We're using it just to make sure that the customers, or our users, don't use any prohibited applications. We make sure that every application they use is on the allowed list. Any other application that is not only allowed is blocked until further notice. It's mainly to make sure that our organization is secure and that the software that the users are working on is secured too. This is the main reason. also to be aware and secured from any potential attack or ransomware etc.
Cortex XDR by Palo Alto Networks OverviewUNIXBusinessApplicationPrice:
Cortex XDR by Palo Alto Networks Buyer's Guide
Download the Cortex XDR by Palo Alto Networks Buyer's Guide including reviews and more. Updated: June 2023
What is Cortex XDR by Palo Alto Networks?
Cortex XDR by Palo Alto Networks is the first threat detection and response software to combine both visibility across all types of data as well as autonomous machine learning analytics. Threat detection very often requires analysts to divide their attention among many different data streams. This platform unifies a vast variety of data flows, which allows analysts to assess threats from a single location. Users can now maintain a level of visibility that other threat detection programs simply cannot offer. This level of transparency lends itself to both quick identification of problems that arise and the equally quick development of a potential solution.
Cortex XDR’s machine learning works on many different levels to detect and prevent threats. It is constantly scanning for threats and vulnerabilities. The solution can scan up to 5.4 billion IP addresses in three-quarters of an hour. This allows it to spot weak points in the system and notify administrators long before hackers can take advantage of vulnerabilities. Once the Artificial Intelligence (AI) discovers an issue or an area where an issue could potentially take place the system creates a log of the information and subsequently sends an alert to system administrators. The AI takes the information that it has gathered and uses it to assign threat levels to the issues that it detects. Following this, a human analyst will be assigned to manually assess the issue and deal with it accordingly. You can set it to automatically respond to the threat by isolating the issue while analysts investigate it.
Benefits of Cortex XDR
Some of Cortex XDR’s benefits include:
- The use of advanced AI analytics, behavior analytics, and custom-made detection to detect advanced threats before they occur.
- The ability to group similar threat alerts, reducing incoming alerts by as much as 98%. This allows analysts to avoid being overwhelmed by the volume of incoming alerts.
- The ability to investigate threats as much as 8 times faster than would be possible with other software. The machine learning, when coupled with the unified data stream that Cortex XDR collects, significantly increases the ability to more quickly discover the root cause of a threat.
Reviews from Real Users
Cortex XDR by Palo Alto Networks software stands out among its competitors for a number of reasons. Two major ones are its ability to isolate threats while enabling them to be studied and the way that the software combines all of the data that it gathers into a single, more complete picture than other solutions offer.
PeerSpot users note the effectiveness of these features. A network designer at a computer software company wrote, “The solution has a very helpful isolation feature. If any system gets compromised, with one click I can access the system and isolate it from other networks, and then go into further forensic investigation of the current threat without compromising anything else.”
Jeff W., Vice President/CTO at Sinnott Wolach Technology Group, noted, “The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly.”
Cortex XDR by Palo Alto Networks was previously known as Cyvera, Cortex XDR, Palo Alto Networks Traps.
Cortex XDR by Palo Alto Networks Customers
CBI Health Group, University Honda, VakifBank
Cortex XDR by Palo Alto Networks Video
Cortex XDR by Palo Alto Networks Pricing Advice
What users are saying about Cortex XDR by Palo Alto Networks pricing:
Show more
Cortex XDR by Palo Alto Networks Reviews
Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
- Date
- Highest Rating
- Lowest Rating
- Review Length
Search:
Showingreviews based on the current filters. Reset all filters
System Engineer at a logistics company with 5,001-10,000 employees
Easy to set up, reliable, and always scanning
Pros and Cons
- "The initial setup is easy."
- "Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."
What is our primary use case?
What is most valuable?
The good thing about the product is that it's always scanning. It does real-time scanning for customers. If there's anything related to the applications that it's installed, for example, if an application needs some upgrades, or updates, or add-ons, we already have a server that is downloading this for the users, the computers. In terms of the laptops, we are not managing the laptops from the servers, since the users take the laptops with them and they are managing their laptops by themselves. There is any variability. The application gives us a notification on the Cloud so that we can handle this problem or make sure that the laptop is secured. The customers or the users don't have much experience to pick what is right and know what is wrong. It's a very, very informational application.
