Tanium vs Trellix Active Response comparison

Tanium and Trellix are both solutions in the Endpoint Detection and Response (EDR) category. Tanium is ranked #21 with an average rating of 8.5, while Trellix is ranked #47 with an average rating of 8.0. Tanium holds a 2.0% mindshare in EDR, compared to Trellix’s 0.5% mindshare. Additionally, 80% of Tanium users are willing to recommend the solution, compared to 50% of Trellix users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Jan 18, 2026

Tanium and Trellix Active Response are competing products in the cybersecurity market, focusing on endpoint management and threat detection. Tanium seems to have the upper hand with its comprehensive endpoint management capabilities, while Trellix Active Response excels in threat detection.

Features: Tanium offers robust endpoint visibility, effective real-time data tracking, and comprehensive network security solutions. It also provides instant discovery to monitor processes and has a strong inventory and compliance feature. Trellix Active Response, on the other hand, is notable for its proactive threat detection, ability to swiftly react to threats, and continuous monitoring that helps in incident response and detection.

Room for Improvement: Tanium could enhance its user interface for less technical users, streamline its deployment to be less resource-intensive, and expand its integrations with other software solutions. Trellix Active Response could improve its initial configuration process, provide more detailed analytics and reporting, and enhance its customization options to cater to diverse user needs.

Ease of Deployment and Customer Service: Tanium is recognized for its straightforward deployment and responsive customer support, making it a favorable choice for businesses that prioritize ease and speed. Trellix Active Response, while offering solid customer support, may require more initial configuration, appealing to companies that need a customized solution.

Pricing and ROI: Tanium has a higher setup cost, but its comprehensive endpoint coverage and security efficiencies offer a strong ROI. Trellix Active Response provides competitive pricing, with ROI linked closely to its threat resolution capabilities, favoring those prioritizing focused threat management.

To learn more, read our detailed Tanium vs. Trellix Active Response Report (Updated: March 2026).

Buyer's Guide

Tanium vs. Trellix Active Response

March 2026

Download the complete report

Helped 884,873 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cortex XDR by Palo Alto Net...

Mindshare comparison

As of March 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.4%, down from 4.0% compared to the previous year. The mindshare of Tanium is 2.0%, down from 2.4% compared to the previous year. The mindshare of Trellix Active Response is 0.5%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Endpoint Detection and Response (EDR) Mindshare Distribution
Product	Mindshare (%)
Cortex XDR by Palo Alto Networks	3.4%
Tanium	2.0%
Trellix Active Response	0.5%
Other	94.1%

Endpoint Detection and Response (EDR)

Featured Reviews

ABHISHEK_SINGH

Senior Process Expert at A.P. Moller - Maersk

Gained full visibility and streamlined threat detection through behavior-based insights and AI integration

Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.

Read full review

Mairajuddin Ahmed

Division Manager, Information Technology at a legal firm with 51-200 employees

Centralized policies have improved remote endpoint control and have simplified data visibility

The integration is not simple and easy. It requires experienced users or people who have done the implementation. When certain policies are applied, they do not immediately push the policies. For example, we manage endpoint device USB access. We set a policy to block it, but it does not come into effect immediately. Sometimes it takes three or four days for it to reflect. That is a pain point. I have raised this issue with support as well, but they said that I need to limit the number of devices in the policy. In terms of application deployment, for us, it was seamless.

Read full review

Ezzard De Lange

Senior Manager Operational Technology and Cyber Security at Eskom Ltd

Operational efficiencies increase with immediate threat alerts for endpoints

We use Trellix Active Response primarily for our endpoints, including desktop computers. It monitors all the tools that our users use for their day-to-day work The alerts provided by Trellix Active Response are its most valuable feature. They notify us immediately of any vulnerabilities on the…

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The multi-layered approach to the product gives you confidence that it will stop exploits, ransomware, worms, or viruses from compromising endpoints, essentially providing peace of mind."

"The solution's most valuable feature is the user interface."

"There has been a significant reduction of approximately 70% to 80% in our internal MTTR and MTTD metrics, now around five to eight minutes whereas previously it was hours, which has helped tremendously."

"The most valuable feature is that you can select remote access of any machine for sandboxing."

"The positive impacts I see from Cortex XDR by Palo Alto Networks include a complete 360-degree view of our security posture altogether, being a uniform platform where we are ingesting logs from multiple resources."

"The normal protection was really effective, and we detected situations that if we didn't have Cortex XDR by Palo Alto Networks, it's highly likely that we would have been affected, but it protected the infrastructure."

"The solution allows us to make investigations. Other XDR solutions also provide similar capabilities but for investigation, Cortex XDR is better."

"It is an easy-to-use tool."

More Cortex XDR by Palo Alto Networks pros

"I like the tool's incident response and security patching."

"I find the inventory and compliance features of Tanium to be the most impressive."

"Tanium is a very good product and I would rate it eight or nine out of ten."

"When I push a quick update, it's done right away, and I can rescan immediately to confirm completion within minutes."

"Tanium is used for endpoint management, specifically patching and configuration management."

