Try our new research platform with insights from 80,000+ expert users
Jitendra_Singh - PeerSpot reviewer
Senior Vice President at Chi Networks
Real User
Top 5
Helps to secure your infrastructure
Pros and Cons
  • "Cortex XDR's most valuable feature is its intelligence-based dashboards."
  • "Cortex XDR could be improved with more GUI features."

What is our primary use case?

I primarily use Cortex XDR to protect end-users from ransomware, malware, spam, and phishing.

How has it helped my organization?

Cortex XDR alerts us on the dashboard when there's a threat, which allows us to restrict that user and helps secure our infrastructure.

What is most valuable?

Cortex XDR's most valuable feature is its intelligence-based dashboards.

What needs improvement?

Cortex XDR could be improved with more GUI features.

Buyer's Guide
Cortex XDR by Palo Alto Networks
June 2025
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
859,957 professionals have used our research since 2012.

For how long have I used the solution?

I've been using Cortex XDR for a year.

What do I think about the stability of the solution?

Cortex XDR is quite stable.

What do I think about the scalability of the solution?

Cortex XDR is scalable.

How are customer service and support?

Cortex XDR's technical support is really good, though their knowledge of endpoint protection could be deeper.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup was quite straightforward, and deployment took two to three days.

What about the implementation team?

We used an in-house team.

What's my experience with pricing, setup cost, and licensing?

Cortex XDR's pricing is ok. We pay about $20 a year for our license.

What other advice do I have?

I would give Cortex XDR a rating of eight out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
PeerSpot user
Team Lead at MindTree
Real User
Setup is easy, detects malicious binaries, and is stable
Pros and Cons
  • "One thing that I like about Cortex XDR by Palo Alto Networks, it is detecting all the suspicious or malicious binaries, and it has integration with Palo Alto Firewall."
  • "The setup is quite easy. We had appropriate support from the manager. One thing that was missing was the integration part."

What is our primary use case?

We are using Cortex XDR by Palo Alto Networks as an endpoint solution.

What is most valuable?

One thing that I like about Cortex XDR is its ability to detect all the suspicious or malicious binaries, and it can integrate with Palo Alto Firewall. 

For how long have I used the solution?

I have been using the product for about three and a half years.

What do I think about the stability of the solution?

The stability is very good.

What do I think about the scalability of the solution?

It is scalable for those who use it.

Which solution did I use previously and why did I switch?

If they want to do a POC, they can look for other market trenders that are there like Trend Micro. They also have their XDR solution. FireEye also has its XDR solution. They should do a comparison on what is based on their requirement. Based on their requirement, they should select the vendor. We saw that there were quite a few ransomware attacks that were not detected by traditional antivirus, so we moved to the Palo Alto solution. Likewise, the companies who want to implement EDR solutions, have to look at the problem statement. Based on their problem statement, they should work and find out a feasible solution.

What's my experience with pricing, setup cost, and licensing?

The setup is quite easy. We had appropriate support from the manager. One thing that was missing was the integration part. Currently, they don't have out-of-box integration with IBM QRadar, or if they have the integration, the integration doesn't work well. That is something that they have to look at going forward.

It took around three to four weeks, because there was a full process change, and then we had to get approval for getting it deployed. 

What other advice do I have?

I would rate Cortex XDR by Palo Alto Networks a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Cortex XDR by Palo Alto Networks
June 2025
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
859,957 professionals have used our research since 2012.
Ahmed Sief - PeerSpot reviewer
System Engineer at a logistics company with 5,001-10,000 employees
Real User
Easy to set up, reliable, and always scanning
Pros and Cons
  • "The initial setup is easy."
  • "Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."

What is our primary use case?

We're using it just to make sure that the customers, or our users, don't use any prohibited applications. We make sure that every application they use is on the allowed list. Any other application that is not only allowed is blocked until further notice. It's mainly to make sure that our organization is secure and that the software that the users are working on is secured too. This is the main reason. also to be aware and secured from any potential attack or ransomware etc.

What is most valuable?

The good thing about the product is that it's always scanning. It does real-time scanning for customers. If there's anything related to the applications that it's installed, for example, if an application needs some upgrades, or updates, or add-ons, we already have a server that is downloading this for the users, the computers. In terms of the laptops, we are not managing the laptops from the servers, since the users take the laptops with them and they are managing their laptops by themselves. There is any variability. The application gives us a notification on the Cloud so that we can handle this problem or make sure that the laptop is secured. The customers or the users don't have much experience to pick what is right and know what is wrong. It's a very, very informational application. 

