Cortex XDR by Palo Alto Networks Reviews

Security correlation is our main use case.

This product could be simpler to use. For example, the onboarding process and getting it started could be improved.

The technical support is in need of improvement.

I have been working with Cortex XDR by Palo Alto Networks for one year.

The stability of this product is very good.

Scalability-wise, this is a very good solution. We have 100 people using it across a variety of roles. It's deployed for everybody, although it's only actively used by myself and one other person.

Our company size is quite static so I don't expect that we will increase our usage.

The technical support is not very good. I find the process difficult. It's very time-consuming to log support issues and the people that answer the tickets aren't very knowledgeable.

I also use Sophos Intercept X.

The initial setup is complex. On a scale of one to five, I would rate the complexity a three. It took six months to deploy.

We implemented this product in-house.

My advice for anybody who is implementing this product is to ensure that the project plan has appropriate troubleshooting time in it.

Overall, I'm quite happy with the product.

I would rate this solution an eight out of ten.

It can work as a standalone solution, however, it also fully integrates with the firewall. It operates on an endpoint level and on firewall level. It's endpoint security, so there are not 35 use cases. It's pretty specific.

Overall, it's a great platform. It integrates very well with other solutions from Palo Alto and also with our vendors. 

The ease of use is excellent. 

I love the root cause analysis from Cortex, which is amazing. It's really fantastic. In a few clicks, you can just have the full root cause. 

The price is quite interesting. It's not overly expensive.

The solution is stable. 

I've found the solution to be highly scalable for enterprises. 

What would be interesting, is if it could also read IoT protocols. If they can improve on the IoT part that would be great. In general, in this area, they can still improve.

It's not an ideal choice for smaller businesses, as you need a minimum of 200 endpoints to even use the solution at all. 

The solution is quite new. I've been using it for approximately the last two years. It hasn't been that long just yet. 

There are no performance issues. It's really very stable. I haven't dealt with bugs or glitches. It doesn't crash or freeze. It's reliable. 

The product is absolutely scalable. It's an enterprise solution. However, one less positive thing about it, is that it's only from 200 users, from 200 endpoints. That's bad. What do you do with clients who have only 100 endpoints? They cannot purchase Cortex. That has to be improved, with high priority. Palo Alto is aware of that.

The pricing is quite good. It's interesting. It's not a particularly expensive option. 

We are using the Cortex Pro version of the solution. 

I'd advise users to do a proof of concept (POC) and try it out. It's amazing. 

I'd rate the solution at a nine out of ten. It's one of the top solutions on the market. We've been very happy with it so far.

My customer wanted to use EDR. We worked with the POC to demonstrate the antivirus and how it has more features for detecting threats.

It makes it easier and faster to investigate problems and incidents.

The most valuable features are that it can integrate the firewalls and determine the tendencies of the attacks.

It investigates problems and incidents quickly. Cortex is good at reducing alerts and for having a custom barrier. It's a new generation antivirus, with protection endpoints and detection response.

Cortex detects and shows what the problem is and how to resolve the problem or incident. Cortex is very easy to use and everybody can operate the solution.

It has tools for threat hunting and it has very good incident response features.

It is not easy to sell Cortex XDR, not because it isn't a good tool. Its marketing needs to be improved.

I've been using it for a year.

Setting it up is very simple.

It has a higher cost than other solutions, like CrowdStrike or Microsoft’s EDR tools, but it reduces the cost of our operations because it’s a new generation antivirus tool.

I'm rating this solution a ten out of ten because it is very good for managed threat hunting and incident response. It is the best XDR solution. It's better than other tools because it uses enterprise architecture. Everybody will find that this solution is easy to use. 

We use Cortex XDR as part of our security solution.

its a very good solution and single solution for entire infrastructure, give us good co-relation of incident. Single solution for Network, Endpoint, Servers. 

The most valuable for us is the correlation feature. You are able to correlate data that is coming from the firewall, network, server, and endpoints. This is one of our main requirements and makes for a good product.

It works with the data lake in an agent-based or agentless manner.

It is easy to integrate most with network devices, including firewalls, and Active Directory. We use firewalls from different vendors including Palo Alto and Check Point, and it supports them.

There are some third-party solutions that are difficult to integrate with, which is something that can be improved.

We have not experienced any issues with respect to stability at this point.

