Cortex XDR by Palo Alto Networks Reviews

My impression of Cortex XDR by Palo Alto Networks agent's ability to block sophisticated threats in real time is positive, as the last time I used an application from Huawei, Cortex blocked it in a very fast way. It has a false positive, but I think it's very fast and detectable. It detects in a fast way.

This has affected my overall security posture, as I know that sometimes the security may be difficult on the end user, but the security of the endpoint is very important, even though it may be difficult.

Palo Alto helps me in these scenarios with the security endpoints protection because Cortex XDR by Palo Alto Networks is necessary to protect the end user. Sometimes we face the false positive issue, where an application is not a malicious file, but Cortex has detected it as one. So we need to call the Cortex administrator to whitelist these files and handle the difficulties that may arise.

Cortex XDR by Palo Alto Networks is a very strong solution, and it offers many features including XDR, EDR and NDR solutions, and also offers an encryption feature.

What I like about Cortex XDR by Palo Alto Networks is that it is a comprehensive solution that contains everything the organization may need when using endpoints.

I would assess the effectiveness of Cortex XDR by Palo Alto Networks' AI-driven endpoint security in reducing risk for my organization by saying that it is integrated with AI, so it has many features that secure my organization in an efficient way.

The main benefits that Cortex XDR by Palo Alto Networks brings to the table include the fact that it is just on the cloud. You don't need to install it on your servers and there is no need for disk allocation for the server. It's on the cloud, so any device connected to the internet can communicate with the Cortex manager and get the updates and definitions of viruses and malware. That's a good feature.

The impact that Cortex XDR by Palo Alto Networks has had on my security analyst workload is significant, as it has improved the analyst security in my organization. Cortex XDR by Palo Alto Networks has many events, incidents, alerts, and alarms that help a security analyst detect malicious files or prepare for attacks or malicious activity.

I would like to see improvements in Cortex XDR by Palo Alto Networks, especially in some environments such as government organizations, where information cannot go through the cloud. Cortex XDR by Palo Alto Networks needs to be installed on our servers in some organizations, so I think it should also be available on-premises, not just in the cloud. It would be a very good solution. Additionally, I think the price is very high, and if it can be adjusted, I believe it will be a very good solution.

I have been working with Cortex XDR by Palo Alto Networks for eight months.

I find Cortex XDR by Palo Alto Networks stable, as I have not had any crashes, downtimes, or performance issues with it.

Cortex XDR by Palo Alto Networks is scalable.

My experience with Palo Alto tech support is very strong, as I had one case with the TAC support, and they responded on time, with a good response that solved my issue.

Positive

The initial setup process for Cortex XDR by Palo Alto Networks is straightforward, as you get an email with the tenant activation URL, and you just specify where you want the cloud to be, on which country, and proceed through the steps. It's very straightforward.

I don't have any examples to share where I found this AI integration beneficial.

I don't know if I have experienced a reduction in alert triage times since integrating Cortex XDR by Palo Alto Networks.

There are no missing features that I would like to see included in Cortex XDR by Palo Alto Networks in the future, as I think it's a complete solution. However, we can engage AI more with our analysis, but for now, I think it's a complete solution.

From a technical perspective, I think that Cortex XDR by Palo Alto Networks is worth the money, and I find it cost-effective.

The key differences, both pros and cons of Cortex XDR by Palo Alto Networks in comparison to other competitors in the market include the fact that I feel it's the same solution, but every solution has a battle card for its features. Symantec offers a device control that also exists in Cortex XDR by Palo Alto Networks. I think there is one feature that's special to Cortex and one feature that's special to Symantec. Every vendor is special in one feature. It depends on the customer and the prices.

Implementing Cortex XDR by Palo Alto Networks has affected my organization's total cost of ownership for security solutions, as nowadays, our PCs have good specifications, with 16 GB RAM and 256 GB SSD disk, which I think is enough for Cortex XDR by Palo Alto Networks. In my environment, I have two products for endpoint protection: Symantec and Cortex. Sometimes I feel my device is slow, but I think I am using many applications, so that's why. I think normally, using Cortex XDR by Palo Alto Networks will not affect users with good specifications in their PCs or laptops.

I would overall rate Cortex XDR by Palo Alto Networks as a product and solution an 8 out of 10, which I think is a very good solution.

My advice for other organizations considering Cortex XDR by Palo Alto Networks is to be aware of the price, as that seems to be the main concern.

I work with Cortex XDR by Palo Alto Networks. My primary use involves utilizing its capabilities as a next-generation antivirus solution, providing extended detection and response features along with threat prevention and behavioral control.

Cortex XDR by Palo Alto Networks is a good product, serving as a next-generation antivirus with extended detection and response features. It offers threat prevention, behavioral control, automation in threat response, and analytics capabilities, which enhance security measures. The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.

