Cortex XDR by Palo Alto Networks Reviews

We primarily use the solution for our endpoint server and endpoint protection.

There aren't many features we find valuable on the solution.

They have a new GUI which is just fantastic.

The solution eats memory of the computer, unlike anything I've ever seen. It eats more memory than Chrome. 

I have a lot of users that are eating my memory each hour every day and it's causing us problems. We have to go and buy more memory for each computer. When you have a lot of computers like we do, is not a very good situation.

Some of the computers are only using 4 GB of memory, so if you put aside the differences, most only have some Chrome, some internet, and Office and that's it. And yet, the memory is getting eaten.

If someone catches something like malware, or something else, I want to know if the file was spread to other machines and what the target was. I want to be able to get ahead of the spread. This solution doesn't do enough to protect us against these types of vulnerabilities or to give us much information about the spread. The tool really does need some more reverse engineering features.

There's an overall lack of features.

The initial setup could use improvement. Currently, I must go to each machine and deploy everything manually. We are in 2020, not in 1980. It seems like such a dated way of doing large deployments.

I've been using the solution for a year and a half.

When I was experimenting with stability early on, I did run into issues when testing the solution in the sandbox.

Eventually, it catches one of the executive files and if you go to the management section of the solution and you release this file, it takes seven or eight tries to do it. You need to keep trying, again and again, using the same procedures to release the file for usage. That was in the beginning and we still have this issue, even though they made a new GUI for management. It's still not resolved.

We have several hundred users.

I had some issues initially in the sandbox when I was testing scalability.

I have reached out to technical support in the past. I find dealing with them is like talking to a wall. They aren't terrible, however, you don't really get any guidance. They ask over and over to get us to send them dump files and we do over and over. After all of the back and forth, nothing is really resolved to our satisfaction. You're paying for their services, and you don't get the level of service you would expect. It's a pain point.

The initial setup was not complex. It was very straightforward.

The deployment did take a lot of time due to the fact that we had seven hundred computers. 

We simply use the solution as a customer.

I would not recommend the solution. I'd advise other companies to rather go with Palo Alto's firewall as a better option. I've already advised others not to touch it. It's not worth it at all to even consider using it.

I'd rate the solution six out of ten. Their new GUI is very nice, however, as a professional service, it's lacking in a lot of areas.

We use Palo Alto Traps in our Windows-based environments. Currently, it only protects our desktops and we use it in conjunction with our Check Point firewall.

The product is very good, it has caught a lot of exploits that most products would not. The WildFire module is a great AI in detecting and preventing attacks. The only issues that we have are, one the cost, two the dashboard is not very intuitive, even though you can drill down within the dashboard, we usually have to gather information from other sources to determine locations and if its a false positive.

WildFire AI is the best option for this product.

The dashboard is the area that needs to improve so that we can have the ability to drill down without having to go elsewhere to verify results.

We have had this product for two years.

This is an expensive solution.

We use Palo Alto Networks Traps (Version 6) to protect our endpoints against NG malware via behavior analysis, artificial intelligence and machine learning. Both the PA Traps endpoint logs, our PA firewall traffic logs and the Wildfire sandbox are used to provide immediate threat response and feed this information to the PA Threat Intelligence cloud.

Palo Alto Networks Traps improves our security posture and lowers risk by providing next-gen methods to combat against modern threats on all the major platforms.

The one feature that our organization finds most valuable is being able to control the USB ports on the endpoints

The MAC agent is not as robust feature-wise as the PC version. I need to control USB ports on MAC laptops and cannot. This is a MUST so I opened a case with Palo Alto and requested this feature for an upcoming update.

I would like to see more automation and self-healing for incidents that can be easily classified as malware.

No issues

Palo Alto Networks Traps features excellent protection, cost and scalability. We are a small group of 4 employees and have 2 people dedicated to deployment and monitoring of 1400+ endpoints.

Palo Alto Network's technical support is excellent. 

Since we were a Fortinet shop, we previously used the FortiClient endpoint agent. We switched to Palo alto FWs and endpoint protection because it is a more mature product with advanced next-gen capabilities not available from the Fortinet solution.

The initial setup was done by a Palo Alto certified service provider.

This product pays for itself with only one ransomware denial!

Our license runs on a monthly basis with a recurring monthly charge. If you want additional options like secure remote access with policies, that requires an additional cost. 

Palo Alto Networks Traps does not apply secure remote access to devices without policies, which we are implementing. If you want to apply more policies, like an anti-virus program, anti-malware, or configurations for using a VPN on remote connections, that would also be an additional cost. We're not doing that.

Cylance, Carbon Black, Crowdstrike, Microsoft Windows Defender ATP, Sophos, SentinelONE

On a scale from 1-10, I would rate Palo Alto Networks Traps with an eight. It is great, but I have some issues with the cost of the product license.

The integration with other products, the firewall, and the IPS are good features.

The solution needs better reports. I think they should let the customer go in and customize the reports. 

