IT Central Station is now PeerSpot: Here's why
KostiantynFrolov - PeerSpot reviewer
Lead Security Engineer at ESKA
Real User
Top 5
Scalable with excellent protection features and is very user-friendly
Pros and Cons
  • "The solution doesn't need a high level of technical training."
  • "Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well."

What is our primary use case?

Cortex XDR is used for endpoint detection and response. This is software placed into endpoints and work in this cloud. In cloud has the analytics, login, prevention models, et cetera.

What is most valuable?

If a company uses Palo Alto and supports Cortex XDR for endpoint protection it is very well protected. Palo Alto is the best security solution in the market. It's very advanced and its protection is extremely reliable.

The solution doesn't need a high level of technical training. The solution is very usable and doesn't take a lot of personnel.

The product is very scalable.

The stability is very good.

What needs improvement?

For working with the solution, you only really need a web browser, however, we've found that working on Chrome, for example, is horrible.

Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well.

For how long have I used the solution?

I've been working with this security solution for ten years or so and Palo Alto Networks for two years.

Buyer's Guide
Cortex XDR by Palo Alto Networks
August 2022
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
619,967 professionals have used our research since 2012.

What do I think about the stability of the solution?

The solution has been very stable and very reliable. There are no bugs or glitches. It doesn't crash or freeze. It's one of the best on the market.

What do I think about the scalability of the solution?

The solution is very scalable. It works well for companies that are quite sizeable. If an organization needs to expand it, it can do so easily.

We have about 50 to 55 users on the solution.

How are customer service and support?

I personally handle technical questions for those working with Palo Alto. 

Support of Palo Alto is English, however, I work in this local technical solution, local technical and I'm working with customers with a warranty.

I've found technical support from Palo Alto to be very good. We're local and we can assist as well, however, Palo Alto is capable of handling any size of issue and they are quite helpful.

How was the initial setup?

I am not directly handling the installation. My client is.

You do need a team of people on this solution that understand the cloud and the solution itself if you have a large, complex environment. If you have a robust security team, it's good. However, if you don't have the resources, it's not an ideal product. 

That said, if your company requires a small, simple setup, one person may be enough. It really depends on the size.

What about the implementation team?

My client is actually handling the installation. I often field questions from them, however, I don't participate in the installation directly.

What's my experience with pricing, setup cost, and licensing?

For basic needs, the solution isn't very expensive. However, as you grow more complex in your needs, the more you use, the more costly it can get.

The licensing is typically for one year. There's a one-time installation. If you would like to continue with the service, you can continue. There's no need to install and reinstall.

What other advice do I have?

Cortex XDR is a threat analytics security manager that allows users to see what threats are going to endpoints. It's a very high-security solution. 

The next step up from Cortex XDR is Cortex XSOAR. XSOAR is an automated threat solution. It's a security solution from Palo Alto. 

I'd recommend the solution to others. I'd rate it at a nine out of ten overall. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
PeerSpot user
System Manager at a consumer goods company with 10,001+ employees
Real User
Top 20
This is a recommended solution for total end-to-end protection
Pros and Cons
  • "Being a cloud solution it is very flexible in serving internal and external connections and a broad range of devices."
  • "The connection to the internet has not performed as expected."

What is our primary use case?

We are still in the testing stages so there is not currently any primary use case beyond the base use of endpoint protection.  

What is most valuable?

Cortex has several good features that I am interested in. There is a nice Sandbox function that is very strong, there is the Traps (endpoint protection) solution, the real-time filtering of suspect linkages is good, and the automatic blocking of suspect behavior is always active and protecting the network.  

What needs improvement?

As an improvement, I would like to see enhanced connection speeds. On China's side, we need to set up a local server for the definition updates, and the performance has not been very good for the company when directly connected to the internet. We are a little disappointed with that.  

For how long have I used the solution?

We have been using Cortex XDR (Extended Detection and Response) for around two months.  

What do I think about the stability of the solution?

It is stable. From the moment we installed it has been up with no restarts of maintenance until now.  

What do I think about the scalability of the solution?

I think that this product is scalable. The testing environment we use right now has around 200 users. In the future, when we deploy it to the company we will move up to around 4,000 users.  

How are customer service and technical support?

The technical support is okay. They have already helped us to fix the installation and then we had an issue and they were available for correction of the problem. They also have made some useful suggestions. So the support team is okay in my estimation.  

Which solution did I use previously and why did I switch?

We have been exploring a similar solution. Right now I am also doing testing on Sentinel at the center. This is a similar solution. But we have only just begun testing Sentinel, so we do not really have enough experience with it to comment on the product.  

How was the initial setup?

As we just started with Cortex and we are using a cloud solution, I do not have the impression that it was difficult to install and begin using.  

