IT Central Station is now PeerSpot: Here's why

Cortex XDR by Palo Alto Networks OverviewUNIXBusinessApplication

Cortex XDR by Palo Alto Networks is #1 ranked solution in XDR Security products and #4 ranked solution in endpoint security software. PeerSpot users give Cortex XDR by Palo Alto Networks an average rating of 8 out of 10. Cortex XDR by Palo Alto Networks is most commonly compared to CrowdStrike Falcon: Cortex XDR by Palo Alto Networks vs CrowdStrike Falcon. Cortex XDR by Palo Alto Networks is popular among the large enterprise segment, accounting for 57% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 23% of all views.
Cortex XDR by Palo Alto Networks Buyer's Guide

Download the Cortex XDR by Palo Alto Networks Buyer's Guide including reviews and more. Updated: July 2022

What is Cortex XDR by Palo Alto Networks?

Cortex XDR by Palo Alto Networks is the first threat detection and response software to combine both visibility across all types of data as well as autonomous machine learning analytics. Threat detection very often requires analysts to divide their attention among many different data streams. This platform unifies a vast variety of data flows, which allows analysts to assess threats from a single location. Users can now maintain a level of visibility that other threat detection programs simply cannot offer. This level of transparency lends itself to both quick identification of problems that arise and the equally quick development of a potential solution.

Cortex XDR’s machine learning works on many different levels to detect and prevent threats. It is constantly scanning for threats and vulnerabilities. The solution can scan up to 5.4 billion IP addresses in three-quarters of an hour. This allows it to spot weak points in the system and notify administrators long before hackers can take advantage of vulnerabilities. Once the Artificial Intelligence (AI) discovers an issue or an area where an issue could potentially take place the system creates a log of the information and subsequently sends an alert to system administrators. The AI takes the information that it has gathered and uses it to assign threat levels to the issues that it detects. Following this, a human analyst will be assigned to manually assess the issue and deal with it accordingly. You can set it to automatically respond to the threat by isolating the issue while analysts investigate it.

Benefits of Cortex XDR

Some of Cortex XDR’s benefits include:

  • The use of advanced AI analytics, behavior analytics, and custom-made detection to detect advanced threats before they occur.
  • The ability to group similar threat alerts, reducing incoming alerts by as much as 98%. This allows analysts to avoid being overwhelmed by the volume of incoming alerts.
  • The ability to investigate threats as much as 8 times faster than would be possible with other software. The machine learning, when coupled with the unified data stream that Cortex XDR collects, significantly increases the ability to more quickly discover the root cause of a threat.

Reviews from Real Users

Cortex XDR by Palo Alto Networks software stands out among its competitors for a number of reasons. Two major ones are its ability to isolate threats while enabling them to be studied and the way that the software combines all of the data that it gathers into a single, more complete picture than other solutions offer.

PeerSpot users note the effectiveness of these features. A network designer at a computer software company wrote, “The solution has a very helpful isolation feature. If any system gets compromised, with one click I can access the system and isolate it from other networks, and then go into further forensic investigation of the current threat without compromising anything else.”

Jeff W., Vice President/CTO at Sinnott Wolach Technology Group, noted, “The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly.”



Cortex XDR by Palo Alto Networks was previously known as Cyvera, Cortex XDR, Palo Alto Networks Traps.

Cortex XDR by Palo Alto Networks Customers

CBI Health Group, University Honda, VakifBank

Cortex XDR by Palo Alto Networks Video

Cortex XDR by Palo Alto Networks Pricing Advice

What users are saying about Cortex XDR by Palo Alto Networks pricing:
  • "It's about $55 per license on a yearly basis."
  • "It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."
  • "In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage."
  • "Its pricing is kind of in line with its competitors and everybody else out there."
  • Cortex XDR by Palo Alto Networks Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Ahmed Sief - PeerSpot reviewer
    System Engineer at a logistics company with 5,001-10,000 employees
    Real User
    Easy to set up, reliable, and always scanning
    Pros and Cons
    • "The initial setup is easy."
    • "Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."

    What is our primary use case?