The initial setup is easy.
What needs improvement?
They need to do definition updates. Instead of the version, they just put an update on the portal, and each time we need to upgrade it. Sometimes it's hard to upgrade the offsite clients. Sometimes the internet that they are using is not that stable. It gives us a hard time. Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded.
It would be ideal if the updates would happen like Symantec updates or other antivirus solutions. The upgrade needs to deploy directly to the users.
For how long have I used the solution?
We've been using the solution for two years.
Buyer's Guide
Cortex XDR by Palo Alto Networks
June 2023

Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
708,830 professionals have used our research since 2012.
What do I think about the stability of the solution?
It's very stable. There are no errors or problems, even if there is something we need to do on the machine. Due to the configuration we already do, it's locking a lot of things that the users cannot do. Even if the administrator is working, it needs the Cortex XDR permission first. It's very stable and the configuration is easy in the portal. They are enhancing their configuration and its security constantly.
The only thing that is giving us a hard time is they have a lot of version upgrades. I don't know if it's better to do it as update packages and make the upgrades half-year, quarter a year, or every year. It should be done more regularly.
From an administrative perspective, it'll give us less headache. Each time you need just to go to the portal and make sure that you're testing the product, the upgrade before you deploy it, and then you deploy it. And then you figure out which computer doesn't have the version, and you figure out how to install it.
If it's a laptop on the other side, it'll take a long time, sometimes a week, to get the customer the upgrade. For installing the upgrade, we must do it. The users can't install this product by themselves. That's why it takes a while.
What do I think about the scalability of the solution?
The solution is scalable. We are using it for 80 or 90 people. It's a variety of different positions, from engineers to accountants.
We're changing solutions and moving to SentinelOne. We won't be increasing usage.
How are customer service and support?
They are very helpful and they respond very fast. If there's any ticket open they make sure that they fix the problem the first time. I didn't face any problems with them.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We are currently moving to SentinelOne.
How was the initial setup?
It is a straightforward setup. It's not overly complex or difficult. The deployment took a maximum of two hours.
I just installed it first on one of the testing machines and I tested the software package to see if it was still working. Then I just deployed it to the users and I made sure that it was working fine. It might take one day to deploy to the users if I test the version on the test machine first.
What about the implementation team?
I handled the implementation myself.
What's my experience with pricing, setup cost, and licensing?
Corporate is responsible for licensing. I don't know anything about the pricing.
What other advice do I have?
We are customers and end-users.
We're using the latest version of the solution.
Palo Alto is a big company. They are very good at security, so it's good if it's the first time a company is using this product. However, we are moving to SentinelOne as we are corporate. That means, if there is one branch upgraded or moved to something, we must follow. We are following our corporate instructions. If I was given the choice, I would be still using Cortex XDR as it's fulfilling my need.
I'd rate the solution eight out of ten. The downside is each time I go to the portal and I check the versions, it's outdated. You need to upgrade each month or every forty days and it's a lot.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Has a centralized console and does predictive analysis of malware
Pros and Cons
- "I like the centralized console and the predictive analysis it does of malware. It is very stable and also scalable."
- "It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue."
What is our primary use case?
The primary use case is mainly endpoint protection.
How has it helped my organization?
Previously, we had to install endpoint protection per machine and then scan and update. If there were any possible threats, then you would have to go manually to the machine and scan. Cortex XDR basically does that centrally and predictably.
We get notified, and if need be, we'll investigate an endpoint. For the most part, we haven't had to do a whole lot of that because most of the time, it just stops the threat before it even becomes one. So, we have more time to do day-to-day work rather than spend time chasing those endpoints.
What is most valuable?
I like the centralized console and the predictive analysis it does of malware.
It is very stable and also scalable.
It is easy to deploy and update. It does not require a lot of maintenance.
What needs improvement?
It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue. So, making exceptions would be easier and would probably be better for logging.
It would be nice if it were easier to use and if there were some free training hours.
As for additional features, I would suggest having mobile access to the console, perhaps through a mobile app for the console.
For how long have I used the solution?
I've been using it for about three years now.
What do I think about the stability of the solution?
The stability is great. I think they set the standard for SDR solutions at the moment.
