Cortex XDR by Palo Alto Networks Reviews

Cortex XDR is used for endpoint detection and response. This is software placed into endpoints and work in this cloud. In cloud has the analytics, login, prevention models, et cetera.

If a company uses Palo Alto and supports Cortex XDR for endpoint protection it is very well protected. Palo Alto is the best security solution in the market. It's very advanced and its protection is extremely reliable.

The solution doesn't need a high level of technical training. The solution is very usable and doesn't take a lot of personnel.

The product is very scalable.

The stability is very good.

For working with the solution, you only really need a web browser, however, we've found that working on Chrome, for example, is horrible.

Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well.

I've been working with this security solution for ten years or so and Palo Alto Networks for two years.

The solution has been very stable and very reliable. There are no bugs or glitches. It doesn't crash or freeze. It's one of the best on the market.

The solution is very scalable. It works well for companies that are quite sizeable. If an organization needs to expand it, it can do so easily.

We have about 50 to 55 users on the solution.

I personally handle technical questions for those working with Palo Alto. 

Support of Palo Alto is English, however, I work in this local technical solution, local technical and I'm working with customers with a warranty.

I've found technical support from Palo Alto to be very good. We're local and we can assist as well, however, Palo Alto is capable of handling any size of issue and they are quite helpful.

I am not directly handling the installation. My client is.

You do need a team of people on this solution that understand the cloud and the solution itself if you have a large, complex environment. If you have a robust security team, it's good. However, if you don't have the resources, it's not an ideal product. 

That said, if your company requires a small, simple setup, one person may be enough. It really depends on the size.

My client is actually handling the installation. I often field questions from them, however, I don't participate in the installation directly.

For basic needs, the solution isn't very expensive. However, as you grow more complex in your needs, the more you use, the more costly it can get.

The licensing is typically for one year. There's a one-time installation. If you would like to continue with the service, you can continue. There's no need to install and reinstall.

Cortex XDR is a threat analytics security manager that allows users to see what threats are going to endpoints. It's a very high-security solution. 

The next step up from Cortex XDR is Cortex XSOAR. XSOAR is an automated threat solution. It's a security solution from Palo Alto. 

I'd recommend the solution to others. I'd rate it at a nine out of ten overall. 

I primarily use this solution for my clients. I don't use the solution myself.

I can call the tweak responses or other items that the customer doesn't like very easily due to the fact that this solution is on the cloud

It collects and caches and the knowledge of machine learning from different customers to take to the cloud. It makes it better to use for everybody. It allows for quick learning and updates and can, therefore, offer zero-day malware security. This sharing of metadata helps make the solution very safe.

Even the firewalls have their signatures. It takes from different resources and takes note of everything. 

The exploits and malware technology are really good. 

It's my understanding that this solution is at end-of-life.

It's hard to use as a product. It's not easy or straightforward. Especially when I deal with a government sector or other sensitive industries. They do not accept that it's so easy to share metadata outside their organization. They prefer on-prem even if it is not as powerful due to the fact that they perceive it as being more secure.

The solution can never really be an on-premises solution based simply on the way it is set up. It needs metadata to run and improve. Having an on-premises solution would cut it off from making improvements.

The deployment is pretty hard. Competitors like Trend Micro or Symantec have features on their console that make them easier to use. This solution does not offer items that would increase its usability.

Before I moved to technical sales, I handled implementation, and I remember it being very difficult. They need to improve this aspect.

The solution provides a lot of false positives. The average amount of false positives you get is 5%. It would be great if this could be lowered.

I've been using the solution for a year and a half.

Security people usually think it's a very powerful solution. However, government teams always worry about the security of the cloud and always need to send approvals. Since this solution is not a normal endpoint, it can be a bit tricky for compliance purposes.

At the same time, it does its job. It's very good at vulnerability management.

That said, it is really not really flexible to make deployments on certain platforms. It's really complicated. Sometimes the solution falls off.

We've contacted technical support in the past and they are very good. They are usually quite capable of closing the issue for us. They're also great if we're working out a new configuration or doing a completely new implementation. We're satisfied with their level of service.

The initial setup is not straightforward. It's not that it's complex per se. It's difficult. 

The IVR needs to be reached on the outside. You need to make it to the server and that's connected to the database that communicates with the agent properly. You have to push the agents and put the sensors inside the network. 

We're an integrator; we implement this solution for our clients.