    We're using it just to make sure that the customers, or our users, don't use any prohibited applications. We make sure that every application they use is on the allowed list. Any other application that is not only allowed is blocked until further notice. It's mainly to make sure that our organization is secure and that the software that the users are working on is secured too. This is the main reason. also to be aware and secured from any potential attack or ransomware etc.

    What is most valuable?

    The good thing about the product is that it's always scanning. It does real-time scanning for customers. If there's anything related to the applications that it's installed, for example, if an application needs some upgrades, or updates, or add-ons, we already have a server that is downloading this for the users, the computers. In terms of the laptops, we are not managing the laptops from the servers, since the users take the laptops with them and they are managing their laptops by themselves. There is any variability. The application gives us a notification on the Cloud so that we can handle this problem or make sure that the laptop is secured. The customers or the users don't have much experience to pick what is right and know what is wrong. It's a very, very informational application.  The initial setup is easy.

    What needs improvement?

    They need to do definition updates. Instead of the version, they just put an update on the portal, and each time we need to upgrade it. Sometimes it's hard to upgrade the offsite clients. Sometimes the internet that they are using is not that stable. It gives us a hard time. Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded.  It would be ideal if the updates would happen like Symantec updates or other antivirus solutions. The upgrade needs to deploy directly to the users.

    For how long have I used the solution?

    We've been using the solution for two years. 
    Buyer's Guide
    Cortex XDR by Palo Alto Networks
    July 2022
    Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
    610,518 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    It's very stable. There are no errors or problems, even if there is something we need to do on the machine. Due to the configuration we already do, it's locking a lot of things that the users cannot do. Even if the administrator is working, it needs the Cortex XDR permission first. It's very stable and the configuration is easy in the portal. They are enhancing their configuration and its security constantly.  The only thing that is giving us a hard time is they have a lot of version upgrades. I don't know if it's better to do it as update packages and make the upgrades half-year, quarter a year, or every year. It should be done more regularly. From an administrative perspective, it'll give us less headache. Each time you need just to go to the portal and make sure that you're testing the product, the upgrade before you deploy it, and then you deploy it. And then you figure out which computer doesn't have the version, and you figure out how to install it.  If it's a laptop on the other side, it'll take a long time, sometimes a week, to get the customer the upgrade. For installing the upgrade, we must do it. The users can't install this product by themselves. That's why it takes a while. 

    What do I think about the scalability of the solution?

    The solution is scalable. We are using it for 80 or 90 people. It's a variety of different positions, from engineers to accountants.  We're changing solutions and moving to SentinelOne. We won't be increasing usage.

    How are customer service and support?

    They are very helpful and they respond very fast. If there's any ticket open they make sure that they fix the problem the first time. I didn't face any problems with them.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We are currently moving to SentinelOne.

    How was the initial setup?

    It is a straightforward setup. It's not overly complex or difficult. The deployment took a maximum of two hours.  I just installed it first on one of the testing machines and I tested the software package to see if it was still working. Then I just deployed it to the users and I made sure that it was working fine. It might take one day to deploy to the users if I test the version on the test machine first.

    What about the implementation team?

    I handled the implementation myself. 

    What's my experience with pricing, setup cost, and licensing?

    Corporate is responsible for licensing. I don't know anything about the pricing.

    What other advice do I have?

    We are customers and end-users.  We're using the latest version of the solution.  Palo Alto is a big company. They are very good at security, so it's good if it's the first time a company is using this product. However, we are moving to SentinelOne as we are corporate. That means, if there is one branch upgraded or moved to something, we must follow. We are following our corporate instructions. If I was given the choice, I would be still using Cortex XDR as it's fulfilling my need.  I'd rate the solution eight out of ten. The downside is each time I go to the portal and I check the versions, it's outdated. You need to upgrade each month or every forty days and it's a lot.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    WillAgudo - PeerSpot reviewer
    System Administrator at NATIONAL ASSOCIATION OF REALTORS
    Real User
    Top 20
    Has a centralized console and does predictive analysis of malware
    Pros and Cons
    • "I like the centralized console and the predictive analysis it does of malware. It is very stable and also scalable."
    • "It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue."

