Try our new research platform with insights from 80,000+ expert users
Cortex XDR by Palo Alto Networks Logo

Cortex XDR by Palo Alto Networks pros and cons

Vendor: Palo Alto Networks
4.2 out of 5
Badge Leader
Leave a review

Pros & Cons summary

Cortex XDR by Palo Alto Networks enhances endpoint security by integrating advanced detection, sandboxing, and limiting executable launches. Its multi-layered approach blocks exploits, ransomware, and viruses. However, functionality varies across platforms, with limitations on non-Windows versions. Integration challenges exist, needing McAfee removal and limited third-party support. False positives, complex management, and high costs are concerns, yet anti-exploit features offer superior blocking with low false positive rates. Support frequently receives criticism for communication issues.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Traps drastically reduces endpoint attack surface through advanced detection capabilities, sandboxing, and limiting executable launches.
Cortex XDR provides a multi-layered approach that efficiently stops exploits, ransomware, worms, and viruses, offering peace of mind.
The anti-exploit feature of Traps is excellent, providing superior blocking with a low rate of false positives.
Total stability and quick performance improvement are notable, with a seamless interface and integration capabilities.
Cortex XDR combines machine learning and integration with firewalls for advanced protection and intelligence across environments.

CONS

Cortex XDR by Palo Alto Networks exhibits a significant disparity in functionality across Windows, Linux, and Mac versions, limiting some features to Windows only.
There are integration challenges, notably needing to remove McAfee for installation and weaknesses in third-party solution integration.
Support is frequently criticized for being inadequate, with difficulties in communication and resolution.
False positives and complex management are issues that users face, making operations and configurations cumbersome.
Cortex XDR by Palo Alto Networks is expensive, with some features requiring additional licenses, raising concerns about cost-effectiveness.
 

Cortex XDR by Palo Alto Networks Pros review quotes

LT
Luke Teeters
Lead IT Security Analyst at a mining and metals company with 1,001-5,000 employees
Jan 17, 2019
The multi-layered approach to the product gives you confidence that it will stop exploits, ransomware, worms, or viruses from compromising endpoints, essentially providing peace of mind.
Read full review
reviewer1412415 - PeerSpot reviewer
reviewer1412415
Chief of IT Architecture at a financial services firm with 10,001+ employees
Nov 27, 2025
Palo Alto is the core of the security infrastructure in the environment.
Read full review
AK
Amjad Khan
Information Technology Manager at a hospitality company with 10,001+ employees
Feb 7, 2019
After deploying Traps, we saw the performance of the network improve by 65 to 70 percent.
Read full review
Buyer's Guide
Cortex XDR by Palo Alto Networks
December 2025
Free Report: Cortex XDR by Palo Alto Networks Reviews and More
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
DOWNLOAD NOW
876,487 professionals have used our research since 2012.
Netw9886 - PeerSpot reviewer
Netw9886
Network Manager of Cyber Defence at a government with 1,001-5,000 employees
Feb 11, 2019
The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical.
Read full review
Ahmed Sief - PeerSpot reviewer
Ahmed Sief
System Engineer at a logistics company with 5,001-10,000 employees
Jun 19, 2022
The initial setup is easy.
Read full review
WA
WillAgudo
System Administrator at NATIONAL ASSOCIATION OF REALTORS
Jun 30, 2021
I like the centralized console and the predictive analysis it does of malware. It is very stable and also scalable.
Read full review
Mohammad Qaw - PeerSpot reviewer
Mohammad Qaw
Senior Security Consultant at helpag
Dec 15, 2022
From a single pane of glass, you can easily manage all of your endpoints.
Read full review
it_user1237689 - PeerSpot reviewer
it_user1237689
Network Designer at a computer software company with 1,001-5,000 employees
Oct 22, 2020
The initial setup is pretty easy.
Read full review
ABHISHEK_SINGH - PeerSpot reviewer
ABHISHEK_SINGH
Senior Process Expert at A.P. Moller - Maersk
Nov 14, 2025
The most valuable aspect of Cortex XDR by Palo Alto Networks for me is its integration with AI detection, where we get to know the behavioral detection based on users, traffic patterns, and different services that we consume.
Read full review
OS
Omar Sánchez (Mr.Tech)
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
Feb 7, 2019
If the user leaves our premises or network, Palo Alto Traps will still be on that endpoint and will still apply our policies.
Read full review
Show 10 more reviews (out of 34)
 

Cortex XDR by Palo Alto Networks Cons review quotes

LT
Luke Teeters
Lead IT Security Analyst at a mining and metals company with 1,001-5,000 employees
Jan 17, 2019
Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files. It was unable to retrieve new file verdicts. It was using a thing called "local analysis" to determine if something was a malicious file or not. There was no dynamic analysis.
Read full review
reviewer1412415 - PeerSpot reviewer
reviewer1412415
Chief of IT Architecture at a financial services firm with 10,001+ employees
Nov 27, 2025
However, if you do not have Palo Alto in your environment, you are paying these additional services just for Cortex XDR by Palo Alto Networks, so it is not a cost-effective solution.
Read full review
AK
Amjad Khan
Information Technology Manager at a hospitality company with 10,001+ employees
Feb 7, 2019
There are some default policies which sometimes affect our applications and cause them to run around. In the hotel industry, we use a different type of data versus Oracle and SQL. By default, there are some policies which stop us from running properly. Because of this, the support level is also not that strong. We have to wait to get a results.
Read full review
Buyer's Guide
Cortex XDR by Palo Alto Networks
December 2025
Free Report: Cortex XDR by Palo Alto Networks Reviews and More
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
DOWNLOAD NOW
876,487 professionals have used our research since 2012.
Netw9886 - PeerSpot reviewer
Netw9886
Network Manager of Cyber Defence at a government with 1,001-5,000 employees
Feb 11, 2019
There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, is not user-friendly.
Read full review
Ahmed Sief - PeerSpot reviewer
Ahmed Sief
System Engineer at a logistics company with 5,001-10,000 employees
Jun 19, 2022
Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded.
Read full review
WA
WillAgudo
System Administrator at NATIONAL ASSOCIATION OF REALTORS
Jun 30, 2021
It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue.
Read full review
Mohammad Qaw - PeerSpot reviewer
Mohammad Qaw
Senior Security Consultant at helpag
Dec 15, 2022
The solution should force customers to integrate with network traffic to see the full benefits of XDR.
Read full review
it_user1237689 - PeerSpot reviewer
it_user1237689
Network Designer at a computer software company with 1,001-5,000 employees
Oct 22, 2020
In reporting they should have a customizable dashboard due to the fact that C-level people don't like reporting to the IT department. They prefer to have a real-time dashboard. That kind of dashboard needs to have various customizations.
Read full review
ABHISHEK_SINGH - PeerSpot reviewer
ABHISHEK_SINGH
Senior Process Expert at A.P. Moller - Maersk
Nov 14, 2025
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth.
Read full review
OS
Omar Sánchez (Mr.Tech)
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
Feb 7, 2019
Traps doesn't work with McAfee. You need to remove McAfee to install Traps. This is very common, and its nothing that should be an issue. Some antivirus engines recognize Traps as an threat component, so maybe they need to shake hands somewhere.
Read full review
Show 10 more reviews (out of 34)

Product Categories

Product Categories
Extended Detection and Response (XDR)
Endpoint Protection Platform (EPP)
Endpoint Detection and Response (EDR)
Ransomware Protection
AI-Powered Cybersecurity Platforms

