Cortex XDR by Palo Alto Networks Reviews

Security correlation is our main use case.

This product could be simpler to use. For example, the onboarding process and getting it started could be improved.

The technical support is in need of improvement.

I have been working with Cortex XDR by Palo Alto Networks for one year.

The stability of this product is very good.

Scalability-wise, this is a very good solution. We have 100 people using it across a variety of roles. It's deployed for everybody, although it's only actively used by myself and one other person.

Our company size is quite static so I don't expect that we will increase our usage.

The technical support is not very good. I find the process difficult. It's very time-consuming to log support issues and the people that answer the tickets aren't very knowledgeable.

I also use Sophos Intercept X.

The initial setup is complex. On a scale of one to five, I would rate the complexity a three. It took six months to deploy.

We implemented this product in-house.

My advice for anybody who is implementing this product is to ensure that the project plan has appropriate troubleshooting time in it.

Overall, I'm quite happy with the product.

I would rate this solution an eight out of ten.

My primary use of this solution is as an endpoint security client.

This product has not improved my organization - in fact, we are in the process of moving back to another product as a result of Cortex's horrible impact on system performance.

The most valuable features of this product are the management capabilities, which allow an IT organization to get quite a good picture of attempted cyber attacks, and its out-of-the-box investigation capabilities.

The product's impact on system performance is horrible, adding a lot of delays for users. 

I have been using this solution for four months.

The onboarding process was quite cumbersome. It took some time to deploy as we had to investigate about 500 cases of clients who did not get the agent immediately.

I implemented using a vendor team.

I would rate this solution as five out of ten.

We used it for malware detection and to detect weird DNS calls. Overall, it was for endpoint protection.

Many people here are surfing the web on Russian sites, Korean sites, Chinese sites, etc., and by definition, they download things that are not very nice. Whenever there was something fishy, most of the anti-virus solutions just wouldn't see it. We needed endpoint protection that would detect as soon as some code started doing funny things. Traps was very good at that.

The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical.

There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, was not user-friendly.

The stability was quite good. We never had any issue with it at all.

We had no issue with scalability. We deployed to 220 machines in one go with no problem. We had 130 users. Some people were using many machines. The users were mostly analysts. Ten to 20 of the users were IT people and the rest were doing analysis work on satellites. It was being used extensively, 100 percent in our case. Even the serves had it running. Everybody had Traps installed.

The technical support from the consultant was very good. I don't remember having to talk to Palo Alto directly. I had an issue, but I talked to the consultant and then he escalated it.

Before Traps we had no endpoint protection.

The setup was not very intuitive to start with, but after you've done it once, it's really straightforward.

The first time I set it up, for one machine, it took about 15 minutes until I understood what was going on, starting from the ESM and using the deployment tool. But as soon as you've done it once, and you understand the ergonomics behind it, it goes fast.

In terms of the implementation strategy, we started with a limited number of machines and the machines of people from IT, who we knew would surf to weird places. Then we deployed a small sample to the people who go to China and Russia and places like that. After a while, while, we decided to go all the way and we used the ESM to deploy it on every machine.

The process from the planning phase until it was fully implemented took about three or four months.

For the first installation we had a consultant, a Palo Alto dealer, consultant, and solution provider here in Madrid - Open3S. They're very good. Our experience with them was very positive. They're really competent. They really know what they're talking about. We were very happy with them.

The deployment required one or two people. Some days two people came, but normally, with one guy, it was okay.

It was more like insurance. You hope you're never going to use it, but you have it. It gave us some confidence in what people were doing because we know people were going to weird places on the web. With Traps, we were quite confident that if something wrong happened it would be detected and intercepted and deleted before it was spread around.

When we first bought it, it was a bit expensive, but it was worth it. The licensing was straightforward.

We didn't evaluate any other options because we had Palo Alto as firewalls and we were quite satisfied with Palo Alto. So the consultant took the initiative to do a demo and we liked it. Due to the type of business we are in, it's very useful.

Make sure you have a proper inventory of all the applications running. That's something we should have done to start with. We intended to do so but because we're using very strange applications to deal with satellite imagery, and it was giving us some issues. For somebody who's using the standard Microsoft Office, it's really straightforward. But if you have exotic applications, then make sure you test it before you deploy it. You will have issues.

To maintain it, the only thing you have to do is download the latest updates and install them. After that, the only maintenance you need is checking the logs every day to see what has been sent to the cloud for sandboxing and then move to the culprit machine to see what happened. It's difficult to say how many people are required for this. As soon as you get something exotic on the machine, this can take an hour, but that's not related to Traps. Traps is just telling you there's something exotic. After that, it's the time you spend doing all the malware and other analyses. As far as Traps is concerned as such, it doesn't require much maintenance. It's something you set and forget.

I would give Traps a nine out of ten. I think it's a very good application. It detected stuff that other things wouldn't detect. I'm very positive about it and was extremely satisfied with it. We had it for the reason I noted earlier. It has been replaced by something else, but I had a very good experience with it. Had we been in a Microsoft Office business - the normal applications - we never would have moved. But the people in charge of the system went to Microsoft Defender.