    What is our primary use case?

    The primary use case is mainly endpoint protection.

    How has it helped my organization?

    Previously, we had to install endpoint protection per machine and then scan and update. If there were any possible threats, then you would have to go manually to the machine and scan. Cortex XDR basically does that centrally and predictably.

    We get notified, and if need be, we'll investigate an endpoint. For the most part, we haven't had to do a whole lot of that because most of the time, it just stops the threat before it even becomes one. So, we have more time to do day-to-day work rather than spend time chasing those endpoints.

    What is most valuable?

    I like the centralized console and the predictive analysis it does of malware.

    It is very stable and also scalable.

    It is easy to deploy and update. It does not require a lot of maintenance.

    What needs improvement?

    It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue. So, making exceptions would be easier and would probably be better for logging.

    It would be nice if it were easier to use and if there were some free training hours.

    As for additional features, I would suggest having mobile access to the console, perhaps through a mobile app for the console.

    For how long have I used the solution?

    I've been using it for about three years now.

    What do I think about the stability of the solution?

    The stability is great. I think they set the standard for SDR solutions at the moment.

    What do I think about the scalability of the solution?

    It's very scalable. We have it on Macs, Windows, Windows servers, and multiple flavors of Linux.

    We have about 460 endpoints deployed. As far as technical users, we have a team of about 10, and that's mixed between server admins and their subsupport users.

    The usage is extensive, and we've recently deployed it everywhere. We do plan on probably increasing usage because we have current consultants who use the product in order to access our systems.

    How are customer service and technical support?

    I wish there could have been more live contact with technical support rather than updated tickets and possible notifications via email. When I've had live encounters, it's been amazing. Sometimes, I think they could be a little bit more responsive live wise, but for the most part, it's been good.

    Which solution did I use previously and why did I switch?

    We previously used Sophos, and it was okay. The only thing I liked about Sophos was that it was easier to deploy to the desktop, but with Cortex XDR, once you have it already deployed, updating it is easy.

    We needed something that was going to work with Macs and Linux, different products. Also, we needed something that would be more predictive versus relying on definition files that are publicly available. You don't want to be in a zero-day attack. With Cortex XDR, it's one of those where you can download any virus. It's just not going to run on your machine. Most malware products rely on a database to tell you that there's a virus file.

    Sometimes, there are false positives. If it's a legit file or application that an end user is trying to download and use on their machine, it won't allow that. With Cortex XDR, however, they can download the file. It's just going to be rendered useless until you enable it and make an exception for it. It can run what identifies it and just sends you a notification saying that it's a malicious file and that it's there. It's not going to do anything to the system. That was a huge selling factor with Cortex XDR.

    How was the initial setup?

    The initial setup is pretty straightforward. It took a couple of hours and was pretty easy to deploy.

    Once it's deployed in your system, you can push updates yourself. In the case of Macs, when you get new releases you sometimes have to tweak it and then push it out manually to end users. One admin could dedicate a couple of hours a week at best because there's not much maintenance.

    What about the implementation team?

    Palo Alto got on the phone with us and walked us through it. They were very helpful.

    What's my experience with pricing, setup cost, and licensing?

    It's about $55 per license on a yearly basis.

    What other advice do I have?

    Learn the product because once you deploy it and a lot of people look at it from an endpoint perspective, they get the endpoint protection instantly. However, there are other things that you need to learn more about. Once you deploy Cortex XDR, you get a subscription to a data lake, which helps you retain logs. We have Palo Alto firewalls and later on learned that we can also integrate our firewalls and get the logs.

    You have a limited amount of space for log retention, but things like that are important in cases where you need to have PCI compliance or have a company policy of retaining a certain amount of logs.

    So, learn all the features and ask questions, and perhaps if it's going to be something that you're going to use as an investment for your company, take a training class.

