Cortex XDR by Palo Alto Networks OverviewUNIXBusinessApplication

Cortex XDR by Palo Alto Networks is the #1 ranked solution in XDR Security products and #4 ranked solution in endpoint security software. PeerSpot users give Cortex XDR by Palo Alto Networks an average rating of 8.2 out of 10. Cortex XDR by Palo Alto Networks is most commonly compared to CrowdStrike Falcon: Cortex XDR by Palo Alto Networks vs CrowdStrike Falcon. Cortex XDR by Palo Alto Networks is popular among the large enterprise segment, accounting for 58% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 19% of all views.
Cortex XDR by Palo Alto Networks Buyer's Guide

Download the Cortex XDR by Palo Alto Networks Buyer's Guide including reviews and more. Updated: November 2022

What is Cortex XDR by Palo Alto Networks?

Cortex XDR by Palo Alto Networks is the first threat detection and response software to combine both visibility across all types of data as well as autonomous machine learning analytics. Threat detection very often requires analysts to divide their attention among many different data streams. This platform unifies a vast variety of data flows, which allows analysts to assess threats from a single location. Users can now maintain a level of visibility that other threat detection programs simply cannot offer. This level of transparency lends itself to both quick identification of problems that arise and the equally quick development of a potential solution.

Cortex XDR’s machine learning works on many different levels to detect and prevent threats. It is constantly scanning for threats and vulnerabilities. The solution can scan up to 5.4 billion IP addresses in three-quarters of an hour. This allows it to spot weak points in the system and notify administrators long before hackers can take advantage of vulnerabilities. Once the Artificial Intelligence (AI) discovers an issue or an area where an issue could potentially take place the system creates a log of the information and subsequently sends an alert to system administrators. The AI takes the information that it has gathered and uses it to assign threat levels to the issues that it detects. Following this, a human analyst will be assigned to manually assess the issue and deal with it accordingly. You can set it to automatically respond to the threat by isolating the issue while analysts investigate it.

Benefits of Cortex XDR

Some of Cortex XDR’s benefits include:

  • The use of advanced AI analytics, behavior analytics, and custom-made detection to detect advanced threats before they occur.
  • The ability to group similar threat alerts, reducing incoming alerts by as much as 98%. This allows analysts to avoid being overwhelmed by the volume of incoming alerts.
  • The ability to investigate threats as much as 8 times faster than would be possible with other software. The machine learning, when coupled with the unified data stream that Cortex XDR collects, significantly increases the ability to more quickly discover the root cause of a threat.

Reviews from Real Users

Cortex XDR by Palo Alto Networks software stands out among its competitors for a number of reasons. Two major ones are its ability to isolate threats while enabling them to be studied and the way that the software combines all of the data that it gathers into a single, more complete picture than other solutions offer.

PeerSpot users note the effectiveness of these features. A network designer at a computer software company wrote, “The solution has a very helpful isolation feature. If any system gets compromised, with one click I can access the system and isolate it from other networks, and then go into further forensic investigation of the current threat without compromising anything else.”

Jeff W., Vice President/CTO at Sinnott Wolach Technology Group, noted, “The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly.”



Cortex XDR by Palo Alto Networks was previously known as Cyvera, Cortex XDR, Palo Alto Networks Traps.

Cortex XDR by Palo Alto Networks Customers

CBI Health Group, University Honda, VakifBank

Cortex XDR by Palo Alto Networks Video

Cortex XDR by Palo Alto Networks Pricing Advice

What users are saying about Cortex XDR by Palo Alto Networks pricing:
  • "It's about $55 per license on a yearly basis."
  • "It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable."
  • "In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage."
  • "Its pricing is kind of in line with its competitors and everybody else out there."
  • Cortex XDR by Palo Alto Networks Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Ahmed Sief - PeerSpot reviewer
    System Engineer at a logistics company with 5,001-10,000 employees
    Real User
    Top 10
    Easy to set up, reliable, and always scanning
    Pros and Cons
    • "The initial setup is easy."
    • "Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."

