Cortex XDR by Palo Alto Networks Reviews

Name: Cortex XDR by Palo Alto Networks
Brand: Palo Alto Networks
Rating: 4.2 (109 reviews)

Vendor: Palo Alto Networks

4.2 out of 5

109 reviews
96% willing to recommend

Leave a review

What is Cortex XDR by Palo Alto Networks?

Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.

Get the Cortex XDR by Palo Alto Networks Buyer's Guide and find out what your peers are saying about Cortex XDR by Palo Alto Networks, CrowdStrike Falcon, Microsoft Defender for Endpoint and more!

Cortex XDR by Palo Alto Networks is the #1 ranked solution in top AI-Powered Cybersecurity Platforms solutions, #2 ranked solution in top Ransomware Protection solutions, #4 ranked solution in endpoint security software, #6 ranked solution in XDR Security products, and #7 ranked solution in EDR tools. PeerSpot users give Cortex XDR by Palo Alto Networks an average rating of 8.4 out of 10. Cortex XDR by Palo Alto Networks is most commonly compared to CrowdStrike Falcon: Cortex XDR by Palo Alto Networks vs CrowdStrike Falcon. Cortex XDR by Palo Alto Networks is popular among the small business segment, accounting for 38% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a construction company, accounting for 13% of all views.

Buyer's Guide

Cortex XDR by Palo Alto Networks

April 2026

Get the report

Helped 886,510 peers since 2012

Featured Cortex XDR by Palo Alto Networks reviews

ABHISHEK_SINGH

Senior Process Expert at A.P. Moller - Maersk

The most valuable aspect of Cortex XDR by Palo Alto Networks for me is its integration with AI detection, where we get to know the behavioral detection based on users, traffic patterns, and different services that we consume. It's more about user and behavior analysis with upfront detection rules and automation that we can integrate with for orchestration purposes. It's effective. We have seen multiple occasions where we were notified with the detection rule, and the SOC team engaged with us, and we took the remediation action as and when it was highlighted. The positive impacts I see from Cortex XDR by Palo Alto Networks include a complete 360-degree view of our security posture altogether, being a uniform platform where we are ingesting logs from multiple resources. We have AI detection for different levels of user behaviors, and we integrate with the firewall engines and WAF, along with the EDRs and XDR, so that we have a complete overall security view and have gained much more confidence in it.

Read full review

Surya Kumar Gedala

Final Year Student at Gitam University

The best features Cortex offers in my experience include its capability for detection and investigation, along with several types of threat intelligence management. It includes machine learning to easily analyze data and detect complex threats across endpoints, networks, or clouds. In playbooks, automation handles responding actions such as isolating endpoints or enriching IOCs, along with reducing mean time to detect and mean time to respond. I have used this for my SOC operations environment, discussing it with my college. Automation and playbooks have helped me significantly. If there is a threat, detecting it used to be a lengthy process. Now, with the advancement in technology, Cortex Xnor's playbooks predefine the workflow of the automation, such as response processes, alert triggering, and enriching the context. These automations collect relevant indicators such as hashes, IP addresses, or domains efficiently and can detect and block malicious attacks with firewalls. It is very useful for eliminating workload of human errors, speeding responses for next-generation operations. Playbooks are customizable with dynamic analysis that align with organizational policies.

