Cortex XDR by Palo Alto Networks Reviews

Cortex XDR by Palo Alto Networks is more than an antivirus. It collects data and sends it to the Cortex Data Lake, which serves as your central location where you can manage logs and investigate incidents. If something is being blocked, you can investigate further to understand what is blocking on the second or third layer of the application. For example, if you have a trusted application that is not working as it should, Cortex XDR can help identify the issue.

Cortex XDR not only verifies the executable that you are running, but it also analyzes all the dependencies that this executable is trying to call and sends all this information to the cloud database, to Cortex Data Lake. The product inspects the program that is running and also its dependencies. It also inspects the connections where that executable is connecting and from where it is connecting, along with all its dependencies.

After that, it is more than an antivirus, and what I can add is it depends also on the license that you have. If you have the basic license, there are some things that you cannot control. For example, you have SAP running, and SAP is calling for a DLL to print something on a specific printer. That DLL is not signed because it is a makeshift drive, a specific driver for that printer. When you try to print and it is not printing, Cortex XDR blocked it. If you have a basic license, the only thing that you can do is allow or not allow that dependency to run. If you have the Pro license, you can tweak further. You can create rules by behavior, not just allow everything from that application, but you can allow a specific behavior, just that behavior, that communication, that port. It will allow the communication to be made. If that DLL tries to communicate from a different behavior, from a different port, or if that DLL makes a different behavior, Cortex XDR will detect and block it. This depends on the license.

Cortex XDR is internet dependent, but you can make it offline. You have to install a middleware server that you have access to in Palo Alto to install, which is a broker VM. The broker VM has to have internet connections and will update Cortex XDR and retain the logs from all Cortex agents on the network and send it to the Cortex Data Lake.

In Cortex Data Lake, there is machine learning that is not in the agent per se, but in the cloud on your own tenant. When you buy a license, you have a tenant and Palo Alto gives you storage space for log retention. All these logs and behaviors that the agents on the endpoints collect are sent to Cortex Data Lake, which is on the cloud. Those logs are being read by machine learning from Palo Alto to determine those behaviors and specific behaviors from applications or even the system, and it will help you on the control panel from Cortex XDR. You will see all the incidents and be able to see incidents. All that data is going to your tenant, to your cloud, and yours only. Cortex Data Lake is a Palo Alto data center, but your data is your data. Your logs are your logs. They are not shared with anyone.

On the Data Lake, there is machine learning that inspects all these logs and therefore can detect specific behaviors that are happening on the endpoint. From the start, you can inspect specific behaviors, abnormal behaviors, or even incidents that may be a false positive or true positive. If there is malware, spyware, or something similar, it detects the behavior of the applications and dependencies from the second layer or third layer. If something is fishy, basically, it will be flagged. The cyber engineer has to check that incident and basically, give it a go or not, or block it, or create a new rule or deploy on all networks if it is a normal behavior from the application. For example, getting back to that example from the DLL of the printer or driver from a specific printer from SAP, and that DLL is trying to communicate to the printer on a specific port, Cortex XDR will detect it and it might, if it doesn't know what it is, block it. Then you can deploy and create a rule for that specific behavior and allow it on the network or part of the network or just an endpoint or two or three, depending on the group and depending on the scale that you have.

Cortex XDR by Palo Alto Networks has more than just antivirus capabilities. It verifies the executable and analyzes all its dependencies, sending this information to the cloud database, specifically Cortex Data Lake. It inspects the programs, dependencies, and connections, making it useful for blocking unwanted behaviors based on licenses, whether basic or Pro. Additionally, there is machine learning within Cortex Data Lake to detect specific behaviors from a cloud standpoint, which aids in producing accurate incident reports and managing them effectively on the control panel.

The main issue I could point out is the offline agents and the way that it is missing. Even if you create and isolate your network, for example, if you are proxying all your communications and not allowing any endpoint to connect directly through the internet, servers can have servers that are isolated, which is absolutely normal, yet the agent needs time to connect to the internet. It shouldn't be that way because it is a problem. You have to expose the servers to connect and then allow the upgrade or update that the agent may need or just to do the heartbeat and then close that network again. It is an unnecessary hassle because if you have a broker VM as a middleware, it shouldn't happen. The broker VM should do all the work.