The initial setup is easy.

What needs improvement?

They need to do definition updates. Instead of the version, they just put an update on the portal, and each time we need to upgrade it. Sometimes it's hard to upgrade the offsite clients. Sometimes the internet that they are using is not that stable. It gives us a hard time. Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded. 

It would be ideal if the updates would happen like Symantec updates or other antivirus solutions. The upgrade needs to deploy directly to the users.

For how long have I used the solution?

We've been using the solution for two years. 

What do I think about the stability of the solution?

It's very stable. There are no errors or problems, even if there is something we need to do on the machine. Due to the configuration we already do, it's locking a lot of things that the users cannot do. Even if the administrator is working, it needs the Cortex XDR permission first. It's very stable and the configuration is easy in the portal. They are enhancing their configuration and its security constantly. 

The only thing that is giving us a hard time is they have a lot of version upgrades. I don't know if it's better to do it as update packages and make the upgrades half-year, quarter a year, or every year. It should be done more regularly.

From an administrative perspective, it'll give us less headache. Each time you need just to go to the portal and make sure that you're testing the product, the upgrade before you deploy it, and then you deploy it. And then you figure out which computer doesn't have the version, and you figure out how to install it. 

If it's a laptop on the other side, it'll take a long time, sometimes a week, to get the customer the upgrade. For installing the upgrade, we must do it. The users can't install this product by themselves. That's why it takes a while. 

What do I think about the scalability of the solution?

The solution is scalable. We are using it for 80 or 90 people. It's a variety of different positions, from engineers to accountants. 

We're changing solutions and moving to SentinelOne. We won't be increasing usage.

How are customer service and support?

They are very helpful and they respond very fast. If there's any ticket open they make sure that they fix the problem the first time. I didn't face any problems with them.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We are currently moving to SentinelOne.

How was the initial setup?

It is a straightforward setup. It's not overly complex or difficult. The deployment took a maximum of two hours. 

I just installed it first on one of the testing machines and I tested the software package to see if it was still working. Then I just deployed it to the users and I made sure that it was working fine. It might take one day to deploy to the users if I test the version on the test machine first.

What about the implementation team?

I handled the implementation myself. 

What's my experience with pricing, setup cost, and licensing?

Corporate is responsible for licensing. I don't know anything about the pricing.

What other advice do I have?

We are customers and end-users. 

We're using the latest version of the solution. 

Palo Alto is a big company. They are very good at security, so it's good if it's the first time a company is using this product. However, we are moving to SentinelOne as we are corporate. That means, if there is one branch upgraded or moved to something, we must follow. We are following our corporate instructions. If I was given the choice, I would be still using Cortex XDR as it's fulfilling my need. 

I'd rate the solution eight out of ten. The downside is each time I go to the portal and I check the versions, it's outdated. You need to upgrade each month or every forty days and it's a lot.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Senior System Administrator at a government with 10,001+ employees
Real User
Makes it easy to isolate endpoints and lets us know if something needs to be addressed
Pros and Cons
  • "Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."
  • "We had a problem with getting our older endpoints up to date, but their newest updates have been really good. I've been pleased with it in terms of what our needs are. It's doing what we want it to do."

What is our primary use case?

We use it to make sure that our antivirus is up to par. 

It used to be on-prem, but now, it's completely on the cloud. In terms of the version, we've got some old endpoints that we had to manually bring up to date, but for the most part, it's up to date.

How has it helped my organization?

I don't have to do much monitoring with it. I don't have to have anybody manually looking at this. It gives us reports, and it lets us know if something needs to be addressed, and we can easily address it. I've been pleased with it. It's been a really good product for us.

What is most valuable?

Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them. The hash that they use is pretty comprehensive. I like WildFire. It gives us a better idea of what is a true virus and what is a false positive.

What needs improvement?

We had a problem with getting our older endpoints up to date, but their newest updates have been really good. I've been pleased with it in terms of what our needs are. It's doing what we want it to do.

For how long have I used the solution?

We've been using it for at least three years.

What do I think about the stability of the solution?

It has been stable. I have not had any issues with it.

What do I think about the scalability of the solution?

For our use, we didn't need scalability with it. It has just been working as we needed it to work.

How are customer service and support?