    On a scale from one to ten, I would rate Cortex XDR at nine.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Buyer's Guide
    Cortex XDR by Palo Alto Networks
    July 2022
    Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
    610,518 professionals have used our research since 2012.
    Network Designer at a computer software company with 1,001-5,000 employees
    Real User
    Top 20
    Easy to set up with excellent trend analytics and isolation feature
    Pros and Cons
    • "The initial setup is pretty easy."
    • "In reporting they should have a customizable dashboard due to the fact that C-level people don't like reporting to the IT department. They prefer to have a real-time dashboard. That kind of dashboard needs to have various customizations."

    What is our primary use case?

    We primarily use the product as endpoint security which we have deployed on all servers and locations. This is not limited to the endpoint, however, as it has further integration with the firewalls and email solutions. Therefore, it can give us quick visibility in case there is any malicious or suspicious activity happening.

    What is most valuable?

    The solution offers a very high-performance. 

    The solution has analytics that watch patterns and trends. If there is a change in user behavior or communication, it has the ability to track that. 

    The solution has a very helpful isolation feature. If any system gets compromised, with one click I can access the system and isolate it from other networks, and then go into further forensic investigation of the current threat without compromising anything else.

    There are a lot of lead solutions in this space, however, Palo Alto is number one.

    The initial setup is pretty easy.

    What needs improvement?

    The solution should enhance the ADR and reporting. As of right now, they are giving reports, which are okay, however, there are other ways to get better reporting. That is an area where I already requested that Palo Alto work on.

    In reporting they should have a customizable dashboard due to the fact that C-level people don't like reporting to the IT department. They prefer to have a real-time dashboard. That kind of dashboard needs to have various customizations. 

    They should extend the solution for URL filtering, as other endpoint security products are doing that already. Nowadays, users are working from home and therefore we have plenty of traffic back through the data center just for URL filtering security. If that functionality could be there in the endpoint, then we would be happy. It would ensure users working from home couldn't access malicious websites. 

    For how long have I used the solution?

    We've been using the solution for one year. Before that, we were using Palo Alto Trap.

    What do I think about the stability of the solution?

    The solution is very stable. I pretty much depend on product stability. Over the last six months, we have been able to see it's that Palo Alto is more stable than most. There is no such issue in that regard. 

    This is a very stable product, whether it is running on a database or email system or on any platform. It works perfectly fine.

    What do I think about the scalability of the solution?

    The solution is very scalable. This is due to the fact that it is being managed through the cloud making it easy to deploy to a thousand endpoints. There is no issue at all. As long as there's enough space for the solution to expand, it can grow out to any size you need.

    How are customer service and technical support?

    Technical support from Palo Alto is perfect. However, we have first-level support from a third-party. They sometimes take time to respond, which is not ideal. That said, when we get aligned with the tech support from Palo Alto, that really works well. Their level one support is with other vendors, and level two and level three support is with Palo Alto. That's how they are set up. They deal with bigger issues.

    Overall, we've been pretty satisfied with technical support.

    Which solution did I use previously and why did I switch?

    We're service providers. We offer a variety of solutions to our clients, including Palo Alto, Cisco, Microsoft, and McAfee, depending on their needs. We don't just use or recommend one particular endpoint protection product.

    About a year back I implemented Cisco and Palo Alto for our customer. Cisco AMP is also a good solution while it is running with the grid, however, I have not been involved with using it for three years.

    In routing and switching, Cisco is good. However, Cisco AMP, which is an endpoint security, requires you to work with many other AMP solutions from Cisco. 

    My first preference would be Palo Alto and my second preference would be Cisco AMP.

    How was the initial setup?

    The initial setup is not complex at all. It is very straightforward and very easy to implement. I implemented it for 1000 or so users, and it took only about one month to execute. Even when we were in a pandemic situation where users were at home, we did it that quickly. It is very easy to deploy.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is actually very reasonable. Palo Alto is very invested in some commercial endeavors and they have simplified their license. A team license can be used on-cloud, or on-prem. We have not faced segregation on any technologies, so a simple license gets any user anywhere without limitations. It is easy to increase the license as it's a cloud service. You just speak to your account manager and they can increase the licenses for you.

    What other advice do I have?

    While we deal with the cloud deployment model, we've also often used the on-premises deployment.

