."

"There are a large number of false positives."

"When it comes to malware files, it should be a little quick because, at times, it would give a wrong result in the sense of what it might be on malware, even if it still might be a normal one."

"In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are the big company, so they can improve the UI a little bit. The UI, the reports, the log system can all be improved."

More Cortex XDR by Palo Alto Networks cons

"There is not much flexibility in terms of policy fine-tuning. We can turn it off or turn it on, but, there's nothing much else to do. Everything is predefined. It's good in a way, but you don't get much flexibility if you want to do something particular."

"There is not much focus on the on-premise solution as the license cap is so huge for small and medium-sized institutions."

"There is not much flexibility in terms of policy fine-tuning. We can turn it off or turn it on, but there's nothing much else to do."

"For ingestion and correlation across security solutions, the agent is quite heavier when compared to other competition."

"If there is a vulnerability that we know about, I search for that vulnerability—for example, Adobe. There are different versions of Adobe, but I'm not able to compile them into one report. I have to create separate reports for those versions."

"As a cloud-based product, there is a minimum number of licenses that need to be purchased, which is unfortunate."

"The product must provide the ability to update applications from the SentinelOne Management Console."

"The process of uninstalling and reinstalling older agent updates needs improvement."

More SentinelOne Singularity Complete cons

"Technical support is crucial, especially when facing critical issues. It's rated six out of ten. Improvements are needed in the support sector, with a focus on providing expert assistance during production periods."

"The EdgeGear solution is an area that requires attention, specifically regarding AI solutions and intelligence features."

"The platform should enhance compatibility with all other SIEM solutions."

"The CPU utilization is very high with Trellix XDR; we are getting multiple types of CPU utilization from the EPP solution, with the EPP agent reaching as high as 80 percent CPU utilization, which creates big challenges for us."

Pricing and Cost Advice

"Its pricing is kind of in line with its competitors and everybody else out there."

"In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage."

"I don't like that they have different types of licenses."

"The price was fine."

"The tool's price is moderate."

"Very costly product."

"Every customer has to pay for a license because it doesn't work with what you get from a managed services provider."

"The solution is expensive. It's pricing is on a yearly-basis."

More Cortex XDR by Palo Alto Networks pricing and cost advice

"We pay $30,000 a year for 275 endpoints. We're growing, so I plan to buy another 75 endpoints. There is still a year and a half left in my three-year subscription, so I'm going to increase my endpoint count by 30 percent."

"The pricing is on the higher end, making it less suitable for small or medium-sized businesses and perhaps not the ideal fit for the public sector where budget constraints may be more pronounced."

"SentinelOne Singularity Complete can be expensive for the SMB market but is suitable for enterprise-level organizations."

"I rate Singularity Complete four out of 10 for affordability. SentinelOne costs more than traditional antivirus solutions, but we get more out of it. It hasn't saved us any money, but it's an EDR solution, so we get a lot of value from it."

"I found the pricing for SentinelOne Singularity Complete reasonable."

"SentinelOne Singularity Complete is expensive, but we must be willing to pay for it if we want a high level of protection."

"Our licensing fees are about $5 USD per endpoint, per month."

"The pricing is very reasonable."

More SentinelOne Singularity Complete pricing and cost advice

Information not available

See which vendors are best for you

Use our free recommendation engine to learn which Extended Detection and Response (XDR) solutions are best for your needs.

See recommendations

884,933 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

Manufacturing Company

Financial Services Firm

Comms Service Provider

Computer Software Company

12%

Manufacturing Company

Financial Services Firm

Government

Computer Software Company

22%

Healthcare Company

10%

Government

Comms Service Provider

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	44
Midsize Enterprise	20
Large Enterprise	47

By reviewers
Company Size	Count
Small Business	94
Midsize Enterprise	48
Large Enterprise	78

No data available

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One

Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...

See all answers

Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)

Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...

See all answers

How is Cortex XDR compared with Microsoft Defender?

Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...

See all answers

Which is better - SentinelOne or Darktrace?

Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is ...

See all answers

What do you like most about SentinelOne Singularity?

The Ranger feature is valuable.

See all answers

What is your experience regarding pricing and costs for SentinelOne Singularity?

It is neither too costly, but definitely, it is one of the advantages that SentinelOne is quite adapted towards the p...

See all answers

What is your experience regarding pricing and costs for Trellix XDR?

Since I'm a technical engineer, I don't deal with pricing or licensing. Our sales team handles those aspects.

See all answers

What needs improvement with Trellix XDR?

The CPU utilization is very high with Trellix XDR. We are getting multiple types of CPU utilization from the EPP solu...

See all answers

What is your primary use case for Trellix XDR?

We are selling Trellix XDR products including DLP and EPP solutions. We sell Trellix XDR for endpoint protection. We ...

