Cortex XDR by Palo Alto Networks Reviews

Name: Cortex XDR by Palo Alto Networks
Brand: Palo Alto Networks
Rating: 4.2 (103 reviews)

Vendor: Palo Alto Networks

4.2 out of 5

103 reviews
95% willing to recommend

Leave a review

What is Cortex XDR by Palo Alto Networks?

Cortex XDR by Palo Alto Networks delivers comprehensive endpoint security, integrating well with other systems to offer robust threat detection and real-time protection through AI-driven analytics.

Get the Cortex XDR by Palo Alto Networks Buyer's Guide and find out what your peers are saying about Cortex XDR by Palo Alto Networks, CrowdStrike Falcon, Wazuh and more!

Cortex XDR by Palo Alto Networks is the #2 ranked solution in top Ransomware Protection solutions, #2 ranked solution in top AI-Powered Cybersecurity Platforms solutions, #5 ranked solution in endpoint security software, #7 ranked solution in XDR Security products, and #8 ranked solution in EDR tools. PeerSpot users give Cortex XDR by Palo Alto Networks an average rating of 8.4 out of 10. Cortex XDR by Palo Alto Networks is most commonly compared to CrowdStrike Falcon: Cortex XDR by Palo Alto Networks vs CrowdStrike Falcon. Cortex XDR by Palo Alto Networks is popular among the large enterprise segment, accounting for 52% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 12% of all views.

Buyer's Guide

Cortex XDR by Palo Alto Networks

January 2026

Get the report

Helped 880,255 peers since 2012

Featured Cortex XDR by Palo Alto Networks reviews

ABHISHEK_SINGH

Senior Process Expert at A.P. Moller - Maersk

The most valuable aspect of Cortex XDR by Palo Alto Networks for me is its integration with AI detection, where we get to know the behavioral detection based on users, traffic patterns, and different services that we consume. It's more about user and behavior analysis with upfront detection rules and automation that we can integrate with for orchestration purposes. It's effective. We have seen multiple occasions where we were notified with the detection rule, and the SOC team engaged with us, and we took the remediation action as and when it was highlighted. The positive impacts I see from Cortex XDR by Palo Alto Networks include a complete 360-degree view of our security posture altogether, being a uniform platform where we are ingesting logs from multiple resources. We have AI detection for different levels of user behaviors, and we integrate with the firewall engines and WAF, along with the EDRs and XDR, so that we have a complete overall security view and have gained much more confidence in it.

Read full review

Surya Kumar Gedala

Final Year Student at Gitam University

The best features Cortex offers in my experience include its capability for detection and investigation, along with several types of threat intelligence management. It includes machine learning to easily analyze data and detect complex threats across endpoints, networks, or clouds. In playbooks, automation handles responding actions such as isolating endpoints or enriching IOCs, along with reducing mean time to detect and mean time to respond. I have used this for my SOC operations environment, discussing it with my college. Automation and playbooks have helped me significantly. If there is a threat, detecting it used to be a lengthy process. Now, with the advancement in technology, Cortex Xnor's playbooks predefine the workflow of the automation, such as response processes, alert triggering, and enriching the context. These automations collect relevant indicators such as hashes, IP addresses, or domains efficiently and can detect and block malicious attacks with firewalls. It is very useful for eliminating workload of human errors, speeding responses for next-generation operations. Playbooks are customizable with dynamic analysis that align with organizational policies.

Read full review

AmjadKhan1

Head of data centers at a non-profit with 10,001+ employees

The threat chain, the investigation process, and device control are the most valuable features in Cortex XDR by Palo Alto Networks. Detection is very good because malware is detected before it activates in the system, making it a very good product. Cortex XDR by Palo Alto Networks is an AI product that has no signature available inside, so everything is based on AI, machine learning, and behavior analysis, which are all very good for reducing risk in the organization.The most beneficial aspect of Cortex XDR by Palo Alto Networks was when it was first installed in the environment, where there were too many infected and compromised systems. After installing this solution, it identified, blocked, and provided the complete attack chain, which was very helpful. A previous product was not detecting anything, and after installing Cortex XDR by Palo Alto Networks, the experience has been very good.