I recommend adding a data loss prevention (DLP) solution to Cortex XDR by Palo Alto Networks. The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products. Additionally, multi-tenancy and multi-cloud features are not available and should be considered for inclusion.

I have been discussing Cortex XDR by Palo Alto Networks and have utilized its different facets and features in my professional experience.

I have not faced any challenges with the customer support from Palo Alto Networks. Their support is efficient and responsive whenever I raise a ticket through my portal.

Neutral

There are good return on investment possibilities from using Cortex XDR by Palo Alto Networks due to its cost-saving compliance features, which can attract customers by reducing expenses and offering comprehensive compliance solutions.

Compared to competitors such as CrowdStrike and Sophos, the pricing of Cortex XDR by Palo Alto Networks is similar to CrowdStrike but more expensive than Sophos. Check Point Harmony, Trend Micro, and Sophos offer lower prices.

Competition in the market includes CrowdStrike, Sophos, and Check Point Harmony. They provide similar technology and capabilities like email security, endpoint protection, and DLP solutions in a single console.

On a scale from one to ten, I would rate Cortex XDR by Palo Alto Networks a nine. The tool is exceptional in its capabilities, particularly with the Unit 42 feature set and its other integrated options.

I recommend Cortex XDR by Palo Alto Networks for a company that would like to have a more stable platform that does not disrupt their business or applications.

Cortex XDR by Palo Alto Networks's ability to block sophisticated threats in real time is quite good and is on par with SentinelOne's.

I assess the effectiveness of Cortex XDR by Palo Alto Networks's AI-driven endpoint security and find that both have very good results. The difference is around the details. SentinelOne is winning in this area in terms of the detailed information that can be captured and the detailed information in terms of the detections. SentinelOne also has superior storyline capabilities, which is why I think we use it for forensics as well. Cortex XDR by Palo Alto Networks is winning due to the simplicity and non-intrusive detection capabilities.

In terms of detections, SentinelOne has advantages, but also disadvantages since they are intrusive. The result is that there are many threats that can be detected, but there are also many false positives. Cortex XDR by Palo Alto Networks is non-intrusive, but in terms of the detail, sometimes potential threats cannot be captured.

Cortex XDR by Palo Alto Networks is already good at what they're doing in terms of detections, but I think they should improve their integration capabilities, especially for their XDR capabilities, which are more tied down to their own ecosystems.

For Cortex XDR by Palo Alto Networks to get closer to ten or at least nine, I would like to see more openness in terms of the integrations for their XDR capabilities. The second improvement I would like to see is more into the response and the detection and response capabilities for backups of the system state of the endpoint, such as what we have on SentinelOne.

Cortex XDR by Palo Alto Networks is more stable than SentinelOne because the detections are not too intrusive.

The technical support by Palo Alto Networks is quite standard, so I think it's acceptable.

Positive

SentinelOne is more complex to operate since they have so many options and rules that can be changed, which can take some time for a SOC analyst to learn about.

Cortex XDR by Palo Alto Networks is easy to implement.

Cortex XDR by Palo Alto Networks is more expensive than SentinelOne right now.

In terms of the average cost of top-tier EDR platforms, I think Cortex XDR by Palo Alto Networks is still reasonable. However, if you compare it to SentinelOne, which has more functionalities and detection capabilities on an open platform, the pricing on SentinelOne is far more reasonable and cheaper than Cortex XDR by Palo Alto Networks.

Both are almost the same in popularity, but if I can choose one, SentinelOne is quite hyped right now.

They have a representative in Indonesia for both SentinelOne and Cortex XDR by Palo Alto Networks.

Palo Alto Networks has slightly more advantages in terms of the architecture since they have options for their endpoint that cannot connect directly to the internet to have a proxy site, which is something that SentinelOne does not have.

Cortex XDR by Palo Alto Networks is more of a closed system. I have given this review a rating of eight.

I have been working as a cybersecurity manager. I focus on implementing cybersecurity solutions for different companies, and I have hands-on experience working with Cortex XDR solution by Palo Alto Networks.

Cortex XDR features advanced threat detection capabilities. The handling GUI allows for advanced searches, rule creation, and local detection. It incorporates AI for normal behavior detection, distinguishing unusual operations. 

These features make the product very effective for threat detection. Additionally, the GUI is user-friendly and the product offers robust AI or normal behavior detection.

Cortex XDR could improve its sales support team, including better commission structures and referral programs. Enhancements in marketing and AI features would also be beneficial. It would be advantageous to deploy more rules to the front end and on end-user devices.

I have been familiar with Cortex XDR for about three or four years.

Cortex XDR is stable, offering high quality and reliable performance. It is consistent and dependable in its operation.

Customer support from Palo Alto Networks is generally adequate. It depends on how I escalate the issue. Every vendor has similar support; it depends on how the case is handled and raised.