See all answers

Comparisons

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks

Compared 9% of the time

CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Cortex XSIAM vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks

Compared 3% of the time

Trellix Endpoint Security Platform vs Cortex XDR by Palo Alto Networks

Compared 3% of the time

More Cortex XDR by Palo Alto Networks Competitors

Fortinet FortiEDR vs SentinelOne Singularity Complete

Compared 5% of the time

CrowdStrike Falcon vs SentinelOne Singularity Complete

Compared 5% of the time

Microsoft Defender for Endpoint vs SentinelOne Singularity Complete

Compared 3% of the time

Huntress Managed EDR vs SentinelOne Singularity Complete

Compared 3% of the time

Trellix Endpoint Security Platform vs SentinelOne Singularity Complete

Compared 2% of the time

More SentinelOne Singularity Complete Competitors

CrowdStrike Falcon vs Trellix XDR

Compared 40% of the time

Trellix Endpoint Security Platform vs Trellix XDR

Compared 13% of the time

Mandiant Advantage vs Trellix XDR

Compared 13% of the time

More Trellix XDR Competitors

Product Reports

Buyer's Guide

Cortex XDR by Palo Alto Networks

March 2026

Download Cortex XDR by Palo Alto Networks product report

Buyer's Guide

SentinelOne Singularity Complete

February 2026

Download SentinelOne Singularity Complete product report

Buyer's Guide

Extended Detection and Response (XDR)

February 2026

Download Trellix XDR product report

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps

Sentinel Labs, SentinelOne Singularity

MVision XDR, MVision eXtended Detection and Response

Overview

Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.

Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.

What are the key features of Cortex XDR?

Advanced Threat Detection: Uses AI and machine learning for proactive threat identification.
Multi-layered Security: Combines various security measures for comprehensive protection.
Endpoint Protection: Safeguards against malware and exploits.
Behavioral Analysis: Monitors suspicious activity for early detection.
Automatic Threat Response: Automates responses to neutralize threats.

What benefits should users expect?

Ease of Use: Simplifies security management with intuitive design.
Resource Efficiency: Minimizes impact on system resources.
Integration Capabilities: Works well with existing security setups.
Reduced Analyst Workload: Automates processes to decrease manual intervention.

Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.

Palo Alto Networks

SentinelOne Singularity Complete delivers advanced endpoint protection leveraging AI-driven threat detection and behavior analysis for efficient malware and ransomware response. Its standout features enhance security insights and ensure comprehensive endpoint management.

SentinelOne Singularity Complete provides robust ransomware recovery through unique rollback capabilities and seamless integration with various security solutions. Its machine learning enhances endpoint protection, minimizing false positives and automating responses. While praised for real-time threat monitoring, incident management, and asset management, it faces challenges in managing the console, customizing UI, and maintaining policy flexibility. Some users report difficulties with deployment and integration with existing systems, and enhanced reporting, alert management, and documentation are desired. Its appeal extends to deploying across multiple operating systems, offering comprehensive security coverage and facilitating cybersecurity compliance.

What standout features does SentinelOne Singularity Complete offer?

Rollback Capability: Provides effective ransomware recovery.
AI-Driven Threat Detection: Enhances threat identification and response.
Behavior Analysis: Automates and refines security processes.
Seamless Integration: Works well with other security solutions.
Machine Learning: Minimizes false positives and improves threat response.

What benefits should users consider in reviews?

Enhanced Security Insights: Improves overall threat management.
Reduced Detection Time: Lowers incident response time significantly.
User-Friendly Interface: Simplifies process for deployment and management.
Comprehensive Endpoint Protection: Ensures broad defense against threats.

Industries implement SentinelOne Singularity Complete for its AI capabilities in advanced endpoint protection, particularly against malware and ransomware. It's utilized across diverse operating systems, aiding in real-time threat monitoring and facilitating compliance. Organizations use it for vulnerability assessments and asset management, ensuring optimal protection in complex IT environments.

SentinelOne

Gain greater visibility and superior detection with Trellix XDR. This constantly evolving cybersecurity platform defends against today’s and tomorrow’s most sophisticated threats with advanced capabilities such as machine learning and embedded cyber intelligence.

Trellix

Sample Customers

CBI Health Group, University Honda, VakifBank

Havas, Flex, Estee Lauder, McKesson, Norfolk Southern, JetBlue, Norwegian airlines, TGI Friday, AVX, Fim Bank

Information Not Available

Buyer's Guide

SentinelOne Singularity Complete vs. Trellix XDR

February 2026

Free Report: SentinelOne Singularity Complete vs. Trellix XDR

Find out what your peers are saying about SentinelOne Singularity Complete vs. Trellix XDR and other solutions. Updated: February 2026.

DOWNLOAD NOW

884,933 professionals have used our research since 2012.

See our SentinelOne Singularity Complete vs. Trellix XDR report.

See our list of best Extended Detection and Response (XDR) vendors.

We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.