Read full review

Cortex XDR by Palo Alto Networks mindshare

Product category:

As of January 2026, the mindshare of Cortex XDR by Palo Alto Networks in the Extended Detection and Response (XDR) category stands at 4.8%, down from 5.8% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Extended Detection and Response (XDR) Market Share Distribution
Product	Market Share (%)
Cortex XDR by Palo Alto Networks	4.8%
CrowdStrike Falcon	10.5%
Wazuh	7.9%
Other	76.8%

Extended Detection and Response (XDR)

PeerResearch reports based on Cortex XDR by Palo Alto Networks reviews

Type	Title	Date
Category	Extended Detection and Response (XDR)	Jan 15, 2026	Download
Product	Reviews, tips, and advice from real users	Jan 15, 2026	Download
Comparison	Cortex XDR by Palo Alto Networks vs CrowdStrike Falcon	Jan 15, 2026	Download
Comparison	Cortex XDR by Palo Alto Networks vs Trend Vision One	Jan 15, 2026	Download
Comparison	Cortex XDR by Palo Alto Networks vs SentinelOne Singularity Complete	Jan 15, 2026	Download

Valuable Features

Cortex XDR by Palo Alto Networks excels with advanced threat detection, real-time analytics, comprehensive endpoint protection, and AI-driven insights. Its features include machine learning capabilities, behavior-based detection, integration with other products, and ease of use. Organizations appreciate its ability to seamlessly correlate data from endpoints and networks, providing valuable insights for incident response. The platform is known for scalability, strong protection, and minimal resource consumption, enhancing overall cybersecurity effectiveness.

"I generally believe that Cortex XDR by Palo Alto Networks is probably the best in the market right now."
"The main benefit of using Cortex XDR by Palo Alto Networks while employing Palo Alto Firewall at the internet edge is that it improves security on our endpoint devices, integrating seamlessly with Palo Alto Firewalls to deliver comprehensive network, analyst, and security details all in a single dashboard, which allows us to manage everything from our network devices."
"What I like about Cortex XDR by Palo Alto Networks is that it is a comprehensive solution that contains everything the organization may need when using endpoints."

Room for Improvement

Cortex XDR by Palo Alto Networks has several areas needing enhancement. Users find its integration problematic, with limited support for third-party tools. The dashboard and user interface require simplification and customization. False positives are frequent, and the reporting features lack depth and customization options. Users report performance issues and memory consumption. Some desire on-premises deployment. The pricing is considered high, and users wish for better endpoint and mobile operating system compatibility, along with expanded real-time monitoring capabilities.

"The main issue I could point out is the offline agents and the way that it is missing."
"If Palo Alto reduces the pricing slightly for their products, it would make them more scalable in markets such as India and globally for cybersecurity."
"Additionally, I think the price is very high, and if it can be adjusted, I believe it will be a very good solution."

ROI

Many users express a positive ROI from Cortex XDR by Palo Alto Networks due to enhanced security measures, reduced administrative efforts, and improved operational efficiency. Users highlight cost savings from lower malware incidents and less time spent on breach management. Cortex XDR also offers valuable compliance features and performance improvements while being competitively priced. Users remark on increased confidence in protection against threats and note benefits such as reduced total cost of ownership and increased user satisfaction.

Pricing

Enterprise buyers find Cortex XDR by Palo Alto Networks pricing generally reasonable but on the higher side compared to competitors. Licensing is flexible, allowing scalability with business needs. Costs are determined by license type and number of endpoints, with options for monthly, quarterly, or yearly payments. Some users note high initial setup costs, but appreciate straightforward licensing. Discounts may be available for long-term commitments, providing an opportunity for negotiation based on business requirements.

"The tool's price is moderate."
"Compared to CrowdStrike, Cortex XDR is an expensive solution."
"The cost depends on your chosen license type, like Pro or other licenses."

Popular Use Cases

Cortex XDR by Palo Alto Networks is primarily used for endpoint protection, focusing on anti-malware, exploit prevention, and threat management. It employs behavioral analysis, AI, and machine learning for detection, integrating with networks and firewalls for comprehensive security. This tool is favored for detecting and responding to malicious activities in real-time, managing user applications, performing advanced threat analytics, blocking unauthorized actions, and securing remote and on-premises environments. Organizations appreciate its extended capabilities beyond traditional antivirus functions.

