Cortex XDR by Palo Alto Networks Reviews

I used the solution for investigating incidents and malware analysis.

The solution allows us to gain remote access without the user's knowledge and take the necessary actions on the device. For investigation, we can just drop down and easily elaborate on the issues, like where the user went and what they downloaded. We can use the solution to find out everything easily.

It takes time to scan the servers and devices. Scanning the server sometimes takes two to three days. If the device is offline, the scan gets disconnected.

I have been using Cortex XDR by Palo Alto Networks for one and a half years.

Cortex XDR by Palo Alto Networks is a stable solution.

Around seven people used the solution in our organization.

Cortex XDR by Palo Alto Networks is quite an expensive solution.

I use the solution for investigation, which includes incident handling and incident alerts. There is a separate part in Cortex XDR where we can use timestamps to categorize the alert or attack type. Based on the attack criticality, we can investigate and fine-tune a lot of things. In Cortex XDR, we can get the same alert at different times. We can fine-tune using the Cortex XDR tool.

Also, we can use queries in Cortex XDR for automation, accessing the device, or scanning the device. The query part is good, but we need to spend a little time learning about the query. It's easy to understand the query.

There is a template that you can use to click and say something. If you are going to investigate, many tabs are given based on the tactics, techniques, and procedures. It is easy to understand, and we can gather basic information from there. It is easy for a new user to learn to use the solution for the first time.

Overall, I rate the solution ten out of ten.

This solution is a next-generation antivirus with more advanced capability and security. We have a partnership with Palo Alto.

Cortex XDR is very easy to deploy and has great threat detection capabilities and good internal threat intelligence.

It uses advanced AI analytics, behavior analytics, and custom-made detection to detect advanced threats before they occur.

If a customer says it's expensive- let's say I will say no it is not. Other values are added then it is more reasonable having strong features.

With a click, I can access the system and isolate it from other networks, and then go into a further forensic investigation of the current threat without compromising anything else.

Its stitches with external logs are perfect and enhanced.

1. Disk Encryption capability.

2. User group-wise admin role. They have module-wise roles but a user group-wise role is not available.

We've been supplying this solution to customers for two years. 

I have found this solution as NG AV is most stable compare with other solution

The scalability is perfect.

The initial setup is very easy.

We implemented the solution with a vendor team, HTH Global Network. Their expertise is an eight out of ten.

I recommend this solution, it works well and I rate it a nine out of ten.

It's mainly for protection against malware. We work very closely with a major partner of Palo Alto in the Czech Republic, and we have experience with the whole XDR solution. It's very useful for us and a very capable solution.

Clients have a big problem with phishing campaigns and phishing attacks. Cortex XDR provides some level of protection against malware spreading in the network with a wrong click of users.

Cortex XDR is a very capable solution for protecting large networks and a lot of endpoints. It's very useful because the automation is very high, and if you combine it with the features on Palo Alto firewalls, it provides very strong protection.

Its price is too high. That's a big problem for customers.

It's more focused on network communication. If a customer wants to increase the level of protection and start working with documents, it's impossible to integrate these features into the system. It's more of a communication-oriented system than a content security-oriented system.

In terms of additional features, there is very strong development. I have seen the roadmap, and we will see what happens. The roadmap looks nice, but it's still more of a network security solution than a content-security solution. The development in network security is quite strong. I'm very happy with that, but if a customer would like to implement a zero-trust security concept, it's necessary to combine this solution with other vendors. There is some part of the integration that is not so easy because you have to integrate rules and some features. It's not so automatic in network communication. You have to make some appropriate automation there, or you have to do it manually. It's time-consuming and it's also expensive.

I have been using it from the beginning. It has been more than six years.

It's a very stable solution. I would rate it a nine out of ten in terms of stability.

It's a very scalable solution. If you compare it with a SIEM solution from Palo Alto, it's very powerful. I would rate it a nine out of ten in terms of scalability. It's definitely for enterprises.

Their technical support is not bad, but sometimes, when we have some issues, the support teams from Europe or Central Europe are not able to help us. We have to escalate the issue somewhere else, such as to the US. They have a very strong support team there, but it's time-consuming. Sometimes, it takes them days or weeks to solve some tricky problems, but their support for standard issues is okay. There is a very good response, but for a technical issue, it's sometimes more difficult. I would rate their support a seven out of ten.

