No more typing reviews! Try our Samantha, our new voice AI agent.
Anas Shehadeh - PeerSpot reviewer
Technical Support Engineer- Network and Cybersecurity Team at a tech services company with 11-50 employees
MSP
Top 20
Dec 15, 2025
Endpoint protection has strengthened threat blocking and improves analysts’ visibility and response
Pros and Cons
  • "What I like about Cortex XDR by Palo Alto Networks is that it is a comprehensive solution that contains everything the organization may need when using endpoints."
  • "Additionally, I think the price is very high, and if it can be adjusted, I believe it will be a very good solution."

What is our primary use case?

My impression of Cortex XDR by Palo Alto Networks agent's ability to block sophisticated threats in real time is positive, as the last time I used an application from Huawei, Cortex blocked it in a very fast way. It has a false positive, but I think it's very fast and detectable. It detects in a fast way.

This has affected my overall security posture, as I know that sometimes the security may be difficult on the end user, but the security of the endpoint is very important, even though it may be difficult.

Palo Alto helps me in these scenarios with the security endpoints protection because Cortex XDR by Palo Alto Networks is necessary to protect the end user. Sometimes we face the false positive issue, where an application is not a malicious file, but Cortex has detected it as one. So we need to call the Cortex administrator to whitelist these files and handle the difficulties that may arise.

What is most valuable?

Cortex XDR by Palo Alto Networks is a very strong solution, and it offers many features including XDR, EDR and NDR solutions, and also offers an encryption feature.

What I like about Cortex XDR by Palo Alto Networks is that it is a comprehensive solution that contains everything the organization may need when using endpoints.

I would assess the effectiveness of Cortex XDR by Palo Alto Networks' AI-driven endpoint security in reducing risk for my organization by saying that it is integrated with AI, so it has many features that secure my organization in an efficient way.

The main benefits that Cortex XDR by Palo Alto Networks brings to the table include the fact that it is just on the cloud. You don't need to install it on your servers and there is no need for disk allocation for the server. It's on the cloud, so any device connected to the internet can communicate with the Cortex manager and get the updates and definitions of viruses and malware. That's a good feature.

The impact that Cortex XDR by Palo Alto Networks has had on my security analyst workload is significant, as it has improved the analyst security in my organization. Cortex XDR by Palo Alto Networks has many events, incidents, alerts, and alarms that help a security analyst detect malicious files or prepare for attacks or malicious activity.

What needs improvement?

I would like to see improvements in Cortex XDR by Palo Alto Networks, especially in some environments such as government organizations, where information cannot go through the cloud. Cortex XDR by Palo Alto Networks needs to be installed on our servers in some organizations, so I think it should also be available on-premises, not just in the cloud. It would be a very good solution. Additionally, I think the price is very high, and if it can be adjusted, I believe it will be a very good solution.

For how long have I used the solution?

I have been working with Cortex XDR by Palo Alto Networks for eight months.

Buyer's Guide
Cortex XDR by Palo Alto Networks
June 2026
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,067 professionals have used our research since 2012.

What do I think about the stability of the solution?

I find Cortex XDR by Palo Alto Networks stable, as I have not had any crashes, downtimes, or performance issues with it.

What do I think about the scalability of the solution?

Cortex XDR by Palo Alto Networks is scalable.

How are customer service and support?

My experience with Palo Alto tech support is very strong, as I had one case with the TAC support, and they responded on time, with a good response that solved my issue.

How was the initial setup?

The initial setup process for Cortex XDR by Palo Alto Networks is straightforward, as you get an email with the tenant activation URL, and you just specify where you want the cloud to be, on which country, and proceed through the steps. It's very straightforward.

What other advice do I have?

I don't have any examples to share where I found this AI integration beneficial.

I don't know if I have experienced a reduction in alert triage times since integrating Cortex XDR by Palo Alto Networks.

There are no missing features that I would like to see included in Cortex XDR by Palo Alto Networks in the future, as I think it's a complete solution. However, we can engage AI more with our analysis, but for now, I think it's a complete solution.

From a technical perspective, I think that Cortex XDR by Palo Alto Networks is worth the money, and I find it cost-effective.