    I'd advise other companies to use the solution. It really is the best one out there.

    Overall, I'd rate the solution nine out of ten. The reporting is a bit weak, and it's my understanding they are working on that. However, performance-wise and security-wise, this is the best product.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Consultant at Trillennium (Pvt) Ltd
    Reseller
    Top 20
    Excellent technical support, straightforward implementation, and cutting-edge technology
    Pros and Cons
    • "When the pandemic started, Palo Alto came up with many solutions, which helped with the quick shift from on-premises to the cloud."
    • "In general, the price could be more competitive."

    What is our primary use case?

    We are not using it for our purposes because we are a Palo Alto partner. We propose it for our customers based on their requirements.

    We are both a service provider and a reseller.

    When the pandemic first began, the use cases were mostly for remote users. We deployed this for the majority of remote users.

    What is most valuable?

    When the pandemic started, Palo Alto came up with many solutions, which helped with the quick shift from on-premises to the cloud. We have a lot of advantages as a result.

    It's a very simple implementation, and I have direct Palo Alto implementation available as well. So it's very simple. We haven't found any issues, so far the implementation is going well, I don't see any gaps.

    What needs improvement?

    In general, the price could be more competitive.

    For how long have I used the solution?

    In Palo Alto, we also work with all product lines, including Prisma and other product lines as required. Is a mix, it's a subproduct, we work with the mix of products.

    We have been working with Cortex XDR by Palo Alto Networks for two to three years.

    We get updates from Palo Alto directly.

    What do I think about the stability of the solution?

    Cortex XDR by Palo Alto Networks is a stable product.

    What do I think about the scalability of the solution?

    It's a scalable solution, we have not had any challenges with the scalability of Cortex XDR by Palo Alto Networks.

    Our customers range from medium to large enterprise companies. The adoption rate in small businesses is much less, but the majority of our requirements come from mid-to enterprise-sized businesses.

    How are customer service and support?

    Technical support is the best in class, in my opinion, because they have invested heavily in research and development. In terms of comparison and today's challenges, such as security and layers, Palo Alto complies with all of the challenges.

    Which solution did I use previously and why did I switch?

    In terms of Security, we are working with a few products and a few brands.

    We use Palo Alto and we also work with Barracuda. These solutions are used on the web firewall and for email protection.

    We work with the entire Barracuda product line, but specifically for email protection and web filtering.

    Barracuda Essentials is included with O365 protections, we work with those solutions. 

    Palo Alto is part of a different vertical layer than Barracuda. It's distinct. They are very different.

    How was the initial setup?

    The initial setup depends on the environment, but as a technology, I would say it's simple. It's not that difficult.

    The length of time it takes for deployment is determined by the project and the surrounding environment. We can only determine the timeframe based on that, pinpointing a specific time period is difficult.

    It does not require maintenance because regular updates and monitoring are required. So if there is anything, new patches and the like, it is done automatically, and there is no additional implementation unless there are any infrastructure changes.

    What's my experience with pricing, setup cost, and licensing?

    In comparison to other competing products, it is based on the customer's needs and the environment. However, when compared to other products, the price is slightly higher, but when considering technology and new innovation, that is the plus I would say when it comes to being XDR.

    The price could be more competitive because it is not on the price wall when you go and question Palo Alto XDR. It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable.

    What other advice do I have?

    So far, it has met all of our requirements, and it should be able to cater to a wide range of product lines.

    We must first determine what their business requirements are, as well as what other technical layers we are considering, and then propose the appropriate sizing and solution.

    We mostly promote Palo Alto, but it depends on the customer's needs, as well as their budget, infrastructure, and what their business requires, all of those factors come into play when recommending a solution.

    When you compare it with other products, I would rate Cortex XDR by Palo Alto Networks a nine out of ten.

    It's close to being rated a ten out of ten because of their level of support, and the other is the solution and the most recent technology.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    Flag as inappropriate
    Information Technology Corporate Manager at a consumer goods company with 1,001-5,000 employees
    Real User
    Top 20
    Easy to use, light on resources, and reliable
    Pros and Cons
    • "Cortex XDR by Palo Alto Networks is easy to use and does not consume a lot of hardware resources."
    • "We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky."