What's my experience with pricing, setup cost, and licensing?

The setup costs are a bit higher than some other solutions. Overall it is a little bit expensive, I think. If we could get it for around a 10% discount then that would be a better price point for us.  

For our pricing plan, we are not on a subscription, so we do not have to pay every month. We have a yearly license for the product.  

The approximate amount we pay per license is around $80 per user per year.  

What other advice do I have?

My suggestion for people considering this product is that Cortex is a very good total solution on the endpoints. Because I needed Cortex to work for external and internal users and devices, it helps that it is cloud-based because it is good for working in the office or other locations. So we wanted to have the total end-to-end protection including on the mobile devices, that is what we got. This product will be a good suggestion for people who need the same capability.  

On a scale from one to ten where one is the worst and ten is the best, I would rate Cortex XDR as around nine-out-of-ten. The cost is the reason it would not be higher. Nine is good but this is a very good product except for the cost.  

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Cortex XDR by Palo Alto Networks
August 2022
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
619,967 professionals have used our research since 2012.
Senior System Administrator at a government with 10,001+ employees
Real User
Top 20
Makes it easy to isolate endpoints and lets us know if something needs to be addressed
Pros and Cons
  • "Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."
  • "We had a problem with getting our older endpoints up to date, but their newest updates have been really good. I've been pleased with it in terms of what our needs are. It's doing what we want it to do."

What is our primary use case?

We use it to make sure that our antivirus is up to par. 

It used to be on-prem, but now, it's completely on the cloud. In terms of the version, we've got some old endpoints that we had to manually bring up to date, but for the most part, it's up to date.

How has it helped my organization?

I don't have to do much monitoring with it. I don't have to have anybody manually looking at this. It gives us reports, and it lets us know if something needs to be addressed, and we can easily address it. I've been pleased with it. It's been a really good product for us.

What is most valuable?

Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them. The hash that they use is pretty comprehensive. I like WildFire. It gives us a better idea of what is a true virus and what is a false positive.

What needs improvement?

We had a problem with getting our older endpoints up to date, but their newest updates have been really good. I've been pleased with it in terms of what our needs are. It's doing what we want it to do.

For how long have I used the solution?

We've been using it for at least three years.

What do I think about the stability of the solution?

It has been stable. I have not had any issues with it.

What do I think about the scalability of the solution?

For our use, we didn't need scalability with it. It has just been working as we needed it to work.

How are customer service and support?

The only time we had to deal with their support was when we had a problem with getting our older endpoints up to date. They made the upgrades and gave us the solutions on what we needed to do, and that has been working for us. 

How was the initial setup?

It was pretty straightforward, and now that it does an automatic update, I don't even have to remember to update it anymore. Once a definition expires, it automatically goes in and puts in the newest definitions, and updates all the endpoints. It is way better than what it used to be.

What's my experience with pricing, setup cost, and licensing?

I don't recall what the cost was, but it wasn't really that expensive.

What other advice do I have?

The only thing I would advise is to get a solution for which you don't have to do a lot of monitoring. It helps when we don't have to have an extra person to manually go through and look at each endpoint to make sure things are up to date and all definitions are up to date. 

I would rate it a nine out of ten because it's a really stable platform, and it is doing everything that I need it to do. You can always have improvement, but I'm really not sure what that improvement would be.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
IT Security Administrator at a tech services company with 1-10 employees
Real User
Provides more visibility than expected and lets us know if anything unusual happens on our network
Pros and Cons
  • "Their XDR agent and their behavioral indicators of compromise (BIOC) are pretty nice. Their managed threat hunting is also pretty nice. They also have WildFire, which is a service for actively looking for malware. It's quite useful."
  • "They've been having some issues with updating their endpoint agents, and it has been quite frustrating."

What is our primary use case?

We have Cortex XDR on our endpoints, and we have managed threat hunting. We are using it for everything related to security. If we have a device we believe is compromised, we can do a scan of the device to check for malware. We look for indicators of compromise in our network. We also look for behavioral things, such as if people are, for some reason, sending a bunch of information out. We also monitor USB file copies to make sure sensitive data isn't leaving our systems. It is also for any kind of denial of service attack.

We are using its latest version. It is deployed on-prem. We have agent software on all our endpoints, and then we have on-prem devices managed through Panorama.

How has it helped my organization?

It has quite a bit of functionality. So, if anything weird happens on our network, Cortex normally lets us know.

What is most valuable?

Their XDR agent and their behavioral indicators of compromise (BIOC) are pretty nice. Their managed threat hunting is also pretty nice. They also have WildFire, which is a service for actively looking for malware. It's quite useful.

What needs improvement?

They've been having some issues with updating their endpoint agents, and it has been quite frustrating.

For how long have I used the solution?