The key differences, both pros and cons of Cortex XDR by Palo Alto Networks in comparison to other competitors in the market include the fact that I feel it's the same solution, but every solution has a battle card for its features. Symantec offers a device control that also exists in Cortex XDR by Palo Alto Networks. I think there is one feature that's special to Cortex and one feature that's special to Symantec. Every vendor is special in one feature. It depends on the customer and the prices.

Implementing Cortex XDR by Palo Alto Networks has affected my organization's total cost of ownership for security solutions, as nowadays, our PCs have good specifications, with 16 GB RAM and 256 GB SSD disk, which I think is enough for Cortex XDR by Palo Alto Networks. In my environment, I have two products for endpoint protection: Symantec and Cortex. Sometimes I feel my device is slow, but I think I am using many applications, so that's why. I think normally, using Cortex XDR by Palo Alto Networks will not affect users with good specifications in their PCs or laptops.

I would overall rate Cortex XDR by Palo Alto Networks as a product and solution an 8 out of 10, which I think is a very good solution.

My advice for other organizations considering Cortex XDR by Palo Alto Networks is to be aware of the price, as that seems to be the main concern.

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Dec 15, 2025
Flag as inappropriate
PeerSpot user
reviewer2800860 - PeerSpot reviewer
MDR Analyst at a tech vendor with 10,001+ employees
Real User
Top 20
Mar 16, 2026
Advanced analytics have detected credential threats and capture many mitre-based anomalies
Pros and Cons
  • "Cortex XDR by Palo Alto Networks saves time in various ways, although the user interface is fairly standard."
  • "The downsides of Cortex XDR by Palo Alto Networks are that in many incidents, when I enter the causality chain, there are numerous logs."

What is our primary use case?

My use cases for Cortex XDR by Palo Alto Networks are mostly for the Palo Alto products. Cortex XDR's use cases are many, including local malware analysis, WildFire analysis, and rare connections to external domains. Additionally, XDR analytics provide detection for abnormal RPC communication, DLL hijacking, credential read, credential harvesting, and in-process shell communication. Many of those use cases will be present in my environment.

How has it helped my organization?

What I like most about Cortex XDR by Palo Alto Networks is that it captures credential-related incidents and many MITRE Framework-related incidents. Many MITRE Framework techniques and tactics are captured as anomalies, which is one of the major advantages.

What is most valuable?

Cortex XDR's agent has the ability to block sophisticated threats in real time, as it has the facility to block many real-time attacks. However, the policy needs to be well-structured, because some organizations may indicate that certain executions can be allowed, which should not be permitted. Mostly, a restricted environment should be enforced, but the agent does have the facility to block approximately ninety percent of threats. I'm not claiming one hundred percent, but this capability is definitely present.

What needs improvement?

The downsides of Cortex XDR by Palo Alto Networks are that in many incidents, when I enter the causality chain, there are numerous logs. From that abundance of logs, I need to search for a particular event, but it is not properly matched in the initial view itself, and I have to dig through the logs to find the relevant information. For many multiple incidents, I have to create and search for a query and search the logs within that particular timeframe. The logs do not capture properly within the incident itself, which is one disadvantage.

AI-driven endpoint security helps in reducing risks. While this feature has not been implemented yet for Cortex XDR by Palo Alto Networks, it will be implemented in the future.

For how long have I used the solution?

I have been working with Cortex XDR by Palo Alto Networks for three years.

What do I think about the stability of the solution?

I have seen some lagging, crashing, or downtime, but I don't think it's due to Cortex XDR by Palo Alto Networks itself. It's because of the logs injected into the system. When proper licensing is in place for the volume of logs, everything is fine, but if there are more logs than licensed, then performance issues will occur.

What do I think about the scalability of the solution?

I would rate the scalability of Cortex XDR by Palo Alto Networks as a seven out of ten.

How are customer service and support?

I have contacted the technical support and customer support. The speed and quality of support for Cortex XDR by Palo Alto Networks are quite good. Speed and responsiveness are satisfactory overall. If I were to rate them on a scale from one to ten, I would give them an eight.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have used solutions similar to Cortex XDR by Palo Alto Networks, including Defender and CrowdStrike. When I compare them, Cortex XDR by Palo Alto Networks has more visibility into incident names and more detailed explanations. When it comes to CrowdStrike, it's almost the same, with not much divergence between them. For all three solutions, the complexity in log search is common across the board.