I have been using Cortex XDR by Palo Alto Networks for almost 10 years.

If you need more capacity, buy more licenses and just install the agent. It is as easy as that.

I have not experienced any scalability issues.

I have occasionally contacted technical support for Cortex XDR by Palo Alto Networks, and they are good. They are as fast as they can be. It depends on the type of contract that you bought and the type of license and support when you make your purchase. In the worst case, we are talking about maybe a maximum of four days. If you have a really high support level with a really good contract, you can expect a response in four hours. It depends on the type of support that you buy.

Positive

I generally believe that Cortex XDR by Palo Alto Networks is probably the best in the market. I know Microsoft Defender, which is not good quality. I know IBM Reactor, which they tried to copy Cortex with, and they are doing it, but it is still not as good. It is better than Microsoft, yet too rudimental. I generally believe that Cortex XDR by Palo Alto Networks is probably the best in the market right now.

Cortex XDR by Palo Alto Networks is truly easy to set up. I just give the agent depending on what type of system and what type of operating system you have to install. Either way, it is really easy. You can deploy it using a free tool. Instead of using Intune from Microsoft to make the deployment or the SCCM, if you do not have the license from Microsoft for those tools, you have a free tool that does it perfectly. That is the tool that I use and it is really easy to use, fast, and simple. On the user side, it is really easy. On the admin side, it can be overwhelming, especially on the first deployment. You can deploy the agents really fast. For example, for 600 endpoints, including desktops, laptops, and servers, you can deploy them in one day.

The main hassle is the creation of the profiles. You have to create profiles, endpoint profiles, policies, and group policies. Before that creation, you have to be certain what type of inventory you have. Before creating your policies, be sure what you want. If you want it by servers or if you want to do it by department, if you want to do it by department and servers and endpoints, create groups that are going to be easier to identify and manage. For example, for a few endpoints for marketing and commercial, those people do not work with IT tools. Yet, they go to Facebook, LinkedIn, Instagram, and whatever else, but they do not use IT tools. With that in mind, you create a specific profile for them. For IT people, it is the other way around. They have the right to use certain tools, but they do not need Facebook or Instagram.

That is important in terms of profiles. It will be easier to manage, and if something happens in the network, it will be easier to isolate and faster. This way, you have the group identified and by different policies, which I recommend. IT always has a different policy. Servers have one policy, and production servers and prediction servers have different policies from other servers. If you have different types of servers depending on the type of servers you have, Linux, Windows, if they are production servers, if they are database servers, if they are web servers, try to make groups and separate them. Create a group to differentiate them. It will be easier to manage. Instead of having all servers in one group and a few servers communicate differently than the others, it would flag something. It may block, which is something you do not want, or it may pass, which is also something you do not want either. If you have database servers, create a group for database servers. If you have web servers, create a group for web servers only. For domain servers, separate them. Give them a specific profile, the same as the desktops or laptops. Laptops for marketing and commercial have a specific profile for commercial laptops. For the administration, big boss, and VIPs, give them a specific profile or two profiles.

Do your work before creating those profiles and before starting to create those policies and profiles. If you have your inventory done and if you have your inventory in order, then you are good to go and can do it really fast. In two or three days, you have Cortex XDR done on all your network. The hardest thing is actually the administrative part, which is knowing your inventory, knowing your endpoints, and knowing your servers.

To tell the truth, I am not on that side. If a customer asks me, depending on the budget that they have, I do not know prices and I do not care about prices. If they ask me what I want them to put, I say Cortex XDR by Palo Alto Networks. If you do not have the budget, go to IBM Reactor. On third position, maybe Microsoft solution. But it is still in development. Reactor is not a final product and Microsoft Defender is worse. It is a hassle to work with. If you want an XDR on your network, put Cortex XDR by Palo Alto Networks. Any EDR or XDR or whatever, put Cortex XDR by Palo Alto Networks. If you can afford it, put it. If you can go further, buy a Pro license. I endorse buying the Pro license, specifically if you have more than 300 endpoints to control. It is way better. It is more refined and you have a lot more control, not only on the deployment, but also on the defense side.