What do I think about the scalability of the solution?
It's very scalable. We have it on Macs, Windows, Windows servers, and multiple flavors of Linux.
We have about 460 endpoints deployed. As far as technical users, we have a team of about 10, and that's mixed between server admins and their subsupport users.
The usage is extensive, and we've recently deployed it everywhere. We do plan on probably increasing usage because we have current consultants who use the product in order to access our systems.
How are customer service and technical support?
I wish there could have been more live contact with technical support rather than updated tickets and possible notifications via email. When I've had live encounters, it's been amazing. Sometimes, I think they could be a little bit more responsive live wise, but for the most part, it's been good.
Which solution did I use previously and why did I switch?
We previously used Sophos, and it was okay. The only thing I liked about Sophos was that it was easier to deploy to the desktop, but with Cortex XDR, once you have it already deployed, updating it is easy.
We needed something that was going to work with Macs and Linux, different products. Also, we needed something that would be more predictive versus relying on definition files that are publicly available. You don't want to be in a zero-day attack. With Cortex XDR, it's one of those where you can download any virus. It's just not going to run on your machine. Most malware products rely on a database to tell you that there's a virus file.
Sometimes, there are false positives. If it's a legit file or application that an end user is trying to download and use on their machine, it won't allow that. With Cortex XDR, however, they can download the file. It's just going to be rendered useless until you enable it and make an exception for it. It can run what identifies it and just sends you a notification saying that it's a malicious file and that it's there. It's not going to do anything to the system. That was a huge selling factor with Cortex XDR.
How was the initial setup?
The initial setup is pretty straightforward. It took a couple of hours and was pretty easy to deploy.
Once it's deployed in your system, you can push updates yourself. In the case of Macs, when you get new releases you sometimes have to tweak it and then push it out manually to end users. One admin could dedicate a couple of hours a week at best because there's not much maintenance.
What about the implementation team?
Palo Alto got on the phone with us and walked us through it. They were very helpful.
What's my experience with pricing, setup cost, and licensing?
It's about $55 per license on a yearly basis.
What other advice do I have?
Learn the product because once you deploy it and a lot of people look at it from an endpoint perspective, they get the endpoint protection instantly. However, there are other things that you need to learn more about. Once you deploy Cortex XDR, you get a subscription to a data lake, which helps you retain logs. We have Palo Alto firewalls and later on learned that we can also integrate our firewalls and get the logs.
You have a limited amount of space for log retention, but things like that are important in cases where you need to have PCI compliance or have a company policy of retaining a certain amount of logs.
So, learn all the features and ask questions, and perhaps if it's going to be something that you're going to use as an investment for your company, take a training class.
On a scale from one to ten, I would rate Cortex XDR at nine.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cortex XDR by Palo Alto Networks
June 2023

Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
708,830 professionals have used our research since 2012.
Security Consultant at Help AG
Perfect correlation and XDR capabilities for network traffic plus endpoint security
Pros and Cons
- "From a single pane of glass, you can easily manage all of your endpoints."
- "The solution should force customers to integrate with network traffic to see the full benefits of XDR."
What is our primary use case?
Our company uses the solution for endpoint protection, detection, and response. The solution has antivirus and EDR capabilities. Our SOC analysts use it to investigate incidents. We currently have 300 to 400 users with two admins for management. The solution is installed on all user laptops to protect workstations.
We also implement the solution for customers as a service. Most customers buy the solution for registry reasons and compliance standards. It gives you all the compliance points and improves how your SOC functions because it provides comprehensive visibility over the entire network and endpoints. It is called XDR because it not only looks at endpoints but also network traffic.
The solution is offered on Palo Alto's private network. I think the underlying provider is Google Cloud, but that doesn't really matter. You are asked the region of your instance for connection such as Europe or the Middle East.
What is most valuable?
The solution perfectly correlates with Palo Alto's Networks Firewall to perform XDR capabilities such as network traffic plus endpoint security. This is what distinguishes the solution from other products.
From a single pane of glass, you can easily manage all of your endpoints.
The dashboard is intuitive so you can easily investigate or track incidents.
The solution has a fair amount of integrations with certain intelligence tools or third-party products.
What needs improvement?