We use this solution to secure endpoints and to have more visibility on what is happening on the endpoints.

We have two customers who are using this solution currently.

The installation should be easier and the Palo Alto pre-sales and sales should teams have more information on the product because they don't know what they are selling.

They don't know the features of the products they sell.

For example, Cortex XDR includes Cortex XDR Prevent, Cortex XDR Pro, and Cortex XDR Pro per TB. They don't know the real differences between Cortex XDR Pro and Cortex XDR Pro per TB.

Sometimes, they will tell you about features for one edition that belong to another edition. They don't seem to know what features belong to what edition.

I have been working with this solution for one month.

We are familiar with Cortex XDR Prevent and Cortex XDR Pro.

It's a stable product.

It's a scalable solution.

Technical support is okay.

The initial setup is complex. It is not easy to install.

We have been deploying this solution for a month, but we are not finished yet.

We only need one engineer for the deployment and maintenance.

I would recommend this solution to anyone who is interested in using it.

I would rate Cortex XDR a seven out of ten.

So far, we have only done a PoC of Palo Alto Traps. We deployed Traps on a few devices and then did the PoC. I also attend a workshop for Palo Alto Traps. I learned how it works and how it can block malicious files, etc.

• It blocks malicious files. 
• It prevents attacks.
• It doesn't require many updates, it's a very light application.

Managing the product should be easier.

The stability is good but I did face one issue that I want to point out. I don't know about the new version but in the old version, sometimes not all your devices are showing properly. Sometimes they show as "inactive."

Scalability is good. You can install it on any number of devices that you are licensed for.

Technical support is good but people need better knowledge of that particular product. I don't think it's well-known in India. 

If we asked someone about using Traps they would ask, "What is Traps?" Compared to other products like Symantec and Trend Micro, Traps is not well-known endpoint protection. The engineers also don't know much about it, so Palo Alto needs to promote knowledge of this product.

I go through the vendor for support first. If the vendor doesn't resolve the issue then they log the case with Palo Alto. We haven't had any incidents that had to go to Palo Alto. Everything has been resolved by the vendor so I don't know about the direct support of Palo Alto, except that the Palo Alto firewall is a very stable brand. There's no issue.

We are using Symantec now. We were thinking of purchasing Palo Alto but because the EDR part was not there at the time, we went with Symantec which has the EDR solution. EDR is essential for our project. I think it has been announced that EDR is part of Traps now.

The initial setup was very simple. We finished the deployment within one day.

For our implementation strategy, it's cloud-based, so we installed the PoC license on the cloud and then started deploying the agent software on my laptop and mobile devices, and then we did the PoC.

We did not negotiate the price because the solution did not fulfill our requirements. But the price was fine. I don't know how it would compare with Symantec because I negotiated a lot with Symantec. I don't know what kind of negotiation I could have done with Palo Alto.

We did not check any other options. But I am going to evaluate Traps in the next year because I want to go for a Palo Alto platform, as we already have a Palo Alto firewall. If, next year, all my requirements are fulfilled, then I will definitely go for Traps.

Palo Alto Traps is good but they need to more widely promote it.

The level of security I get for my endpoints and servers is extremely valuable.

No signature updates of the AV needed, so no old signatures. No patching, very little operational effort needed.

Performance at the endpoint is much better than with the old AV.

No signature updates needed.

Stops the attack before it is executed.

Two years.

No.

No.

No.

Perfect.

Real experts.

Yes. We switched because the footprint was heavy, the protection rate decreases and the operational costs (incidence response) were high.

Yes, it took one hour to install the back end and the rollout was done by software deployment. Project lasted four weeks .

In-house.

Ask your local dealer.

Yes.

If you are already a Palo Alto Networks Firewall customer you can have perfect Integration between your clients/servers and your firewalls. Automated response without supporting and APIs.

Cortex XDR is a simple platform that's easy for administrators and users. You have a lot of flexibility to change or customize the features. 

The playbooks could be improved to include more functionalities or actions. 

I have been using Cortex XDR for a few months.

Cortex XDR is highly stable. 

Cortex XDR is scalable. 

We previously used McAfee, but we switched because of our customer. We checked Gartner's to learn about each vendor and solution and consulted with the customer about the features they needed. 

Cortex XDR is a cloud-based solution, so the deployment is straightforward. They give you your credentials to access the platform and you change some settings to customize it. 

I rate Cortex XDR by Palo Alto nine out of 10. 

It is used as a device that can detect any issues and changes when people are not at work. In one case, we use it when someone is not at work or has already used their allotted time off. This helps us understand any issues that may arise when someone is not at work, which could lead to changes in the way we work.

There are many areas that could use improvement. One thing that is important to keep in mind is that times change, and we need to be adaptable to what happens. Ultimately, we want to see positive results and improvements.

In the next release, I would add dashboards that allow everyone to see what's happening, not just the security team. Users can view the data and see what's happening. Also, I think the Data Lake from Cortex XDR should be public, not private.

I have been using the solution for two years.

The initial setup was easy.

The pricing is cheap.

I rate it a nine out of ten.