It could also use better graphics and more information.

The stability of the solution is very good. We have about 100 users on it right now, and we use it twice a week.

Technical support has been very good.

I recommend using this solution and I would rate the solution an eight out of 10.

I've found the security protection modules there, have been the most valuable.

I started using it from 4.1, but it didn't change that much. Some features and some fixes have been added to 4.2, but not that much. They need to improve reporting, the end-point reporting. They could also enhance their notification statuses. In the current version, you will see some threat alerts, or if anything is executable, but you will not see behavioral analysis. You will see what was being blocked, and that's it. If Traps logs something, you will get a notification. Otherwise, you have to generate the dump file and investigate on your own.

In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are a big company, so they can surely improve the UI a little bit. The UI, the reports, the log system can all be improved. But overall, when we speak about security and protection, they are one of the top providers.

It's very stable. I've never experienced downtime for the ASM console or ASM core. But we experienced this for the database, and it was not clear in Trap's interface. So, Trap's server stopped working, stopped getting jobs, stopped the enforcing policies because the database was full. We did not get any alert for that, so you will not see any alert on the ESM console that says that your database is about to fill up. It was not reachable and there was no warning or indication for this. You have to go to some tools internally and check in the command line, to see. You will see some errors for the DB, and you will realize that it's a DB issue. I've never experienced any issue with the Traps itself, but with the database.

It's very easy to scale if you have file availability. If it's more clear, we can do high availability, but it's a bit tricky. We deployed this for 4,000 endpoints, and it was very easy. Two ASM core servers were enough to deploy it for 4,000 plus endpoints. These are enterprises, not SMBs. They're government institutions.

I would not say that technical support is bad, but it's not that good. It could be better.

Basically, they don't provide customer support tools just to investigate the logs. From a reseller or authorized center for Palo Alto, I can't get that much information from the logs because it's a bit complicated. If they have support tools, for example, to analyze the logs as they have for the Palo Alto firewall. They don't have for this for Traps. They need to have some tools to analyze the logs. We can generate something called tech support files from Traps, but it's useless. Nothing's there. You will not get that much from the tech support file.

But for the firewall, if we get the tech support file and upload it to somewhere they have some tools, we can get many useful logs and alerts. For Traps, this is not possible.

The initial setup was straightforward. They are using MySQL database, and I think it's a disadvantage because you need to buy a license for MySQL also to deploy it. They don't have this concept of file availability between DS and core servers.

We are a reseller. We are implementing it on customer premises for our clients.

The main advice I can share is to watch out for your database and make sure to give it enough resources. That's it.

I would rate this solution eight out of 10.

We have a complete overview of all our PCs and it's very easy to handle and to use the interface. It has a lot of benefits for us.

The one area which should improve is not on the user side but on the product itself. Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats. For example, if you had something that was not detected by the former solution, and you install Palo Alto, you will have some difficulty removing the virus with the Palo Alto tool. It would be helpful if they had a tool for removing a virus or threat in these cases.

The solution is very stable. We have about 350 licenses across all our PCs, and of course, only administrators are allowed to plug in.

Scalability is not an easy question. For us, Palo Alto traps is running on a good environment, so if we have a plan to expand we just adjust the environment and from the Palo Alto side, it is not a problem at all. The only thing I have to do is update the license file and it should work. But in the case of a bigger expansion, you have to separate the servers. For us, it is not a problem at all if we decide to scale Palo Alto traps.

Support response was very fast. I'm satisfied with the support.

If you have been educated in Palo Alto, the initial setup is very easy. Without an education it depends. It can be difficult, it depends on the knowledge of the installer.

We use the on-prem version, not the cloud version of Palo Alto.

We use it daily but we have logs. Normally, if we have an incident in detection from a wire system, there's more effort. But typically it would take about ten minutes in order to check the logs and it's not complex at all. But if you have some threats or viruses then, of course, maintenance takes longer.

In terms of advice, I'd say it depends on the usage of the PCs. For us to use in the main production, Palo Alto benefited us. It was easy to install and performance of the traps themselves are very good. In most cases, you don't have to worry about the performance of the PC at all. Palo Alto Traps takes up very few resources.

I would rate this solution 9 out of 10.

So far, we have only done a PoC of Palo Alto Traps. We deployed Traps on a few devices and then did the PoC. I also attend a workshop for Palo Alto Traps. I learned how it works and how it can block malicious files, etc.

• It blocks malicious files. 
• It prevents attacks.
• It doesn't require many updates, it's a very light application.

Managing the product should be easier.

The stability is good but I did face one issue that I want to point out. I don't know about the new version but in the old version, sometimes not all your devices are showing properly. Sometimes they show as "inactive."

Scalability is good. You can install it on any number of devices that you are licensed for.

Technical support is good but people need better knowledge of that particular product. I don't think it's well-known in India. 