"Tanium has made the process of detecting threats more proactive with its detection. So, the process is easier and more efficient."

"Tanium's most valuable feature is its instant discovery aspect."

"The solution's technical support is very responsive."

More Tanium pros

"The solution is scalable."

"We are hoping to automate detection and response and take advantage of user behavior analytics, given that we are working from home. About half of our workers are still remote, so Active Response gives us that visibility and lets us automate a number of those events."

"The alerts provided by Trellix Active Response are its most valuable feature."

"It's a little lighter compared to the older version, which was mostly signature-based."

"The continuous monitoring component of this solution allows Trellix to launch the MDR solution, which correlates all incidents and provides investigation reports within a short period of time, hence offering an advantage to the customers using Trellix Active Response and its integrated products."

Cons

"There's an overall lack of features."

"Cortex XDR by Palo Alto Networks could improve by offering remote management. It would be useful to look at the client's issue to fix it."

"I don't like that they have different types of licenses. For example, if users select a license, they think they will have all the platforms they need to improve their network or security. But after some time, Palo Alto Networks changed their licensing, and some of the features that, for example, were free at the beginning now have a cost. I think the integration can be improved. For example, a lot of tools are just integrated through APIs."

"The connection to the internet has not performed as expected."

"The solution could improve by providing better integration with their own products and others."

"When it comes to malware files, it should be a little quick because, at times, it would give a wrong result in the sense of what it might be on malware, even if it still might be a normal one."

"The GUI could be improved."

"Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files. It was unable to retrieve new file verdicts. It was using a thing called "local analysis" to determine if something was a malicious file or not. There was no dynamic analysis."

More Cortex XDR by Palo Alto Networks cons

"We had some issues with the solution's OS upgrade."

"The most painful thing is the interface. It's a bit unclear sometimes."

"Tanium's limitations should be improved because although it is a great tool, it is limited to only a few classes during a session."

"The main issues are the network connection because different customers have issues with their networks. It's difficult implementing this type of solution because the network is the main feature in the architecture for these types of solutions. Tanium could improve by creating some network optimization."

"We set a policy to block USB access. The moment a device is being set up on the network, I apply the policy, but it does not come into effect immediately."

"It is not really additional functions, or the features that are needed, rather the complexity would be reduced based on the number of modules required to put together a comprehensive operational security and risk compliance model."

"The solution lacks mobility."

"The solution needs to improve the reporting and tracking capabilities."

More Tanium cons

"The only area for improvement is regarding operational technology devices, specifically the engineering automation systems."

"I also expected Active Response 's user interface to be much more analytical."

"There are some components on the cloud that should also reside in the on-prem deployment models but don't."

"While the product is good, we are currently facing support issues."

"I would rate technical support from Trellix Active Response as a seven because sometimes we face difficulties finding engineers quickly, leading to customer frustration."

Pricing and Cost Advice

"The price was fine."

"It has a higher cost than other solutions, like CrowdStrike or Microsoft’s EDR tools, but it reduces the cost of our operations because it’s a new generation antivirus tool."

"I feel it is fairly priced."

"Its pricing is kind of in line with its competitors and everybody else out there."

"The pricing is a little bit on the expensive side."

"The tool's price is moderate."

"Cortex XDR's pricing is ok."

"Cortex XDR’s pricing is very reasonable."

More Cortex XDR by Palo Alto Networks pricing and cost advice

"There is an annual license required to use this solution."

"The solution offers value for money."

"The solution is expensive but it's a good investment."

"It's an expensive solution. It would be nice if the cost were lower."

"The product's pricing differs from region to region depending on negotiations and the number of endpoints."

"Tanium is a more expensive solution in Latin America than some of the competitors, such as BigFix."

"It is higher than some competitors in the market."

"Our costs were somewhere around $600K in Trinidad dollars, which might be about $100K US. We have the ETP plus the EDR. Our recent renewal was 1800 licenses as opposed to the full amount. Our transaction cost was about $600K Trinidad dollars, which is somewhere around $90-100K US."

See which vendors are best for you

Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.

See recommendations

884,873 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

Manufacturing Company

Financial Services Firm

Comms Service Provider

Financial Services Firm

15%

Government

11%

Manufacturing Company

Healthcare Company

Comms Service Provider

17%

Financial Services Firm

Performing Arts

University

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	44
Midsize Enterprise	20
Large Enterprise	47

By reviewers
Company Size	Count
Small Business	8
Midsize Enterprise	3
Large Enterprise	12

No data available

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One

Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...

See all answers

Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)

Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...

See all answers

How is Cortex XDR compared with Microsoft Defender?

Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...

See all answers

What needs improvement with Tanium?

While there is always room for improvement, I am pleased with Tanium.

See all answers

What is your primary use case for Tanium?

The primary use case for Tanium ( /products/tanium-reviews ) is compliance, patching, and inventory as part of the co...

See all answers

What advice do you have for others considering Tanium?

For smaller companies, Tanium is quite a big investment, and one needs to have a considerable setup to make it econom...

See all answers

What is your experience regarding pricing and costs for McAfee Active Response?