    What is our primary use case?

    We're using it just to make sure that the customers, or our users, don't use any prohibited applications. We make sure that every application they use is on the allowed list. Any other application that is not only allowed is blocked until further notice. It's mainly to make sure that our organization is secure and that the software that the users are working on is secured too. This is the main reason. also to be aware and secured from any potential attack or ransomware etc.

    What is most valuable?

    The good thing about the product is that it's always scanning. It does real-time scanning for customers. If there's anything related to the applications that it's installed, for example, if an application needs some upgrades, or updates, or add-ons, we already have a server that is downloading this for the users, the computers. In terms of the laptops, we are not managing the laptops from the servers, since the users take the laptops with them and they are managing their laptops by themselves. There is any variability. The application gives us a notification on the Cloud so that we can handle this problem or make sure that the laptop is secured. The customers or the users don't have much experience to pick what is right and know what is wrong. It's a very, very informational application. 

    The initial setup is easy.

    What needs improvement?

    They need to do definition updates. Instead of the version, they just put an update on the portal, and each time we need to upgrade it. Sometimes it's hard to upgrade the offsite clients. Sometimes the internet that they are using is not that stable. It gives us a hard time. Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded. 

    It would be ideal if the updates would happen like Symantec updates or other antivirus solutions. The upgrade needs to deploy directly to the users.

    For how long have I used the solution?

    We've been using the solution for two years. 

    Buyer's Guide
    Cortex XDR by Palo Alto Networks
    November 2022
    Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
    655,465 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    It's very stable. There are no errors or problems, even if there is something we need to do on the machine. Due to the configuration we already do, it's locking a lot of things that the users cannot do. Even if the administrator is working, it needs the Cortex XDR permission first. It's very stable and the configuration is easy in the portal. They are enhancing their configuration and its security constantly. 

    The only thing that is giving us a hard time is they have a lot of version upgrades. I don't know if it's better to do it as update packages and make the upgrades half-year, quarter a year, or every year. It should be done more regularly.

    From an administrative perspective, it'll give us less headache. Each time you need just to go to the portal and make sure that you're testing the product, the upgrade before you deploy it, and then you deploy it. And then you figure out which computer doesn't have the version, and you figure out how to install it. 

    If it's a laptop on the other side, it'll take a long time, sometimes a week, to get the customer the upgrade. For installing the upgrade, we must do it. The users can't install this product by themselves. That's why it takes a while. 

    What do I think about the scalability of the solution?

    The solution is scalable. We are using it for 80 or 90 people. It's a variety of different positions, from engineers to accountants. 

    We're changing solutions and moving to SentinelOne. We won't be increasing usage.

    How are customer service and support?

    They are very helpful and they respond very fast. If there's any ticket open they make sure that they fix the problem the first time. I didn't face any problems with them.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We are currently moving to SentinelOne.

    How was the initial setup?

    It is a straightforward setup. It's not overly complex or difficult. The deployment took a maximum of two hours. 

    I just installed it first on one of the testing machines and I tested the software package to see if it was still working. Then I just deployed it to the users and I made sure that it was working fine. It might take one day to deploy to the users if I test the version on the test machine first.

    What about the implementation team?

    I handled the implementation myself. 

    What's my experience with pricing, setup cost, and licensing?

    Corporate is responsible for licensing. I don't know anything about the pricing.

    What other advice do I have?

    We are customers and end-users. 

    We're using the latest version of the solution. 

    Palo Alto is a big company. They are very good at security, so it's good if it's the first time a company is using this product. However, we are moving to SentinelOne as we are corporate. That means, if there is one branch upgraded or moved to something, we must follow. We are following our corporate instructions. If I was given the choice, I would be still using Cortex XDR as it's fulfilling my need. 