Service and Support

Customer service of Cortex XDR by Palo Alto Networks receives mixed opinions. Some users find the support team knowledgeable and responsive, praising their quick resolution times. Others face challenges with availability, language barriers, or slow responsiveness, especially in certain regions. The technical team's expertise is valued, though some users wish for better communication channels. Premium support plans tend to offer better experiences, while standard plans may lack satisfactory assistance.

Deployment

Many users found Cortex XDR by Palo Alto Networks easy to set up, highlighting its straightforward cloud-based deployment. The setup time varied; some completed it in hours, while others took longer due to organizational complexities. Users appreciated features like automated updates and intuitive management, though experience levels impacted ease for some. Those with detailed infrastructure knowledge had an easier experience, while others needed additional resources for complex environments.

Scalability

Cortex XDR by Palo Alto Networks exhibits significant scalability. Users highlight its capability to handle large-scale deployments across various environments without issues. Many organizations find it easy to expand usage by adding nodes or licenses. It supports seamless integration across different operating systems, managing thousands of endpoints and diverse user roles efficiently. The cloud-enabled architecture enhances its capacity for growth, making it suitable for enterprises aiming for data-intensive operations and widespread deployment.

Stability

Cortex XDR by Palo Alto Networks is widely regarded as stable, with most users experiencing reliable performance without significant downtimes. Although some raised concerns about minor bugs or performance glitches, these issues are typically addressed efficiently. Stability has improved over time, with enhancements in the newer versions. Users appreciate its dependable performance even under high data loads. Cortex XDR remains a trusted choice, with many rating its stability highly.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Cortex XDR by Palo Alto Networks Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	41
Midsize Enterprise	20
Large Enterprise	38

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	704
Midsize Enterprise	392
Large Enterprise	1195

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

12%

Financial Services Firm

10%

Manufacturing Company

Comms Service Provider

Government

Retailer

University

Healthcare Company

Educational Organization

Energy/Utilities Company

Outsourcing Company

Performing Arts

Real Estate/Law Firm

Media Company

Construction Company

Insurance Company

Non Profit

Wholesaler/Distributor

Hospitality Company

Transportation Company

Recreational Facilities/Services Company

Legal Firm

Pharma/Biotech Company

Logistics Company

Recruiting/Hr Firm

Consumer Goods Company

Compare Cortex XDR by Palo Alto Networks with alternative products

Learn more about Cortex XDR by Palo Alto Networks

Cortex XDR by Palo Alto Networks offers advanced endpoint protection and threat detection through AI and behavior-based analytics. Its user-friendly design simplifies integration with firewalls, delivering multi-layered protection with low resource consumption. Valued for policy management, USB control, and incident correlation, Cortex XDR enhances threat management and real-time threat hunting capabilities. However, users note challenges with third-party integration, reporting, and dashboard automation. Agent performance across operating systems and memory consumption are areas for improvement, alongside reducing false positives and simplifying endpoint management and setup.

What features does Cortex XDR offer?

Behavior-Based Detection: Analyzes user behavior to identify suspicious activities.
AI Analytics: Utilizes AI for accurate threat detection and response.
Real-Time Protection: Provides immediate defense against threats.
Policy Management: Allows customization of security policies across endpoints.
USB Control: Regulates USB device access for added security.
Incident Correlation: Connects and analyzes various security events for better response.
Firewall Integration: Seamlessly works with firewalls for enhanced security.
Machine Learning Capabilities: Continuously improves threat detection precision.

What benefits should be considered in reviews?

Low Resource Consumption: Efficient security functions without taxing system resources.
Multi-Layered Protection: Comprehensive security across multiple attack vectors.
User-Friendly Interface: Intuitive design for easier management.
Enhanced Threat Management: Identifies and mitigates threats effectively.
Real-Time Threat Hunting: Proactively searches for and mitigates potential threats.

Cortex XDR is crucial in industries requiring robust endpoint protection, such as finance, healthcare, and technology. It supports malware detection, behavioral analysis, and ransomware mitigation across endpoints, including remote work environments, providing comprehensive threat visibility and security policy management. The solution's integration with firewalls and specialized industry requirements enhances security posture in diverse operational settings.

Cortex XDR by Palo Alto Networks was previously known as Cyvera, Cortex XDR, Palo Alto Networks Traps.

