Check Point vs Palo Alto: Compare Top EDR Solutions

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

This is one of those articles that’s fun to write because there is virtually no downside to these two endpoint detection and response (EDR) products. Check Point Software and Palo Alto Networks both offer stellar security for enterprises seeking better endpoint protection. The differences between the products lie in price, complexity and target markets.

EDR security testing

Check Point SandBlast and Palo Alto Cortex XDR both made our list of the best EDR products, and with good reason: both have posted strong scores in rigorous NSS Labs testing over the last couple of years. Both received a AA rating from NSS Labs this year, along with four other vendors, the highest grades received this year (see chart below).

Palo Alto has an edge in independent testing, however. In our analysis, the vendor came out on top of the first two rounds of the very difficult MITRE ATT&CK Evaluations, which basically measure a product’s response to a simulated Russian state-sponsored attack. Blocking about 90 percent of challenges, Palo Alto came out on top, with F-Secure in second.

Check Point is only now undergoing MITRE testing, so IT security buyers will soon be able to compare the two there also.


This is where Check Point shines. At a little more than $39,000 a year for 2,500 endpoints, SandBlast isn’t as cheap as Sophos or Kaspersky, but it’s at the low end of the market, per NSS Labs. At $65,000 a year, Palo Alto is just above the midrange. For the price, Check Point packs in a lot of great features, but Palo Alto offers more in the way of advanced features that security operations centers (SOCs) require.

Advanced features vs. ease of use

In this case you get what you pay for – and that’s no knock on Check Point, which should be on the evaluation list of every small and mid-sized enterprise.

Palo Alto offers AI and behavioral analytics, with the ability to handle advanced attacks. Cortex XDR tracks threats across endpoints, networks and the cloud, with strong alerting capabilities. The only place it falls short on is vulnerability management, but that’s often sold as a separate product by security vendors. Rogue device discovery and rollback could be better, and management can be complicated, but it’s a tool aimed at sophisticated security teams. In our opinion, Palo Alto offers the best security of all the EDR vendors we examined. Some products may shine more in ease of management and incident response – and given how overwhelmed cybersecurity professionals are these days, buyers often seem to prioritize tools that make their jobs easier. Palo Alto can help there too, but its real strength is in stopping threats. There’s no better tool for pure security.

Check Point is remarkably full-featured for a product priced at the lower end of the market. In our analysis, SandBlast received the highest score in Ease of Use and came in second in Management. Its automated response capability is very good, making it a strong candidate for smaller companies or those with less sophisticated security teams. Better security cannot be had for the price.

Palo Alto gets high marks from users for its management features too, but the price tag and advanced investigational features are aimed squarely at the enterprise market.

Both products get some of the highest user review scores in the industry. Check Point users praise SandBlast’s ease of use and strong security. Palo Alto users offer plenty of praise there too, but also express appreciation for features like automated investigation and root cause analysis.

Check Point and Palo Alto, like all our top EDR vendors, offer a unified EDR/endpoint protection platform (EPP), machine learning-based threat detection, advanced fileless threat protection, and correlation and automatic indicators of compromise (IoC). Here’s how they break down in 10 other areas. Sophisticated security teams would bemoan Check Point’s lack of custom rules, while Palo Alto could offer its users better vulnerability and device control. Features aren’t always equal, of course. Palo Alto’s ability to detect unknown and offline attacks are a couple of the reasons why we think it offers the best security in the industry, while Check Point offers users great security at a compelling price point.

The bottom line: Use cases

The differences between Check Point and Palo Alto are pretty clear, in our opinion. Check Point might be best for organizations with less sophisticated security skills and those on a budget. Palo Alto is for enterprises with the most critical security needs and the expertise to make the most of a high-end EDR product. Both products impressed us greatly.

Palo Alto has a strong presence in organizations that already use Palo Alto products, while Check Point also doesn’t have the visibility it deserves. That’s a shame, because security this good should be looked at by all buyers.

Here are our overall ratings on both products. They represent a blend of usability, features and security testing. For more info on our ratings system, see the Methodology section of our main EDR article.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Paul Shread Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis