Coming October 25: PeerSpot Awards will be announced! Learn more
Cybersecurity Incident Response Analyst at a computer software company with 5,001-10,000 employees
Real User
Very powerful tool; provides behavior-based detection tailored to your environment
Pros and Cons
  • "Provides behavior-based detection which offers many benefits over signature-based detection."
  • "There are a large number of false positives."

What is our primary use case?

As with any advanced malware protection tool, it's really about the results and getting the security you need. We are end users and I'm a cybersecurity incident response analyst.

What is most valuable?

I like that the product has behavior-based detection which offers many benefits over signature-based detection. When it comes to zero day attacks and targeted attacks, signature detection is not able to detect problems. Behavior-based detection is able to detect attacks tailored specifically for your environment, or malware that doesn't yet have a known malicious signature. It's the nature of how the data is processed that makes the tool really powerful. 

What needs improvement?

The downside to the solution is that there are a large number of false positives. There are a whole lot of different things for business automated actions, and it's hard to sort through all that. Without some assistance and suppression of false positives from Palo Alto or some event triaging that you might have enabled on your SIEM, you'll continue to get the high number of false positives. It's related more to the lack of capability to easily identify and suppress false positives before they're presented to you. There needs to be a function for suppressing false positives for types of machines and not necessarily for the actual groups.

For how long have I used the solution?

I've used this solution for close to six months while we were evaluating it. 

Buyer's Guide
Cortex XDR by Palo Alto Networks
September 2022
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,184 professionals have used our research since 2012.

How are customer service and support?

Since Palo Alto was giving us the proof of concept, we had direct access to them.

How was the initial setup?

It takes quite a few people to set it up. I would say the biggest difference between Palo Alto XDR and something like Cisco AMP outside of the actual detection is going to be the ease of implementation. Cisco AMP only requires one person to go through all the groups and configure policies. With XDR you define groups based on types of machines and commonalities in the machines. It's not like you just send a connector to machines and they're part of that group in that policy. It means there is a whole lot more to configure on XDR.

What other advice do I have?

The same things apply to anyone looking to implement any form of anti-malware agent. You really want to take the time to make sure your environment is organized and configured the way that you want it to be, because once you start getting empty policies and machines in run groups, you run into a pretty big mess. Another thing would be documentation. If you're adding suppressions or custom detections or your AOCs, keep a document which logs all the changes, because people come and go, and handing down an anti-malware tool to somebody that doesn't know how or why it was configured a certain way, could make things difficult.

It would be a tremendous amount of work for us to implement Networks in a company our size. We have a whole bunch of projects going on right now that are pretty important and since we already have that advanced malware protection tool and AMP, which we think is good, we don't necessarily think Networks is as powerful at detection. On other projects, if we were going to go ahead and turn around and move forward with Palo Alto, it would mean taking a step backwards and reimplementing an anti-malware agent that we already have. That said, my impression is that it's a really good tool and you can get a lot out of it. 

I rate this solution a nine out of 10. 

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
KostiantynFrolov - PeerSpot reviewer
Lead Security Engineer at ESKA
Real User
Top 5
Scalable with excellent protection features and is very user-friendly
Pros and Cons
  • "The solution doesn't need a high level of technical training."
  • "Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well."

What is our primary use case?

Cortex XDR is used for endpoint detection and response. This is software placed into endpoints and work in this cloud. In cloud has the analytics, login, prevention models, et cetera.

What is most valuable?

If a company uses Palo Alto and supports Cortex XDR for endpoint protection it is very well protected. Palo Alto is the best security solution in the market. It's very advanced and its protection is extremely reliable.

The solution doesn't need a high level of technical training. The solution is very usable and doesn't take a lot of personnel.

The product is very scalable.

The stability is very good.

What needs improvement?

For working with the solution, you only really need a web browser, however, we've found that working on Chrome, for example, is horrible.

Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well.

For how long have I used the solution?

I've been working with this security solution for ten years or so and Palo Alto Networks for two years.

What do I think about the stability of the solution?

The solution has been very stable and very reliable. There are no bugs or glitches. It doesn't crash or freeze. It's one of the best on the market.

What do I think about the scalability of the solution?

The solution is very scalable. It works well for companies that are quite sizeable. If an organization needs to expand it, it can do so easily.

We have about 50 to 55 users on the solution.

How are customer service and technical support?

I personally handle technical questions for those working with Palo Alto. 

Support of Palo Alto is English, however, I work in this local technical solution, local technical and I'm working with customers with a warranty.

I've found technical support from Palo Alto to be very good. We're local and we can assist as well, however, Palo Alto is capable of handling any size of issue and they are quite helpful.

How was the initial setup?

I am not directly handling the installation. My client is.

You do need a team of people on this solution that understand the cloud and the solution itself if you have a large, complex environment. If you have a robust security team, it's good. However, if you don't have the resources, it's not an ideal product. 

That said, if your company requires a small, simple setup, one person may be enough. It really depends on the size.

What about the implementation team?

My client is actually handling the installation. I often field questions from them, however, I don't participate in the installation directly.

What's my experience with pricing, setup cost, and licensing?

For basic needs, the solution isn't very expensive. However, as you grow more complex in your needs, the more you use, the more costly it can get.

The licensing is typically for one year. There's a one-time installation. If you would like to continue with the service, you can continue. There's no need to install and reinstall.

What other advice do I have?

Cortex XDR is a threat analytics security manager that allows users to see what threats are going to endpoints. It's a very high-security solution. 

The next step up from Cortex XDR is Cortex XSOAR. XSOAR is an automated threat solution. It's a security solution from Palo Alto. 

I'd recommend the solution to others. I'd rate it at a nine out of ten overall. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
PeerSpot user
Buyer's Guide
Cortex XDR by Palo Alto Networks
September 2022
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,184 professionals have used our research since 2012.
Senior System Administrator at a government with 10,001+ employees
Real User
Top 10
Makes it easy to isolate endpoints and lets us know if something needs to be addressed
Pros and Cons
  • "Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."
  • "We had a problem with getting our older endpoints up to date, but their newest updates have been really good. I've been pleased with it in terms of what our needs are. It's doing what we want it to do."

What is our primary use case?

We use it to make sure that our antivirus is up to par. 

It used to be on-prem, but now, it's completely on the cloud. In terms of the version, we've got some old endpoints that we had to manually bring up to date, but for the most part, it's up to date.

How has it helped my organization?

I don't have to do much monitoring with it. I don't have to have anybody manually looking at this. It gives us reports, and it lets us know if something needs to be addressed, and we can easily address it. I've been pleased with it. It's been a really good product for us.

What is most valuable?

Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them. The hash that they use is pretty comprehensive. I like WildFire. It gives us a better idea of what is a true virus and what is a false positive.

What needs improvement?

We had a problem with getting our older endpoints up to date, but their newest updates have been really good. I've been pleased with it in terms of what our needs are. It's doing what we want it to do.

For how long have I used the solution?

We've been using it for at least three years.

What do I think about the stability of the solution?

It has been stable. I have not had any issues with it.

What do I think about the scalability of the solution?

For our use, we didn't need scalability with it. It has just been working as we needed it to work.

How are customer service and support?

The only time we had to deal with their support was when we had a problem with getting our older endpoints up to date. They made the upgrades and gave us the solutions on what we needed to do, and that has been working for us. 

How was the initial setup?

It was pretty straightforward, and now that it does an automatic update, I don't even have to remember to update it anymore. Once a definition expires, it automatically goes in and puts in the newest definitions, and updates all the endpoints. It is way better than what it used to be.

What's my experience with pricing, setup cost, and licensing?

I don't recall what the cost was, but it wasn't really that expensive.

What other advice do I have?

The only thing I would advise is to get a solution for which you don't have to do a lot of monitoring. It helps when we don't have to have an extra person to manually go through and look at each endpoint to make sure things are up to date and all definitions are up to date. 

I would rate it a nine out of ten because it's a really stable platform, and it is doing everything that I need it to do. You can always have improvement, but I'm really not sure what that improvement would be.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
IT Security Administrator at a tech services company with 1-10 employees
Real User
Provides more visibility than expected and lets us know if anything unusual happens on our network
Pros and Cons
  • "Their XDR agent and their behavioral indicators of compromise (BIOC) are pretty nice. Their managed threat hunting is also pretty nice. They also have WildFire, which is a service for actively looking for malware. It's quite useful."
  • "They've been having some issues with updating their endpoint agents, and it has been quite frustrating."

What is our primary use case?

We have Cortex XDR on our endpoints, and we have managed threat hunting. We are using it for everything related to security. If we have a device we believe is compromised, we can do a scan of the device to check for malware. We look for indicators of compromise in our network. We also look for behavioral things, such as if people are, for some reason, sending a bunch of information out. We also monitor USB file copies to make sure sensitive data isn't leaving our systems. It is also for any kind of denial of service attack.

We are using its latest version. It is deployed on-prem. We have agent software on all our endpoints, and then we have on-prem devices managed through Panorama.

How has it helped my organization?

It has quite a bit of functionality. So, if anything weird happens on our network, Cortex normally lets us know.

What is most valuable?

Their XDR agent and their behavioral indicators of compromise (BIOC) are pretty nice. Their managed threat hunting is also pretty nice. They also have WildFire, which is a service for actively looking for malware. It's quite useful.

What needs improvement?

They've been having some issues with updating their endpoint agents, and it has been quite frustrating.