The solution should force customers to integrate with network traffic to see the full benefits of XDR. If you are not integrating it or feeding in your network traffic, then you are just buying a normal antivirus which doesn't make any sense. You are paying double the price to use the antivirus feature or to say you have XDR, but in reality you are not using it.
The solution should include an on-premises option because some customers want only on-premises. It would be hard, but good to do if possible.
Open XDR would be beneficial in the future. Right now, the solution is Closed XDR so cannot communicate with the few new vendors in the Open XDR market.
For how long have I used the solution?
I have been using the solution more than two years.
The solution used to be called Traps when it was on-premises only. It was rebranded as Cortex XDR when it became a cloud solution.
What do I think about the stability of the solution?
The solution is stable so I rate stability a nine out of ten.
What do I think about the scalability of the solution?
The solution is very scalable. You can have 500 users and scale tomorrow to 10,000 with no extra work but just purchasing the licenses needed.
I rate scalability a ten out of ten.
How are customer service and support?
The level of support fluctuates but on average is rated an eight out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
The setup is very easy because it is a cloud solution. You just log in and use it immediately. I rate setup a nine out of ten.
What about the implementation team?
We are a third-party integrator and implement the solution for customers. One staff person can handle an implementation.
As a customer, you receive a link which is your tenant for login. From there, deployment time is just how long it takes to get the installer agent and put on all of your endpoints. For example, if you are a corporation that has 300 laptops, then you install the agent on each and every server.
You will need about three hours to configure the solution and then it is up to your admins to install the agent on all endpoints. There is usually a way to automatically install agents from the Active Directory or other tools.
You need to integrate your network traffic to the XDR itself. If you have a Palo Alto Firewall, it is easy to navigate through integration. If you have FortiGate or Cisco firewalls, then you can configure the firewall to send the log to the cloud. It is sometimes hard to convince customers to send or keep their logs on the cloud.
What's my experience with pricing, setup cost, and licensing?
The solution has one subscription for endpoint protection and one subscription for detection and response. The two licenses combined give you the BRO version.
The solution is neither inexpensive nor expensive, so I rate pricing a three out of ten.
Which other solutions did I evaluate?
Nowadays, CrowdStrike, Cortex XDR, and the solution are rebranding and selling their products as XDR. Everyone hears about antivirus but now XDR is available to protect endpoints and get intelligence from the network.
Most customers who have an XDR product only use the antivirus features. They are not correlating the network traffic with the XDR itself, so they are not getting the full benefit.
The solution does not force you to correlate so you can use it without integrating with your network. But again, this is not how XDR is supposed to work.
For example, if you buy a Bugatti but only drive it at 80 kilometers per hour, then you should just go and buy a Nissan. If you buy XDR but do not integrate it with your network traffic, then you just have a Nissan antivirus.
What other advice do I have?
I recommend the solution and rate it a ten out of ten.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Google
Disclosure: My company has a business relationship with this vendor other than being a customer:
Last updated: Dec 30, 2022
Flag as inappropriateInformation Technology Consultant at Trillennium (Pvt) Ltd
Excellent technical support, straightforward implementation, and cutting-edge technology
Pros and Cons
- "When the pandemic started, Palo Alto came up with many solutions, which helped with the quick shift from on-premises to the cloud."
- "In general, the price could be more competitive."
What is our primary use case?
We are not using it for our purposes because we are a Palo Alto partner. We propose it for our customers based on their requirements.
We are both a service provider and a reseller.
When the pandemic first began, the use cases were mostly for remote users. We deployed this for the majority of remote users.
What is most valuable?
When the pandemic started, Palo Alto came up with many solutions, which helped with the quick shift from on-premises to the cloud. We have a lot of advantages as a result.
It's a very simple implementation, and I have direct Palo Alto implementation available as well. So it's very simple. We haven't found any issues, so far the implementation is going well, I don't see any gaps.
What needs improvement?
In general, the price could be more competitive.
For how long have I used the solution?
In Palo Alto, we also work with all product lines, including Prisma and other product lines as required. Is a mix, it's a subproduct, we work with the mix of products.
We have been working with Cortex XDR by Palo Alto Networks for two to three years.
We get updates from Palo Alto directly.
What do I think about the stability of the solution?