Positive

I was a reseller for Palo Alto Networks solutions.

I have worked with many different vendors and their products, such as Microsoft Defender, and I am familiar with various cybersecurity solutions from different companies.

My customers have reported good ROI since implementing Cortex XDR. They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.

Cortex XDR is perceived as expensive by some customers, yet offers dynamic pricing. Other companies have not shared similar complaints, and it always pitches itself well to customers.

I'd rate the solution nine out of ten.

I give Cortex XDR a nine out of ten. Although it has a stable and high-quality performance, customer alignment still plays a significant role in the decision-making process.

Other

Our primary use case for Cortex XDR is to bridge the gap between a Security Information and Event Management (SIEM) system and an Endpoint Detection and Response (EDR) solution. We use it to fetch data from network devices and endpoints, perform comparisons, and generate alerts. It is useful for detecting impossible travel scenarios where a user's IP address switches rapidly between geographically distant locations, which can indicate VPN use or other anomalies.

The product's most valuable feature is the ability to integrate and correlate data from network and endpoint sources. This comprehensive visibility allows us to quickly identify and respond to threats, such as impossible travel scenarios, with greater accuracy and speed.

The product could be improved in several areas. The complexity and confusion regarding product variants, such as XDR, Forexiant, and Forexon, must be addressed. There is also a need for clearer differentiation between features and capabilities within Cortex's suite, as the overlap between XDR and XIM can be confusing.

Improvements in the user interface and more intuitive KQL query handling could also enhance usability. Additionally, better support for various deployment scenarios and cost management options would be beneficial.

I have been using Cortex for approximately two years.

The solution's stability is generally good.

The solution scales well. It is deployed without major issues across 60,000 endpoints in our organization.

Customer support quality varies depending on the support plan. The premium plan offers excellent support. However, if you opt for a standard plan, the level of support may be less satisfactory.

Positive

The initial setup was relatively straightforward. Modern methods, such as pushing clients over port 443, have made deploying endpoints easier than legacy systems.

Cortex XDR is a costly solution.

Overall, Cortex XDR is good software. Ensure you have the financial resources to support the investment or consider alternative solutions if cost is a significant concern.

I rate it a nine out of ten. 

Our company uses the solution for endpoint protection, detection, and response. The solution has antivirus and EDR capabilities. Our SOC analysts use it to investigate incidents. We currently have 300 to 400 users with two admins for management. The solution is installed on all user laptops to protect workstations.

We also implement the solution for customers as a service. Most customers buy the solution for registry reasons and compliance standards. It gives you all the compliance points and improves how your SOC functions because it provides comprehensive visibility over the entire network and endpoints. It is called XDR because it not only looks at endpoints but also network traffic. 

The solution is offered on Palo Alto's private network. I think the underlying provider is Google Cloud, but that doesn't really matter. You are asked the region of your instance for connection such as Europe or the Middle East. 

The solution perfectly correlates with Palo Alto's Networks Firewall to perform XDR capabilities such as network traffic plus endpoint security. This is what distinguishes the solution from other products. 

From a single pane of glass, you can easily manage all of your endpoints.

The dashboard is intuitive so you can easily investigate or track incidents. 

The solution has a fair amount of integrations with certain intelligence tools or third-party products. 

The solution should force customers to integrate with network traffic to see the full benefits of XDR. If you are not integrating it or feeding in your network traffic, then you are just buying a normal antivirus which doesn't make any sense. You are paying double the price to use the antivirus feature or to say you have XDR, but in reality you are not using it. 

The solution should include an on-premises option because some customers want only on-premises. It would be hard, but good to do if possible. 

Open XDR would be beneficial in the future. Right now, the solution is Closed XDR so cannot communicate with the few new vendors in the Open XDR market. 

I have been using the solution more than two years. 

The solution used to be called Traps when it was on-premises only. It was rebranded as Cortex XDR when it became a cloud solution. 

The solution is stable so I rate stability a nine out of ten. 

The solution is very scalable. You can have 500 users and scale tomorrow to 10,000 with no extra work but just purchasing the licenses needed. 

I rate scalability a ten out of ten. 

The level of support fluctuates but on average is rated an eight out of ten. 

Positive

The setup is very easy because it is a cloud solution. You just log in and use it immediately. I rate setup a nine out of ten. 

We are a third-party integrator and implement the solution for customers. One staff person can handle an implementation. 

As a customer, you receive a link which is your tenant for login. From there, deployment time is just how long it takes to get the installer agent and put on all of your endpoints. For example, if you are a corporation that has 300 laptops, then you install the agent on each and every server. 

You will need about three hours to configure the solution and then it is up to your admins to install the agent on all endpoints. There is usually a way to automatically install agents from the Active Directory or other tools.

