Cortex XDR by Palo Alto Networks Reviews

We use this solution to secure endpoints and to have more visibility on what is happening on the endpoints.

We have two customers who are using this solution currently.

The installation should be easier and the Palo Alto pre-sales and sales should teams have more information on the product because they don't know what they are selling.

They don't know the features of the products they sell.

For example, Cortex XDR includes Cortex XDR Prevent, Cortex XDR Pro, and Cortex XDR Pro per TB. They don't know the real differences between Cortex XDR Pro and Cortex XDR Pro per TB.

Sometimes, they will tell you about features for one edition that belong to another edition. They don't seem to know what features belong to what edition.

I have been working with this solution for one month.

We are familiar with Cortex XDR Prevent and Cortex XDR Pro.

It's a stable product.

It's a scalable solution.

Technical support is okay.

The initial setup is complex. It is not easy to install.

We have been deploying this solution for a month, but we are not finished yet.

We only need one engineer for the deployment and maintenance.

I would recommend this solution to anyone who is interested in using it.

I would rate Cortex XDR a seven out of ten.

In terms of what could be improved in Cortex XDR, definitely the host insights module. The ability to kind of take a look at what applications are running on the endpoint is a new feature, but there is a lot of room for improvement there in terms of versioning and so forth.

Additionally, the dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard.

I have been working with Cortex XDR over the last year, at least.

On a scale of one to ten, I would give Cortex XDR by Palo Alto Networks an eight.

We're primarily a Palo Alto shop, and we integrate solutions in the Palo Alto ecosystem. But for firewalls and threat hunting, it's all through Cortex XDR. We also compliment the Cortex XDR product with other endpoint protection solutions, like Windows Defender, or whatever the customer is using,

Stability is a primary factor, and then there's the ease of distribution and policy management. Cortex XDR by Palo Alto Networks is very easy to work with, and we're quite happy with them.

It would be good to have a better way to search for a file within the UI. Like in SentinelOne, you can search for an arbitrary file, and in Cortex XDR, you can't. You can do it with an addendum license, but I think we could all benefit from getting it with the standard license. Because if you want to do threat hunting with this product, you have to search for files now and not wait to get a license.

I've been using Cortex XDR by Palo Alto Networks for about two years.

Cortex XDR by Palo Alto Networks is a stable solution.

We used to talk to Palo Alto support extensively, and we always had a pleasant experience and never had a problem with them.

Cortex XDR is quite easy to install. The time it takes to deploy depends on the infrastructure. We have had cases that lasted a few days and other cases where it took two to four months for a proof of concept.

Every customer has to pay for a license because it doesn't work with what you get from a managed services provider. It's quite expensive, and they can't sell it for less than 200 euros a license. It's the lowest license price we can get from them.

I would recommend Cortex XDR by Palo Alto Networks to potential users.

On a scale from one to ten, I would give Cortex XDR by Palo Alto Networks a nine.

We use Cortex XDR by Palo Alto Networks for its ability to detect based on behavior rather than simple virus scan to prevent malicious activities. We also use it to go in and white list things that are okay. This way, they won't get blocked.

The behavior-based detection feature is valuable. 

It'll help if customization was easier. It would be better than how it's now if it came out of the box using their stock set up to get it up-and-running. Then you go in, and you add more restrictive things to make it better.

I have been using Cortex XDR by Palo Alto Networks for a little over a year.

Technical support has been fine.

The initial setup isn't straightforward or complex. It's somewhere in the middle. Like 90% of the features are there out of the box. When you start doing more complex things, it becomes more complicated. For example, if we wanted to limit someone's ability to plug in and access a USB stick, we have to create a profile to do that, and that's an advanced functionality.

We did most of the deployment in-house.

On a scale from one to ten, I would give Cortex XDR by Palo Alto Networks a nine.

We are a solution provider and one of the Palo Alto products that we implement for our clients is Cortex XDR (Extended Detection and Response).

It is also known as Traps, and it is mostly used for endpoint protection. For example, when remote users want to connect to their organization using a VPN, they will be protected.

The protection offered by this product is good, as is the endpoint reporting.

Once installed, this product is easy to manage, whether it is on-premises or the cloud-based management system.

There are a lot of logs generated and an engineer has to go through all of the events to find out exactly what the bottleneck is. We do need to collect the events but this can be time-consuming. Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer.

A better pricing plan would make this product more competitive.

We have been dealing with Palo Alto, including Cortex XDR for more than three years.

This is a stable product and it is good, but we will keep evaluating other products as we continue to offer this type of solution to our customers.

