"One of the best features of AMP is its cloud feature. It doesn't matter where the device is in regards to whether it's inside or outside of your network environment, especially right now when everybody's remote and taken their laptops home. You don't have to be VPNed into the environment for AMP to work. AMP will work anywhere in the world, as long as it has an Internet connection. You get protection and reporting with it. No matter where the device is, AMP has still got coverage on it and is protecting it. You still have the ability to manage and remediate things. The cloud feature is the magic bullet. This is what makes the solution a valuable tool as far as I'm concerned."
"It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it."
"Among the most valuable features are the exclusions. And on the scalability side, we can integrate well with the SIEM orchestration engine and a number of applications that are proprietary or open source."
"The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great."
"The visibility and insight this solution gives you into threats is pretty granular. It has constant monitoring. You can get onto the device trajectory to look at a threat, but you can also see what happened prior to the threat. You can see what happened after the threat. You can see what other applications were incorporated into the execution of the threat. For example, you have the event, but you see that the event was launched by Google Chrome, which was launched by something else. Then, after the event, something else was launched by whatever the threat was. Therefore, it gives you great detail, a timeline, and continuity of events leading up to whatever the incident is, and then, after. This helps you understand and nail down what the threat is and how to fix it."
"Any alert that we get is an actionable alert. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. We can then choose to take any manual actions, if we want, or start our investigation. We're no longer looking at digging into information or wading through hundreds of incidents. There's a list which says where the status is assigned, e.g., under investigation or investigation finished. That is all in the console. It has taken away a lot of the administration, which we would normally be doing, and integrated it into the console for us."
"The entirety of our network infrastructure is Cisco and the most valuable feature is the integration."
"The solution makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform. It has the ability to block right down to the file and application level across all devices based on policies, such as, blacklisting and whitelisting of software and applications. This is good. Its strength is the ability to identify threats very quickly, then lock them and the network down and block the threats across the organization and all devices, which is what you want. You don't want to be spending time working out how to block something. You want to block something very quickly, letting that flow through to all the devices and avoiding the same scenario on different operating systems."
"Being a cloud solution it is very flexible in serving internal and external connections and a broad range of devices."
"It integrates well into the environment."
"They have a new GUI which is just fantastic."
"It is easy to use."
"Provides behavior-based detection which offers many benefits over signature-based detection."
"The initial setup is pretty easy."
"The interface is easy to use and it is more up to date than our previous solution."
"The solution doesn't need a high level of technical training."
"It is very light. It is the only solution that can be installed on a machine that already has an antivirus. It is a pretty complete solution."
"It is excellent endpoint protection for mobiles that does everything it says it will."
"There aren't any features that really stand out — I just want it to keep malware out of my system. To date, I haven't had any malware in my system."
"We've not had any issues with scalability. If an organization needs to expand, they can do so quite easily."
"The initial setup was straightforward. It took five minutes. I installed the solution myself."
"Their policy management, their cloud-based dashboard and user interface are very easy to navigate."
"The solution has many features. It is very easy to define and set the policies based on the user groups, it does not take up a lot of resources in operation, and has provided us with a good track record of protection."
"I like that Webroot is very lightweight. It didn't bog down the machine, and more importantly, it had heuristics artificial intelligence to some degree. It wasn't like full-blown artificial intelligence, but something where you have one endpoint recognizing issues because it maintains a cloud database. If one client recognizes a threat, it would add it to the database, and almost immediately, every agent in the world would also know about that threat. That was very appealing to us. However, now it's becoming commonplace, whereas ventures like Symantec and McAfee were based more on the traditional model of definition and updates, and we were always falling behind. Webroot also has pretty good technical support."
"We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way."
"The connector updates are very easily done now, and that's improving. Previously, the connector had an issue, where almost every time it needed to be updated, it required a machine reboot. This was always a bit of an inconvenience and a bug. Because with a lot of software now, you don't need to do that and shouldn't need to be rebooting all the time."
"The room for improvement would be on event notifications. I have mine tuned fairly well. I do feel that if you subscribe to all the event notification types out-of-the-box, or don't really go through and take the time to filter out events, the notifications can become overwhelming with information. Sometimes, when you're overwhelmed with information, you just say, "I'm not going to look at anything because I'm receiving so much." I recommend the vendor come up with a white paper on the best practices for event notifications."
"I would recommend that the solution offer more availability in terms of the product portfolio and integration with third-party products."
"We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints."
"I would like to see integration with Cisco Analytics."
"The thing I hate the most, which they have not fixed, is when it creates duplicate entries within a console. If you have a computer and you upgrade from Windows 7 to Windows 10, or you upgrade your agent from version 6 to 7, it creates a new instance in there instead of updating the information. Instead of paying a license for one computer, I have to license two computers until I manually go in, search for all the duplicate entries, and clean them out myself."
"The one challenge that I see is the use of multiple endpoint protection platforms. For instance, we have AMP, but we also have Microsoft Windows Defender, System Center Endpoint Protection, and Microsoft Malware Protection Engine deployed. So, we have a bunch of different things that do the same thing. What winds up happening is, e.g., if I get an alert for a potential incident or malware and want to pull the file, I'll go to fetch the file to analyze it. But, one of these other programs has already gotten it, so the file has already been quarantined by another endpoint protection system. AMP doesn't realize that and the file fetch fails, then you're left wondering what's going on."