I believe Cortex XDR by Palo Alto Networks is probably the best right now in the market. If there are none better than Cortex XDR by Palo Alto Networks, then it deserves a top rating. I would not be so complimentary if it was not deserving of such praise. They have done a really good job. I gave this review a rating of 9 out of 10.

The typical use case for Cortex XDR by Palo Alto Networks is that it has many features that traditional antivirus doesn't possess. Traditional antivirus doesn't have the capacity to dig down into the forensic part of any threat. The beauty of the product is that it digs down into forensics and provides a graphical view of each and every file that is called or clicked by the user.

The features of Cortex XDR by Palo Alto Networks that I find most effective in threat detection involve two main aspects. Our red teaming expert attempted to break Cortex XDR, and it generated detailed logs. The behavioral engine is another significant feature we appreciate. If a user doesn't click any link within 30 days and on the 31st day clicks a new link, Cortex XDR immediately alerts us that this user has clicked on an uncommon link or their behavior is uncommon. As an organization and implementer, we value these two features: the behavioral engine and the logging capability.

Areas of Cortex XDR by Palo Alto Networks that have room for improvement include the pricing structure. They are charging for Network Traffic Analyzer (NTA) services, so if the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better. We have to invest significantly more for NTA due to total sizing and per data licenses.

I have been working with Cortex XDR by Palo Alto Networks for more than 10 to 11 months since we procured this product in August 2024.

The stability of Cortex XDR by Palo Alto Networks is good. For the last 11 months, we haven't faced any outage issues, so it is a stable product.

Regarding the scalability of Cortex XDR by Palo Alto Networks, it's a good product from a scalability perspective, and all the previously mentioned points can be considered in terms of scalability.

I would rate technical support from Palo Alto on a scale from one to ten as an eight, as I find it good.

Positive

Before using Cortex XDR by Palo Alto Networks, we were using Microsoft Defender.

The initial setup of Cortex XDR by Palo Alto Networks is easy to implement. We have installed it with the help of GP Active Directory GP policy, and it was quite easy because we have installed it on more than 3,000 endpoints.

I have seen a return on investment with Cortex XDR by Palo Alto Networks, as this product is offered at a minimal cost, and we can find a good ROI from it.

The switch from Microsoft Defender to Cortex XDR by Palo Alto Networks was made because we had a limited license with Microsoft, and the cost of Microsoft Defender is quite higher than that of Cortex XDR.

Cortex XDR by Palo Alto Networks integrates with other security tools in our infrastructure; we have integrated it with a third-party SOC.

Based on my experience, I would recommend Cortex XDR by Palo Alto Networks to other people.

I would rate this solution a nine out of ten, as I find it to be the best solution.

Public Cloud

Other

I have used Cortex for more than I worked in Cortex. I have around 2.1 years of experience using Cortex XDR, but currently, I am using Cortex.

My main use case for Cortex is to prepare the chart flow of the main Cortex XDR. In Cortex XDR, we have to alert for our auto-triaging and repetitive tasks, and we use it for triage automatically. We use it for CTI Cyber Threat Intelligence enrichment, such as IP, URL, and IOCs, automatically. It also has reputation checks using VirusTotal, abuse.ch, and others for the purpose of the uses in Cortex XDR. It also includes playbook automation. For example, Cortex has many playbooks for phishing, malware, infection, ransomware, and lateral movement. These playbooks automatically conduct the entire investigation and response. In case management, it stores details, timelines, evidence, and others for easier incident tracking. From the SOC perspective, we have to reduce false positive cases, and it reduces duplicate alerts, allowing our SOC analyst to respond faster. On the other hand, for the use of the EDR, Cortex provides detection behavior, attack prevention, and can always identify file-less and memory-based attacks and UEBA normally.