    What is our primary use case?

    We are in the testing stage of using Cortex XDR by Palo Alto Networks. We are using it in order to ensure the corporate network servers are protected. Additionally, we need to use a specialized tool.

    What is most valuable?

    Cortex XDR by Palo Alto Networks is easy to use and does not consume a lot of hardware resources. 

    Cortex analyzes the network and users to detect additional risks and threats that the other vendor's solutions don't detect.

    What needs improvement?

    We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky.

    The tool should have the ability to test an environment to see what percentage it is secure against threats, such as ransomware. This would allow for adjustments to be made to the network for more security. We don't have the capability to test the networks daily there should be a parameter in order to report on the healthy of the network for security vulnerabilities.

    For how long have I used the solution?

    I have been using Cortex XDR by Palo Alto Networks for approximately two weeks.

    What do I think about the stability of the solution?

    Cortex XDR by Palo Alto Networks is highly stable. 

    We don't have any user reports suggesting that there is a high level of resource consumption.

    What do I think about the scalability of the solution?

    In regard to the scalability, the tool could have additional agents to provide a full installation in the company. This would make the installation much easier when scaling the solution, we should not have to use another tool.

    The installation approach is to do it one computer at a time, but if Cotex could provide an additional tool in order for us to reach all the elements of the network would be very helpful. It should be done automatically. I understand that if the tool has the capability to analyze the network, it should be able to read the computers' elements in the network and in other ways.

    How are customer service and support?

    The support is very efficient and professional. They have provided us with the tools and the basic elements to understand how the solution works. They have helped us prepare some specifics for our installation.

    Which solution did I use previously and why did I switch?

    We use the Kaspersky protection solution. Kaspersky works based on blacklists, if you are on the blacklist it is working well but if you are not Kaspersky does not work.

    How was the initial setup?

    The installation of Cortex XDR by Palo Alto Networks is easy. The setup is not complicated.

    It would be a good idea for the company to provide at their website videos that are translated in Spanish related to technical skills. This would be very useful and would have a lot of value.

    The world in commercial terms, speaks English, we have to understand that with tools such as this, if the solution was in other languages more companies would be able to exploit the tool. If we don't have this information in our native language, we will not use the tool to its full potential.

    What's my experience with pricing, setup cost, and licensing?

    In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage.

    I recommend that the company review the pricing model in the Latin American market. They need to determine how to impose, or how to bring a more accessible cost in order to accelerate the implementations in American countries.

    Which other solutions did I evaluate?

    We have been comparing Cortex XDR by Palo Alto Networks to Cisco solutions.

    What other advice do I have?

    It is important to have security tools in order to review, monitoring and hunt the potential attacks. We have found in our test Cortex XDR by Palo Alto Networks to be a very good tool.

    It's an efficient solution. I recommend this solution to my business partners and other companies.

    I rate Cortex XDR by Palo Alto Networks a ten out of ten.

    Other solutions I have used I would rate a seven out of ten. There is not something that comes close to this solution.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    Senior Information Security Architect at a tech services company with 201-500 employees
    Real User
    Great machine learning capabilities, a strong cloud platform and good overall features
    Pros and Cons
    • "It collects and caches and the knowledge of machine learning from different customers to take to the cloud. It makes it better to use for everybody. It allows for quick learning and updates and can, therefore, offer zero-day malware security. This sharing of metadata helps make the solution very safe."
    • "The solution can never really be an on-premises solution based simply on the way it is set up. It needs metadata to run and improve. Having an on-premises solution would cut it off from making improvements."

    What is our primary use case?

    I primarily use this solution for my clients. I don't use the solution myself.

    What is most valuable?

    I can call the tweak responses or other items that the customer doesn't like very easily due to the fact that this solution is on the cloud

    It collects and caches and the knowledge of machine learning from different customers to take to the cloud. It makes it better to use for everybody. It allows for quick learning and updates and can, therefore, offer zero-day malware security. This sharing of metadata helps make the solution very safe.