Based on our evaluations, Trellix Active Response's pricing was the most feasible from a cost perspective. I rate the...

See all answers

What needs improvement with McAfee Active Response?

For Trellix Active Response, there is room for improvement in the platform area and security area to make the dashboa...

See all answers

What is your primary use case for McAfee Active Response?

The typical use case for Trellix Active Response is to provide quick incident response, as the product collects and c...

See all answers

Comparisons

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks

Compared 9% of the time

SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks

Compared 6% of the time

CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Cortex XSIAM vs Cortex XDR by Palo Alto Networks

Compared 4% of the time

Symantec Endpoint Security vs Cortex XDR by Palo Alto Networks

Compared 3% of the time

More Cortex XDR by Palo Alto Networks Competitors

CrowdStrike Falcon vs Tanium

Compared 7% of the time

Microsoft Defender for Endpoint vs Tanium

Compared 5% of the time

BigFix vs Tanium

Compared 4% of the time

NinjaOne vs Tanium

Compared 4% of the time

Tenable Security Center vs Tanium

Compared 2% of the time

More Tanium Competitors

Trellix Endpoint Detection and Response (EDR) vs Trellix Active Response

Compared 13% of the time

CrowdStrike Falcon vs Trellix Active Response

Compared 11% of the time

Microsoft Defender for Endpoint vs Trellix Active Response

Compared 11% of the time

Trellix Endpoint Security Platform vs Trellix Active Response

Compared 8% of the time

Kaspersky Anti-Targeted Attack Platform vs Trellix Active Response

Compared 5% of the time

More Trellix Active Response Competitors

Product Reports

Buyer's Guide

Cortex XDR by Palo Alto Networks

March 2026

Download Cortex XDR by Palo Alto Networks product report

Buyer's Guide

Tanium

February 2026

Download Tanium product report

Buyer's Guide

Endpoint Detection and Response (EDR)

March 2026

Download Trellix Active Response product report

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps

Tanium Inc Cloud, Tanium XEM

McAfee Active Response

Overview

Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.

Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.

What are the key features of Cortex XDR?

Advanced Threat Detection: Uses AI and machine learning for proactive threat identification.
Multi-layered Security: Combines various security measures for comprehensive protection.
Endpoint Protection: Safeguards against malware and exploits.
Behavioral Analysis: Monitors suspicious activity for early detection.
Automatic Threat Response: Automates responses to neutralize threats.

What benefits should users expect?

Ease of Use: Simplifies security management with intuitive design.
Resource Efficiency: Minimizes impact on system resources.
Integration Capabilities: Works well with existing security setups.
Reduced Analyst Workload: Automates processes to decrease manual intervention.

Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.

Palo Alto Networks

Tanium offers robust endpoint protection, patching, and inventory management, consolidating the functions of tools like BigFix with capabilities in incident response, network security, and cloud or on-premise deployments.

Known for real-time capabilities, Tanium provides detailed analytics, security features, and device management. Users benefit from quick implementation, real-time updates, and patching campaigns. Despite its strengths, integration and custom plugin expansion remain areas to improve, along with data visualization and network optimization. Reporting enhancements and user training could advance its usability, and some UI elements may require updates for clarity and security.

What are the essential features of Tanium?

Detailed Analytics: Provides actionable insights for better decision-making.
Security Capabilities: Offers strong defense measures against threats.
Real-Time Queries: Facilitates immediate information access.
Patch Management: Streamlines software updates across devices.
Device Management: Efficiently handles comprehensive inventory and monitoring tasks.

What benefits should users expect?

Ease of Use: Simplifies complex IT tasks.
Scalability: Adapts to growing IT infrastructure needs.
Integration Flexibility: Merges with existing systems effortlessly.
Real-Time Updates: Ensures current data availability for informed actions.

Tanium's deployment spans industries focusing on endpoint protection and compliance, ensuring reliable device and server management in settings where safety and quick adaptation are critical. Organizations use it for application deployment, compliance checks, and integrating it as an EDR solution, enhancing overall security and operational efficiencies.

Tanium

Continuous Visibility into Your Endpoints:
Capture and monitor events, files, host flows, process objects, context, and system state changes that may be indicators of attack or dormant attack components.

Identify and Remediate Breaches Faster:
Access tools you need to quickly correct security issues. Send intelligence to analytics, operations, and forensic teams.

Target Critical Threats:
Get preconfigured and customizable actions when triggered, so you can target and eliminate threats.

Trellix

Sample Customers

CBI Health Group, University Honda, VakifBank

JPMorgan Chase, eBay, Amazon, US Bank, MetLife, pwc, Cerner, Delphi, MGM Grand, New York Life

Liquor Control Board of Ontario

Buyer's Guide

Tanium vs. Trellix Active Response

March 2026

Free Report: Tanium vs. Trellix Active Response

Find out what your peers are saying about Tanium vs. Trellix Active Response and other solutions. Updated: March 2026.

DOWNLOAD NOW

884,873 professionals have used our research since 2012.

See our Tanium vs. Trellix Active Response report.

See our list of best Endpoint Detection and Response (EDR) vendors.

We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.