Cortex XDR by Palo Alto Networks Reviews

We were using Cortex XDR by Palo Alto Networks for different use cases such as Windows login failures, disabled account login failures, and user additions to domain groups. There were multiple use cases that were totally dependent upon the client, including what log ingestions they wanted and what rules they wanted us to apply to it.

What I appreciate most about Cortex XDR by Palo Alto Networks is that it has a good tenant feature in which we have multiple tenants. We were working in EU tenants, and apart from this, the GUI is completely easy to understand.

Cortex XDR by Palo Alto Networks has helped lighten the load of our security analysts because it was the major tool that we were using and the one we utilized most. I would suggest it was a good solution for me.

One of the downsides of Cortex XDR by Palo Alto Networks is the KQL language. When I was working as a security analyst using Cortex, there was a disadvantage. People need to have knowledge of the KQL language to understand the fine-tuning of alerts or the creation of new rules. That would be a drawback. Additionally, when investigating a particular alert or case, the complete information is not available in the GUI table if we compare it to other XDRs or other tools.

I would suggest that Cortex XDR by Palo Alto Networks' AI-driven endpoint security would work better. Whenever we are investigating something, the AI would help us by simply writing into a description box. For example, if I want user login information for a particular user, I would write it and the AI would automatically generate all login events from that host. I would suggest that this would be a better feature.

I have used Cortex XDR by Palo Alto Networks for around one and a half years.

I have seen lagging with Cortex XDR by Palo Alto Networks. There was one time when we faced a threat actor trying to gain access to our system. When our team utilized the tool, we were all on the same dashboard and we faced a lag issue at that time of around five minutes, which was quite significant.

I think scalability for Cortex XDR by Palo Alto Networks is good. I would rate it nine out of ten.

I have contacted Cortex XDR by Palo Alto Networks' technical support because we got stuck somewhere during deployment in our systems on a technical matter. The help was excellent, and I would rate the support a ten out of ten. The support was very good.

I have used CrowdStrike as an alternative to Cortex XDR by Palo Alto Networks.

The deployment of Cortex XDR by Palo Alto Networks is moderate level. I deployed it in my organization last year. You just need a little bit of knowledge, but apart from this, everything is good.

The pricing for Cortex XDR by Palo Alto Networks depends on the organization and the number of endpoints and hosts you are adding, as well as the bandwidth. I cannot specify what the pricing is. However, if you keep it minimal, then it will attract other organizations and you will grab the market.

I prefer CrowdStrike more than Cortex XDR by Palo Alto Networks because it has better features. It has a graphical GUI in which if any threats come in, you will have a whole map of it and you can figure out from where the chain of the threat has started. You can check what the initial access was and stop it from there.

I would suggest that Cortex XDR by Palo Alto Networks' agent ability to block more sophisticated or complicated threats in real-time has been effective so far. I have seen that it blocks almost ninety percent of the threats. Sometimes we are left with some IOCs which are zero-day vulnerabilities. In those cases, we have to manually send it to the Cortex XDR by Palo Alto Networks team that manages all the back-end. They filter out the rules, create the workflows, then block all of the things. I would suggest that from one hundred, it works ninety percent of the time.

Cortex XDR by Palo Alto Networks does require maintenance after the deployment on my end. It has requirements. Sometimes we need fine-tuning of the alerts and sometimes we face errors. We occasionally require help when we get stuck somewhere. We reach out to Palo Alto and they help us. The after-service is very good. I would rate this review an eight out of ten overall.

Amazon Web Services (AWS)

I have been working as a cybersecurity manager. I focus on implementing cybersecurity solutions for different companies, and I have hands-on experience working with Cortex XDR solution by Palo Alto Networks.

Cortex XDR features advanced threat detection capabilities. The handling GUI allows for advanced searches, rule creation, and local detection. It incorporates AI for normal behavior detection, distinguishing unusual operations. 

These features make the product very effective for threat detection. Additionally, the GUI is user-friendly and the product offers robust AI or normal behavior detection.

Cortex XDR could improve its sales support team, including better commission structures and referral programs. Enhancements in marketing and AI features would also be beneficial. It would be advantageous to deploy more rules to the front end and on end-user devices.

I have been familiar with Cortex XDR for about three or four years.

Cortex XDR is stable, offering high quality and reliable performance. It is consistent and dependable in its operation.

Customer support from Palo Alto Networks is generally adequate. It depends on how I escalate the issue. Every vendor has similar support; it depends on how the case is handled and raised.

Positive

I was a reseller for Palo Alto Networks solutions.

I have worked with many different vendors and their products, such as Microsoft Defender, and I am familiar with various cybersecurity solutions from different companies.

My customers have reported good ROI since implementing Cortex XDR. They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.

Cortex XDR is perceived as expensive by some customers, yet offers dynamic pricing. Other companies have not shared similar complaints, and it always pitches itself well to customers.

I'd rate the solution nine out of ten.