You need to integrate your network traffic to the XDR itself. If you have a Palo Alto Firewall, it is easy to navigate through integration. If you have FortiGate or Cisco firewalls, then you can configure the firewall to send the log to the cloud. It is sometimes hard to convince customers to send or keep their logs on the cloud. 

The solution has one subscription for endpoint protection and one subscription for detection and response. The two licenses combined give you the BRO version. 

The solution is neither inexpensive nor expensive, so I rate pricing a three out of ten. 

Nowadays, CrowdStrike, Cortex XDR, and the solution are rebranding and selling their products as XDR. Everyone hears about antivirus but now XDR is available to protect endpoints and get intelligence from the network. 

Most customers who have an XDR product only use the antivirus features. They are not correlating the network traffic with the XDR itself, so they are not getting the full benefit. 

The solution does not force you to correlate so you can use it without integrating with your network. But again, this is not how XDR is supposed to work. 

For example, if you buy a Bugatti but only drive it at 80 kilometers per hour, then you should just go and buy a Nissan. If you buy XDR but do not integrate it with your network traffic, then you just have a Nissan antivirus. 

I recommend the solution and rate it a ten out of ten. 

Private Cloud

Google

I use the solution in my company to protect our clients from unknown malware and threats. We also use the tool in our environment as an antivirus, EDR, and XDR solution.

The solution's most valuable feature is that it protects against unknown malware and activities and offers behavioral threat detection functionalities. With a wildcard and based on whatever configurations, it gives alerts and offers an XDR Quick Scan facility. We get proper results from the tool, and after scanning, we can see them on the dashboard.

Improvements are required in Cortex XDR agent whenever they are releasing the latest version. Whenever the tool releases a new version when deploying the product across the organization, I feel like there are some disturbances in the CPU usage after upgrading the tool to the latest version. Whenever Palo Alto releases the latest version and when you are deploying the package into the server, we see some disturbances in the CPU usage, like the RAM utilization is more. Generally, the CPU utilization is higher. Disabling one by one component from the profile manager, we are unable to find the exact cause of the issue. When we go to Palo Alto, even after sharing the logs and mentioning the issue, the solution team comes back and gives us some more versions of the tool. If Cortex XDR Agent 8.4.0 is having issues, then the tool's team offers us Cortex XDR Agent 8.4.1. Some updates can update the tool to the latest version.

I have been using Cortex XDR by Palo Alto Networks for eighteen months. I use Cortex XDR 8.4.0. I am a user of the tool.

It is a stable solution. The tool doesn't have bugs.

The tool is used by three members who are supporting 5,000 desktops, including workstations and servers.

I haven't directly contacted the solution's technical support much, but I have reached out to them via email. I called the tool's support team twice, and during the call, we discussed some troubleshooting steps. I am happy with the tool's support.

When I joined my current company, I saw that the tool was being used. I don't work directly for the company. I have clients and I support Cortex XDR agents for them.

The product's initial setup phase is very easy.

The solution is deployed on an on-premises model.

I recommend the tool to first-time users. Before using Cortex XDR agent, the previous antivirus and EDR solution needs to be set with the new or the latest Cortex XDR agent, especially the policies.

The tool is easy to learn, understand, and manage with a one-day training session compared to other products.

I rate the tool a nine out of ten.

On-premises

We use the solution to deduct from the endpoints any files in the network or any suspicious thing happening in the host machine or servers. We have the Palo Alto Networks Firewall team, and we check the connection from the Palo Alto Networks Firewalls using Cortex XDR by collecting all the information.

The best thing about Cortex XDR is that it has host servers, networks, and proxy servers. On the other hand, CrowdStrike has only hosts and servers. The solution helps find bugs, and it is safe to use to prevent attacks by hackers.

The solution should add unwanted malicious hash values to a block list so that whenever the action is triggered, it will automatically prevent the malicious content. We can even block the IP address in malicious content. If any host is affected, we can isolate the host, rectify that problem, and prevent it from happening in the future.

I have been using Cortex XDR by Palo Alto Networks for one year.

More than 15,000 people are using the solution in our organization.

We contacted the technical support team for a downgrade issue with Cortex XDR. Due to some network errors, we worked with the support team. They rectified the problem, but it affected us for over two hours. We had to check all the hosts and servers connected to Cortex XDR. We rechecked and reinstalled Cortex XDR. I was happy with the support team’s fast response time.

We are also using CrowdStrike. Compared to CrowdStrike, Cortex XDR gives more detailed information for us to work with. We can connect to the host's live terminal, work with that host in an emergency, and prevent that host.

The solution's ease of deployment depends on the user's experience. It would be easy for someone with experience.

Compared to CrowdStrike, Cortex XDR is an expensive solution.

A beginner will take some time to learn to use the solution. I would recommend the solution to other users.

Overall, I rate the solution an eight out of ten.

On-premises