    I'd rate the solution eight out of ten. The downside is each time I go to the portal and I check the versions, it's outdated. You need to upgrade each month or every forty days and it's a lot.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    WillAgudo - PeerSpot reviewer
    System Administrator at NATIONAL ASSOCIATION OF REALTORS
    Real User
    Top 10
    Has a centralized console and does predictive analysis of malware
    Pros and Cons
    • "I like the centralized console and the predictive analysis it does of malware. It is very stable and also scalable."
    • "It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue."

    What is our primary use case?

    The primary use case is mainly endpoint protection.

    How has it helped my organization?

    Previously, we had to install endpoint protection per machine and then scan and update. If there were any possible threats, then you would have to go manually to the machine and scan. Cortex XDR basically does that centrally and predictably.

    We get notified, and if need be, we'll investigate an endpoint. For the most part, we haven't had to do a whole lot of that because most of the time, it just stops the threat before it even becomes one. So, we have more time to do day-to-day work rather than spend time chasing those endpoints.

    What is most valuable?

    I like the centralized console and the predictive analysis it does of malware.

    It is very stable and also scalable.

    It is easy to deploy and update. It does not require a lot of maintenance.

    What needs improvement?

    It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue. So, making exceptions would be easier and would probably be better for logging.

    It would be nice if it were easier to use and if there were some free training hours.

    As for additional features, I would suggest having mobile access to the console, perhaps through a mobile app for the console.

    For how long have I used the solution?

    I've been using it for about three years now.

    What do I think about the stability of the solution?

    The stability is great. I think they set the standard for SDR solutions at the moment.

    What do I think about the scalability of the solution?

    It's very scalable. We have it on Macs, Windows, Windows servers, and multiple flavors of Linux.

    We have about 460 endpoints deployed. As far as technical users, we have a team of about 10, and that's mixed between server admins and their subsupport users.

    The usage is extensive, and we've recently deployed it everywhere. We do plan on probably increasing usage because we have current consultants who use the product in order to access our systems.

    How are customer service and technical support?

    I wish there could have been more live contact with technical support rather than updated tickets and possible notifications via email. When I've had live encounters, it's been amazing. Sometimes, I think they could be a little bit more responsive live wise, but for the most part, it's been good.

    Which solution did I use previously and why did I switch?

    We previously used Sophos, and it was okay. The only thing I liked about Sophos was that it was easier to deploy to the desktop, but with Cortex XDR, once you have it already deployed, updating it is easy.

    We needed something that was going to work with Macs and Linux, different products. Also, we needed something that would be more predictive versus relying on definition files that are publicly available. You don't want to be in a zero-day attack. With Cortex XDR, it's one of those where you can download any virus. It's just not going to run on your machine. Most malware products rely on a database to tell you that there's a virus file.

    Sometimes, there are false positives. If it's a legit file or application that an end user is trying to download and use on their machine, it won't allow that. With Cortex XDR, however, they can download the file. It's just going to be rendered useless until you enable it and make an exception for it. It can run what identifies it and just sends you a notification saying that it's a malicious file and that it's there. It's not going to do anything to the system. That was a huge selling factor with Cortex XDR.

    How was the initial setup?

    The initial setup is pretty straightforward. It took a couple of hours and was pretty easy to deploy.

    Once it's deployed in your system, you can push updates yourself. In the case of Macs, when you get new releases you sometimes have to tweak it and then push it out manually to end users. One admin could dedicate a couple of hours a week at best because there's not much maintenance.

    What about the implementation team?

    Palo Alto got on the phone with us and walked us through it. They were very helpful.

    What's my experience with pricing, setup cost, and licensing?

    It's about $55 per license on a yearly basis.

    What other advice do I have?

    Learn the product because once you deploy it and a lot of people look at it from an endpoint perspective, they get the endpoint protection instantly. However, there are other things that you need to learn more about. Once you deploy Cortex XDR, you get a subscription to a data lake, which helps you retain logs. We have Palo Alto firewalls and later on learned that we can also integrate our firewalls and get the logs.