I give Cortex XDR a nine out of ten. Although it has a stable and high-quality performance, customer alignment still plays a significant role in the decision-making process.

Other

I work with Cortex XDR by Palo Alto Networks. My primary use involves utilizing its capabilities as a next-generation antivirus solution, providing extended detection and response features along with threat prevention and behavioral control.

Cortex XDR by Palo Alto Networks is a good product, serving as a next-generation antivirus with extended detection and response features. It offers threat prevention, behavioral control, automation in threat response, and analytics capabilities, which enhance security measures. The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.

I recommend adding a data loss prevention (DLP) solution to Cortex XDR by Palo Alto Networks. The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products. Additionally, multi-tenancy and multi-cloud features are not available and should be considered for inclusion.

I have been discussing Cortex XDR by Palo Alto Networks and have utilized its different facets and features in my professional experience.

I have not faced any challenges with the customer support from Palo Alto Networks. Their support is efficient and responsive whenever I raise a ticket through my portal.

Neutral

There are good return on investment possibilities from using Cortex XDR by Palo Alto Networks due to its cost-saving compliance features, which can attract customers by reducing expenses and offering comprehensive compliance solutions.

Compared to competitors such as CrowdStrike and Sophos, the pricing of Cortex XDR by Palo Alto Networks is similar to CrowdStrike but more expensive than Sophos. Check Point Harmony, Trend Micro, and Sophos offer lower prices.

Competition in the market includes CrowdStrike, Sophos, and Check Point Harmony. They provide similar technology and capabilities like email security, endpoint protection, and DLP solutions in a single console.

On a scale from one to ten, I would rate Cortex XDR by Palo Alto Networks a nine. The tool is exceptional in its capabilities, particularly with the Unit 42 feature set and its other integrated options.

Our primary use case for Cortex XDR is to bridge the gap between a Security Information and Event Management (SIEM) system and an Endpoint Detection and Response (EDR) solution. We use it to fetch data from network devices and endpoints, perform comparisons, and generate alerts. It is useful for detecting impossible travel scenarios where a user's IP address switches rapidly between geographically distant locations, which can indicate VPN use or other anomalies.

The product's most valuable feature is the ability to integrate and correlate data from network and endpoint sources. This comprehensive visibility allows us to quickly identify and respond to threats, such as impossible travel scenarios, with greater accuracy and speed.

The product could be improved in several areas. The complexity and confusion regarding product variants, such as XDR, Forexiant, and Forexon, must be addressed. There is also a need for clearer differentiation between features and capabilities within Cortex's suite, as the overlap between XDR and XIM can be confusing.

Improvements in the user interface and more intuitive KQL query handling could also enhance usability. Additionally, better support for various deployment scenarios and cost management options would be beneficial.

I have been using Cortex for approximately two years.

The solution's stability is generally good.

The solution scales well. It is deployed without major issues across 60,000 endpoints in our organization.

Customer support quality varies depending on the support plan. The premium plan offers excellent support. However, if you opt for a standard plan, the level of support may be less satisfactory.

Positive

The initial setup was relatively straightforward. Modern methods, such as pushing clients over port 443, have made deploying endpoints easier than legacy systems.

Cortex XDR is a costly solution.

Overall, Cortex XDR is good software. Ensure you have the financial resources to support the investment or consider alternative solutions if cost is a significant concern.

I rate it a nine out of ten. 

I use the solution in my company to protect our clients from unknown malware and threats. We also use the tool in our environment as an antivirus, EDR, and XDR solution.

The solution's most valuable feature is that it protects against unknown malware and activities and offers behavioral threat detection functionalities. With a wildcard and based on whatever configurations, it gives alerts and offers an XDR Quick Scan facility. We get proper results from the tool, and after scanning, we can see them on the dashboard.

Improvements are required in Cortex XDR agent whenever they are releasing the latest version. Whenever the tool releases a new version when deploying the product across the organization, I feel like there are some disturbances in the CPU usage after upgrading the tool to the latest version. Whenever Palo Alto releases the latest version and when you are deploying the package into the server, we see some disturbances in the CPU usage, like the RAM utilization is more. Generally, the CPU utilization is higher. Disabling one by one component from the profile manager, we are unable to find the exact cause of the issue. When we go to Palo Alto, even after sharing the logs and mentioning the issue, the solution team comes back and gives us some more versions of the tool. If Cortex XDR Agent 8.4.0 is having issues, then the tool's team offers us Cortex XDR Agent 8.4.1. Some updates can update the tool to the latest version.

I have been using Cortex XDR by Palo Alto Networks for eighteen months. I use Cortex XDR 8.4.0. I am a user of the tool.

It is a stable solution. The tool doesn't have bugs.

The tool is used by three members who are supporting 5,000 desktops, including workstations and servers.

I haven't directly contacted the solution's technical support much, but I have reached out to them via email. I called the tool's support team twice, and during the call, we discussed some troubleshooting steps. I am happy with the tool's support.

When I joined my current company, I saw that the tool was being used. I don't work directly for the company. I have clients and I support Cortex XDR agents for them.