An additional point I need to add in Cortex XDR is manual commands during the investigation, such as Cortex war room commands, IP reputation checks, hash look analysis, and endpoint isolation. These help us to conduct a faster investigation. Additionally, we need to create and modify playbooks according to the organization and the needs of the organization's use cases, for example, auto-disabling a user in case of a suspicious login, auto-quarantining an endpoint with malware, and an auto-phishing and investigation workflow. We use Cortex for reporting to generate incident summary reports, post-incident reviews, and RCA documentation. We integrate it with tools such as SIEM, EDR, firewall, email security, web, and others for alert correlation.

The best features of Cortex are automated incident response, playbook automation, cyber threat intelligence, and management. It includes case and incident management, such as incident details, evidence, timelines, and using the dashboard. There is a war room for investigation and to consume alert correlation rules to reduce noise and false positives. It has over 700 integrations. It works with SIEM, EDR, firewall, email security, the cloud environment, and many others. Additionally, it has endpoint detections, behavior analytic UEBA, and machine learning-based detection using ML modules to detect advanced threats. There's a centralized data lake and customized dashboard reports.

I find automation through the playbook to be the most valuable feature I use day-to-day. Playbooks save analyst time. If used for Cortex, it saves the analyst's time with a reduction in false positives. For IOC enrichment, we utilize MTDR, mean time to respond, to resolve incidents faster.

I notice a positive impact since using Cortex. We experience a faster, quicker response. Regarding positive changes, if we have a short positive, we investigate the IP, URL, VirusTotal, and abuse.ch. We use XDR, and it's fast and reliable with no human error. It automatically works to reduce the workload of the SOC analyst, thus decreasing manual work.

There are no other improvements Cortex needs in my opinion.

I have around 2.1 years of experience using Cortex XDR, but currently, I am using Cortex.

Cortex is stable in my experience.

Cortex has good scalability and can handle growth and increased workloads well.

The customer support from Cortex is very good and very useful.

Positive

I did not use a different solution before.

My experience with pricing, setup cost, and licensing is that it is high, but it is better for the SOC environment and for the users.

I notice time saving as a return on investment.

My experience with pricing, setup cost, and licensing is that it is high, but it is better for the SOC environment and for the users.

Before choosing Cortex, we looked at different platforms for automation and chose one after reviewing which one was performing higher in the market, apart from Cortex.

My advice for others looking into using Cortex is that it is very easy to use and very useful for the customer environment, whether it's a public or private one. It is extremely helpful from a SOC perspective, requiring very little time to manage situations, especially during integration, which is necessary. Cortex is very useful and cost-effective, in addition to being very easy to use.

My company has a business relationship with the Cortex vendor for business purposes.

I would rate this product a 7 out of 10.

Hybrid Cloud

Amazon Web Services (AWS)

My impression of Cortex XDR by Palo Alto Networks agent's ability to block sophisticated threats in real time is positive, as the last time I used an application from Huawei, Cortex blocked it in a very fast way. It has a false positive, but I think it's very fast and detectable. It detects in a fast way.

This has affected my overall security posture, as I know that sometimes the security may be difficult on the end user, but the security of the endpoint is very important, even though it may be difficult.

Palo Alto helps me in these scenarios with the security endpoints protection because Cortex XDR by Palo Alto Networks is necessary to protect the end user. Sometimes we face the false positive issue, where an application is not a malicious file, but Cortex has detected it as one. So we need to call the Cortex administrator to whitelist these files and handle the difficulties that may arise.

Cortex XDR by Palo Alto Networks is a very strong solution, and it offers many features including XDR, EDR and NDR solutions, and also offers an encryption feature.

What I like about Cortex XDR by Palo Alto Networks is that it is a comprehensive solution that contains everything the organization may need when using endpoints.

I would assess the effectiveness of Cortex XDR by Palo Alto Networks' AI-driven endpoint security in reducing risk for my organization by saying that it is integrated with AI, so it has many features that secure my organization in an efficient way.

The main benefits that Cortex XDR by Palo Alto Networks brings to the table include the fact that it is just on the cloud. You don't need to install it on your servers and there is no need for disk allocation for the server. It's on the cloud, so any device connected to the internet can communicate with the Cortex manager and get the updates and definitions of viruses and malware. That's a good feature.