Cortex XDR by Palo Alto Networks is a stable product.
What do I think about the scalability of the solution?
It's a scalable solution, we have not had any challenges with the scalability of Cortex XDR by Palo Alto Networks.
Our customers range from medium to large enterprise companies. The adoption rate in small businesses is much less, but the majority of our requirements come from mid-to enterprise-sized businesses.
How are customer service and support?
Technical support is the best in class, in my opinion, because they have invested heavily in research and development. In terms of comparison and today's challenges, such as security and layers, Palo Alto complies with all of the challenges.
Which solution did I use previously and why did I switch?
In terms of Security, we are working with a few products and a few brands.
We use Palo Alto and we also work with Barracuda. These solutions are used on the web firewall and for email protection.
We work with the entire Barracuda product line, but specifically for email protection and web filtering.
Barracuda Essentials is included with O365 protections, we work with those solutions.
Palo Alto is part of a different vertical layer than Barracuda. It's distinct. They are very different.
How was the initial setup?
The initial setup depends on the environment, but as a technology, I would say it's simple. It's not that difficult.
The length of time it takes for deployment is determined by the project and the surrounding environment. We can only determine the timeframe based on that, pinpointing a specific time period is difficult.
It does not require maintenance because regular updates and monitoring are required. So if there is anything, new patches and the like, it is done automatically, and there is no additional implementation unless there are any infrastructure changes.
What's my experience with pricing, setup cost, and licensing?
In comparison to other competing products, it is based on the customer's needs and the environment. However, when compared to other products, the price is slightly higher, but when considering technology and new innovation, that is the plus I would say when it comes to being XDR.
The price could be more competitive because it is not on the price wall when you go and question Palo Alto XDR. It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable.
What other advice do I have?
So far, it has met all of our requirements, and it should be able to cater to a wide range of product lines.
We must first determine what their business requirements are, as well as what other technical layers we are considering, and then propose the appropriate sizing and solution.
We mostly promote Palo Alto, but it depends on the customer's needs, as well as their budget, infrastructure, and what their business requires, all of those factors come into play when recommending a solution.
When you compare it with other products, I would rate Cortex XDR by Palo Alto Networks a nine out of ten.
It's close to being rated a ten out of ten because of their level of support, and the other is the solution and the most recent technology.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Divisional Operations Director at a tech vendor with 1,001-5,000 employees
Allows us to create queries for investigation, provides good visibility, and has been able to see every single threat
Pros and Cons
- "The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine."
- "It tends to do 99.9% of things. The only thing I'd like is single sign-on authentication into their cloud platform so that my users can be properly authenticated against it."
What is our primary use case?
Officially, I'm an MSP, but I also host it for our own internal software. I've got XDR installed on 26,000 devices. It is used for threat prevention, policy enforcement, firewall rules, and DLP. We use it for pretty much everything. Our firewalls also integrate with XDR.
We use XDR Pro. It is in the cloud, and we have got version 7 at the moment, which is probably the latest update of it.
How has it helped my organization?
The key thing is the visibility of what's going on in our networks and on our end devices. It gives us visibility.
It provides the ability to query. I can query for any file or any IOC on any of the devices installed, and it will search for a data link.
What is most valuable?
The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine.
In general, it has been able to see every single threat that has ever come up and it helps us stop it.
I've used it for a great many years now, and it worked really well. From the Palo Alto side, whatever they buy, they integrate that really well into their integration suite, and that makes a massive difference.
What needs improvement?
The onboarding process could be better.
It tends to do 99.9% of things. The only thing I'd like is single sign-on authentication into their cloud platform so that my users can be properly authenticated against it.
What do I think about the stability of the solution?
Its stability is very good.
What do I think about the scalability of the solution?
Its scalability is very good. It is on my servers as well as my end users. I've got five and a half thousand end-users plugged in, and they're all on, and then I have 26,000 servers on it as well.
How are customer service and support?
I would rate them a 9 out of 10. The only reason why they lose a point is that if I escalate, it gets done really quickly. I've got all the various contacts I could ever need inside Palo Alto, but some of my other colleagues don't have that same level of contact. So, if I'm doing it, it is rapid, but if they're doing it, it is slower.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I've worked with Carbon Black, which Cortex XDR beats hands down. The reason it beats it hands down is because of the ability to query. I couldn't do that with Carbon Black. For me, that was a genuine issue with Carbon Black. That was one of the main reasons why we've literally moved 22,000 devices off Carbon Black into Cortex XDR.