Scalability has not been a problem.

We have been in contact with technical support and are satisfied with them.

Positive

its a Straightforward

We have an in-house team for deployment and maintenance.

It replace multiple solution and due to this it will reduce the Administrative effort.

I have run a PoC with both CrowdStrike and Cortex XDR, and from my observation, I felt that Cortex was much better at meeting our requirements. It is also easier to use.

CrowdStrike was difficult when it came to integrating with other products and it does not work on mobile devices.

My advice for anybody who is considering Cortex XDR is that it is a complete solution, and has very good features. From my experience, it is one of the better ones in the market. That said, no product is 100%.

I would rate this solution a nine out of ten.

We are in the testing stage of using Cortex XDR by Palo Alto Networks. We are using it in order to ensure the corporate network servers are protected. Additionally, we need to use a specialized tool.

Cortex XDR by Palo Alto Networks is easy to use and does not consume a lot of hardware resources. 

Cortex analyzes the network and users to detect additional risks and threats that the other vendor's solutions don't detect.

We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky.

The tool should have the ability to test an environment to see what percentage it is secure against threats, such as ransomware. This would allow for adjustments to be made to the network for more security. We don't have the capability to test the networks daily there should be a parameter in order to report on the healthy of the network for security vulnerabilities.

I have been using Cortex XDR by Palo Alto Networks for approximately two weeks.

Cortex XDR by Palo Alto Networks is highly stable. 

We don't have any user reports suggesting that there is a high level of resource consumption.

In regard to the scalability, the tool could have additional agents to provide a full installation in the company. This would make the installation much easier when scaling the solution, we should not have to use another tool.

The installation approach is to do it one computer at a time, but if Cotex could provide an additional tool in order for us to reach all the elements of the network would be very helpful. It should be done automatically. I understand that if the tool has the capability to analyze the network, it should be able to read the computers' elements in the network and in other ways.

The support is very efficient and professional. They have provided us with the tools and the basic elements to understand how the solution works. They have helped us prepare some specifics for our installation.

We use the Kaspersky protection solution. Kaspersky works based on blacklists, if you are on the blacklist it is working well but if you are not Kaspersky does not work.

The installation of Cortex XDR by Palo Alto Networks is easy. The setup is not complicated.

It would be a good idea for the company to provide at their website videos that are translated in Spanish related to technical skills. This would be very useful and would have a lot of value.

The world in commercial terms, speaks English, we have to understand that with tools such as this, if the solution was in other languages more companies would be able to exploit the tool. If we don't have this information in our native language, we will not use the tool to its full potential.

In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage.

I recommend that the company review the pricing model in the Latin American market. They need to determine how to impose, or how to bring a more accessible cost in order to accelerate the implementations in American countries.

We have been comparing Cortex XDR by Palo Alto Networks to Cisco solutions.

It is important to have security tools in order to review, monitoring and hunt the potential attacks. We have found in our test Cortex XDR by Palo Alto Networks to be a very good tool.

It's an efficient solution. I recommend this solution to my business partners and other companies.

I rate Cortex XDR by Palo Alto Networks a ten out of ten.

Other solutions I have used I would rate a seven out of ten. There is not something that comes close to this solution.

As with any advanced malware protection tool, it's really about the results and getting the security you need. We are end users and I'm a cybersecurity incident response analyst.

I like that the product has behavior-based detection which offers many benefits over signature-based detection. When it comes to zero day attacks and targeted attacks, signature detection is not able to detect problems. Behavior-based detection is able to detect attacks tailored specifically for your environment, or malware that doesn't yet have a known malicious signature. It's the nature of how the data is processed that makes the tool really powerful. 

The downside to the solution is that there are a large number of false positives. There are a whole lot of different things for business automated actions, and it's hard to sort through all that. Without some assistance and suppression of false positives from Palo Alto or some event triaging that you might have enabled on your SIEM, you'll continue to get the high number of false positives. It's related more to the lack of capability to easily identify and suppress false positives before they're presented to you. There needs to be a function for suppressing false positives for types of machines and not necessarily for the actual groups.

I've used this solution for close to six months while we were evaluating it. 

Since Palo Alto was giving us the proof of concept, we had direct access to them.