    Even the firewalls have their signatures. It takes from different resources and takes note of everything. 

    The exploits and malware technology are really good. 

    What needs improvement?

    It's my understanding that this solution is at end-of-life.

    It's hard to use as a product. It's not easy or straightforward. Especially when I deal with a government sector or other sensitive industries. They do not accept that it's so easy to share metadata outside their organization. They prefer on-prem even if it is not as powerful due to the fact that they perceive it as being more secure.

    The solution can never really be an on-premises solution based simply on the way it is set up. It needs metadata to run and improve. Having an on-premises solution would cut it off from making improvements.

    The deployment is pretty hard. Competitors like Trend Micro or Symantec have features on their console that make them easier to use. This solution does not offer items that would increase its usability.

    Before I moved to technical sales, I handled implementation, and I remember it being very difficult. They need to improve this aspect.

    The solution provides a lot of false positives. The average amount of false positives you get is 5%. It would be great if this could be lowered.

    For how long have I used the solution?

    I've been using the solution for a year and a half.

    What do I think about the stability of the solution?

    Security people usually think it's a very powerful solution. However, government teams always worry about the security of the cloud and always need to send approvals. Since this solution is not a normal endpoint, it can be a bit tricky for compliance purposes.

    At the same time, it does its job. It's very good at vulnerability management.

    That said, it is really not really flexible to make deployments on certain platforms. It's really complicated. Sometimes the solution falls off.

    How are customer service and technical support?

    We've contacted technical support in the past and they are very good. They are usually quite capable of closing the issue for us. They're also great if we're working out a new configuration or doing a completely new implementation. We're satisfied with their level of service.

    How was the initial setup?

    The initial setup is not straightforward. It's not that it's complex per se. It's difficult. 

    The IVR needs to be reached on the outside. You need to make it to the server and that's connected to the database that communicates with the agent properly. You have to push the agents and put the sensors inside the network. 

    What about the implementation team?

    We're an integrator; we implement this solution for our clients.

    What other advice do I have?

    We have a partnership with Palo Alto. I'm a consultant, I'm pre-sales as a technical sales engineer. I try to show the value of any product for the customer. I don't actually use the solution myself.

    The solution does not have an on-premises option. It's only available on the cloud.

    For XDR new users just need to make sure they have the right policies in place. The solution does offer pre-configured policies. Organizations will want to make sure it is actually fitting them in the places where they will be working best. It's important as well that they don't make it a default selection. Users need to make sure that it's really configured and whitelisted and everything fits the organization. 

    I'd rate the solution eight out of ten. I'd rate it higher, however, the deployment process is poor even though the features are decent. Competitors like Carbon Black have much easier deployments.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Jeff Wolach - PeerSpot reviewer
    Vice President / Chief Technology Officer at Sinnott Wolach Technology Group
    Reseller
    Top 20
    A stable, scalable, and user-friendly solution that comes with good support and stitches everything together to provide the actual complete picture
    Pros and Cons
    • "The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly. The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that."
    • "A little bit more automation would be nice."

    What is our primary use case?

    We use it for our own company as well for our clients. It is mainly used for protecting the endpoints. Like everybody else nowadays, we're all working from home, and we have access to data on the public cloud, private cloud, and on-prem. We got to make sure that we're not exposing our endpoints to anything out there that could be malicious and that could cause any problems within our networking environment.

    How has it helped my organization?

    It has absolutely improved the way our organization functions. We are more secure. It is giving us more peace of mind, and it is doing what it is doing. It has found malicious activity happening on our endpoints that probably would not have been detected if we didn't have it.

    What is most valuable?

    The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly.

    The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that.

    What needs improvement?

    A little bit more automation would be nice.

    For how long have I used the solution?

    We've been a reseller for Palo Alto for 13 years. I have been using it for quite a while. They had bought Cyvera for the endpoint security, which was obviously the base for Cortex XDR. I have been seeing how it actually progressed from just a straight endpoint security solution that was a little clunky at one time to a very streamlined, effective solution today.