Neutral

I also worked a little bit with SentinelOne. Cortex XDR is very similar to the SentinelOne solution from the features point of view. It's a little bit different technology, but both solutions are very capable.

It's somewhere in the middle. It's not for beginners, but if you know what to do, it's quite easy.

It's a cloud-based solution, which sometimes is an issue for customers. In the past, it was on-prem, but Palo Alto decided to change the policy and everything is cloud-based or located in the cloud. It's not a security problem from my point of view, but a few customers feel uncomfortable with sending data to the cloud and back.

Very often, it's an in-house implementation.

It's the most expensive solution, but features-wise, it's quite strong. It's very good for protection, so the results are very good in the case of protection. I would rate it a two out of ten in terms of pricing.

Overall, I would rate it an eight out of ten.

Cortex XDR is used for monitoring and securing large numbers of endpoints, typically in the range of 5,000 to 10,000. It is considered to be an effective solution for mitigating security risks in these environments.

The most valuable feature of Cortex XDR by Palo Alto Networks is its machine-learning capabilities. Additionally, there is full integration with other solutions.

Cortex XDR by Palo Alto Networks could improve by adding a sandbox feature to better compete with their competitors which have it.

I have been using Cortex XDR by Palo Alto Networks for approximately four months.

The solution is stable.

I rate the stability of Cortex XDR by Palo Alto Networks an eight out of ten.

Cortex XDR by Palo Alto Networks is a highly scalable solution.

I rate the scalability of Cortex XDR by Palo Alto Networks an eight out of ten.

The support team at Cortex XDR by Palo Alto Networks is very responsive and helpful in addressing any issues or challenges that may arise. They are highly accessible and knowledgeable about the products they offer. Overall, I have been very satisfied with the support provided by Palo Alto while deploying their solutions.

We previously used CrowdStrike Falcon X.

Cortex XDR by Palo Alto Networks is easier to understand and use compared to CrowdStrike Falcon X endpoint. The dashboard and interface of CrowdStrike Falcon X can be cluttered, making it difficult for some users to understand where to begin when it comes to incident response or threat hunting. In contrast, Cortex XDR by Palo Alto Networks is simple to navigate and understand.

The initial setup of the solution can take approximately one hour. One hour is the longest it has ever taken us for the setup. We have not had an issue with the setup.

I rate the initial setup of Cortex XDR by Palo Alto Networks a seven out of ten.

We do the implementation of the solution.

The price of the solution could be reduced. I have customers that have voiced that the solution is good for the value but if I want to sell more of the solution the price reduction would help.

Customers tend to rather have a less expensive solution than the best one.

I rate the price of Cortex XDR by Palo Alto Networks an eight out of ten.

We are using two engineers for the maintenance of the solution.

In our market here in Malaysia, the solution is perceived as being of high quality and providing good service. 

I would recommend this solution to others, it is a good solution. It is my job to recommend solutions.

I rate Cortex XDR by Palo Alto Networks an eight out of ten.

The solution is not perfect and that is why I gave the rating of eight.

Cortex XDR by Palo Alto Networks is a network management solution.

Cortex XDR by Palo Alto Networks can improve mobile integration to allow access to the console.

I have sold Cortex XDR by Palo Alto Networks within the last 12 months.

Cortex XDR by Palo Alto Networks should be a stable solution.

The scalability of Cortex XDR by Palo Alto Networks is very good.

The cost of Cortex XDR by Palo Alto Networks is $55 to $90 USD per endpoint per month.

I would recommend this solution to others.

I rate Cortex XDR by Palo Alto Networks an eight out of ten.

I primarily use Cortex XDR to protect end-users from ransomware, malware, spam, and phishing.

Cortex XDR alerts us on the dashboard when there's a threat, which allows us to restrict that user and helps secure our infrastructure.

Cortex XDR's most valuable feature is its intelligence-based dashboards.

Cortex XDR could be improved with more GUI features.

I've been using Cortex XDR for a year.

Cortex XDR is quite stable.

