Developed exclusively for macOS, Jamf Protect provides a solution to maintain endpoint compliance, monitor for, respond to, and remediate security incidents on macOS with minimal impact to the device and end-user experience. Jamf Protect detects Mac-specific threats, and prevents known malware from running on devices and quarantines them for later analysis. Jamf Protect forwards data to a system of record to ensure a security posture, fleetwide, stays compliant by monitoring security settings on…
N/A
Palo Alto Networks Cortex XDR
Score 8.4 out of 10
N/A
Cortex XDR (formerly Traps) replaces traditional antivirus with multi-method prevention, a proprietary combination of malware and exploit prevention methods that protect users and endpoints from known and unknown threats.
N/A
Pricing
Jamf Protect
Palo Alto Networks Cortex XDR
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Jamf Protect
Palo Alto Networks Cortex XDR
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Jamf Protect
Palo Alto Networks Cortex XDR
Features
Jamf Protect
Palo Alto Networks Cortex XDR
Endpoint Security
Comparison of Endpoint Security features of Product A and Product B
The main reason we went with Jamf Protect was because we wanted a dedicated macOS security endpoint. Is was easy to implement and migrate over from our previous endpoint provider. As a university we have lab macOS devices that multiple users use. So we have Jamf Protect profiles that block the use of external drives and other other profiles that allow it. We different user accounts requiring different access this can get a bit messy when deploying the config profiles at login for each user that signs in.
In a scenario where EDR is a requirement or necessity XDR performs well with or without a SIEM. There are millions of events and logs to parse through and XDR is capable of handling the large load. On top of the large data that is being parsed, features such as Live Terminal, File Retrieval, OS support, and general Metrics, the tool has room to grow and provide a lot for a Security team or organization. Incident Response is a great example of how XDR can shine
We encountered some glitch in a certain version of the agent. When we deployed newer version, the policy set on the previous version was white-listed/overwritten.
Moving to encrypted based connection (communication between agent to server) is troublesome, coz we need to uninstall the agent first.
Need to have a more flexible reports/dashboard where we can customize it
We feed Traps log to our SIEM, however the information sent to the SIEM was not complete, but we need to investigate more probably some faults are on us
Jamf Protect is easy to manage. It is a separate interface from Jamf MDM which is nice for Security Operations teams. It allows Security teams to manage only the Security aspects without having to dig through all of the MDM configurations. For exception uses cases, Jamf Protect does provide options to customize settings where needed.
Cortex XDR does a very good job of blocking suspicious and threatening items. However, as with all software of this nature, it will sometimes block known-good items. The difficulty is in manually whitelisting these known-good items. The interface to whitelist is confusing even for a seasoned IT professional and has been the single most frustrating experience of using Cortex XDR
The support we receive from Palo Alto is one of the best aspects of Traps. It is very easy to recommend their support. It seems much easier to connect directly with someone with a deep understanding of the product rather than other companies where you basically have to make an airtight case that it is some kind of non-standard issue that can't be solved with existing documentation. Palo Alto digs deep and helps with advanced troubleshooting to get things working.
I find that all of the products have the same features; however, Jamf Protect is stronger if managing macOS devices. Also, it is one license so what you pay covers all of the features and does not require additional licenses for features like USB device control. The CIS compliance aspects generally look better in in Jamf as compared to Crowdstrike.
Traps provided us with a cloud-based platform that made our lives a lot simpler. Nothing like Traps exists in the market and I've never used anything like it. Others, on the other hand, were a lot slower to respond. Malwarebytes and other enterprise-level malware software are also available, but they do not fall under the same heading.