Cortex XDR by Palo Alto Networks customers

CBI Health Group, University Honda, VakifBank

Product Categories

Extended Detection and Response (XDR)

Endpoint Protection Platform (EPP)

Endpoint Detection and Response (EDR)

Ransomware Protection

AI-Powered Cybersecurity Platforms

Popular Comparisons

CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks

Wazuh vs Cortex XDR by Palo Alto Networks

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks

Fortinet FortiEDR vs Cortex XDR by Palo Alto Networks

Darktrace vs Cortex XDR by Palo Alto Networks

Microsoft Sentinel vs Cortex XDR by Palo Alto Networks

SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks

IBM Security QRadar vs Cortex XDR by Palo Alto Networks

HP Wolf Security vs Cortex XDR by Palo Alto Networks

Microsoft Defender XDR vs Cortex XDR by Palo Alto Networks

Elastic Security vs Cortex XDR by Palo Alto Networks

Varonis Platform vs Cortex XDR by Palo Alto Networks

Tanium vs Cortex XDR by Palo Alto Networks

WatchGuard Firebox vs Cortex XDR by Palo Alto Networks

Fortinet FortiClient vs Cortex XDR by Palo Alto Networks

See all alternatives

Cortex XDR by Palo Alto Networks Reviews Summary
Author info	Rating	Review Summary
Senior Process Expert at A.P. Moller - Maersk	4.5	I’ve found Cortex XDR highly effective for securing workloads with strong AI-driven detection, seamless integration, and improved threat visibility, though initial false positives required tuning; overall, it’s stable, scalable, and meets our evolving security needs well.
Final Year Student at Gitam University	4.5	During my internship, I found Cortex highly effective for endpoint detection and automation, with powerful playbooks and threat intelligence features. While UI and integration improvements are needed, its stability, scalability, and hybrid deployment worked seamlessly for my needs.
Head of data centers at a non-profit with 10,001+ employees	4.0	I've used Cortex XDR for over a year to detect and block threats effectively in real-time, appreciating its AI-driven analysis and smooth integration, though it's expensive; support is excellent, and it greatly improved security over our previous solution.
Chief of IT Architecture at a financial services firm with 10,001+ employees	4.0	I've found Cortex XDR by Palo Alto Networks to be robust and well-integrated for large environments, offering strong automation and detection, though it's costly, complex to deploy initially, and best suited for those heavily invested in the Palo Alto ecosystem.
Network Security Administrator at Alethe Consulting Pvt. Ltd	4.0	I've found Cortex XDR by Palo Alto Networks integrates well with our firewall, simplifies threat analysis, and reduces workload, though pricing could be more competitive; overall, it's reliable, user-friendly, and significantly improved our endpoint security experience.
Detection and Response Consultant at Inovasys	4.5	I've found Cortex XDR by Palo Alto Networks effective in detecting and mitigating advanced threats with strong real-time capabilities, easy investigation tools, minimal analyst workload, and cost efficiency, though I’ve noted no current weaknesses in the product.
IT COMMUNICATIONS AND NETWORKS at Américas BPS	5.0	I found Cortex XDR by Palo Alto Networks effective, easy to set up, and non-intrusive. It reliably detected threats, automation via playbooks worked well, and support was solid, though reaching Palo Alto directly was sometimes challenging.
Cyber Security Engineer at a media company with 201-500 employees	5.0	I've found Cortex XDR highly effective beyond antivirus, offering deep behavioral analysis and cloud-based machine learning, though managing offline agents is cumbersome. Setup is straightforward, especially with clear grouping, and I believe it’s the best solution available.

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	10.5%	97%	136 interviews Add to research
Wazuh	3.7	7.9%	81%	50 interviews Add to research

Cortex XDR by Palo Alto Networks Reviews

What is Cortex XDR by Palo Alto Networks?

Featured Cortex XDR by Palo Alto Networks reviews

Cortex XDR by Palo Alto Networks mindshare

PeerResearch reports based on Cortex XDR by Palo Alto Networks reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Cortex XDR by Palo Alto Networks with alternative products

Learn more about Cortex XDR by Palo Alto Networks

Cortex XDR by Palo Alto Networks customers

Related questions

Product Categories

Popular Comparisons