How was the initial setup?

I hear that the deployment of Cortex XDR by Palo Alto Networks is easy, but I'm not involved in the deployment process. I am an end-user for that solution, not an administrator. The person who communicated with me asked about my role, and I indicated that I'm not a power user; I'm an end-user that uses logs, alerts, and incidents for analysis. From what I have heard, deployment is very straightforward and not that difficult. It's simply an installation of one agent.

What other advice do I have?

Cortex XDR by Palo Alto Networks saves time in various ways, although the user interface is fairly standard. It's similar to any other XDR or EDR tool, with nothing particularly special about it; it's almost all the same as competitors.

The user interface of Cortex XDR by Palo Alto Networks is quite good. I have access to the dashboard facility and everything, so it's effective overall.

If a person has EDR knowledge from working with CrowdStrike or Defender, they can easily learn Cortex XDR by Palo Alto Networks. However, a person coming from a SIEM background will take some additional time. I would rate this product an eight overall.

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Mar 16, 2026
Flag as inappropriate
PeerSpot user
Buyer's Guide
Cortex XDR by Palo Alto Networks
June 2026
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,067 professionals have used our research since 2012.
Olive Kusumbara - PeerSpot reviewer
Consultant at a tech services company with 1,001-5,000 employees
MSP
Top 5
Nov 4, 2025
Has enabled secure threat detection with minimal disruption and simplified deployment
Pros and Cons
  • "Cortex XDR by Palo Alto Networks's ability to block sophisticated threats in real time is quite good and is on par with SentinelOne's."
  • "If you compare it to SentinelOne, which has more functionalities and detection capabilities on an open platform, the pricing on SentinelOne is far more reasonable and cheaper than Cortex XDR by Palo Alto Networks."

What is most valuable?

I recommend Cortex XDR by Palo Alto Networks for a company that would like to have a more stable platform that does not disrupt their business or applications.

Cortex XDR by Palo Alto Networks's ability to block sophisticated threats in real time is quite good and is on par with SentinelOne's.

I assess the effectiveness of Cortex XDR by Palo Alto Networks's AI-driven endpoint security and find that both have very good results. The difference is around the details. SentinelOne is winning in this area in terms of the detailed information that can be captured and the detailed information in terms of the detections. SentinelOne also has superior storyline capabilities, which is why I think we use it for forensics as well. Cortex XDR by Palo Alto Networks is winning due to the simplicity and non-intrusive detection capabilities.

In terms of detections, SentinelOne has advantages, but also disadvantages since they are intrusive. The result is that there are many threats that can be detected, but there are also many false positives. Cortex XDR by Palo Alto Networks is non-intrusive, but in terms of the detail, sometimes potential threats cannot be captured.

What needs improvement?

Cortex XDR by Palo Alto Networks is already good at what they're doing in terms of detections, but I think they should improve their integration capabilities, especially for their XDR capabilities, which are more tied down to their own ecosystems.

For Cortex XDR by Palo Alto Networks to get closer to ten or at least nine, I would like to see more openness in terms of the integrations for their XDR capabilities. The second improvement I would like to see is more into the response and the detection and response capabilities for backups of the system state of the endpoint, such as what we have on SentinelOne.

What do I think about the stability of the solution?

Cortex XDR by Palo Alto Networks is more stable than SentinelOne because the detections are not too intrusive.

How are customer service and support?

The technical support by Palo Alto Networks is quite standard, so I think it's acceptable.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

SentinelOne is more complex to operate since they have so many options and rules that can be changed, which can take some time for a SOC analyst to learn about.

How was the initial setup?

Cortex XDR by Palo Alto Networks is easy to implement.

What's my experience with pricing, setup cost, and licensing?

Cortex XDR by Palo Alto Networks is more expensive than SentinelOne right now.

In terms of the average cost of top-tier EDR platforms, I think Cortex XDR by Palo Alto Networks is still reasonable. However, if you compare it to SentinelOne, which has more functionalities and detection capabilities on an open platform, the pricing on SentinelOne is far more reasonable and cheaper than Cortex XDR by Palo Alto Networks.