Read full review

Jagannath S

Cyber Security Engineer at Olacabs

The best features of Cortex XDR by Palo Alto Networks, which I have been using for almost a year, include the very nice operating system and user interface that is so user-friendly, making it very beginner-friendly. You can learn it in less than a week, covering almost all the queries and everything. You can understand the alert very simply. It makes investigation easier and faster, which is the main highlight. I assess the effectiveness of the AI-driven endpoint security in Cortex XDR by Palo Alto Networks and I know that we only know the risks which are found before. We don't know the risks which are coming in the future. The AI-based detection and BIOC rule detection may help in the future for detecting new threats, which will be helpful for the company. Cortex XDR by Palo Alto Networks helps a lot with blocking sophisticated threats in real-time because we don't have to care much about the threats which are prioritized by ourselves. If we are only getting the detection and XDR detects it, it means we have to take further action. If we set the priority to block or prevent the action, it will automatically do it. This helps to save our time and allows us to do our further investigation after that. How much faster it has become to detect and respond to threats depends on the device and defense actions, averaging around 30 minutes. I have experienced a reduction in alert triage since integrating Cortex XDR by Palo Alto Networks because you can configure the rules and fine-tune them according to the alerts we get. This will be very helpful to prevent false positives. It is very easy to fine-tune in XDR and will take around 15 to 20 minutes if you understand the concept. This can actually prevent the flooding of alerts and will be helpful for triaging the most prioritized alerts. Implementing Cortex XDR by Palo Alto Networks has had a significant impact on my security analyst workload because it becomes much easier. If you are installing something like an antivirus, it cannot actually prevent us from accessing the endpoint through our computer. Cortex XDR actually helps to access the computer very easily in a short time. The tool is actually really fast and connects very quickly if you want to access the system. It detects and prevents according to the BIOC rule very well, and we get the alert as well. Then we can do the further investigation using that alert. The UI is very simple, and you can connect and check whatever you want in another device. In our company, we mostly depend on XDR. Cortex XDR by Palo Alto Networks saves me a lot of time because when we get the alert in some other tools, we used to check the alerts using XDR. It only takes a simple time to check the endpoint and determine what activities are going on with XDR. You don't have to get the user's laptop or approach the user at all. You can actually do it from your device very easily. This actually saves a massive amount of time per day.

Read full review

Cortex XDR by Palo Alto Networks mindshare

Product category:

As of April 2026, the mindshare of Cortex XDR by Palo Alto Networks in the Extended Detection and Response (XDR) category stands at 4.9%, down from 5.5% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Extended Detection and Response (XDR) Mindshare Distribution
Product	Mindshare (%)
Cortex XDR by Palo Alto Networks	4.9%
CrowdStrike Falcon	9.4%
Wazuh	6.0%
Other	79.7%

Extended Detection and Response (XDR)

PeerResearch reports based on Cortex XDR by Palo Alto Networks reviews

Type	Title	Date
Category	Extended Detection and Response (XDR)	Apr 13, 2026	Download
Product	Reviews, tips, and advice from real users	Apr 13, 2026	Download
Comparison	Cortex XDR by Palo Alto Networks vs CrowdStrike Falcon	Apr 13, 2026	Download
Comparison	Cortex XDR by Palo Alto Networks vs SentinelOne Singularity Endpoint	Apr 13, 2026	Download
Comparison	Cortex XDR by Palo Alto Networks vs TrendAI Vision One	Apr 13, 2026	Download

Valuable Features

Cortex XDR features advanced detection capabilities, AI-driven threat intelligence, user-friendly interface, machine learning, endpoint protection, and seamless integration with Palo Alto Networks tools. Its correlation feature aggregates data across firewalls, networks, and endpoints. Users appreciate features like behavioral analytics, identity management, incident response, and remote access. Compared to traditional antivirus solutions, it offers a comprehensive, non-intrusive security layer, real-time threat detection, robust endpoint defense, and efficient incident management, enhancing overall threat visibility and response.

"Once you become familiar with it, Cortex XDR by Palo Alto Networks is a more powerful tool and I would say that I prefer it over MDE because it is a stronger tool for me."
"These days it's machine-learning technology and behavior-based analytics features that make us more secure."
"We switched because there were a lot of added features with Palo Alto that Check Point didn't have, and it was an upgrade for us."

Room for Improvement

Cortex XDR by Palo Alto Networks requires improvements in several areas. Customers report a need for better integration with third-party tools and enhanced UI for ease of use. The pricing structure is seen as high, impacting scalability and competitiveness. There is a demand for more robust features, including URL filtering, real-time threat detection, and enhanced endpoint management. False positives are a concern, needing quicker resolution. Users also seek more effective technical support and streamlined deployment.

"Cortex XDR by Palo Alto Networks is a strong tool, but it is true that digesting information sometimes makes the tool go a little bit slower."
"There is also no recovery feature; if some endpoint is under attack there must be the possibility of recovering it or restoring it to a normal state."
"They've been having some issues with updating their endpoint agents, and it has been quite frustrating."

ROI

Cortex XDR by Palo Alto Networks significantly enhances security, blocks threats like ransomware, and supports compliance, thus preventing breaches. It reduces costs through automation, minimizes resource needs, and replaces multiple tools. Users report financial benefits compared to alternatives like Microsoft Defender XDR. It increases performance, satisfaction, and operational efficiency, requiring fewer employees to manage a large number of devices. Cortex XDR offers in-depth threat identification, providing rich telemetry data that facilitates reduced incident response times.