It takes quite a few people to set it up. I would say the biggest difference between Palo Alto XDR and something like Cisco AMP outside of the actual detection is going to be the ease of implementation. Cisco AMP only requires one person to go through all the groups and configure policies. With XDR you define groups based on types of machines and commonalities in the machines. It's not like you just send a connector to machines and they're part of that group in that policy. It means there is a whole lot more to configure on XDR.

The same things apply to anyone looking to implement any form of anti-malware agent. You really want to take the time to make sure your environment is organized and configured the way that you want it to be, because once you start getting empty policies and machines in run groups, you run into a pretty big mess. Another thing would be documentation. If you're adding suppressions or custom detections or your AOCs, keep a document which logs all the changes, because people come and go, and handing down an anti-malware tool to somebody that doesn't know how or why it was configured a certain way, could make things difficult.

It would be a tremendous amount of work for us to implement Networks in a company our size. We have a whole bunch of projects going on right now that are pretty important and since we already have that advanced malware protection tool and AMP, which we think is good, we don't necessarily think Networks is as powerful at detection. On other projects, if we were going to go ahead and turn around and move forward with Palo Alto, it would mean taking a step backwards and reimplementing an anti-malware agent that we already have. That said, my impression is that it's a really good tool and you can get a lot out of it. 

I rate this solution a nine out of 10. 

We use this solution specifically in endpoint response, endpoint detection, endpoint sandboxing, and as a firewall.

The product is mostly automated, and we do not have to make decisions. All the decisions are made by the product itself. 

We are not required to create any custom policies. 

The policies that are created are well defined in the product itself.

The most valuable feature is that you can select remote access of any machine for sandboxing.

Irrespective of whether you have the rights or not, you can still access it from the cloud.

I would like to see some sort of attachment scanning included.

Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access.

I want a plugin for email attachment scanning and email body scanning.

I have been using this solution for two years.

We are using version seven.

Scalability is not a problem with this solution.

It's a cloud setup. You can scale in and you can scale out as per the cloud.

We have close to 500 users in our company.

Technical support is very good, but it can be a problem, especially in the Gulf region.

If you do not take direct support, you have to wait for 72 hours. 

Also, direct support is a little bit costly.

We used McAfee previously. We switched because the solution is pretty automated. You don't have to manually decide on the policy.

The initial setup is pretty straightforward.

In one hour, you can deploy the entire setup and get started.

After the setup, deployment can take up to three to four days.

We had one admin test the solution and maintain it for us.

We did not use an integrator or vendor team. 

The pricing is okay, although direct support can be expensive.

It is a very straightforward product with minimum administer interference, once it is deployed.

I would rate this solution a seven out of ten.

We use it for our own company as well for our clients. It is mainly used for protecting the endpoints. Like everybody else nowadays, we're all working from home, and we have access to data on the public cloud, private cloud, and on-prem. We got to make sure that we're not exposing our endpoints to anything out there that could be malicious and that could cause any problems within our networking environment.

It has absolutely improved the way our organization functions. We are more secure. It is giving us more peace of mind, and it is doing what it is doing. It has found malicious activity happening on our endpoints that probably would not have been detected if we didn't have it.

The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly.

The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that.

A little bit more automation would be nice.

We've been a reseller for Palo Alto for 13 years. I have been using it for quite a while. They had bought Cyvera for the endpoint security, which was obviously the base for Cortex XDR. I have been seeing how it actually progressed from just a straight endpoint security solution that was a little clunky at one time to a very streamlined, effective solution today.

It is stable. I haven't found any issues.

It is extremely easy to scale. We have about 20 users, and their roles stem from sales to technical, marketing, and administrative.

Palo Alto has got very good tech support. I would give them a ten out of ten.

At one time, I tried Cylance, and it just wasn't that effective for what we needed. At the time, it wasn't really an EDR solution.

The initial setup was very straightforward and easy.

Its pricing is kind of in line with its competitors and everybody else out there.

You don't have to be a Palo Alto customer to implement this solution. Some people think they have to, but no. It is a completely separate solution on its own. I would highly recommend it just because it is a complete package. It not only takes in data from your endpoint; it also takes in data from other sources that are not Palo Alto and helps to create the story about what's going on by stitching things together.

I would rate Cortex XDR a nine out of ten. It is pretty good. The reason for giving a nine is that there is always room for improvement.