For how long have I used the solution?

I have been using this solution for about a year.

What do I think about the stability of the solution?

It's incredibly stable. It's Palo Alto; it's top of the line.

What do I think about the scalability of the solution?

It's enterprise-grade. They cover everybody from the federal government to large corporations. We're probably a pretty small network for them. We have about 2,000 endpoints.

How are customer service and support?

I have used their support. I would rate them a four out of five.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used to have Check Point. We switched because there were a lot of added features with Palo Alto that Check Point didn't have. It was an upgrade for us.

How was the initial setup?

It is incredibly complex. It has a lot of parts. Its implementation took six months.

What about the implementation team?

We worked with Palo Alto directly to look at our old firewalls and translate their configuration to Palo Alto.

There are three of us for deployment and maintenance.

What's my experience with pricing, setup cost, and licensing?

It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff.

What other advice do I have?

You get out what you put in. So, the more you work with it, customize it, monitor it, and manage it, the more you'll get out of it.

I would rate it an eight out of ten. There are some bug updates that they were having issues with. Everything else has been pretty great. There is a lot more visibility than I expected.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Lead Consultant at a tech services company with 1-10 employees
Real User
Top 5Leaderboard
Helpful support that can be reached quickly and easily, and the endpoint reporting is good
Pros and Cons
  • "The protection offered by this product is good, as is the endpoint reporting."
  • "Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer."

What is our primary use case?

We are a solution provider and one of the Palo Alto products that we implement for our clients is Cortex XDR (Extended Detection and Response).

It is also known as Traps, and it is mostly used for endpoint protection. For example, when remote users want to connect to their organization using a VPN, they will be protected.

What is most valuable?

The protection offered by this product is good, as is the endpoint reporting.

Once installed, this product is easy to manage, whether it is on-premises or the cloud-based management system.

What needs improvement?

There are a lot of logs generated and an engineer has to go through all of the events to find out exactly what the bottleneck is. We do need to collect the events but this can be time-consuming. Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer.

A better pricing plan would make this product more competitive.

For how long have I used the solution?

We have been dealing with Palo Alto, including Cortex XDR for more than three years.

What do I think about the stability of the solution?

This is a stable product and it is good, but we will keep evaluating other products as we continue to offer this type of solution to our customers.

What do I think about the scalability of the solution?

Cortex XDR is a scalable solution.

How are customer service and technical support?

The technical support team is good, and we can reach them quickly and easily. However, finding a resolution might take time.

Which solution did I use previously and why did I switch?

We have used Cylance in the past, although we stopped using it about three years ago.

We are currently using K7 Endpoint Protection. Unfortunately, it is not catching anything, whether it is malware or a virus.

How was the initial setup?

When we first implemented this product, it was called Traps. However, I don't see any difference, other than the name. For new customers, it might be a bit difficult to install and set up. It takes perhaps eight hours to install.

What about the implementation team?

I deployed this product, and I was also involved with the initial POC.

Only one admin is needed for deployment and a second person should be available to work with the users.

What's my experience with pricing, setup cost, and licensing?

This is an expensive solution.

Which other solutions did I evaluate?

We are currently trying to evaluate ELK.

What other advice do I have?

Overall, this is a good product and I can recommend it to others.

I would rate this solution an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Prathamesh Samant - PeerSpot reviewer
Presales Manager at Doyen
Real User
Easy to set up with great policy configuration and is an excellent addition to the Palo Alto ecosystem
Pros and Cons
  • "It has pretty much everything we need and works well within the Palo Alto ecosystem."
  • "The GUI could be improved."

What is our primary use case?

The main use case was the integration with their Palo Alto firewall and Panorama. Apart from that, they also had integration with the FIM solution that they had. Overall, having it at the endpoint and having network integration for the overall threat scenario has been where we use it.

What is most valuable?

The policy configuration is great. The granularity of policies that are available is very helpful.

It is straightforward to set up.

It has pretty much everything we need and works well within the Palo Alto ecosystem.

What needs improvement?

The GUI could be improved. It's a little bit cumbersome. It could be more user-friendly.

For how long have I used the solution?

I've been using the solution for around two years. 

What do I think about the stability of the solution?

The solution is quite stable. The only hiccup we had experienced was related to some false alerts where there was no detection, yet still the product showed that it detected something. There were a few false positives. Apart from that, it is quite stable.

What do I think about the scalability of the solution?

For cloud purposes, scaling is not an issue. Even with the on-premises deployments, we have not faced any scaling issues. 

How are customer service and support?

Technical support is great. We haven't had any problems with them. 

How would you rate customer service and support?

Positive

How was the initial setup?

The solution is very simple and very straightforward to set up. It's not overly difficult or complex.

I'd rate it four out of five in terms of ease of setup.

What's my experience with pricing, setup cost, and licensing?

I do not deal with licensing costs. That is taken care of by our sales team.

What other advice do I have?

We do hybrid deployments. For some customers, it was on the cloud and for some, it was on-prem.

It's a good solution to go with. If you are dealing with the ecosystem of Palo Alto, like Palo Alto firewall, Palo Alto Prisma Access, and Palo Alto XDR, if you have a Palo Alto ecosystem, it's a must to have Cortex XDR. Individually, it also works well. However, having Palo Alto everywhere will be a better scenario or a better fit if you want to deploy Cortex.

I'd rate the solution eight out of ten. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Mayur Jadhav - PeerSpot reviewer
Senior Security Consultant at a tech services company with 201-500 employees
Real User
Top 10
Automated, with well defined policies, but privacy is a concern
Pros and Cons
  • "The most valuable feature is that you can select remote access of any machine for sandboxing."
  • "Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access."

What is our primary use case?

We use this solution specifically in endpoint response, endpoint detection, endpoint sandboxing, and as a firewall.

How has it helped my organization?

The product is mostly automated, and we do not have to make decisions. All the decisions are made by the product itself. 

We are not required to create any custom policies. 

The policies that are created are well defined in the product itself.

What is most valuable?

The most valuable feature is that you can select remote access of any machine for sandboxing.

Irrespective of whether you have the rights or not, you can still access it from the cloud.

What needs improvement?

I would like to see some sort of attachment scanning included.

Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access.

I want a plugin for email attachment scanning and email body scanning.

For how long have I used the solution?

I have been using this solution for two years.

We are using version seven.

What do I think about the scalability of the solution?

Scalability is not a problem with this solution.

It's a cloud setup. You can scale in and you can scale out as per the cloud.

We have close to 500 users in our company.

How are customer service and technical support?

Technical support is very good, but it can be a problem, especially in the Gulf region.

If you do not take direct support, you have to wait for 72 hours. 

Also, direct support is a little bit costly.

Which solution did I use previously and why did I switch?

We used McAfee previously. We switched because the solution is pretty automated. You don't have to manually decide on the policy.

How was the initial setup?

The initial setup is pretty straightforward.

In one hour, you can deploy the entire setup and get started.

After the setup, deployment can take up to three to four days.

We had one admin test the solution and maintain it for us.

What about the implementation team?

We did not use an integrator or vendor team. 

What's my experience with pricing, setup cost, and licensing?

The pricing is okay, although direct support can be expensive.

What other advice do I have?

It is a very straightforward product with minimum administer interference, once it is deployed.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Gian Michele Roletto - PeerSpot reviewer
SOC Manager at Nais Srl
Real User
Top 5Leaderboard
Good dashboard, and is easy to use, but is not very informative, or complete
Pros and Cons
  • "The information the dashboard provides is very clear."
  • "When it comes to core analysis, and security analysis, Cortex needs to provide more information."

What is our primary use case?

I am an integrator. I deploy and implement solutions for our customers.

What is most valuable?

It is a simple platform to use.

The dashboard is good, it's very clean and very simple to read. The information the dashboard provides is very clear.

What needs improvement?

This solution is not complete enough to help us. We use a different platform that provides us with more information.

In my opinion, it is not a very complete program. I prefer to work with Carbon Black. It's a better solution as well as Cynet. For example, I use Cynet when I check installations, which provides me with more information. It is not easy to use for beginners, but it provides me with more information, which is lacking in Cortex. When it comes to core analysis, and security analysis, Cortex needs to provide more information. Cynet is a complete platform in my opinion.

We are ready to use a new solution called Deep Instinct. It's a new concept of the security platform. It's a very new company from the USA.

I would like to see a feature that allows you to check the endpoints included. I am currently having trouble checking the endpoints when using Cortex. Including this feature would benefit the platform's endpoints.

What do I think about the stability of the solution?

Cortex XDR by Palo Alto Networks is absolutely stable.

What do I think about the scalability of the solution?

Cortex XDR by Palo Alto Networks is a scalable platform.

Which solution did I use previously and why did I switch?

I am currently using QRadar in more than one enterprise, as well as Cynet, and Darktrace. We also use all of the Microsoft platforms with QRadar.

I have a team working on this solution. So I assisted a customer in deploying and implementing this solution. My colleague and I have formed a team. I am a SOC manager, my new role is that of a SOC manager. I don't use it directly, but I try to assist my colleague in working with more enterprises or customers. We have, I believe, five or six different IBM QRadar platforms.

We use several solutions and they are all good, but each one is different.

Cynet is a good platform, but helpful for my team because it is not simple to understand.

What other advice do I have?

I would rate Cortex XDR by Palo Alto Networks a seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.
Updated: September 2022
Buyer's Guide
Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.