Cortex XDR by Palo Alto Networks pros and cons

The initial setup is easy.

I like the centralized console and the predictive analysis it does of malware. It is very stable and also scalable.

The initial setup is pretty easy.

When the pandemic started, Palo Alto came up with many solutions, which helped with the quick shift from on-premises to the cloud.

Cortex XDR by Palo Alto Networks is easy to use and does not consume a lot of hardware resources.

The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly. The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that.

It can automatically correlate events and logs, which is very helpful for an IT administrator. It can correlate different kinds of malware activities over a network, agent, or host system. You do not need to do it manually. It is a good feature. It is also a user-friendly solution. We have deployed it on the cloud because our space does not provide any flexibility for on-premises deployment, but Palo Alto has added some flexibility to install it on-premises. It must be like the same Cortex XDR agent for all the VPN services, web filtering services, and everything else.

Provides behavior-based detection which offers many benefits over signature-based detection.

The solution doesn't need a high level of technical training.

Being a cloud solution it is very flexible in serving internal and external connections and a broad range of devices.

Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded.

It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue.

In reporting they should have a customizable dashboard due to the fact that C-level people don't like reporting to the IT department. They prefer to have a real-time dashboard. That kind of dashboard needs to have various customizations.

In general, the price could be more competitive.

We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky.

A little bit more automation would be nice.

It is not a suitable solution if you are looking for a single product with multiple features such as DLP, encryption, rollback, etc.

There are a large number of false positives.

Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well.

The connection to the internet has not performed as expected.