Cortex XDR is a scalable solution.

The technical support team is good, and we can reach them quickly and easily. However, finding a resolution might take time.

We have used Cylance in the past, although we stopped using it about three years ago.

We are currently using K7 Endpoint Protection. Unfortunately, it is not catching anything, whether it is malware or a virus.

When we first implemented this product, it was called Traps. However, I don't see any difference, other than the name. For new customers, it might be a bit difficult to install and set up. It takes perhaps eight hours to install.

I deployed this product, and I was also involved with the initial POC.

Only one admin is needed for deployment and a second person should be available to work with the users.

This is an expensive solution.

We are currently trying to evaluate ELK.

Overall, this is a good product and I can recommend it to others.

I would rate this solution an eight out of ten.

We had firewalls set up and it integrated but didn't meet with our regulations.

We were using this solution for endpoint protection.

It's a perfect solution. 

It integrates well into the environment.

I would like to see them include NDR (Network Detection Response). Then it would work well with SIEM Response. Also, if they could make an on-premises version we would definitely go with Cortes. At this time, they are not offering an on-premises solution.

We had it in our environment for two days.

It's a stable solution.

Cortex XDR by Palo Alto Networks is scalable.

The technical support was good.

We evaluated Fideles and are currently using it, as it meets the regulations and is on-premises.

We had to move away from working with Cortex XDR by Palo Alto Networks due to the regulations. They state that the logs have to be kept in Saudi Arabia. Also, the log is in the cloud, which is against the regulations. 

We chose Fidelis. They meet the regulations and they are on-premises.

We had no issues with Cortex. We were satisfied but it didn't meet with the regional regulations.

I would rate Cortex XDR by Palo Alto Networks an eight out of ten.

We primarily use the solution for our endpoint server and endpoint protection.

There aren't many features we find valuable on the solution.

They have a new GUI which is just fantastic.

The solution eats memory of the computer, unlike anything I've ever seen. It eats more memory than Chrome. 

I have a lot of users that are eating my memory each hour every day and it's causing us problems. We have to go and buy more memory for each computer. When you have a lot of computers like we do, is not a very good situation.

Some of the computers are only using 4 GB of memory, so if you put aside the differences, most only have some Chrome, some internet, and Office and that's it. And yet, the memory is getting eaten.

If someone catches something like malware, or something else, I want to know if the file was spread to other machines and what the target was. I want to be able to get ahead of the spread. This solution doesn't do enough to protect us against these types of vulnerabilities or to give us much information about the spread. The tool really does need some more reverse engineering features.

There's an overall lack of features.

The initial setup could use improvement. Currently, I must go to each machine and deploy everything manually. We are in 2020, not in 1980. It seems like such a dated way of doing large deployments.

I've been using the solution for a year and a half.

When I was experimenting with stability early on, I did run into issues when testing the solution in the sandbox.

Eventually, it catches one of the executive files and if you go to the management section of the solution and you release this file, it takes seven or eight tries to do it. You need to keep trying, again and again, using the same procedures to release the file for usage. That was in the beginning and we still have this issue, even though they made a new GUI for management. It's still not resolved.

We have several hundred users.

I had some issues initially in the sandbox when I was testing scalability.

I have reached out to technical support in the past. I find dealing with them is like talking to a wall. They aren't terrible, however, you don't really get any guidance. They ask over and over to get us to send them dump files and we do over and over. After all of the back and forth, nothing is really resolved to our satisfaction. You're paying for their services, and you don't get the level of service you would expect. It's a pain point.

The initial setup was not complex. It was very straightforward.

The deployment did take a lot of time due to the fact that we had seven hundred computers. 

We simply use the solution as a customer.

I would not recommend the solution. I'd advise other companies to rather go with Palo Alto's firewall as a better option. I've already advised others not to touch it. It's not worth it at all to even consider using it.

I'd rate the solution six out of ten. Their new GUI is very nice, however, as a professional service, it's lacking in a lot of areas.

We use Palo Alto Traps in our Windows-based environments. Currently, it only protects our desktops and we use it in conjunction with our Check Point firewall.

The product is very good, it has caught a lot of exploits that most products would not. The WildFire module is a great AI in detecting and preventing attacks. The only issues that we have are, one the cost, two the dashboard is not very intuitive, even though you can drill down within the dashboard, we usually have to gather information from other sources to determine locations and if its a false positive.

WildFire AI is the best option for this product.

The dashboard is the area that needs to improve so that we can have the ability to drill down without having to go elsewhere to verify results.

We have had this product for two years.

This is an expensive solution.