The impact that Cortex XDR by Palo Alto Networks has had on my security analyst workload is significant, as it has improved the analyst security in my organization. Cortex XDR by Palo Alto Networks has many events, incidents, alerts, and alarms that help a security analyst detect malicious files or prepare for attacks or malicious activity.

I would like to see improvements in Cortex XDR by Palo Alto Networks, especially in some environments such as government organizations, where information cannot go through the cloud. Cortex XDR by Palo Alto Networks needs to be installed on our servers in some organizations, so I think it should also be available on-premises, not just in the cloud. It would be a very good solution. Additionally, I think the price is very high, and if it can be adjusted, I believe it will be a very good solution.

I have been working with Cortex XDR by Palo Alto Networks for eight months.

I find Cortex XDR by Palo Alto Networks stable, as I have not had any crashes, downtimes, or performance issues with it.

Cortex XDR by Palo Alto Networks is scalable.

My experience with Palo Alto tech support is very strong, as I had one case with the TAC support, and they responded on time, with a good response that solved my issue.

Positive

The initial setup process for Cortex XDR by Palo Alto Networks is straightforward, as you get an email with the tenant activation URL, and you just specify where you want the cloud to be, on which country, and proceed through the steps. It's very straightforward.

I don't have any examples to share where I found this AI integration beneficial.

I don't know if I have experienced a reduction in alert triage times since integrating Cortex XDR by Palo Alto Networks.

There are no missing features that I would like to see included in Cortex XDR by Palo Alto Networks in the future, as I think it's a complete solution. However, we can engage AI more with our analysis, but for now, I think it's a complete solution.

From a technical perspective, I think that Cortex XDR by Palo Alto Networks is worth the money, and I find it cost-effective.

The key differences, both pros and cons of Cortex XDR by Palo Alto Networks in comparison to other competitors in the market include the fact that I feel it's the same solution, but every solution has a battle card for its features. Symantec offers a device control that also exists in Cortex XDR by Palo Alto Networks. I think there is one feature that's special to Cortex and one feature that's special to Symantec. Every vendor is special in one feature. It depends on the customer and the prices.

Implementing Cortex XDR by Palo Alto Networks has affected my organization's total cost of ownership for security solutions, as nowadays, our PCs have good specifications, with 16 GB RAM and 256 GB SSD disk, which I think is enough for Cortex XDR by Palo Alto Networks. In my environment, I have two products for endpoint protection: Symantec and Cortex. Sometimes I feel my device is slow, but I think I am using many applications, so that's why. I think normally, using Cortex XDR by Palo Alto Networks will not affect users with good specifications in their PCs or laptops.

I would overall rate Cortex XDR by Palo Alto Networks as a product and solution an 8 out of 10, which I think is a very good solution.

My advice for other organizations considering Cortex XDR by Palo Alto Networks is to be aware of the price, as that seems to be the main concern.

I work with Cortex XDR by Palo Alto Networks. My primary use involves utilizing its capabilities as a next-generation antivirus solution, providing extended detection and response features along with threat prevention and behavioral control.

Cortex XDR by Palo Alto Networks is a good product, serving as a next-generation antivirus with extended detection and response features. It offers threat prevention, behavioral control, automation in threat response, and analytics capabilities, which enhance security measures. The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.

I recommend adding a data loss prevention (DLP) solution to Cortex XDR by Palo Alto Networks. The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products. Additionally, multi-tenancy and multi-cloud features are not available and should be considered for inclusion.

I have been discussing Cortex XDR by Palo Alto Networks and have utilized its different facets and features in my professional experience.

I have not faced any challenges with the customer support from Palo Alto Networks. Their support is efficient and responsive whenever I raise a ticket through my portal.

Neutral

There are good return on investment possibilities from using Cortex XDR by Palo Alto Networks due to its cost-saving compliance features, which can attract customers by reducing expenses and offering comprehensive compliance solutions.