We also use Sophos, McAfee, and BitDefender. As a group, we buy multiple companies a year. So, we come across most of them.
If it is my own device, I would love to have Cortex, but I can't buy one license. I have to buy a minimum of 250 licenses. So, I normally go for something like BitDefender because it has the least amount of bloatware.
How was the initial setup?
It is straightforward. It is pretty much out of the box. It works how you want it to work. So, you can't really ask for more.
It is also easy to maintain.
What about the implementation team?
It was implemented in-house.
What was our ROI?
In the company I'm in, we make software. On that basis, we've gone for what we need to make sure our software and all of our customer data are secure. That drives us more than the ROI. It may sound a little weird, but it is the way we run because, for us, the ROI is almost pointless if we lose all our data.
What's my experience with pricing, setup cost, and licensing?
I have the full Pro Prevent license. So, I've got post analytics, forensics, and the whole lot of it.
What other advice do I have?
My advice to others who would like to start working with Cortex is to not dip your toe in the water. Go big or go home. If you integrate everything in, you'll get fantastic results. You shouldn't do some bits here and there. You need to use their ecosystem as a whole. If you're in their entire ecosystem, the results are amazing.
I would rate it a 10 out of 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Technology Corporate Manager at a consumer goods company with 1,001-5,000 employees
Easy to use, light on resources, and reliable
Pros and Cons
- "Cortex XDR by Palo Alto Networks is easy to use and does not consume a lot of hardware resources."
- "We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky."
What is our primary use case?
We are in the testing stage of using Cortex XDR by Palo Alto Networks. We are using it in order to ensure the corporate network servers are protected. Additionally, we need to use a specialized tool.
What is most valuable?
Cortex XDR by Palo Alto Networks is easy to use and does not consume a lot of hardware resources.
Cortex analyzes the network and users to detect additional risks and threats that the other vendor's solutions don't detect.
What needs improvement?
We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky.
The tool should have the ability to test an environment to see what percentage it is secure against threats, such as ransomware. This would allow for adjustments to be made to the network for more security. We don't have the capability to test the networks daily there should be a parameter in order to report on the healthy of the network for security vulnerabilities.
For how long have I used the solution?
I have been using Cortex XDR by Palo Alto Networks for approximately two weeks.
What do I think about the stability of the solution?
Cortex XDR by Palo Alto Networks is highly stable.
We don't have any user reports suggesting that there is a high level of resource consumption.
What do I think about the scalability of the solution?
In regard to the scalability, the tool could have additional agents to provide a full installation in the company. This would make the installation much easier when scaling the solution, we should not have to use another tool.
The installation approach is to do it one computer at a time, but if Cotex could provide an additional tool in order for us to reach all the elements of the network would be very helpful. It should be done automatically. I understand that if the tool has the capability to analyze the network, it should be able to read the computers' elements in the network and in other ways.
How are customer service and support?
The support is very efficient and professional. They have provided us with the tools and the basic elements to understand how the solution works. They have helped us prepare some specifics for our installation.
Which solution did I use previously and why did I switch?
We use the Kaspersky protection solution. Kaspersky works based on blacklists, if you are on the blacklist it is working well but if you are not Kaspersky does not work.
How was the initial setup?
The installation of Cortex XDR by Palo Alto Networks is easy. The setup is not complicated.
It would be a good idea for the company to provide at their website videos that are translated in Spanish related to technical skills. This would be very useful and would have a lot of value.
The world in commercial terms, speaks English, we have to understand that with tools such as this, if the solution was in other languages more companies would be able to exploit the tool. If we don't have this information in our native language, we will not use the tool to its full potential.
What's my experience with pricing, setup cost, and licensing?
In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage.
I recommend that the company review the pricing model in the Latin American market. They need to determine how to impose, or how to bring a more accessible cost in order to accelerate the implementations in American countries.
Which other solutions did I evaluate?
We have been comparing Cortex XDR by Palo Alto Networks to Cisco solutions.
What other advice do I have?