What other advice do I have?

Both are almost the same in popularity, but if I can choose one, SentinelOne is quite hyped right now.

They have a representative in Indonesia for both SentinelOne and Cortex XDR by Palo Alto Networks.

Palo Alto Networks has slightly more advantages in terms of the architecture since they have options for their endpoint that cannot connect directly to the internet to have a proxy site, which is something that SentinelOne does not have.

Cortex XDR by Palo Alto Networks is more of a closed system. I have given this review a rating of eight.

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Nov 4, 2025
Flag as inappropriate
PeerSpot user
reviewer2798475 - PeerSpot reviewer
Threat Analyst II at a tech vendor with 1,001-5,000 employees
Real User
Top 20
Jan 21, 2026
Centralized monitoring has streamlined threat detection and supported faster incident response
Pros and Cons
  • "Cortex XDR by Palo Alto Networks has helped lighten the load of our security analysts because it was the major tool that we were using and the one we utilized most."
  • "I have seen lagging with Cortex XDR by Palo Alto Networks. There was one time when we faced a threat actor trying to gain access to our system. When our team utilized the tool, we were all on the same dashboard and we faced a lag issue at that time of around five minutes, which was quite significant."

What is our primary use case?

We were using Cortex XDR by Palo Alto Networks for different use cases such as Windows login failures, disabled account login failures, and user additions to domain groups. There were multiple use cases that were totally dependent upon the client, including what log ingestions they wanted and what rules they wanted us to apply to it.

What is most valuable?

What I appreciate most about Cortex XDR by Palo Alto Networks is that it has a good tenant feature in which we have multiple tenants. We were working in EU tenants, and apart from this, the GUI is completely easy to understand.

Cortex XDR by Palo Alto Networks has helped lighten the load of our security analysts because it was the major tool that we were using and the one we utilized most. I would suggest it was a good solution for me.

What needs improvement?

One of the downsides of Cortex XDR by Palo Alto Networks is the KQL language. When I was working as a security analyst using Cortex, there was a disadvantage. People need to have knowledge of the KQL language to understand the fine-tuning of alerts or the creation of new rules. That would be a drawback. Additionally, when investigating a particular alert or case, the complete information is not available in the GUI table if we compare it to other XDRs or other tools.

I would suggest that Cortex XDR by Palo Alto Networks' AI-driven endpoint security would work better. Whenever we are investigating something, the AI would help us by simply writing into a description box. For example, if I want user login information for a particular user, I would write it and the AI would automatically generate all login events from that host. I would suggest that this would be a better feature.

For how long have I used the solution?

I have used Cortex XDR by Palo Alto Networks for around one and a half years.

What do I think about the stability of the solution?

I have seen lagging with Cortex XDR by Palo Alto Networks. There was one time when we faced a threat actor trying to gain access to our system. When our team utilized the tool, we were all on the same dashboard and we faced a lag issue at that time of around five minutes, which was quite significant.

What do I think about the scalability of the solution?

I think scalability for Cortex XDR by Palo Alto Networks is good. I would rate it nine out of ten.

How are customer service and support?

I have contacted Cortex XDR by Palo Alto Networks' technical support because we got stuck somewhere during deployment in our systems on a technical matter. The help was excellent, and I would rate the support a ten out of ten. The support was very good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have used CrowdStrike as an alternative to Cortex XDR by Palo Alto Networks.

How was the initial setup?

The deployment of Cortex XDR by Palo Alto Networks is moderate level. I deployed it in my organization last year. You just need a little bit of knowledge, but apart from this, everything is good.

What's my experience with pricing, setup cost, and licensing?

The pricing for Cortex XDR by Palo Alto Networks depends on the organization and the number of endpoints and hosts you are adding, as well as the bandwidth. I cannot specify what the pricing is. However, if you keep it minimal, then it will attract other organizations and you will grab the market.

Which other solutions did I evaluate?

I prefer CrowdStrike more than Cortex XDR by Palo Alto Networks because it has better features. It has a graphical GUI in which if any threats come in, you will have a whole map of it and you can figure out from where the chain of the threat has started. You can check what the initial access was and stop it from there.

What other advice do I have?