"Cortex XDR is trickier to configure than other Palo Alto products. This is one area where we are not so satisfied."
"I would like to see them include NDR (Network Detection Response)."
"Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer."
"Impact on system performance is horrible, adding a lot of delays for users."
"It's very time-consuming to log support issues and the people that answer the tickets aren't very knowledgeable."
"Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access."
"Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms."
"Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want."
"One of the biggest pain points is that it's not really ransomware-oriented. They will be able to catch some, but that's where Sentinel One is a better player compared to Webroot."
"I did notice that my OS slowed down, but I don't know if that's due to Webroot."
"We need to have a stronger defense against CryptoLock and other attackers."
"It would be nice if it had a feature for automatically generating reports on the client end for device status, security status and backup information."
"There should be a Webroot Business Endpoint Protection mobile app."
"Its detection capability for certain attacks should be improved. It should have better and wider detection for certain malware attacks. It could also have some sort of RMN."
"Technical support is not the best. It's hard to get a hold of them if we need help. It's something that definitely needs improvement."
"The solution could improve by providing better ransomware protection."
Advanced Malware Protection (AMP) is subscription-based, managed through a web-based management console, and deployed on a variety of platforms that protects endpoints, network, email and web Traffic. AMP key features include the following: Global threat intelligence to proactively defend against known and emerging threats, Advanced sandboxing that performs automated static and dynamic analysis of files against more than 700 behavioral indicators, Point-in-time malware detection and blocking in real time and Continuous analysis and retrospective security regardless of the file's disposition and Continuous analysis and retrospective security.
Cortex XDR by Palo Alto Networks is the first threat detection and response software to combine both visibility across all types of data as well as autonomous machine learning analytics. Threat detection very often requires analysts to divide their attention among many different data streams. This platform unifies a vast variety of data flows, which allows analysts to assess threats from a single location. Users can now maintain a level of visibility that other threat detection programs simply cannot offer. This level of transparency lends itself to both quick identification of problems that arise and the equally quick development of a potential solution.
Cortex XDR’s machine learning works on many different levels to detect and prevent threats. It is constantly scanning for threats and vulnerabilities. The solution can scan up to 5.4 billion IP addresses in three-quarters of an hour. This allows it to spot weak points in the system and notify administrators long before hackers can take advantage of vulnerabilities. Once the Artificial Intelligence (AI) discovers an issue or an area where an issue could potentially take place the system creates a log of the information and subsequently sends an alert to system administrators. The AI takes the information that it has gathered and uses it to assign threat levels to the issues that it detects. Following this, a human analyst will be assigned to manually assess the issue and deal with it accordingly. You can set it to automatically respond to the threat by isolating the issue while analysts investigate it.
Benefits of Cortex XDR
Some of Cortex XDR’s benefits include:
Reviews from Real Users
Cortex XDR by Palo Alto Networks software stands out among its competitors for a number of reasons. Two major ones are its ability to isolate threats while enabling them to be studied and the way that the software combines all of the data that it gathers into a single, more complete picture than other solutions offer.
PeerSpot users note the effectiveness of these features. A network designer at a computer software company wrote, “The solution has a very helpful isolation feature. If any system gets compromised, with one click I can access the system and isolate it from other networks, and then go into further forensic investigation of the current threat without compromising anything else.”
Jeff W., Vice President/CTO at Sinnott Wolach Technology Group, noted, “The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly.”
Webroot SecureAnywhere Business Endpoint Protection offers a unique security approach that protects against threats across numerous vectors; including email, web browsing, file attachments, hyperlinks, display ads, social media apps, and connected devices like USB drives, as well as other blended threats with the potential to deliver malicious payloads. SecureAnywhere Business Endpoint Protection is fully cloud-based management, means no on-premises hardware or software is needed and the console is always up to date and there are no definitions or signatures to deploy and manage. Webroot SecureAnywhere Business Endpoint Protection offers highly accurate and effective endpoint malware prevention with a range of additional security shield capabilities that keep both the user and the device safe, Malware detection occurs continuously in real time, so performance issues fade away.
Cortex XDR by Palo Alto Networks is ranked 5th in Endpoint Protection for Business (EPP) with 35 reviews while Webroot Business Endpoint Protection is ranked 20th in Endpoint Protection for Business (EPP) with 11 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while Webroot Business Endpoint Protection is rated 7.4. The top reviewer of Cortex XDR by Palo Alto Networks writes "Has a centralized console and does predictive analysis of malware". On the other hand, the top reviewer of Webroot Business Endpoint Protection writes "Keeps mobile devices secure against vulnerabilities or any attacks". Cortex XDR by Palo Alto Networks is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, Symantec End-User Endpoint Security and Check Point Harmony Endpoint, whereas Webroot Business Endpoint Protection is most compared with Microsoft Defender for Endpoint, SentinelOne, Sophos Intercept X, Carbon Black CB Defense and Deep Instinct. See our Cortex XDR by Palo Alto Networks vs. Webroot Business Endpoint Protection report.
See our list of best Endpoint Protection for Business (EPP) vendors.
We monitor all Endpoint Protection for Business (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.