If we asked someone about using Traps they would ask, "What is Traps?" Compared to other products like Symantec and Trend Micro, Traps is not well-known endpoint protection. The engineers also don't know much about it, so Palo Alto needs to promote knowledge of this product.

I go through the vendor for support first. If the vendor doesn't resolve the issue then they log the case with Palo Alto. We haven't had any incidents that had to go to Palo Alto. Everything has been resolved by the vendor so I don't know about the direct support of Palo Alto, except that the Palo Alto firewall is a very stable brand. There's no issue.

We are using Symantec now. We were thinking of purchasing Palo Alto but because the EDR part was not there at the time, we went with Symantec which has the EDR solution. EDR is essential for our project. I think it has been announced that EDR is part of Traps now.

The initial setup was very simple. We finished the deployment within one day.

For our implementation strategy, it's cloud-based, so we installed the PoC license on the cloud and then started deploying the agent software on my laptop and mobile devices, and then we did the PoC.

We did not negotiate the price because the solution did not fulfill our requirements. But the price was fine. I don't know how it would compare with Symantec because I negotiated a lot with Symantec. I don't know what kind of negotiation I could have done with Palo Alto.

We did not check any other options. But I am going to evaluate Traps in the next year because I want to go for a Palo Alto platform, as we already have a Palo Alto firewall. If, next year, all my requirements are fulfilled, then I will definitely go for Traps.

Palo Alto Traps is good but they need to more widely promote it.

We used it for malware detection and to detect weird DNS calls. Overall, it was for endpoint protection.

Many people here are surfing the web on Russian sites, Korean sites, Chinese sites, etc., and by definition, they download things that are not very nice. Whenever there was something fishy, most of the anti-virus solutions just wouldn't see it. We needed endpoint protection that would detect as soon as some code started doing funny things. Traps was very good at that.

The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical.

There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, was not user-friendly.

The stability was quite good. We never had any issue with it at all.

We had no issue with scalability. We deployed to 220 machines in one go with no problem. We had 130 users. Some people were using many machines. The users were mostly analysts. Ten to 20 of the users were IT people and the rest were doing analysis work on satellites. It was being used extensively, 100 percent in our case. Even the serves had it running. Everybody had Traps installed.

The technical support from the consultant was very good. I don't remember having to talk to Palo Alto directly. I had an issue, but I talked to the consultant and then he escalated it.

Before Traps we had no endpoint protection.

The setup was not very intuitive to start with, but after you've done it once, it's really straightforward.

The first time I set it up, for one machine, it took about 15 minutes until I understood what was going on, starting from the ESM and using the deployment tool. But as soon as you've done it once, and you understand the ergonomics behind it, it goes fast.

In terms of the implementation strategy, we started with a limited number of machines and the machines of people from IT, who we knew would surf to weird places. Then we deployed a small sample to the people who go to China and Russia and places like that. After a while, while, we decided to go all the way and we used the ESM to deploy it on every machine.

The process from the planning phase until it was fully implemented took about three or four months.

For the first installation we had a consultant, a Palo Alto dealer, consultant, and solution provider here in Madrid - Open3S. They're very good. Our experience with them was very positive. They're really competent. They really know what they're talking about. We were very happy with them.

The deployment required one or two people. Some days two people came, but normally, with one guy, it was okay.

It was more like insurance. You hope you're never going to use it, but you have it. It gave us some confidence in what people were doing because we know people were going to weird places on the web. With Traps, we were quite confident that if something wrong happened it would be detected and intercepted and deleted before it was spread around.

When we first bought it, it was a bit expensive, but it was worth it. The licensing was straightforward.

We didn't evaluate any other options because we had Palo Alto as firewalls and we were quite satisfied with Palo Alto. So the consultant took the initiative to do a demo and we liked it. Due to the type of business we are in, it's very useful.

Make sure you have a proper inventory of all the applications running. That's something we should have done to start with. We intended to do so but because we're using very strange applications to deal with satellite imagery, and it was giving us some issues. For somebody who's using the standard Microsoft Office, it's really straightforward. But if you have exotic applications, then make sure you test it before you deploy it. You will have issues.

To maintain it, the only thing you have to do is download the latest updates and install them. After that, the only maintenance you need is checking the logs every day to see what has been sent to the cloud for sandboxing and then move to the culprit machine to see what happened. It's difficult to say how many people are required for this. As soon as you get something exotic on the machine, this can take an hour, but that's not related to Traps. Traps is just telling you there's something exotic. After that, it's the time you spend doing all the malware and other analyses. As far as Traps is concerned as such, it doesn't require much maintenance. It's something you set and forget.

I would give Traps a nine out of ten. I think it's a very good application. It detected stuff that other things wouldn't detect. I'm very positive about it and was extremely satisfied with it. We had it for the reason I noted earlier. It has been replaced by something else, but I had a very good experience with it. Had we been in a Microsoft Office business - the normal applications - we never would have moved. But the people in charge of the system went to Microsoft Defender.