I would suggest that Cortex XDR by Palo Alto Networks' agent ability to block more sophisticated or complicated threats in real-time has been effective so far. I have seen that it blocks almost ninety percent of the threats. Sometimes we are left with some IOCs which are zero-day vulnerabilities. In those cases, we have to manually send it to the Cortex XDR by Palo Alto Networks team that manages all the back-end. They filter out the rules, create the workflows, then block all of the things. I would suggest that from one hundred, it works ninety percent of the time.

Cortex XDR by Palo Alto Networks does require maintenance after the deployment on my end. It has requirements. Sometimes we need fine-tuning of the alerts and sometimes we face errors. We occasionally require help when we get stuck somewhere. We reach out to Palo Alto and they help us. The after-service is very good. I would rate this review an eight out of ten overall.

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Jan 21, 2026
Flag as inappropriate
PeerSpot user
Cyber Security Manager at Welab bank
Real User
Top 10
Dec 19, 2024
Advanced threat detection capabilities provide effective security solutions
Pros and Cons
  • "Cortex XDR features advanced threat detection capabilities."
  • "Cortex XDR is stable, offering high quality and reliable performance."
  • "Cortex XDR could improve its sales support team, including better commission structures and referral programs."

What is our primary use case?

I have been working as a cybersecurity manager. I focus on implementing cybersecurity solutions for different companies, and I have hands-on experience working with Cortex XDR solution by Palo Alto Networks.

What is most valuable?

Cortex XDR features advanced threat detection capabilities. The handling GUI allows for advanced searches, rule creation, and local detection. It incorporates AI for normal behavior detection, distinguishing unusual operations. 

These features make the product very effective for threat detection. Additionally, the GUI is user-friendly and the product offers robust AI or normal behavior detection.

What needs improvement?

Cortex XDR could improve its sales support team, including better commission structures and referral programs. Enhancements in marketing and AI features would also be beneficial. It would be advantageous to deploy more rules to the front end and on end-user devices.

For how long have I used the solution?

I have been familiar with Cortex XDR for about three or four years.

What do I think about the stability of the solution?

Cortex XDR is stable, offering high quality and reliable performance. It is consistent and dependable in its operation.

How are customer service and support?

Customer support from Palo Alto Networks is generally adequate. It depends on how I escalate the issue. Every vendor has similar support; it depends on how the case is handled and raised.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I was a reseller for Palo Alto Networks solutions.

I have worked with many different vendors and their products, such as Microsoft Defender, and I am familiar with various cybersecurity solutions from different companies.

What was our ROI?

My customers have reported good ROI since implementing Cortex XDR. They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.

What's my experience with pricing, setup cost, and licensing?

Cortex XDR is perceived as expensive by some customers, yet offers dynamic pricing. Other companies have not shared similar complaints, and it always pitches itself well to customers.

I'd rate the solution nine out of ten.

What other advice do I have?

I give Cortex XDR a nine out of ten. Although it has a stable and high-quality performance, customer alignment still plays a significant role in the decision-making process.

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
NiteshSharma - PeerSpot reviewer
Pre Sales Architect at network techlab
Real User
Top 5Leaderboard
Mar 27, 2025
Automated threat response and behavioral control improve security measures
Pros and Cons
  • "On a scale from one to ten, I would rate Cortex XDR by Palo Alto Networks a nine."
  • "I recommend adding a data loss prevention (DLP) solution to Cortex XDR by Palo Alto Networks. The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products."

What is our primary use case?

I work with Cortex XDR by Palo Alto Networks. My primary use involves utilizing its capabilities as a next-generation antivirus solution, providing extended detection and response features along with threat prevention and behavioral control.

What is most valuable?

Cortex XDR by Palo Alto Networks is a good product, serving as a next-generation antivirus with extended detection and response features. It offers threat prevention, behavioral control, automation in threat response, and analytics capabilities, which enhance security measures. The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.

What needs improvement?

I recommend adding a data loss prevention (DLP) solution to Cortex XDR by Palo Alto Networks. The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products. Additionally, multi-tenancy and multi-cloud features are not available and should be considered for inclusion.

For how long have I used the solution?

I have been discussing Cortex XDR by Palo Alto Networks and have utilized its different facets and features in my professional experience.

How are customer service and support?