Cortex XDR is scalable.

Cortex XDR's technical support is really good, though their knowledge of endpoint protection could be deeper.

Positive

The initial setup was quite straightforward, and deployment took two to three days.

We used an in-house team.

Cortex XDR's pricing is ok. We pay about $20 a year for our license.

I would give Cortex XDR a rating of eight out of ten.

We are using Cortex XDR by Palo Alto Networks as an endpoint solution.

One thing that I like about Cortex XDR is its ability to detect all the suspicious or malicious binaries, and it can integrate with Palo Alto Firewall. 

I have been using the product for about three and a half years.

The stability is very good.

It is scalable for those who use it.

If they want to do a POC, they can look for other market trenders that are there like Trend Micro. They also have their XDR solution. FireEye also has its XDR solution. They should do a comparison on what is based on their requirement. Based on their requirement, they should select the vendor. We saw that there were quite a few ransomware attacks that were not detected by traditional antivirus, so we moved to the Palo Alto solution. Likewise, the companies who want to implement EDR solutions, have to look at the problem statement. Based on their problem statement, they should work and find out a feasible solution.

The setup is quite easy. We had appropriate support from the manager. One thing that was missing was the integration part. Currently, they don't have out-of-box integration with IBM QRadar, or if they have the integration, the integration doesn't work well. That is something that they have to look at going forward.

It took around three to four weeks, because there was a full process change, and then we had to get approval for getting it deployed. 

I would rate Cortex XDR by Palo Alto Networks a nine out of ten.

The main use case was the integration with their Palo Alto firewall and Panorama. Apart from that, they also had integration with the FIM solution that they had. Overall, having it at the endpoint and having network integration for the overall threat scenario has been where we use it.

The policy configuration is great. The granularity of policies that are available is very helpful.

It is straightforward to set up.

It has pretty much everything we need and works well within the Palo Alto ecosystem.

The GUI could be improved. It's a little bit cumbersome. It could be more user-friendly.

I've been using the solution for around two years. 

The solution is quite stable. The only hiccup we had experienced was related to some false alerts where there was no detection, yet still the product showed that it detected something. There were a few false positives. Apart from that, it is quite stable.

For cloud purposes, scaling is not an issue. Even with the on-premises deployments, we have not faced any scaling issues. 

Technical support is great. We haven't had any problems with them. 

Positive

The solution is very simple and very straightforward to set up. It's not overly difficult or complex.

I'd rate it four out of five in terms of ease of setup.

I do not deal with licensing costs. That is taken care of by our sales team.

We do hybrid deployments. For some customers, it was on the cloud and for some, it was on-prem.

It's a good solution to go with. If you are dealing with the ecosystem of Palo Alto, like Palo Alto firewall, Palo Alto Prisma Access, and Palo Alto XDR, if you have a Palo Alto ecosystem, it's a must to have Cortex XDR. Individually, it also works well. However, having Palo Alto everywhere will be a better scenario or a better fit if you want to deploy Cortex.

I'd rate the solution eight out of ten. 

We're using it just to make sure that the customers, or our users, don't use any prohibited applications. We make sure that every application they use is on the allowed list. Any other application that is not only allowed is blocked until further notice. It's mainly to make sure that our organization is secure and that the software that the users are working on is secured too. This is the main reason. also to be aware and secured from any potential attack or ransomware etc.

The good thing about the product is that it's always scanning. It does real-time scanning for customers. If there's anything related to the applications that it's installed, for example, if an application needs some upgrades, or updates, or add-ons, we already have a server that is downloading this for the users, the computers. In terms of the laptops, we are not managing the laptops from the servers, since the users take the laptops with them and they are managing their laptops by themselves. There is any variability. The application gives us a notification on the Cloud so that we can handle this problem or make sure that the laptop is secured. The customers or the users don't have much experience to pick what is right and know what is wrong. It's a very, very informational application. 

The initial setup is easy.

They need to do definition updates. Instead of the version, they just put an update on the portal, and each time we need to upgrade it. Sometimes it's hard to upgrade the offsite clients. Sometimes the internet that they are using is not that stable. It gives us a hard time. Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded. 