    You have a limited amount of space for log retention, but things like that are important in cases where you need to have PCI compliance or have a company policy of retaining a certain amount of logs.

    So, learn all the features and ask questions, and perhaps if it's going to be something that you're going to use as an investment for your company, take a training class.

    On a scale from one to ten, I would rate Cortex XDR at nine.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Cortex XDR by Palo Alto Networks
    November 2022
    Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
    655,465 professionals have used our research since 2012.
    Consultant at Trillennium (Pvt) Ltd
    Reseller
    Top 20
    Excellent technical support, straightforward implementation, and cutting-edge technology
    Pros and Cons
    • "When the pandemic started, Palo Alto came up with many solutions, which helped with the quick shift from on-premises to the cloud."
    • "In general, the price could be more competitive."

    What is our primary use case?

    We are not using it for our purposes because we are a Palo Alto partner. We propose it for our customers based on their requirements.

    We are both a service provider and a reseller.

    When the pandemic first began, the use cases were mostly for remote users. We deployed this for the majority of remote users.

    What is most valuable?

    When the pandemic started, Palo Alto came up with many solutions, which helped with the quick shift from on-premises to the cloud. We have a lot of advantages as a result.

    It's a very simple implementation, and I have direct Palo Alto implementation available as well. So it's very simple. We haven't found any issues, so far the implementation is going well, I don't see any gaps.

    What needs improvement?

    In general, the price could be more competitive.

    For how long have I used the solution?

    In Palo Alto, we also work with all product lines, including Prisma and other product lines as required. Is a mix, it's a subproduct, we work with the mix of products.

    We have been working with Cortex XDR by Palo Alto Networks for two to three years.

    We get updates from Palo Alto directly.

    What do I think about the stability of the solution?

    Cortex XDR by Palo Alto Networks is a stable product.

    What do I think about the scalability of the solution?

    It's a scalable solution, we have not had any challenges with the scalability of Cortex XDR by Palo Alto Networks.

    Our customers range from medium to large enterprise companies. The adoption rate in small businesses is much less, but the majority of our requirements come from mid-to enterprise-sized businesses.

    How are customer service and support?

    Technical support is the best in class, in my opinion, because they have invested heavily in research and development. In terms of comparison and today's challenges, such as security and layers, Palo Alto complies with all of the challenges.

    Which solution did I use previously and why did I switch?

    In terms of Security, we are working with a few products and a few brands.

    We use Palo Alto and we also work with Barracuda. These solutions are used on the web firewall and for email protection.

    We work with the entire Barracuda product line, but specifically for email protection and web filtering.

    Barracuda Essentials is included with O365 protections, we work with those solutions. 

    Palo Alto is part of a different vertical layer than Barracuda. It's distinct. They are very different.

    How was the initial setup?

    The initial setup depends on the environment, but as a technology, I would say it's simple. It's not that difficult.

    The length of time it takes for deployment is determined by the project and the surrounding environment. We can only determine the timeframe based on that, pinpointing a specific time period is difficult.

    It does not require maintenance because regular updates and monitoring are required. So if there is anything, new patches and the like, it is done automatically, and there is no additional implementation unless there are any infrastructure changes.

    What's my experience with pricing, setup cost, and licensing?

    In comparison to other competing products, it is based on the customer's needs and the environment. However, when compared to other products, the price is slightly higher, but when considering technology and new innovation, that is the plus I would say when it comes to being XDR.

    The price could be more competitive because it is not on the price wall when you go and question Palo Alto XDR. It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable.

    What other advice do I have?

    So far, it has met all of our requirements, and it should be able to cater to a wide range of product lines.

    We must first determine what their business requirements are, as well as what other technical layers we are considering, and then propose the appropriate sizing and solution.