The only time we had to deal with their support was when we had a problem with getting our older endpoints up to date. They made the upgrades and gave us the solutions on what we needed to do, and that has been working for us. 

How was the initial setup?

It was pretty straightforward, and now that it does an automatic update, I don't even have to remember to update it anymore. Once a definition expires, it automatically goes in and puts in the newest definitions, and updates all the endpoints. It is way better than what it used to be.

What's my experience with pricing, setup cost, and licensing?

I don't recall what the cost was, but it wasn't really that expensive.

What other advice do I have?

The only thing I would advise is to get a solution for which you don't have to do a lot of monitoring. It helps when we don't have to have an extra person to manually go through and look at each endpoint to make sure things are up to date and all definitions are up to date. 

I would rate it a nine out of ten because it's a really stable platform, and it is doing everything that I need it to do. You can always have improvement, but I'm really not sure what that improvement would be.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Rustam-Rustamli - PeerSpot reviewer
CISO at International Bank of Azerbaijan
Real User
Provides great security with its machine-learning technology and behavior-based analytics features
Pros and Cons
  • "Palo Alto is constantly adding new features."
  • "The solution lacks real-time, on-demand antivirus."

What is our primary use case?

This solution has replaced our traditional antivirus solutions; it protects our environment and safeguards our endpoints from any malware or exploitation. We are based in Azerbaijan, I'm the CISO of the company and we are customers of Palo Alto. 

How has it helped my organization?

We've seen benefits because the solution includes a big data approach to cyber security. All information is collected from the network, the endpoints, and the logs and analyzed by applying a big-data approach that shows up anomalies. 

What is most valuable?

I chose this solution because they constantly add new features and are very proactive about that. To my mind, signature-based antivirus is a thing of the past. These days it's machine-learning technology and behavior-based analytics features that make us more secure. XDR feels secure because of those features.

What needs improvement?

There are still a few gaps with this solution. For example, real-time, on-demand antivirus is not there. If you're looking for compliance XDR is somewhat lacking. There is also no recovery feature; if some endpoint is under attack there must be the possibility of recovering it or restoring it to a normal state. That is currently lacking in XDR. 

For how long have I used the solution?

I've been using this solution for about two years. 

What do I think about the stability of the solution?

The solution is stable. 

What do I think about the scalability of the solution?

This solution is scalable. 

How are customer service and support?

We have premium Palo Alto support and they provide good service. 

How was the initial setup?

The initial setup is straightforward. 

What other advice do I have?

I think any XDR technology is best for protecting an environment from cyber attacks. The visibility it provides is crucial and XDR gives us that, we can see all effect vectors. 

I rate this solution eight out of 10. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
SOC Manager at Nais Srl
Real User
Good dashboard, and is easy to use, but is not very informative, or complete
Pros and Cons
  • "The information the dashboard provides is very clear."
  • "When it comes to core analysis, and security analysis, Cortex needs to provide more information."

What is our primary use case?

I am an integrator. I deploy and implement solutions for our customers.

What is most valuable?

It is a simple platform to use.

The dashboard is good, it's very clean and very simple to read. The information the dashboard provides is very clear.

What needs improvement?

This solution is not complete enough to help us. We use a different platform that provides us with more information.

In my opinion, it is not a very complete program. I prefer to work with Carbon Black. It's a better solution as well as Cynet. For example, I use Cynet when I check installations, which provides me with more information. It is not easy to use for beginners, but it provides me with more information, which is lacking in Cortex. When it comes to core analysis, and security analysis, Cortex needs to provide more information. Cynet is a complete platform in my opinion.

We are ready to use a new solution called Deep Instinct. It's a new concept of the security platform. It's a very new company from the USA.

I would like to see a feature that allows you to check the endpoints included. I am currently having trouble checking the endpoints when using Cortex. Including this feature would benefit the platform's endpoints.

What do I think about the stability of the solution?

Cortex XDR by Palo Alto Networks is absolutely stable.

What do I think about the scalability of the solution?

Cortex XDR by Palo Alto Networks is a scalable platform.

Which solution did I use previously and why did I switch?

I am currently using QRadar in more than one enterprise, as well as Cynet, and Darktrace. We also use all of the Microsoft platforms with QRadar.

I have a team working on this solution. So I assisted a customer in deploying and implementing this solution. My colleague and I have formed a team. I am a SOC manager, my new role is that of a SOC manager. I don't use it directly, but I try to assist my colleague in working with more enterprises or customers. We have, I believe, five or six different IBM QRadar platforms.