I have not faced any challenges with the customer support from Palo Alto Networks. Their support is efficient and responsive whenever I raise a ticket through my portal.

How would you rate customer service and support?

Neutral

What was our ROI?

There are good return on investment possibilities from using Cortex XDR by Palo Alto Networks due to its cost-saving compliance features, which can attract customers by reducing expenses and offering comprehensive compliance solutions.

What's my experience with pricing, setup cost, and licensing?

Compared to competitors such as CrowdStrike and Sophos, the pricing of Cortex XDR by Palo Alto Networks is similar to CrowdStrike but more expensive than Sophos. Check Point Harmony, Trend Micro, and Sophos offer lower prices.

Which other solutions did I evaluate?

Competition in the market includes CrowdStrike, Sophos, and Check Point Harmony. They provide similar technology and capabilities like email security, endpoint protection, and DLP solutions in a single console.

What other advice do I have?

On a scale from one to ten, I would rate Cortex XDR by Palo Alto Networks a nine. The tool is exceptional in its capabilities, particularly with the Unit 42 feature set and its other integrated options.
Disclosure: My company has a business relationship with this vendor other than being a customer. partner
PeerSpot user
Rehaman Syed - PeerSpot reviewer
Technical Specialist at HCL Technologies
Real User
Top 10
Aug 29, 2024
Provides protection to users against malware along with behavioral threat detection features
Pros and Cons
  • "The product's initial setup phase is very easy."
  • "Whenever the tool releases a new version when deploying the product across the organization, I feel like there are some disturbances in the CPU usage after upgrading the tool to the latest version."

What is our primary use case?

I use the solution in my company to protect our clients from unknown malware and threats. We also use the tool in our environment as an antivirus, EDR, and XDR solution.

What is most valuable?

The solution's most valuable feature is that it protects against unknown malware and activities and offers behavioral threat detection functionalities. With a wildcard and based on whatever configurations, it gives alerts and offers an XDR Quick Scan facility. We get proper results from the tool, and after scanning, we can see them on the dashboard.

What needs improvement?

Improvements are required in Cortex XDR agent whenever they are releasing the latest version. Whenever the tool releases a new version when deploying the product across the organization, I feel like there are some disturbances in the CPU usage after upgrading the tool to the latest version. Whenever Palo Alto releases the latest version and when you are deploying the package into the server, we see some disturbances in the CPU usage, like the RAM utilization is more. Generally, the CPU utilization is higher. Disabling one by one component from the profile manager, we are unable to find the exact cause of the issue. When we go to Palo Alto, even after sharing the logs and mentioning the issue, the solution team comes back and gives us some more versions of the tool. If Cortex XDR Agent 8.4.0 is having issues, then the tool's team offers us Cortex XDR Agent 8.4.1. Some updates can update the tool to the latest version.

For how long have I used the solution?

I have been using Cortex XDR by Palo Alto Networks for eighteen months. I use Cortex XDR 8.4.0. I am a user of the tool.

What do I think about the stability of the solution?

It is a stable solution. The tool doesn't have bugs.

What do I think about the scalability of the solution?

The tool is used by three members who are supporting 5,000 desktops, including workstations and servers.

How are customer service and support?

I haven't directly contacted the solution's technical support much, but I have reached out to them via email. I called the tool's support team twice, and during the call, we discussed some troubleshooting steps. I am happy with the tool's support.

Which solution did I use previously and why did I switch?

When I joined my current company, I saw that the tool was being used. I don't work directly for the company. I have clients and I support Cortex XDR agents for them.

How was the initial setup?

The product's initial setup phase is very easy.

The solution is deployed on an on-premises model.

What other advice do I have?

I recommend the tool to first-time users. Before using Cortex XDR agent, the previous antivirus and EDR solution needs to be set with the new or the latest Cortex XDR agent, especially the policies.

The tool is easy to learn, understand, and manage with a one-day training session compared to other products.

I rate the tool a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Bandi Rakesh - PeerSpot reviewer
Cyber Security Analyst at HALA INFOSEC
Real User
Top 20
Sep 1, 2024
Helps find bugs and prevents attacks by hackers
Pros and Cons
  • "The solution helps find bugs, and it is safe to use to prevent attacks by hackers."
  • "The solution should add unwanted malicious hash values to a block list so that whenever the action is triggered, it will automatically prevent the malicious content."