    We mostly promote Palo Alto, but it depends on the customer's needs, as well as their budget, infrastructure, and what their business requires, all of those factors come into play when recommending a solution.

    When you compare it with other products, I would rate Cortex XDR by Palo Alto Networks a nine out of ten.

    It's close to being rated a ten out of ten because of their level of support, and the other is the solution and the most recent technology.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    PeerSpot user
    Divisional Operations Director at a tech vendor with 1,001-5,000 employees
    MSP
    Allows us to create queries for investigation, provides good visibility, and has been able to see every single threat
    Pros and Cons
    • "The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine."
    • "It tends to do 99.9% of things. The only thing I'd like is single sign-on authentication into their cloud platform so that my users can be properly authenticated against it."

    What is our primary use case?

    Officially, I'm an MSP, but I also host it for our own internal software. I've got XDR installed on 26,000 devices. It is used for threat prevention, policy enforcement, firewall rules, and DLP. We use it for pretty much everything. Our firewalls also integrate with XDR.

    We use XDR Pro. It is in the cloud, and we have got version 7 at the moment, which is probably the latest update of it.

    How has it helped my organization?

    The key thing is the visibility of what's going on in our networks and on our end devices. It gives us visibility.

    It provides the ability to query. I can query for any file or any IOC on any of the devices installed, and it will search for a data link.

    What is most valuable?

    The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine. 

    In general, it has been able to see every single threat that has ever come up and it helps us stop it. 

    I've used it for a great many years now, and it worked really well. From the Palo Alto side, whatever they buy, they integrate that really well into their integration suite, and that makes a massive difference.

    What needs improvement?

    The onboarding process could be better. 

    It tends to do 99.9% of things. The only thing I'd like is single sign-on authentication into their cloud platform so that my users can be properly authenticated against it.

    What do I think about the stability of the solution?

    Its stability is very good.

    What do I think about the scalability of the solution?

    Its scalability is very good. It is on my servers as well as my end users. I've got five and a half thousand end-users plugged in, and they're all on, and then I have 26,000 servers on it as well.

    How are customer service and support?

    I would rate them a 9 out of 10. The only reason why they lose a point is that if I escalate, it gets done really quickly. I've got all the various contacts I could ever need inside Palo Alto, but some of my other colleagues don't have that same level of contact. So, if I'm doing it, it is rapid, but if they're doing it, it is slower.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I've worked with Carbon Black, which Cortex XDR beats hands down. The reason it beats it hands down is because of the ability to query. I couldn't do that with Carbon Black. For me, that was a genuine issue with Carbon Black. That was one of the main reasons why we've literally moved 22,000 devices off Carbon Black into Cortex XDR.

    We also use Sophos, McAfee, and BitDefender. As a group, we buy multiple companies a year. So, we come across most of them.

    If it is my own device, I would love to have Cortex, but I can't buy one license. I have to buy a minimum of 250 licenses. So, I normally go for something like BitDefender because it has the least amount of bloatware.

    How was the initial setup?

    It is straightforward. It is pretty much out of the box. It works how you want it to work. So, you can't really ask for more.

    It is also easy to maintain.

    What about the implementation team?

    It was implemented in-house.

    What was our ROI?

    In the company I'm in, we make software. On that basis, we've gone for what we need to make sure our software and all of our customer data are secure. That drives us more than the ROI. It may sound a little weird, but it is the way we run because, for us, the ROI is almost pointless if we lose all our data.

    What's my experience with pricing, setup cost, and licensing?

    I have the full Pro Prevent license. So, I've got post analytics, forensics, and the whole lot of it.

    What other advice do I have?

    My advice to others who would like to start working with Cortex is to not dip your toe in the water. Go big or go home. If you integrate everything in, you'll get fantastic results. You shouldn't do some bits here and there. You need to use their ecosystem as a whole. If you're in their entire ecosystem, the results are amazing.