It is important to have security tools in order to review, monitoring and hunt the potential attacks. We have found in our test Cortex XDR by Palo Alto Networks to be a very good tool.
It's an efficient solution. I recommend this solution to my business partners and other companies.
I rate Cortex XDR by Palo Alto Networks a ten out of ten.
Other solutions I have used I would rate a seven out of ten. There is not something that comes close to this solution.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Owner and Executive Director at Cloud 9 s.r.o.
Good features, strong protection, and very scalable and stable
Pros and Cons
- "Cortex XDR is a very capable solution for protecting large networks and a lot of endpoints. It's very useful because the automation is very high, and if you combine it with the features on Palo Alto firewalls, it provides very strong protection."
- "It's more focused on network communication. If a customer wants to increase the level of protection and start working with documents, it's impossible to integrate these features into the system. It's more of a communication-oriented system than a content security-oriented system."
What is our primary use case?
It's mainly for protection against malware. We work very closely with a major partner of Palo Alto in the Czech Republic, and we have experience with the whole XDR solution. It's very useful for us and a very capable solution.
How has it helped my organization?
Clients have a big problem with phishing campaigns and phishing attacks. Cortex XDR provides some level of protection against malware spreading in the network with a wrong click of users.
What is most valuable?
Cortex XDR is a very capable solution for protecting large networks and a lot of endpoints. It's very useful because the automation is very high, and if you combine it with the features on Palo Alto firewalls, it provides very strong protection.
What needs improvement?
Its price is too high. That's a big problem for customers.
It's more focused on network communication. If a customer wants to increase the level of protection and start working with documents, it's impossible to integrate these features into the system. It's more of a communication-oriented system than a content security-oriented system.
In terms of additional features, there is very strong development. I have seen the roadmap, and we will see what happens. The roadmap looks nice, but it's still more of a network security solution than a content-security solution. The development in network security is quite strong. I'm very happy with that, but if a customer would like to implement a zero-trust security concept, it's necessary to combine this solution with other vendors. There is some part of the integration that is not so easy because you have to integrate rules and some features. It's not so automatic in network communication. You have to make some appropriate automation there, or you have to do it manually. It's time-consuming and it's also expensive.
For how long have I used the solution?
I have been using it from the beginning. It has been more than six years.
What do I think about the stability of the solution?
It's a very stable solution. I would rate it a nine out of ten in terms of stability.
What do I think about the scalability of the solution?
It's a very scalable solution. If you compare it with a SIEM solution from Palo Alto, it's very powerful. I would rate it a nine out of ten in terms of scalability. It's definitely for enterprises.
How are customer service and support?
Their technical support is not bad, but sometimes, when we have some issues, the support teams from Europe or Central Europe are not able to help us. We have to escalate the issue somewhere else, such as to the US. They have a very strong support team there, but it's time-consuming. Sometimes, it takes them days or weeks to solve some tricky problems, but their support for standard issues is okay. There is a very good response, but for a technical issue, it's sometimes more difficult. I would rate their support a seven out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I also worked a little bit with SentinelOne. Cortex XDR is very similar to the SentinelOne solution from the features point of view. It's a little bit different technology, but both solutions are very capable.
How was the initial setup?
It's somewhere in the middle. It's not for beginners, but if you know what to do, it's quite easy.
It's a cloud-based solution, which sometimes is an issue for customers. In the past, it was on-prem, but Palo Alto decided to change the policy and everything is cloud-based or located in the cloud. It's not a security problem from my point of view, but a few customers feel uncomfortable with sending data to the cloud and back.
What about the implementation team?
Very often, it's an in-house implementation.
What's my experience with pricing, setup cost, and licensing?
It's the most expensive solution, but features-wise, it's quite strong. It's very good for protection, so the results are very good in the case of protection. I would rate it a two out of ten in terms of pricing.
What other advice do I have?
Overall, I would rate it an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jan 31, 2023
Flag as inappropriateNetwork Security Engineer at I Dream networks pvt ltd
A useful solution to combat the growing cyberattacks
Pros and Cons
- "The solution allows control over the user and his machine through Cortex XDR security policies."
- "Palo Alto Networks Cortex XDR does not detect malicious activity like in other anti-virus solutions like Trend Micro and Windows with Cisco."