We use several solutions and they are all good, but each one is different.

Cynet is a good platform, but helpful for my team because it is not simple to understand.

What other advice do I have?

I would rate Cortex XDR by Palo Alto Networks a seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer. Integrator
PeerSpot user
Zubair Ahmad - PeerSpot reviewer
Senior Chief Manager at Arcil
Real User
Top 5
Stable, scalable, and best for avoiding security issues
Pros and Cons
  • "Best solution for avoiding security breaches, malware attacks, and other kinds of security issues."
  • "Limited remote connection."

What is our primary use case?

I primarily use Cortex XDR for endpoint security.

How has it helped my organization?

PALO ALTO CORTEX XDR brings visibility of all activity going in end point system and server. This helps us to investigate and take corrective action by blocking and allowing necessary services in the system. 

What is most valuable?

Alerts regarding the incidence happening in system and easy to block and allow the services and external device control.

What needs improvement?

An area for improvement is the remote connection for administrators - this is available in the current version but is limited as it's a command-based model rather than GUI-based.

For how long have I used the solution?

I have been using Cortex XDR for around four months.

What do I think about the stability of the solution?

Cortex XDR is stable.

What do I think about the scalability of the solution?

The product is really easy to scale.

How are customer service and support?

Good support and services

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Previously, I used McAfee Antivirus, Memory utilization very high which doesn't yet have virtualization or a dashboard. I found that product to be a little difficult, and it was not linked to a real solution, so I decided to go with Cortex XDR as it's one of the best XDR solutions for security.

How was the initial setup?

The initial setup is a little complex because it requires a lot of preparation in terms of understanding each system and going through the documentation and dashboards.

What about the implementation team?

I implemented with the help of one partner who did the basic configuration of our firewall. Deployment took approximately ten days.

What was our ROI?

Security of systems

What's my experience with pricing, setup cost, and licensing?

This is a very costly product.

Which other solutions did I evaluate?

We have evaluated Cynet, Crowed Strike and Sentinel.

What other advice do I have?

Cortex is the best solution for avoiding security breaches, malware attacks, and other kinds of security issues. I would rate this solution as eight out of ten.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Digital Business Solutions Manager at Bahrain Telecommunication Company BSC (Batelco)
Real User
A stable and scalable extended detection and response platform, but it would be better if they educated their customers more
Pros and Cons
  • "It's a nice product that's stable and scalable."
  • "It would be better if they could educate the customers more. Some sort of seminars and roadshows will help educate the customers and show what the product can do. The price could be better. It would also help if they had a team for deployment and support."

What is our primary use case?

We don't have many customers moving to Cortex XDR by Palo Alto Networks. But recently, we started offering them both pro and basic options. 

What is most valuable?

It's a nice product that's stable and scalable.

What needs improvement?

It would be better if they could educate the customers more. Some sort of seminars and roadshows will help educate the customers and show what the product can do. The price could be better. It would also help if they had a team for deployment and support.

What do I think about the stability of the solution?

The product is stable. Palo Alto only works on security, and the product by default is stable. They are releasing new features, OS, and an ML-based thing on the firewall itself, which is quite impressive. Palo Alto is quite stable compared to other competitors in the market.

What do I think about the scalability of the solution?

It's scalable. I see whatever is written on their datasheets, and all it's real. If I talk to some other vendor and they say that they currently provide 20 Gbps reports, but when you activate it, IPSec and all, it goes to 2 Gbps. With Palo Alto, whatever is there is working, and it's scalable.

How are customer service and technical support?

Technical support is quite good. When compared to others, I feel it's quite impressive.

What's my experience with pricing, setup cost, and licensing?

The price is on the higher side, but it's okay.

What other advice do I have?

I would tell potential users that it's a complete solution from Palo Alto with firewalls and all to give you more precise logs and information. Product-wise, it's top of the line. If you have investment, always go for that and go for the best solution. 

Palo Alto is one of the tech vendors that always provides top-of-the-line products. Price-wise it will be on the higher side, but it depends on how you deal with the backend support or the account manager of Palo Alto to get that discount. 

On a scale from one to ten, I would give Cortex XDR by Palo Alto Networks a seven.

Disclosure: My company has a business relationship with this vendor other than being a customer. partner
PeerSpot user
Buyer's Guide
Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2025
Buyer's Guide
Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.