We have a partnership with Palo Alto. I'm a consultant, I'm pre-sales as a technical sales engineer. I try to show the value of any product for the customer. I don't actually use the solution myself.

The solution does not have an on-premises option. It's only available on the cloud.

For XDR new users just need to make sure they have the right policies in place. The solution does offer pre-configured policies. Organizations will want to make sure it is actually fitting them in the places where they will be working best. It's important as well that they don't make it a default selection. Users need to make sure that it's really configured and whitelisted and everything fits the organization. 

I'd rate the solution eight out of ten. I'd rate it higher, however, the deployment process is poor even though the features are decent. Competitors like Carbon Black have much easier deployments.

We primarily use the solution for our endpoint server and endpoint protection.

There aren't many features we find valuable on the solution.

They have a new GUI which is just fantastic.

The solution eats memory of the computer, unlike anything I've ever seen. It eats more memory than Chrome. 

I have a lot of users that are eating my memory each hour every day and it's causing us problems. We have to go and buy more memory for each computer. When you have a lot of computers like we do, is not a very good situation.

Some of the computers are only using 4 GB of memory, so if you put aside the differences, most only have some Chrome, some internet, and Office and that's it. And yet, the memory is getting eaten.

If someone catches something like malware, or something else, I want to know if the file was spread to other machines and what the target was. I want to be able to get ahead of the spread. This solution doesn't do enough to protect us against these types of vulnerabilities or to give us much information about the spread. The tool really does need some more reverse engineering features.

There's an overall lack of features.

The initial setup could use improvement. Currently, I must go to each machine and deploy everything manually. We are in 2020, not in 1980. It seems like such a dated way of doing large deployments.

I've been using the solution for a year and a half.

When I was experimenting with stability early on, I did run into issues when testing the solution in the sandbox.

Eventually, it catches one of the executive files and if you go to the management section of the solution and you release this file, it takes seven or eight tries to do it. You need to keep trying, again and again, using the same procedures to release the file for usage. That was in the beginning and we still have this issue, even though they made a new GUI for management. It's still not resolved.

We have several hundred users.

I had some issues initially in the sandbox when I was testing scalability.

I have reached out to technical support in the past. I find dealing with them is like talking to a wall. They aren't terrible, however, you don't really get any guidance. They ask over and over to get us to send them dump files and we do over and over. After all of the back and forth, nothing is really resolved to our satisfaction. You're paying for their services, and you don't get the level of service you would expect. It's a pain point.

The initial setup was not complex. It was very straightforward.

The deployment did take a lot of time due to the fact that we had seven hundred computers. 

We simply use the solution as a customer.

I would not recommend the solution. I'd advise other companies to rather go with Palo Alto's firewall as a better option. I've already advised others not to touch it. It's not worth it at all to even consider using it.

I'd rate the solution six out of ten. Their new GUI is very nice, however, as a professional service, it's lacking in a lot of areas.

Advanced endpoint protection.

Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place. We have not had any malware successfully execute on an endpoint since deploying Traps.

Wildfire, advanced detection capabilities, and whitelist/blacklist features. These features have provided us an easy way to lock down our systems to prevent execution of unknown code and scripts and to prevent launching of code from end user writable directories.

The application whitelisting/blacklisting feature is based purely on path and filenames. Changing a filename can bypass it easily. The uninstall admin password for the client is passed in clear text during install. 

There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration. This is ridiculous for an enterprise product. 

Traps 5.0 does not integrate with Palo Alto's Panorama product, which was a big selling point of Traps 4.0. Traps 5.0 has no ability to send an email to alert of detections. Instead customers have to jump through hoops to use Palo Alto's log management service to forward logs into a 3rd party SIEM and then build your alerts from there. No EDR functionality, though this is supposedly coming.

Mostly positive. We've had some episodes early on where upgrades caused some issues with the backend database, but that seems to have cleared up. This issue would not impact the Traps 5.0 users as it is SaaS based.

This software exists on every workstation and server in our company with ~10,000 people using the solution. For on-prem, we run 3 nodes and it handles the load just fine. We could always add more nodes if necessary. For the SaaS solution, that is all on Palo Alto's side.

Setup was pretty straight forward. The product is very granular and customers can turn on features as they are ready/comfortable in order to keep the deployment simple. For organizations with a good understanding of their infrastructure, deployment should be pretty simple.