What is our primary use case?

We use the solution to deduct from the endpoints any files in the network or any suspicious thing happening in the host machine or servers. We have the Palo Alto Networks Firewall team, and we check the connection from the Palo Alto Networks Firewalls using Cortex XDR by collecting all the information.

What is most valuable?

The best thing about Cortex XDR is that it has host servers, networks, and proxy servers. On the other hand, CrowdStrike has only hosts and servers. The solution helps find bugs, and it is safe to use to prevent attacks by hackers.

What needs improvement?

The solution should add unwanted malicious hash values to a block list so that whenever the action is triggered, it will automatically prevent the malicious content. We can even block the IP address in malicious content. If any host is affected, we can isolate the host, rectify that problem, and prevent it from happening in the future.

For how long have I used the solution?

I have been using Cortex XDR by Palo Alto Networks for one year.

What do I think about the scalability of the solution?

More than 15,000 people are using the solution in our organization.

How are customer service and support?

We contacted the technical support team for a downgrade issue with Cortex XDR. Due to some network errors, we worked with the support team. They rectified the problem, but it affected us for over two hours. We had to check all the hosts and servers connected to Cortex XDR. We rechecked and reinstalled Cortex XDR. I was happy with the support team’s fast response time.

Which solution did I use previously and why did I switch?

We are also using CrowdStrike. Compared to CrowdStrike, Cortex XDR gives more detailed information for us to work with. We can connect to the host's live terminal, work with that host in an emergency, and prevent that host.

How was the initial setup?

The solution's ease of deployment depends on the user's experience. It would be easy for someone with experience.

What's my experience with pricing, setup cost, and licensing?

Compared to CrowdStrike, Cortex XDR is an expensive solution.

What other advice do I have?

A beginner will take some time to learn to use the solution. I would recommend the solution to other users.

Overall, I rate the solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Saleh Bala Doma - PeerSpot reviewer
Head Of Information Technology at Diha Travels and Tours Limited
Real User
Top 20
Sep 6, 2024
Helpful for incident detection and response
Pros and Cons
  • "It is an easy-to-use tool."
  • "I would like to see improvement in the tool's user interface, particularly in the area of managing alerts and providing more reporting capabilities."

What is our primary use case?

I use the solution in my company for incident detection and response. We use it to address specific security challenges at work, like detecting and responding to incidents.

What is most valuable?

The most valuable feature of the solution stems from the fact that the tool provides real-time visibility of our network activity and allows us to detect threats early and respond quickly. It is an easy-to-use tool. The tool's interface is good and simple to use.

What needs improvement?

I would like to see improvement in the tool's user interface, particularly in the area of managing alerts and providing more reporting capabilities. The user interface should include a built-in compliance framework, and I think it will make the tool even more valuable for organizations with statistical regulatory requirements.

For how long have I used the solution?

I have been using Cortex XDR by Palo Alto Networks for two years. I don't remember the version of the solution. I am a customer of the tool.

What do I think about the scalability of the solution?

Around three people in my company use the tool.

How are customer service and support?

I have contacted the solution's technical support once. I know of the support team, but I don't think we have ever contacted them multiple times.

Which solution did I use previously and why did I switch?

Although I have some experience in some intrusion detection software, I have not used them practically, such as Cortex XDR.

How was the initial setup?

The product's initial setup phase is not difficult to do. Anyone can follow the tool's manual to install it.

What's my experience with pricing, setup cost, and licensing?

The tool's price is moderate.

What other advice do I have?

I can recommend the tool to others, especially to organizations that need a robust integration solution for threats, detection, and response.

The tool is easy to learn as the interface is simple to understand, especially if you have some experience with server security and a little bit of knowledge of it. It is a very easy-going platform.

I rate the tool a nine out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Mohammad Qaw - PeerSpot reviewer
Senior Security Consultant at helpag
MSP
Top 10
Dec 30, 2022
Perfect correlation and XDR capabilities for network traffic plus endpoint security
Pros and Cons
  • "From a single pane of glass, you can easily manage all of your endpoints."
  • "The solution should force customers to integrate with network traffic to see the full benefits of XDR."