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks Logo
CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks
Wazuh vs Cortex XDR by Palo Alto Networks Logo
Wazuh vs Cortex XDR by Palo Alto Networks
Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks Logo
Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks
Fortinet FortiEDR vs Cortex XDR by Palo Alto Networks Logo
Fortinet FortiEDR vs Cortex XDR by Palo Alto Networks
Darktrace vs Cortex XDR by Palo Alto Networks Logo
Darktrace vs Cortex XDR by Palo Alto Networks
Microsoft Sentinel vs Cortex XDR by Palo Alto Networks Logo
Microsoft Sentinel vs Cortex XDR by Palo Alto Networks
SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks Logo
SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks
IBM Security QRadar vs Cortex XDR by Palo Alto Networks Logo
IBM Security QRadar vs Cortex XDR by Palo Alto Networks
HP Wolf Security vs Cortex XDR by Palo Alto Networks Logo
HP Wolf Security vs Cortex XDR by Palo Alto Networks
Microsoft Defender XDR vs Cortex XDR by Palo Alto Networks Logo
Microsoft Defender XDR vs Cortex XDR by Palo Alto Networks
Elastic Security vs Cortex XDR by Palo Alto Networks Logo
Elastic Security vs Cortex XDR by Palo Alto Networks
Tanium vs Cortex XDR by Palo Alto Networks Logo
Tanium vs Cortex XDR by Palo Alto Networks
WatchGuard Firebox vs Cortex XDR by Palo Alto Networks Logo
WatchGuard Firebox vs Cortex XDR by Palo Alto Networks
Varonis Platform vs Cortex XDR by Palo Alto Networks Logo
Varonis Platform vs Cortex XDR by Palo Alto Networks
Fortinet FortiClient vs Cortex XDR by Palo Alto Networks Logo
Fortinet FortiClient vs Cortex XDR by Palo Alto Networks
See all alternatives

Product Categories

Product Categories
Extended Detection and Response (XDR)
Endpoint Protection Platform (EPP)
Endpoint Detection and Response (EDR)
Ransomware Protection
AI-Powered Cybersecurity Platforms

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks Logo
CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks
Wazuh vs Cortex XDR by Palo Alto Networks Logo
Wazuh vs Cortex XDR by Palo Alto Networks
Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks Logo
Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks
Fortinet FortiEDR vs Cortex XDR by Palo Alto Networks Logo
Fortinet FortiEDR vs Cortex XDR by Palo Alto Networks
Darktrace vs Cortex XDR by Palo Alto Networks Logo
Darktrace vs Cortex XDR by Palo Alto Networks
Microsoft Sentinel vs Cortex XDR by Palo Alto Networks Logo
Microsoft Sentinel vs Cortex XDR by Palo Alto Networks
SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks Logo
SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks
IBM Security QRadar vs Cortex XDR by Palo Alto Networks Logo
IBM Security QRadar vs Cortex XDR by Palo Alto Networks
HP Wolf Security vs Cortex XDR by Palo Alto Networks Logo
HP Wolf Security vs Cortex XDR by Palo Alto Networks
Microsoft Defender XDR vs Cortex XDR by Palo Alto Networks Logo
Microsoft Defender XDR vs Cortex XDR by Palo Alto Networks
Elastic Security vs Cortex XDR by Palo Alto Networks Logo
Elastic Security vs Cortex XDR by Palo Alto Networks
Tanium vs Cortex XDR by Palo Alto Networks Logo
Tanium vs Cortex XDR by Palo Alto Networks
WatchGuard Firebox vs Cortex XDR by Palo Alto Networks Logo
WatchGuard Firebox vs Cortex XDR by Palo Alto Networks
Varonis Platform vs Cortex XDR by Palo Alto Networks Logo
Varonis Platform vs Cortex XDR by Palo Alto Networks
Fortinet FortiClient vs Cortex XDR by Palo Alto Networks Logo
Fortinet FortiClient vs Cortex XDR by Palo Alto Networks
See all alternatives
Related questions
  • 131
Which SIEM is best fit with Palo Alto Cortex XDR?
  • 72
Which product would you choose: Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks?
  • 82
Cortex XDR by Palo Alto vs. Sentinel One
  • 43
FortiXDR vs Cortex Pro - which is the best?
  • 96
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
  • 72
How is Cortex XDR compared with Microsoft Defender?
  • 13
Which is better - Cortex XDR or Symantec End-User Endpoint Security?
  • 8
How would you compare BlackBerry Protect vs Cortex XDR by Palo Alto Networks?
  • 55
What is the best EDR or XDR product for a company with 9000 employees?
  • 21
When evaluating Extended Detection and Response (XDR), what aspect do you think is the most important to look for?