We deployed Traps ourselves. We went big bang and deployed all features at once. We had a strong understanding of our systems and were able to provide whitelisting settings up front that made sense. There was a bit of post-deployment work to resolve things that were missed, but all things considered the deployment strategy went smoothly and was the right call.

For an endpoint security service, that is hard to state. We have not seen a malware infection since deployment.

I feel it is fairly priced.

We evaluated 

• Palo Alto Networks Traps vs Carbon Black
• Palo Alto Networks Traps vs Cylance
• Palo Alto Networks Traps vs CrowdStrike
• and Palo Alto Networks Traps vs Sophos X.

I think Traps has the best mix of features by price in the industry. It is not flawless by any means, but Palo Alto seems committed to it and are improving it. Traps 5.0 is promising, though they have a ways to go before I'd be willing to implement it.

Threat identification and detection are the most valuable features of this solution.

I would like the Panorama module included. It's another solution that is provided by Palo Alto and we are interested in that.

I would like to see some additional features related to email protection included.

I have been working with Cortex XDR for a year and a half.

Technical support is okay.

I don't have any issues with the pricing. We are satisfied with the price.

I would rate Cortex XDR by Palo Alto Networks a ten out of ten.

We use this solution to protect our computer system against threats, such as exploits and malware.

The user interface of the solution is sophisticated and straightforward.

In an upcoming release, the solution could improve by proving hard disk encryption. If it could support this it would be a complete solution.

I have been using this solution for approximately two months.

The solution is stable, we have not had any issues.

We have over 5,000 employees and they are being managed through this solution. It is scalable.

We have our own IT support teams.

We were previously using McAfee and we switched to this solution because they failed to provide us proper protection.

We have an IT support team in our organization and they are managing everything remotely, such as laptops.

Our internal team did the implementation of the solution.

I would recommend this solution to others.

I rate Cortex XDR by Palo Alto Networks an eight out of ten.

We use this solution specifically in endpoint response, endpoint detection, endpoint sandboxing, and as a firewall.

The product is mostly automated, and we do not have to make decisions. All the decisions are made by the product itself. 

We are not required to create any custom policies. 

The policies that are created are well defined in the product itself.

The most valuable feature is that you can select remote access of any machine for sandboxing.

Irrespective of whether you have the rights or not, you can still access it from the cloud.

I would like to see some sort of attachment scanning included.

Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access.

I want a plugin for email attachment scanning and email body scanning.

I have been using this solution for two years.

We are using version seven.

Scalability is not a problem with this solution.

It's a cloud setup. You can scale in and you can scale out as per the cloud.

We have close to 500 users in our company.

Technical support is very good, but it can be a problem, especially in the Gulf region.

If you do not take direct support, you have to wait for 72 hours. 

Also, direct support is a little bit costly.

We used McAfee previously. We switched because the solution is pretty automated. You don't have to manually decide on the policy.

The initial setup is pretty straightforward.

In one hour, you can deploy the entire setup and get started.

After the setup, deployment can take up to three to four days.

We had one admin test the solution and maintain it for us.

We did not use an integrator or vendor team. 

The pricing is okay, although direct support can be expensive.

It is a very straightforward product with minimum administer interference, once it is deployed.

I would rate this solution a seven out of ten.

I'm testing the product right now. I use the solution for endpoint security.

Everything is fine. 

It'll not slow down your system when compared to others.

The initial setup is easy.

I'd like the solution to provide URL filtering and web-based prevention. We'd like to block web pages at a high level.

We would also like to have advanced tech protection and email scanning.

I've been using the solution for a year.

The product is very stable and the performance is good. It doesn't slow down the systems it runs on. There are no bugs or glitches. It doesn't crash or freeze. 

The solution can scale well.

More than 100 people are using the solution right now. 

We've never needed the assistance of technical support just yet.

I've also used McAfee MVISION Endpoint. 

I'm testing them both and finding the advantages and disadvantages between them.

The solution is very easy to set up.

You do have to pay for a license in order to use a solution. It's expensive.

We're a reseller.

We are using the latest, most up-to-date version, of the product.

I would recommend using it with another protection layer. Cortex should provide an additional layer of security apart from this. You might have to integrate with other vendors also.

If you are looking to deploy a security solution as a whole, this is a good option.

I'd rate the solution seven out of ten. If we had more advanced security features, I'd rate it higher.