I have been using this solution for about a year.

What do I think about the stability of the solution?

It's incredibly stable. It's Palo Alto; it's top of the line.

What do I think about the scalability of the solution?

It's enterprise-grade. They cover everybody from the federal government to large corporations. We're probably a pretty small network for them. We have about 2,000 endpoints.

How are customer service and support?

I have used their support. I would rate them a four out of five.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used to have Check Point. We switched because there were a lot of added features with Palo Alto that Check Point didn't have. It was an upgrade for us.

How was the initial setup?

It is incredibly complex. It has a lot of parts. Its implementation took six months.

What about the implementation team?

We worked with Palo Alto directly to look at our old firewalls and translate their configuration to Palo Alto.

There are three of us for deployment and maintenance.

What's my experience with pricing, setup cost, and licensing?

It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff.

What other advice do I have?

You get out what you put in. So, the more you work with it, customize it, monitor it, and manage it, the more you'll get out of it.

I would rate it an eight out of ten. There are some bug updates that they were having issues with. Everything else has been pretty great. There is a lot more visibility than I expected.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Lead Consultant at a tech services company with 1-10 employees
Real User
Top 5Leaderboard
Helpful support that can be reached quickly and easily, and the endpoint reporting is good
Pros and Cons
  • "The protection offered by this product is good, as is the endpoint reporting."
  • "Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer."

What is our primary use case?

We are a solution provider and one of the Palo Alto products that we implement for our clients is Cortex XDR (Extended Detection and Response).

It is also known as Traps, and it is mostly used for endpoint protection. For example, when remote users want to connect to their organization using a VPN, they will be protected.

What is most valuable?

The protection offered by this product is good, as is the endpoint reporting.

Once installed, this product is easy to manage, whether it is on-premises or the cloud-based management system.

What needs improvement?

There are a lot of logs generated and an engineer has to go through all of the events to find out exactly what the bottleneck is. We do need to collect the events but this can be time-consuming. Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer.

A better pricing plan would make this product more competitive.

For how long have I used the solution?

We have been dealing with Palo Alto, including Cortex XDR for more than three years.

What do I think about the stability of the solution?

This is a stable product and it is good, but we will keep evaluating other products as we continue to offer this type of solution to our customers.

What do I think about the scalability of the solution?

Cortex XDR is a scalable solution.

How are customer service and technical support?

The technical support team is good, and we can reach them quickly and easily. However, finding a resolution might take time.

Which solution did I use previously and why did I switch?

We have used Cylance in the past, although we stopped using it about three years ago.

We are currently using K7 Endpoint Protection. Unfortunately, it is not catching anything, whether it is malware or a virus.

How was the initial setup?

When we first implemented this product, it was called Traps. However, I don't see any difference, other than the name. For new customers, it might be a bit difficult to install and set up. It takes perhaps eight hours to install.

What about the implementation team?

I deployed this product, and I was also involved with the initial POC.

Only one admin is needed for deployment and a second person should be available to work with the users.

What's my experience with pricing, setup cost, and licensing?

This is an expensive solution.

Which other solutions did I evaluate?

We are currently trying to evaluate ELK.

What other advice do I have?

Overall, this is a good product and I can recommend it to others.

I would rate this solution an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Prathamesh Samant - PeerSpot reviewer
Presales Manager at Doyen
Real User
Easy to set up with great policy configuration and is an excellent addition to the Palo Alto ecosystem
Pros and Cons
  • "It has pretty much everything we need and works well within the Palo Alto ecosystem."
  • "The GUI could be improved."

What is our primary use case?

The main use case was the integration with their Palo Alto firewall and Panorama. Apart from that, they also had integration with the FIM solution that they had. Overall, having it at the endpoint and having network integration for the overall threat scenario has been where we use it.

What is most valuable?

The policy configuration is great. The granularity of policies that are available is very helpful.

It is straightforward to set up.

It has pretty much everything we need and works well within the Palo Alto ecosystem.

What needs improvement?

The GUI could be improved. It's a little bit cumbersome. It could be more user-friendly.

For how long have I used the solution?

I've been using the solution for around two years. 

What do I think about the stability of the solution?

The solution is quite stable. The only hiccup we had experienced was related to some false alerts where there was no detection, yet still the product showed that it detected something. There were a few false positives. Apart from that, it is quite stable.

What do I think about the scalability of the solution?

For cloud purposes, scaling is not an issue. Even with the on-premises deployments, we have not faced any scaling issues. 

How are customer service and support?

Technical support is great. We haven't had any problems with them. 

How would you rate customer service and support?

Positive

How was the initial setup?

The solution is very simple and very straightforward to set up. It's not overly difficult or complex.

I'd rate it four out of five in terms of ease of setup.

What's my experience with pricing, setup cost, and licensing?