    I would rate it a 10 out of 10.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Information Technology Corporate Manager at a consumer goods company with 1,001-5,000 employees
    Real User
    Top 20
    Easy to use, light on resources, and reliable
    Pros and Cons
    • "Cortex XDR by Palo Alto Networks is easy to use and does not consume a lot of hardware resources."
    • "We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky."

    What is our primary use case?

    We are in the testing stage of using Cortex XDR by Palo Alto Networks. We are using it in order to ensure the corporate network servers are protected. Additionally, we need to use a specialized tool.

    What is most valuable?

    Cortex XDR by Palo Alto Networks is easy to use and does not consume a lot of hardware resources. 

    Cortex analyzes the network and users to detect additional risks and threats that the other vendor's solutions don't detect.

    What needs improvement?

    We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky.

    The tool should have the ability to test an environment to see what percentage it is secure against threats, such as ransomware. This would allow for adjustments to be made to the network for more security. We don't have the capability to test the networks daily there should be a parameter in order to report on the healthy of the network for security vulnerabilities.

    For how long have I used the solution?

    I have been using Cortex XDR by Palo Alto Networks for approximately two weeks.

    What do I think about the stability of the solution?

    Cortex XDR by Palo Alto Networks is highly stable. 

    We don't have any user reports suggesting that there is a high level of resource consumption.

    What do I think about the scalability of the solution?

    In regard to the scalability, the tool could have additional agents to provide a full installation in the company. This would make the installation much easier when scaling the solution, we should not have to use another tool.

    The installation approach is to do it one computer at a time, but if Cotex could provide an additional tool in order for us to reach all the elements of the network would be very helpful. It should be done automatically. I understand that if the tool has the capability to analyze the network, it should be able to read the computers' elements in the network and in other ways.

    How are customer service and support?

    The support is very efficient and professional. They have provided us with the tools and the basic elements to understand how the solution works. They have helped us prepare some specifics for our installation.

    Which solution did I use previously and why did I switch?

    We use the Kaspersky protection solution. Kaspersky works based on blacklists, if you are on the blacklist it is working well but if you are not Kaspersky does not work.

    How was the initial setup?

    The installation of Cortex XDR by Palo Alto Networks is easy. The setup is not complicated.

    It would be a good idea for the company to provide at their website videos that are translated in Spanish related to technical skills. This would be very useful and would have a lot of value.

    The world in commercial terms, speaks English, we have to understand that with tools such as this, if the solution was in other languages more companies would be able to exploit the tool. If we don't have this information in our native language, we will not use the tool to its full potential.

    What's my experience with pricing, setup cost, and licensing?

    In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage.

    I recommend that the company review the pricing model in the Latin American market. They need to determine how to impose, or how to bring a more accessible cost in order to accelerate the implementations in American countries.

    Which other solutions did I evaluate?

    We have been comparing Cortex XDR by Palo Alto Networks to Cisco solutions.

    What other advice do I have?

    It is important to have security tools in order to review, monitoring and hunt the potential attacks. We have found in our test Cortex XDR by Palo Alto Networks to be a very good tool.

    It's an efficient solution. I recommend this solution to my business partners and other companies.

    I rate Cortex XDR by Palo Alto Networks a ten out of ten.

    Other solutions I have used I would rate a seven out of ten. There is not something that comes close to this solution.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Jeff Wolach - PeerSpot reviewer
    Vice President / Chief Technology Officer at Sinnott Wolach Technology Group
    Reseller
    Top 10
    A stable, scalable, and user-friendly solution that comes with good support and stitches everything together to provide the actual complete picture
    Pros and Cons
    • "The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly. The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that."
    • "A little bit more automation would be nice."

    What is our primary use case?

    We use it for our own company as well for our clients. It is mainly used for protecting the endpoints. Like everybody else nowadays, we're all working from home, and we have access to data on the public cloud, private cloud, and on-prem. We got to make sure that we're not exposing our endpoints to anything out there that could be malicious and that could cause any problems within our networking environment.

