Cortex XDR by Palo Alto Networks Reviews

I have deployed some customized playbooks and modified ones which are out-of-the-box with more integration with SIEM solutions such as ArcSight, QRadar, ADRs and Trend Micro.

The solution should offer more dashboards and they should be better customized. The case number of items should be addressed. 

I have found the interface of Azure to be more simple and customizable than that of the solution. 

I have worked on Cortex XDR by Palo Alto Networks with my customers for a number of weeks. 

The stability is good. 

The scalability is fine. 

We have plans to increase the usage. 

The initial setup was simple. 

The deployment took no more than two hours. 

So far, I have made use of the free license which is offered. Once it ended, I was able to buy a license based on the number of users or divisions. The license varies with the number of users or applications involved. 

If one wishes to work with another team or large number of users at a future point, he must purchase a license for them. 

The interface of Azure is more simple and customizable than Cortex XDR by Palo Alto Networks.

I have found the solution to be very easy in respect of the integration and configurable. The integrations are out-of-the-box, as are the playbooks. 

The solution is deployed solely on-premises on a single server. 

As of now, there are six users making use of the solution. 

My advice is that the on-premises environments for the product's use should be increased. 

I rate Cortex XDR by Palo Alto Networks as an eight out of ten. 

We use Palo Alto Traps in our Windows-based environments. Currently, it only protects our desktops and we use it in conjunction with our Check Point firewall.

The product is very good, it has caught a lot of exploits that most products would not. The WildFire module is a great AI in detecting and preventing attacks. The only issues that we have are, one the cost, two the dashboard is not very intuitive, even though you can drill down within the dashboard, we usually have to gather information from other sources to determine locations and if its a false positive.

WildFire AI is the best option for this product.

The dashboard is the area that needs to improve so that we can have the ability to drill down without having to go elsewhere to verify results.

We have had this product for two years.

This is an expensive solution.

I've found the security protection modules there, have been the most valuable.

I started using it from 4.1, but it didn't change that much. Some features and some fixes have been added to 4.2, but not that much. They need to improve reporting, the end-point reporting. They could also enhance their notification statuses. In the current version, you will see some threat alerts, or if anything is executable, but you will not see behavioral analysis. You will see what was being blocked, and that's it. If Traps logs something, you will get a notification. Otherwise, you have to generate the dump file and investigate on your own.

In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are a big company, so they can surely improve the UI a little bit. The UI, the reports, the log system can all be improved. But overall, when we speak about security and protection, they are one of the top providers.

It's very stable. I've never experienced downtime for the ASM console or ASM core. But we experienced this for the database, and it was not clear in Trap's interface. So, Trap's server stopped working, stopped getting jobs, stopped the enforcing policies because the database was full. We did not get any alert for that, so you will not see any alert on the ESM console that says that your database is about to fill up. It was not reachable and there was no warning or indication for this. You have to go to some tools internally and check in the command line, to see. You will see some errors for the DB, and you will realize that it's a DB issue. I've never experienced any issue with the Traps itself, but with the database.

It's very easy to scale if you have file availability. If it's more clear, we can do high availability, but it's a bit tricky. We deployed this for 4,000 endpoints, and it was very easy. Two ASM core servers were enough to deploy it for 4,000 plus endpoints. These are enterprises, not SMBs. They're government institutions.

I would not say that technical support is bad, but it's not that good. It could be better.

Basically, they don't provide customer support tools just to investigate the logs. From a reseller or authorized center for Palo Alto, I can't get that much information from the logs because it's a bit complicated. If they have support tools, for example, to analyze the logs as they have for the Palo Alto firewall. They don't have for this for Traps. They need to have some tools to analyze the logs. We can generate something called tech support files from Traps, but it's useless. Nothing's there. You will not get that much from the tech support file.

But for the firewall, if we get the tech support file and upload it to somewhere they have some tools, we can get many useful logs and alerts. For Traps, this is not possible.

The initial setup was straightforward. They are using MySQL database, and I think it's a disadvantage because you need to buy a license for MySQL also to deploy it. They don't have this concept of file availability between DS and core servers.

We are a reseller. We are implementing it on customer premises for our clients.

The main advice I can share is to watch out for your database and make sure to give it enough resources. That's it.

I would rate this solution eight out of 10.

We use it for malicious connections from malicious websites. There might also be some payloads that might be inside the traffic. We also use it to identify malicious processes or bugs that are running on the network and any activities that tend to lead to data infiltration.

It is easy to use.

Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms.

I have been using this solution for about a year.

We have maybe a thousand users of this solution because it is deployed on-prem.

I don't think there were issues with the installation.

It has a yearly renewal.

I would recommend this solution. I would rate Cortex XDR a seven out of 10.

We use Cortex XDR by Palo Alto Networks for its ability to detect based on behavior rather than simple virus scan to prevent malicious activities. We also use it to go in and white list things that are okay. This way, they won't get blocked.

The behavior-based detection feature is valuable. 

It'll help if customization was easier. It would be better than how it's now if it came out of the box using their stock set up to get it up-and-running. Then you go in, and you add more restrictive things to make it better.

I have been using Cortex XDR by Palo Alto Networks for a little over a year.

Technical support has been fine.

The initial setup isn't straightforward or complex. It's somewhere in the middle. Like 90% of the features are there out of the box. When you start doing more complex things, it becomes more complicated. For example, if we wanted to limit someone's ability to plug in and access a USB stick, we have to create a profile to do that, and that's an advanced functionality.

We did most of the deployment in-house.

On a scale from one to ten, I would give Cortex XDR by Palo Alto Networks a nine.

I use it for visibility, mitigation, and analysis of advanced threat attacks.

Its ability to react to cyber data attacks is awesome. That is pretty much the use of it. What blows your mind is the ability to access your assets remotely and see what is actually going on with them. You can not only see them in a console. You can also react very rapidly to your assets that are compromised.

It should support more mobile operating systems. That is one of the cons of their infrastructure right now.

I have been using this solution for more than four years.

It has been extremely stable.

It is easily scalable. For example, if you have version 2, Palo Alto upgrades it automatically. The agents for your assets are also scalable for new operating systems. So, it is very scalable.

Their technical support is very agile and very good. I would rate them a nine out of 10.

It is way too easy to deploy it and set it up.

I would highly recommend it unless you have iOS assets on your network.

I would rate Cortex XDR an eight out of 10.

In terms of what could be improved in Cortex XDR, definitely the host insights module. The ability to kind of take a look at what applications are running on the endpoint is a new feature, but there is a lot of room for improvement there in terms of versioning and so forth.

Additionally, the dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard.

I have been working with Cortex XDR over the last year, at least.

On a scale of one to ten, I would give Cortex XDR by Palo Alto Networks an eight.

I use the solution for endpoint protection.

One of the main benefits of the solution is its intelligence to correlate the events into an incident.

The solution could improve by providing better integration with their own products and others.

I have been using this solution for approximately one year.

The solution is stable.

It is one of the best in the market for scalability.

We have approximately 500 people using this solution in my organization and we plan to increase usage.

The initial installation is easy.

We did the implantation of the solution with integrators.

The price of the solution is high for the license and in general.

We evaluated CrowedStrike and Darktrace.

I would recommend this solution to others.

I rate Cortex XDR by Palo Alto Networks a nine out of ten.