I do not deal with licensing costs. That is taken care of by our sales team.

What other advice do I have?

We do hybrid deployments. For some customers, it was on the cloud and for some, it was on-prem.

It's a good solution to go with. If you are dealing with the ecosystem of Palo Alto, like Palo Alto firewall, Palo Alto Prisma Access, and Palo Alto XDR, if you have a Palo Alto ecosystem, it's a must to have Cortex XDR. Individually, it also works well. However, having Palo Alto everywhere will be a better scenario or a better fit if you want to deploy Cortex.

I'd rate the solution eight out of ten. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Mayur Jadhav - PeerSpot reviewer
Senior Security Consultant at a tech services company with 201-500 employees
Real User
Top 10
Automated, with well defined policies, but privacy is a concern
Pros and Cons
  • "The most valuable feature is that you can select remote access of any machine for sandboxing."
  • "Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access."

What is our primary use case?

We use this solution specifically in endpoint response, endpoint detection, endpoint sandboxing, and as a firewall.

How has it helped my organization?

The product is mostly automated, and we do not have to make decisions. All the decisions are made by the product itself. 

We are not required to create any custom policies. 

The policies that are created are well defined in the product itself.

What is most valuable?

The most valuable feature is that you can select remote access of any machine for sandboxing.

Irrespective of whether you have the rights or not, you can still access it from the cloud.

What needs improvement?

I would like to see some sort of attachment scanning included.

Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access.

I want a plugin for email attachment scanning and email body scanning.

For how long have I used the solution?

I have been using this solution for two years.

We are using version seven.

What do I think about the scalability of the solution?

Scalability is not a problem with this solution.

It's a cloud setup. You can scale in and you can scale out as per the cloud.

We have close to 500 users in our company.

How are customer service and technical support?

Technical support is very good, but it can be a problem, especially in the Gulf region.

If you do not take direct support, you have to wait for 72 hours. 

Also, direct support is a little bit costly.

Which solution did I use previously and why did I switch?

We used McAfee previously. We switched because the solution is pretty automated. You don't have to manually decide on the policy.

How was the initial setup?

The initial setup is pretty straightforward.

In one hour, you can deploy the entire setup and get started.

After the setup, deployment can take up to three to four days.

We had one admin test the solution and maintain it for us.

What about the implementation team?

We did not use an integrator or vendor team. 

What's my experience with pricing, setup cost, and licensing?

The pricing is okay, although direct support can be expensive.

What other advice do I have?

It is a very straightforward product with minimum administer interference, once it is deployed.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Gian Michele Roletto - PeerSpot reviewer
SOC Manager at Nais Srl
Real User
Top 5Leaderboard
Good dashboard, and is easy to use, but is not very informative, or complete
Pros and Cons
  • "The information the dashboard provides is very clear."
  • "When it comes to core analysis, and security analysis, Cortex needs to provide more information."

What is our primary use case?

I am an integrator. I deploy and implement solutions for our customers.

What is most valuable?

It is a simple platform to use.

The dashboard is good, it's very clean and very simple to read. The information the dashboard provides is very clear.

What needs improvement?

This solution is not complete enough to help us. We use a different platform that provides us with more information.

In my opinion, it is not a very complete program. I prefer to work with Carbon Black. It's a better solution as well as Cynet. For example, I use Cynet when I check installations, which provides me with more information. It is not easy to use for beginners, but it provides me with more information, which is lacking in Cortex. When it comes to core analysis, and security analysis, Cortex needs to provide more information. Cynet is a complete platform in my opinion.

We are ready to use a new solution called Deep Instinct. It's a new concept of the security platform. It's a very new company from the USA.

I would like to see a feature that allows you to check the endpoints included. I am currently having trouble checking the endpoints when using Cortex. Including this feature would benefit the platform's endpoints.

What do I think about the stability of the solution?

Cortex XDR by Palo Alto Networks is absolutely stable.

What do I think about the scalability of the solution?

Cortex XDR by Palo Alto Networks is a scalable platform.

Which solution did I use previously and why did I switch?

I am currently using QRadar in more than one enterprise, as well as Cynet, and Darktrace. We also use all of the Microsoft platforms with QRadar.

I have a team working on this solution. So I assisted a customer in deploying and implementing this solution. My colleague and I have formed a team. I am a SOC manager, my new role is that of a SOC manager. I don't use it directly, but I try to assist my colleague in working with more enterprises or customers. We have, I believe, five or six different IBM QRadar platforms.

We use several solutions and they are all good, but each one is different.

Cynet is a good platform, but helpful for my team because it is not simple to understand.

What other advice do I have?

I would rate Cortex XDR by Palo Alto Networks a seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.
Updated: August 2022
Buyer's Guide
Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.