    How has it helped my organization?

    It has absolutely improved the way our organization functions. We are more secure. It is giving us more peace of mind, and it is doing what it is doing. It has found malicious activity happening on our endpoints that probably would not have been detected if we didn't have it.

    What is most valuable?

    The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly.

    The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that.

    What needs improvement?

    A little bit more automation would be nice.

    For how long have I used the solution?

    We've been a reseller for Palo Alto for 13 years. I have been using it for quite a while. They had bought Cyvera for the endpoint security, which was obviously the base for Cortex XDR. I have been seeing how it actually progressed from just a straight endpoint security solution that was a little clunky at one time to a very streamlined, effective solution today.

    What do I think about the stability of the solution?

    It is stable. I haven't found any issues.

    What do I think about the scalability of the solution?

    It is extremely easy to scale. We have about 20 users, and their roles stem from sales to technical, marketing, and administrative.

    How are customer service and technical support?

    Palo Alto has got very good tech support. I would give them a ten out of ten.

    Which solution did I use previously and why did I switch?

    At one time, I tried Cylance, and it just wasn't that effective for what we needed. At the time, it wasn't really an EDR solution.

    How was the initial setup?

    The initial setup was very straightforward and easy.

    What's my experience with pricing, setup cost, and licensing?

    Its pricing is kind of in line with its competitors and everybody else out there.

    What other advice do I have?

    You don't have to be a Palo Alto customer to implement this solution. Some people think they have to, but no. It is a completely separate solution on its own. I would highly recommend it just because it is a complete package. It not only takes in data from your endpoint; it also takes in data from other sources that are not Palo Alto and helps to create the story about what's going on by stitching things together.

    I would rate Cortex XDR a nine out of ten. It is pretty good. The reason for giving a nine is that there is always room for improvement.

    Which deployment model are you using for this solution?

    Private Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Other
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    PeerSpot user
    Cybersecurity Incident Response Analyst at a computer software company with 5,001-10,000 employees
    Real User
    Very powerful tool; provides behavior-based detection tailored to your environment
    Pros and Cons
    • "Provides behavior-based detection which offers many benefits over signature-based detection."
    • "There are a large number of false positives."

    What is our primary use case?

    As with any advanced malware protection tool, it's really about the results and getting the security you need. We are end users and I'm a cybersecurity incident response analyst.

    What is most valuable?

    I like that the product has behavior-based detection which offers many benefits over signature-based detection. When it comes to zero day attacks and targeted attacks, signature detection is not able to detect problems. Behavior-based detection is able to detect attacks tailored specifically for your environment, or malware that doesn't yet have a known malicious signature. It's the nature of how the data is processed that makes the tool really powerful. 

    What needs improvement?

    The downside to the solution is that there are a large number of false positives. There are a whole lot of different things for business automated actions, and it's hard to sort through all that. Without some assistance and suppression of false positives from Palo Alto or some event triaging that you might have enabled on your SIEM, you'll continue to get the high number of false positives. It's related more to the lack of capability to easily identify and suppress false positives before they're presented to you. There needs to be a function for suppressing false positives for types of machines and not necessarily for the actual groups.

    For how long have I used the solution?

    I've used this solution for close to six months while we were evaluating it. 

    How are customer service and technical support?

    Since Palo Alto was giving us the proof of concept, we had direct access to them.

    How was the initial setup?

    It takes quite a few people to set it up. I would say the biggest difference between Palo Alto XDR and something like Cisco AMP outside of the actual detection is going to be the ease of implementation. Cisco AMP only requires one person to go through all the groups and configure policies. With XDR you define groups based on types of machines and commonalities in the machines. It's not like you just send a connector to machines and they're part of that group in that policy. It means there is a whole lot more to configure on XDR.

    What other advice do I have?