Pricing

Enterprise users find Cortex XDR by Palo Alto Networks to be a costly solution, often perceived as more expensive than competitors like CrowdStrike, Sophos, and SentinelOne. However, its dynamic licensing model allows for scalability and meets diverse business needs, offering fair value for its robust features and protection capabilities. Licensing varies based on the number of users and endpoints, with options for annual renewal and flexible deployment across cloud and on-premises environments.

"The tool's price is moderate."
"Compared to CrowdStrike, Cortex XDR is an expensive solution."
"The cost depends on your chosen license type, like Pro or other licenses."

Popular Use Cases

Cortex XDR by Palo Alto Networks serves as endpoint protection primarily for anti-malware, anti-exploit, and behavior analysis. Organizations utilize it for endpoint security, integrating with firewalls for enhanced threat detection and response. It provides detailed reporting and forensic analysis, protecting against ransomware, phishing, and various malware types while offering cloud and on-premise options. The tool's AI capabilities enhance its effectiveness in identifying and blocking suspicious activities across networks.

Service and Support

Customer service for Cortex XDR by Palo Alto Networks varies. Some users report skilled and prompt technical support, especially with complex issues, rating it highly. Many praise rapid responses and effective assistance. Multiple support channels, like email and chat, enhance accessibility. However, language barriers and occasional long wait times frustrate some users, particularly in regions without local experts. Service quality often correlates with the level of support purchased. Satisfaction generally aligns with higher-tier plans.

Deployment

Installation of Cortex XDR by Palo Alto Networks is often described as straightforward, with many noting the simplicity of the deployment process. Some indicate a need for technical knowledge, while others appreciate the intuitive interface. Deployment times vary widely, from a few hours to several weeks, depending on infrastructure complexity. The cloud-based nature facilitates setup, and dynamic updates reduce maintenance needs. Organizations highlight the ease of use and efficient management once configured.

Scalability

Cortex XDR by Palo Alto Networks demonstrates excellent scalability across diverse environments, from small to large enterprises, efficiently handling thousands of endpoints. Users can seamlessly expand the deployment by adding licenses. Cloud-based operations further simplify large-scale implementation, effectively supporting thousands of users without performance loss. Organizations appreciate its ability to cater to various IT needs, maintaining stability and reliability across platforms, proving to be a robust choice for comprehensive data management and security.

Stability

Cortex XDR by Palo Alto Networks shows solid performance, with minimal downtime or crashes reported. Users observed improved stability over time, though some encountered minor bugs or false alerts. High utilization didn't lead to latency, and upgrades are smooth. Occasional performance issues were linked to external factors, such as excessive log volumes. Despite some early glitches, users express satisfaction with Cortex XDR's current stability and its reliable performance.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Cortex XDR by Palo Alto Networks Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	42
Midsize Enterprise	20
Large Enterprise	42

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	1398
Midsize Enterprise	942
Large Enterprise	1335

By visitors reading reviews

Top industries

By visitors reading reviews

Construction Company

13%

Financial Services Firm

13%

Comms Service Provider

Manufacturing Company

Computer Software Company

Outsourcing Company

Government

Healthcare Company

University

Retailer

Educational Organization

Energy/Utilities Company

Media Company

Real Estate/Law Firm

Transportation Company

Performing Arts

Wholesaler/Distributor

Insurance Company

Marketing Services Firm

Hospitality Company

Non Profit

Legal Firm

Recreational Facilities/Services Company

Religious Institution

Pharma/Biotech Company

Recruiting/Hr Firm

Logistics Company

Compare Cortex XDR by Palo Alto Networks with alternative products

Learn more about Cortex XDR by Palo Alto Networks

Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.

What are the key features of Cortex XDR?

Advanced Threat Detection: Uses AI and machine learning for proactive threat identification.
Multi-layered Security: Combines various security measures for comprehensive protection.
Endpoint Protection: Safeguards against malware and exploits.
Behavioral Analysis: Monitors suspicious activity for early detection.
Automatic Threat Response: Automates responses to neutralize threats.

What benefits should users expect?

Ease of Use: Simplifies security management with intuitive design.
Resource Efficiency: Minimizes impact on system resources.
Integration Capabilities: Works well with existing security setups.
Reduced Analyst Workload: Automates processes to decrease manual intervention.

Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.

Cortex XDR by Palo Alto Networks was previously known as Cyvera, Cortex XDR, Palo Alto Networks Traps.

Cortex XDR by Palo Alto Networks customers

CBI Health Group, University Honda, VakifBank

Product Categories

Extended Detection and Response (XDR)

Endpoint Protection Platform (EPP)

Endpoint Detection and Response (EDR)

Ransomware Protection

AI-Powered Cybersecurity Platforms

Popular Comparisons

CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks

Wazuh vs Cortex XDR by Palo Alto Networks

Darktrace vs Cortex XDR by Palo Alto Networks

SentinelOne Singularity Endpoint vs Cortex XDR by Palo Alto Networks

IBM Security QRadar vs Cortex XDR by Palo Alto Networks

Microsoft Sentinel vs Cortex XDR by Palo Alto Networks

Varonis Platform vs Cortex XDR by Palo Alto Networks

Fortinet FortiEDR vs Cortex XDR by Palo Alto Networks

HP Wolf Security vs Cortex XDR by Palo Alto Networks

Elastic Security vs Cortex XDR by Palo Alto Networks

Tanium vs Cortex XDR by Palo Alto Networks

Microsoft Defender XDR vs Cortex XDR by Palo Alto Networks

Trellix Endpoint Security Platform vs Cortex XDR by Palo Alto Networks

WatchGuard Firebox vs Cortex XDR by Palo Alto Networks

See all alternatives

Cortex XDR by Palo Alto Networks Reviews Summary
Author info	Rating	Review Summary
Senior Process Expert at A.P. Moller - Maersk	4.5	I value Cortex XDR's AI detection and 360-degree security view. Initial false positives and feature gaps were resolved, making it stable, scalable, and well-supported. It now offers complete visibility and reduced operational overhead, justifying its cost.
Final Year Student at Gitam University	4.5	I found Cortex to be the best endpoint detection tool, extensively using its automation and playbooks for incident response and threat intelligence. While highly effective and stable, I suggest improvements like UI simplicity, faster sync, and better third-party integrations.
Cyber Security Engineer at Olacabs	4.5	I find Cortex XDR highly effective; its intuitive UI simplifies threat detection, investigation, and real-time threat blocking, saving me significant time. However, its cost might be prohibitive for smaller companies.
Network Security Engineer at Cyberwell Solution	5.0	I find Cortex XDR excellent for securing acquired clinics, preventing incidents effectively with its simple management, stability, and scalability. I value its strong ROI and excellent support, though I believe the end-device application viewing feature should be free.
Head of data centers at a non-profit with 10,001+ employees	4.0	I find Cortex XDR highly effective for AI-driven threat blocking and investigation, significantly reducing our risk and outperforming previous solutions. Its performance and support are excellent, but I consider its financial cost to be very high.
Network Security Administrator at Alethe Consulting Pvt. Ltd	4.0	I highly recommend Cortex XDR for its seamless Palo Alto firewall integration, comprehensive endpoint security, and reduced analyst workload. Its GUI and AI features are excellent. My main suggestion is for Palo Alto to lower its pricing for wider market scalability.
Chief of IT Architecture at a financial services firm with 10,001+ employees	4.0	I value Cortex XDR's deep Palo Alto ecosystem integration, comprehensive security, and automation. However, its high cost and reliance on existing Palo Alto products mean it's best for large, already integrated organizations, not as an independent solution.
Managed Detection And Response Delivery Analyst at a tech vendor with 10,001+ employees	5.0	I rate Cortex XDR highly as my favorite, powerful tool, superior to MDE for deep investigation. Despite its challenging XQL language requiring mastery and occasional slowness, excellent support and automatic updates make it a valuable solution.

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	9.4%	97%	138 interviews Add to research
Microsoft Defender for Endpoint	4.1	N/A	95%	213 interviews Add to research

Cortex XDR by Palo Alto Networks Reviews

What is Cortex XDR by Palo Alto Networks?

Featured Cortex XDR by Palo Alto Networks reviews

Cortex XDR by Palo Alto Networks mindshare

PeerResearch reports based on Cortex XDR by Palo Alto Networks reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Cortex XDR by Palo Alto Networks with alternative products

Learn more about Cortex XDR by Palo Alto Networks

Cortex XDR by Palo Alto Networks customers

Related questions

Product Categories

Popular Comparisons