Compared to competitors such as CrowdStrike and Sophos, the pricing of Cortex XDR by Palo Alto Networks is similar to CrowdStrike but more expensive than Sophos. Check Point Harmony, Trend Micro, and Sophos offer lower prices.

Competition in the market includes CrowdStrike, Sophos, and Check Point Harmony. They provide similar technology and capabilities like email security, endpoint protection, and DLP solutions in a single console.

On a scale from one to ten, I would rate Cortex XDR by Palo Alto Networks a nine. The tool is exceptional in its capabilities, particularly with the Unit 42 feature set and its other integrated options.

I recommend Cortex XDR by Palo Alto Networks for a company that would like to have a more stable platform that does not disrupt their business or applications.

Cortex XDR by Palo Alto Networks's ability to block sophisticated threats in real time is quite good and is on par with SentinelOne's.

I assess the effectiveness of Cortex XDR by Palo Alto Networks's AI-driven endpoint security and find that both have very good results. The difference is around the details. SentinelOne is winning in this area in terms of the detailed information that can be captured and the detailed information in terms of the detections. SentinelOne also has superior storyline capabilities, which is why I think we use it for forensics as well. Cortex XDR by Palo Alto Networks is winning due to the simplicity and non-intrusive detection capabilities.

In terms of detections, SentinelOne has advantages, but also disadvantages since they are intrusive. The result is that there are many threats that can be detected, but there are also many false positives. Cortex XDR by Palo Alto Networks is non-intrusive, but in terms of the detail, sometimes potential threats cannot be captured.

Cortex XDR by Palo Alto Networks is already good at what they're doing in terms of detections, but I think they should improve their integration capabilities, especially for their XDR capabilities, which are more tied down to their own ecosystems.

For Cortex XDR by Palo Alto Networks to get closer to ten or at least nine, I would like to see more openness in terms of the integrations for their XDR capabilities. The second improvement I would like to see is more into the response and the detection and response capabilities for backups of the system state of the endpoint, such as what we have on SentinelOne.

Cortex XDR by Palo Alto Networks is more stable than SentinelOne because the detections are not too intrusive.

The technical support by Palo Alto Networks is quite standard, so I think it's acceptable.

Positive

SentinelOne is more complex to operate since they have so many options and rules that can be changed, which can take some time for a SOC analyst to learn about.

Cortex XDR by Palo Alto Networks is easy to implement.

Cortex XDR by Palo Alto Networks is more expensive than SentinelOne right now.

In terms of the average cost of top-tier EDR platforms, I think Cortex XDR by Palo Alto Networks is still reasonable. However, if you compare it to SentinelOne, which has more functionalities and detection capabilities on an open platform, the pricing on SentinelOne is far more reasonable and cheaper than Cortex XDR by Palo Alto Networks.

Both are almost the same in popularity, but if I can choose one, SentinelOne is quite hyped right now.

They have a representative in Indonesia for both SentinelOne and Cortex XDR by Palo Alto Networks.

Palo Alto Networks has slightly more advantages in terms of the architecture since they have options for their endpoint that cannot connect directly to the internet to have a proxy site, which is something that SentinelOne does not have.

Cortex XDR by Palo Alto Networks is more of a closed system. I have given this review a rating of eight.

We were using Cortex XDR by Palo Alto Networks for different use cases such as Windows login failures, disabled account login failures, and user additions to domain groups. There were multiple use cases that were totally dependent upon the client, including what log ingestions they wanted and what rules they wanted us to apply to it.

What I appreciate most about Cortex XDR by Palo Alto Networks is that it has a good tenant feature in which we have multiple tenants. We were working in EU tenants, and apart from this, the GUI is completely easy to understand.

Cortex XDR by Palo Alto Networks has helped lighten the load of our security analysts because it was the major tool that we were using and the one we utilized most. I would suggest it was a good solution for me.

One of the downsides of Cortex XDR by Palo Alto Networks is the KQL language. When I was working as a security analyst using Cortex, there was a disadvantage. People need to have knowledge of the KQL language to understand the fine-tuning of alerts or the creation of new rules. That would be a drawback. Additionally, when investigating a particular alert or case, the complete information is not available in the GUI table if we compare it to other XDRs or other tools.