What is our primary use case?

Our company uses the solution for endpoint protection, detection, and response. The solution has antivirus and EDR capabilities. Our SOC analysts use it to investigate incidents. We currently have 300 to 400 users with two admins for management. The solution is installed on all user laptops to protect workstations.

We also implement the solution for customers as a service. Most customers buy the solution for registry reasons and compliance standards. It gives you all the compliance points and improves how your SOC functions because it provides comprehensive visibility over the entire network and endpoints. It is called XDR because it not only looks at endpoints but also network traffic. 

The solution is offered on Palo Alto's private network. I think the underlying provider is Google Cloud, but that doesn't really matter. You are asked the region of your instance for connection such as Europe or the Middle East. 

What is most valuable?

The solution perfectly correlates with Palo Alto's Networks Firewall to perform XDR capabilities such as network traffic plus endpoint security. This is what distinguishes the solution from other products. 

From a single pane of glass, you can easily manage all of your endpoints.

The dashboard is intuitive so you can easily investigate or track incidents. 

The solution has a fair amount of integrations with certain intelligence tools or third-party products. 

What needs improvement?

The solution should force customers to integrate with network traffic to see the full benefits of XDR. If you are not integrating it or feeding in your network traffic, then you are just buying a normal antivirus which doesn't make any sense. You are paying double the price to use the antivirus feature or to say you have XDR, but in reality you are not using it. 

The solution should include an on-premises option because some customers want only on-premises. It would be hard, but good to do if possible. 

Open XDR would be beneficial in the future. Right now, the solution is Closed XDR so cannot communicate with the few new vendors in the Open XDR market. 

For how long have I used the solution?

I have been using the solution more than two years. 

The solution used to be called Traps when it was on-premises only. It was rebranded as Cortex XDR when it became a cloud solution. 

What do I think about the stability of the solution?

The solution is stable so I rate stability a nine out of ten. 

What do I think about the scalability of the solution?

The solution is very scalable. You can have 500 users and scale tomorrow to 10,000 with no extra work but just purchasing the licenses needed. 

I rate scalability a ten out of ten. 

How are customer service and support?

The level of support fluctuates but on average is rated an eight out of ten. 

How would you rate customer service and support?

Positive

How was the initial setup?

The setup is very easy because it is a cloud solution. You just log in and use it immediately. I rate setup a nine out of ten. 

What about the implementation team?

We are a third-party integrator and implement the solution for customers. One staff person can handle an implementation. 

As a customer, you receive a link which is your tenant for login. From there, deployment time is just how long it takes to get the installer agent and put on all of your endpoints. For example, if you are a corporation that has 300 laptops, then you install the agent on each and every server. 

You will need about three hours to configure the solution and then it is up to your admins to install the agent on all endpoints. There is usually a way to automatically install agents from the Active Directory or other tools.

You need to integrate your network traffic to the XDR itself. If you have a Palo Alto Firewall, it is easy to navigate through integration. If you have FortiGate or Cisco firewalls, then you can configure the firewall to send the log to the cloud. It is sometimes hard to convince customers to send or keep their logs on the cloud. 

What's my experience with pricing, setup cost, and licensing?

The solution has one subscription for endpoint protection and one subscription for detection and response. The two licenses combined give you the BRO version. 

The solution is neither inexpensive nor expensive, so I rate pricing a three out of ten. 

Which other solutions did I evaluate?

Nowadays, CrowdStrike, Cortex XDR, and the solution are rebranding and selling their products as XDR. Everyone hears about antivirus but now XDR is available to protect endpoints and get intelligence from the network. 

Most customers who have an XDR product only use the antivirus features. They are not correlating the network traffic with the XDR itself, so they are not getting the full benefit. 

The solution does not force you to correlate so you can use it without integrating with your network. But again, this is not how XDR is supposed to work. 

For example, if you buy a Bugatti but only drive it at 80 kilometers per hour, then you should just go and buy a Nissan. If you buy XDR but do not integrate it with your network traffic, then you just have a Nissan antivirus. 

What other advice do I have?

I recommend the solution and rate it a ten out of ten. 

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Google
Disclosure: My company has a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2026
Buyer's Guide
Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.