    What do I think about the stability of the solution?

    It is stable. I haven't found any issues.

    What do I think about the scalability of the solution?

    It is extremely easy to scale. We have about 20 users, and their roles stem from sales to technical, marketing, and administrative.

    How are customer service and technical support?

    Palo Alto has got very good tech support. I would give them a ten out of ten.

    Which solution did I use previously and why did I switch?

    At one time, I tried Cylance, and it just wasn't that effective for what we needed. At the time, it wasn't really an EDR solution.

    How was the initial setup?

    The initial setup was very straightforward and easy.

    What's my experience with pricing, setup cost, and licensing?

    Its pricing is kind of in line with its competitors and everybody else out there.

    What other advice do I have?

    You don't have to be a Palo Alto customer to implement this solution. Some people think they have to, but no. It is a completely separate solution on its own. I would highly recommend it just because it is a complete package. It not only takes in data from your endpoint; it also takes in data from other sources that are not Palo Alto and helps to create the story about what's going on by stitching things together.

    I would rate Cortex XDR a nine out of ten. It is pretty good. The reason for giving a nine is that there is always room for improvement.

    Which deployment model are you using for this solution?

    Private Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    CIO/CTO at a manufacturing company with 501-1,000 employees
    Real User
    Top 5
    Good GUI, however lacks features overall and tends to eat memory
    Pros and Cons
    • "They have a new GUI which is just fantastic."
    • "There's an overall lack of features."

    What is our primary use case?

    We primarily use the solution for our endpoint server and endpoint protection.

    What is most valuable?

    There aren't many features we find valuable on the solution.

    They have a new GUI which is just fantastic.

    What needs improvement?

    The solution eats memory of the computer, unlike anything I've ever seen. It eats more memory than Chrome. 

    I have a lot of users that are eating my memory each hour every day and it's causing us problems. We have to go and buy more memory for each computer. When you have a lot of computers like we do, is not a very good situation.

    Some of the computers are only using 4 GB of memory, so if you put aside the differences, most only have some Chrome, some internet, and Office and that's it. And yet, the memory is getting eaten.

    If someone catches something like malware, or something else, I want to know if the file was spread to other machines and what the target was. I want to be able to get ahead of the spread. This solution doesn't do enough to protect us against these types of vulnerabilities or to give us much information about the spread. The tool really does need some more reverse engineering features.

    There's an overall lack of features.

    The initial setup could use improvement. Currently, I must go to each machine and deploy everything manually. We are in 2020, not in 1980. It seems like such a dated way of doing large deployments.

    For how long have I used the solution?

    I've been using the solution for a year and a half.

    What do I think about the stability of the solution?

    When I was experimenting with stability early on, I did run into issues when testing the solution in the sandbox.

    Eventually, it catches one of the executive files and if you go to the management section of the solution and you release this file, it takes seven or eight tries to do it. You need to keep trying, again and again, using the same procedures to release the file for usage. That was in the beginning and we still have this issue, even though they made a new GUI for management. It's still not resolved.

    What do I think about the scalability of the solution?

    We have several hundred users.

    I had some issues initially in the sandbox when I was testing scalability.

    How are customer service and technical support?

    I have reached out to technical support in the past. I find dealing with them is like talking to a wall. They aren't terrible, however, you don't really get any guidance. They ask over and over to get us to send them dump files and we do over and over. After all of the back and forth, nothing is really resolved to our satisfaction. You're paying for their services, and you don't get the level of service you would expect. It's a pain point.

    How was the initial setup?

    The initial setup was not complex. It was very straightforward.

    The deployment did take a lot of time due to the fact that we had seven hundred computers. 

    What other advice do I have?

    We simply use the solution as a customer.

    I would not recommend the solution. I'd advise other companies to rather go with Palo Alto's firewall as a better option. I've already advised others not to touch it. It's not worth it at all to even consider using it.

    I'd rate the solution six out of ten. Their new GUI is very nice, however, as a professional service, it's lacking in a lot of areas.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Buyer's Guide
    Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.
    Updated: July 2022
    Buyer's Guide
    Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.