I would suggest that Cortex XDR by Palo Alto Networks' AI-driven endpoint security would work better. Whenever we are investigating something, the AI would help us by simply writing into a description box. For example, if I want user login information for a particular user, I would write it and the AI would automatically generate all login events from that host. I would suggest that this would be a better feature.

I have used Cortex XDR by Palo Alto Networks for around one and a half years.

I have seen lagging with Cortex XDR by Palo Alto Networks. There was one time when we faced a threat actor trying to gain access to our system. When our team utilized the tool, we were all on the same dashboard and we faced a lag issue at that time of around five minutes, which was quite significant.

I think scalability for Cortex XDR by Palo Alto Networks is good. I would rate it nine out of ten.

I have contacted Cortex XDR by Palo Alto Networks' technical support because we got stuck somewhere during deployment in our systems on a technical matter. The help was excellent, and I would rate the support a ten out of ten. The support was very good.

Positive

I have used CrowdStrike as an alternative to Cortex XDR by Palo Alto Networks.

The deployment of Cortex XDR by Palo Alto Networks is moderate level. I deployed it in my organization last year. You just need a little bit of knowledge, but apart from this, everything is good.

The pricing for Cortex XDR by Palo Alto Networks depends on the organization and the number of endpoints and hosts you are adding, as well as the bandwidth. I cannot specify what the pricing is. However, if you keep it minimal, then it will attract other organizations and you will grab the market.

I prefer CrowdStrike more than Cortex XDR by Palo Alto Networks because it has better features. It has a graphical GUI in which if any threats come in, you will have a whole map of it and you can figure out from where the chain of the threat has started. You can check what the initial access was and stop it from there.

I would suggest that Cortex XDR by Palo Alto Networks' agent ability to block more sophisticated or complicated threats in real-time has been effective so far. I have seen that it blocks almost ninety percent of the threats. Sometimes we are left with some IOCs which are zero-day vulnerabilities. In those cases, we have to manually send it to the Cortex XDR by Palo Alto Networks team that manages all the back-end. They filter out the rules, create the workflows, then block all of the things. I would suggest that from one hundred, it works ninety percent of the time.

Cortex XDR by Palo Alto Networks does require maintenance after the deployment on my end. It has requirements. Sometimes we need fine-tuning of the alerts and sometimes we face errors. We occasionally require help when we get stuck somewhere. We reach out to Palo Alto and they help us. The after-service is very good. I would rate this review an eight out of ten overall.

Amazon Web Services (AWS)

I have been working as a cybersecurity manager. I focus on implementing cybersecurity solutions for different companies, and I have hands-on experience working with Cortex XDR solution by Palo Alto Networks.

Cortex XDR features advanced threat detection capabilities. The handling GUI allows for advanced searches, rule creation, and local detection. It incorporates AI for normal behavior detection, distinguishing unusual operations. 

These features make the product very effective for threat detection. Additionally, the GUI is user-friendly and the product offers robust AI or normal behavior detection.

Cortex XDR could improve its sales support team, including better commission structures and referral programs. Enhancements in marketing and AI features would also be beneficial. It would be advantageous to deploy more rules to the front end and on end-user devices.

I have been familiar with Cortex XDR for about three or four years.

Cortex XDR is stable, offering high quality and reliable performance. It is consistent and dependable in its operation.

Customer support from Palo Alto Networks is generally adequate. It depends on how I escalate the issue. Every vendor has similar support; it depends on how the case is handled and raised.

Positive

I was a reseller for Palo Alto Networks solutions.

I have worked with many different vendors and their products, such as Microsoft Defender, and I am familiar with various cybersecurity solutions from different companies.

My customers have reported good ROI since implementing Cortex XDR. They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.

Cortex XDR is perceived as expensive by some customers, yet offers dynamic pricing. Other companies have not shared similar complaints, and it always pitches itself well to customers.

I'd rate the solution nine out of ten.

I give Cortex XDR a nine out of ten. Although it has a stable and high-quality performance, customer alignment still plays a significant role in the decision-making process.

Other