The product's initial setup phase is very easy.

The solution is deployed on an on-premises model.

I recommend the tool to first-time users. Before using Cortex XDR agent, the previous antivirus and EDR solution needs to be set with the new or the latest Cortex XDR agent, especially the policies.

The tool is easy to learn, understand, and manage with a one-day training session compared to other products.

I rate the tool a nine out of ten.

On-premises

We use the solution to deduct from the endpoints any files in the network or any suspicious thing happening in the host machine or servers. We have the Palo Alto Networks Firewall team, and we check the connection from the Palo Alto Networks Firewalls using Cortex XDR by collecting all the information.

The best thing about Cortex XDR is that it has host servers, networks, and proxy servers. On the other hand, CrowdStrike has only hosts and servers. The solution helps find bugs, and it is safe to use to prevent attacks by hackers.

The solution should add unwanted malicious hash values to a block list so that whenever the action is triggered, it will automatically prevent the malicious content. We can even block the IP address in malicious content. If any host is affected, we can isolate the host, rectify that problem, and prevent it from happening in the future.

I have been using Cortex XDR by Palo Alto Networks for one year.

More than 15,000 people are using the solution in our organization.

We contacted the technical support team for a downgrade issue with Cortex XDR. Due to some network errors, we worked with the support team. They rectified the problem, but it affected us for over two hours. We had to check all the hosts and servers connected to Cortex XDR. We rechecked and reinstalled Cortex XDR. I was happy with the support team’s fast response time.

We are also using CrowdStrike. Compared to CrowdStrike, Cortex XDR gives more detailed information for us to work with. We can connect to the host's live terminal, work with that host in an emergency, and prevent that host.

The solution's ease of deployment depends on the user's experience. It would be easy for someone with experience.

Compared to CrowdStrike, Cortex XDR is an expensive solution.

A beginner will take some time to learn to use the solution. I would recommend the solution to other users.

Overall, I rate the solution an eight out of ten.

On-premises

I use the solution in my company for incident detection and response. We use it to address specific security challenges at work, like detecting and responding to incidents.

The most valuable feature of the solution stems from the fact that the tool provides real-time visibility of our network activity and allows us to detect threats early and respond quickly. It is an easy-to-use tool. The tool's interface is good and simple to use.

I would like to see improvement in the tool's user interface, particularly in the area of managing alerts and providing more reporting capabilities. The user interface should include a built-in compliance framework, and I think it will make the tool even more valuable for organizations with statistical regulatory requirements.

I have been using Cortex XDR by Palo Alto Networks for two years. I don't remember the version of the solution. I am a customer of the tool.

Around three people in my company use the tool.

I have contacted the solution's technical support once. I know of the support team, but I don't think we have ever contacted them multiple times.

Although I have some experience in some intrusion detection software, I have not used them practically, such as Cortex XDR.

The product's initial setup phase is not difficult to do. Anyone can follow the tool's manual to install it.

The tool's price is moderate.

I can recommend the tool to others, especially to organizations that need a robust integration solution for threats, detection, and response.

The tool is easy to learn as the interface is simple to understand, especially if you have some experience with server security and a little bit of knowledge of it. It is a very easy-going platform.

I rate the tool a nine out of ten.

I use the solution for endpoint security to capture endpoint security devices' logs and security events.

The solution's most valuable feature is its general integration with various Palo Alto Networks products. The tool is a unified platform that includes a firewall, Prisma Cloud, and Cortex's storage. It is also a single data platform that consolidates data from endpoints and network traffic into a single data lake. For behavior analytics, the tool uses advanced behavior analytics and machine learning to detect sophisticated threats.

I think sometimes Cortex XDR agent automatically stops event capturing from the device, and then even the dashboard does not get any notifications from the agent. A particular endpoint message with the events captured gets stopped, making it an area where there is a need to improve the agent's real-time monitoring.

I have been using Cortex XDR by Palo Alto Networks for around five years.

The tool is designed to scale for large enterprises and handle large volumes of data. The tool has a scalable architecture, and accessing or processing data is leveraged by the tool, making it a robust infrastructure process that allows for efficient data analysis and timely detection and response.

In my company, around 15,000 employees use the tool.

Many times, I raised requests for follow-up with the support team, but only sometimes there is a response. Palo Alto's team needs to work on its issues so that they can provide twenty-four hours and seven days of support to users.

From a deployment and integration perspective, I can say it is an easy and user-friendly tool, so I don't face any challenges with the tool.

The solution is deployed on the cloud and in the on-premises model. Mostly, the tool was in the cloud for my previous client.

One needs to look into the support and services, especially Palo Alto's support and professional services, which is an area that is not yet available. When it comes to the implementation and optimized XDR solutions, sometimes third-party integrations do not happen with XDR. When it comes to third-party integrations, a playbook in Palo Alto should be there for all the third-party tools, showing how we can implement them.

The tool is very easy and user-friendly.

I rate the tool an eight and a half out of ten.