What is our primary use case?
Cortex XDR is an artificial intelligence-based solution that automatically detects malicious activity performed by users or user machines, blocking it with the help of AI. We also create security policies on Cortex XDR that can be managed by Cortex XDR. Let's say that a company wants a security policy to work for a home user or VPN client user. It also includes an enterprise network at home.
What is most valuable?
User control in Cortex XDR allows users to restrict access to certain websites from a company laptop used over a home network. The solution allows control over the user and his machine through Cortex XDR security policies.
What needs improvement?
Cortex XDR is not that smart compared to Check Point. We also deal with Check Point. Check Point solutions, Check Point Firewall, Check Point solution WAF technology, or anti-virus technology can be considered smart because of Palo Alto. The detection of malicious activities performed by Check Point is good. Artificial intelligence is not a good match for Check Point because sometimes Palo Alto Networks Cortex XDR does not detect malicious activity like in other anti-virus solutions like Trend Micro and Windows with Cisco.
I also want a better detection feature like the one in Check Point and any other anti-virus, for a matter of fact.
For how long have I used the solution?
I am a consultant for the solution. I work with Palo Alto, our solution provider, and offer Cortex solutions and Palo Alto firewalls. We also sell Cortex XDR at Mac Global. It has been approximately six months to a year since I started working with this solution. Speaking about the version, it is the Cortex XDR client. Our responsibilities are centered around the client-based solution, including managing clients and installing software and rules. Palo Alto’s team manages the other aspects of the solution.
What do I think about the stability of the solution?
It is a stable solution since it is on the cloud. CPU utilization and hardware requirements are not necessary. According to some user licenses, when we purchase them, we get much utilization of hardware requirements through the cloud.
What do I think about the scalability of the solution?
Cortex XDR is a scalable solution with around 500 to 600 users. User visibility, user policy, and security policy can be implemented in one view on Cortex XDR. The approximate number of clients constantly using Cortex XDR is between 200 to 250.
How are customer service and support?
I am working with iDream Networks, and we are partners of Palo Alto Networks.
How was the initial setup?
I will give 50 out of 100 points since the setup of Cortex XDR is neither too easy nor too difficult to implement. Its dashboard is very easy to manage since no other sites need to be opened to manage it. Also, it can be managed from anywhere. I am not involved in the deployment process as I only manage the solution.
What about the implementation team?
The configuration and implementation are done by Palo Alto’s team.
What's my experience with pricing, setup cost, and licensing?
Licensing for Palo Alto Networks Cortex XDR can be costly, especially when it comes to a hundred users. A license is required for each user, and the subscription must be renewed on a yearly basis.
What other advice do I have?
I recommend Palo Alto Networks Cortex XDR as a dependable option for future requirements. Cyberattacks are on the rise, and so that's why I have Palo Alto’s XDR. I also suggest Palo Alto Networks Cortex XDR to all customers. On a scale of 100, I rate this solution at 85, and on a scale of one to ten, I give it an eight.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Last updated: Feb 20, 2023
Flag as inappropriate
Buyer's Guide
Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros
sharing their opinions.
Updated: June 2023
Product Categories
EPP (Endpoint Protection for Business) Extended Detection and Response (XDR) Ransomware ProtectionPopular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
SentinelOne Singularity Complete
Symantec Endpoint Security
Sophos Intercept X
Trend Micro Apex One
Cisco Secure Endpoint
Check Point Harmony Endpoint
Kaspersky Endpoint Security for Business
Cisco SecureX
ESET Endpoint Security
Microsoft Defender for Cloud
Carbon Black CB Defense
Fortinet FortiClient
Buyer's Guide
Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which SIEM is best fit with Palo Alto Cortex XDR?
- Which product would you choose: Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks?
- Cortex XDR by Palo Alto vs. Sentinel One
- FortiXDR vs Cortex Pro - which is the best?
- Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
- How is Cortex XDR compared with Microsoft Defender?
- Which is better - Cortex XDR or Symantec End-User Endpoint Security?
- How would you compare BlackBerry Protect vs Cortex XDR by Palo Alto Networks?
- What is the biggest difference between EPP and EDR products?
- Can Cylance be used with Symantec or Kaspersky endpoint solutions without conflict?