It would be ideal if the updates would happen like Symantec updates or other antivirus solutions. The upgrade needs to deploy directly to the users.

We've been using the solution for two years. 

It's very stable. There are no errors or problems, even if there is something we need to do on the machine. Due to the configuration we already do, it's locking a lot of things that the users cannot do. Even if the administrator is working, it needs the Cortex XDR permission first. It's very stable and the configuration is easy in the portal. They are enhancing their configuration and its security constantly. 

The only thing that is giving us a hard time is they have a lot of version upgrades. I don't know if it's better to do it as update packages and make the upgrades half-year, quarter a year, or every year. It should be done more regularly.

From an administrative perspective, it'll give us less headache. Each time you need just to go to the portal and make sure that you're testing the product, the upgrade before you deploy it, and then you deploy it. And then you figure out which computer doesn't have the version, and you figure out how to install it. 

If it's a laptop on the other side, it'll take a long time, sometimes a week, to get the customer the upgrade. For installing the upgrade, we must do it. The users can't install this product by themselves. That's why it takes a while. 

The solution is scalable. We are using it for 80 or 90 people. It's a variety of different positions, from engineers to accountants. 

We're changing solutions and moving to SentinelOne. We won't be increasing usage.

They are very helpful and they respond very fast. If there's any ticket open they make sure that they fix the problem the first time. I didn't face any problems with them.

Positive

We are currently moving to SentinelOne.

It is a straightforward setup. It's not overly complex or difficult. The deployment took a maximum of two hours. 

I just installed it first on one of the testing machines and I tested the software package to see if it was still working. Then I just deployed it to the users and I made sure that it was working fine. It might take one day to deploy to the users if I test the version on the test machine first.

I handled the implementation myself. 

Corporate is responsible for licensing. I don't know anything about the pricing.

We are customers and end-users. 

We're using the latest version of the solution. 

Palo Alto is a big company. They are very good at security, so it's good if it's the first time a company is using this product. However, we are moving to SentinelOne as we are corporate. That means, if there is one branch upgraded or moved to something, we must follow. We are following our corporate instructions. If I was given the choice, I would be still using Cortex XDR as it's fulfilling my need. 

I'd rate the solution eight out of ten. The downside is each time I go to the portal and I check the versions, it's outdated. You need to upgrade each month or every forty days and it's a lot.

We have Cortex XDR on our endpoints, and we have managed threat hunting. We are using it for everything related to security. If we have a device we believe is compromised, we can do a scan of the device to check for malware. We look for indicators of compromise in our network. We also look for behavioral things, such as if people are, for some reason, sending a bunch of information out. We also monitor USB file copies to make sure sensitive data isn't leaving our systems. It is also for any kind of denial of service attack.

We are using its latest version. It is deployed on-prem. We have agent software on all our endpoints, and then we have on-prem devices managed through Panorama.

It has quite a bit of functionality. So, if anything weird happens on our network, Cortex normally lets us know.

Their XDR agent and their behavioral indicators of compromise (BIOC) are pretty nice. Their managed threat hunting is also pretty nice. They also have WildFire, which is a service for actively looking for malware. It's quite useful.

They've been having some issues with updating their endpoint agents, and it has been quite frustrating.

I have been using this solution for about a year.

It's incredibly stable. It's Palo Alto; it's top of the line.

It's enterprise-grade. They cover everybody from the federal government to large corporations. We're probably a pretty small network for them. We have about 2,000 endpoints.

I have used their support. I would rate them a four out of five.

Positive

We used to have Check Point. We switched because there were a lot of added features with Palo Alto that Check Point didn't have. It was an upgrade for us.

It is incredibly complex. It has a lot of parts. Its implementation took six months.

We worked with Palo Alto directly to look at our old firewalls and translate their configuration to Palo Alto.

There are three of us for deployment and maintenance.

It's way too expensive, but security is expensive. You pay for your licensing, and then you pay for someone to monitor the stuff.

You get out what you put in. So, the more you work with it, customize it, monitor it, and manage it, the more you'll get out of it.

I would rate it an eight out of ten. There are some bug updates that they were having issues with. Everything else has been pretty great. There is a lot more visibility than I expected.