    The same things apply to anyone looking to implement any form of anti-malware agent. You really want to take the time to make sure your environment is organized and configured the way that you want it to be, because once you start getting empty policies and machines in run groups, you run into a pretty big mess. Another thing would be documentation. If you're adding suppressions or custom detections or your AOCs, keep a document which logs all the changes, because people come and go, and handing down an anti-malware tool to somebody that doesn't know how or why it was configured a certain way, could make things difficult.

    It would be a tremendous amount of work for us to implement Networks in a company our size. We have a whole bunch of projects going on right now that are pretty important and since we already have that advanced malware protection tool and AMP, which we think is good, we don't necessarily think Networks is as powerful at detection. On other projects, if we were going to go ahead and turn around and move forward with Palo Alto, it would mean taking a step backwards and reimplementing an anti-malware agent that we already have. That said, my impression is that it's a really good tool and you can get a lot out of it. 

    I rate this solution a nine out of 10. 

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    KostiantynFrolov - PeerSpot reviewer
    Lead Security Engineer at ESKA
    Real User
    Top 5Leaderboard
    Scalable with excellent protection features and is very user-friendly
    Pros and Cons
    • "The solution doesn't need a high level of technical training."
    • "Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well."

    What is our primary use case?

    Cortex XDR is used for endpoint detection and response. This is software placed into endpoints and work in this cloud. In cloud has the analytics, login, prevention models, et cetera.

    What is most valuable?

    If a company uses Palo Alto and supports Cortex XDR for endpoint protection it is very well protected. Palo Alto is the best security solution in the market. It's very advanced and its protection is extremely reliable.

    The solution doesn't need a high level of technical training. The solution is very usable and doesn't take a lot of personnel.

    The product is very scalable.

    The stability is very good.

    What needs improvement?

    For working with the solution, you only really need a web browser, however, we've found that working on Chrome, for example, is horrible.

    Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well.

    For how long have I used the solution?

    I've been working with this security solution for ten years or so and Palo Alto Networks for two years.

    What do I think about the stability of the solution?

    The solution has been very stable and very reliable. There are no bugs or glitches. It doesn't crash or freeze. It's one of the best on the market.

    What do I think about the scalability of the solution?

    The solution is very scalable. It works well for companies that are quite sizeable. If an organization needs to expand it, it can do so easily.

    We have about 50 to 55 users on the solution.

    How are customer service and technical support?

    I personally handle technical questions for those working with Palo Alto. 

    Support of Palo Alto is English, however, I work in this local technical solution, local technical and I'm working with customers with a warranty.

    I've found technical support from Palo Alto to be very good. We're local and we can assist as well, however, Palo Alto is capable of handling any size of issue and they are quite helpful.

    How was the initial setup?

    I am not directly handling the installation. My client is.

    You do need a team of people on this solution that understand the cloud and the solution itself if you have a large, complex environment. If you have a robust security team, it's good. However, if you don't have the resources, it's not an ideal product. 

    That said, if your company requires a small, simple setup, one person may be enough. It really depends on the size.

    What about the implementation team?

    My client is actually handling the installation. I often field questions from them, however, I don't participate in the installation directly.

    What's my experience with pricing, setup cost, and licensing?

    For basic needs, the solution isn't very expensive. However, as you grow more complex in your needs, the more you use, the more costly it can get.

    The licensing is typically for one year. There's a one-time installation. If you would like to continue with the service, you can continue. There's no need to install and reinstall.

    What other advice do I have?

    Cortex XDR is a threat analytics security manager that allows users to see what threats are going to endpoints. It's a very high-security solution. 

    The next step up from Cortex XDR is Cortex XSOAR. XSOAR is an automated threat solution. It's a security solution from Palo Alto. 

    I'd recommend the solution to others. I'd rate it at a nine out of ten overall. 

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
    PeerSpot user
    Buyer's Guide
    Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.
    Updated: November 2022
    Buyer's Guide
    Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.