Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items.

The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there.

They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now.

Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.

View full review »

I think Cortex is the best tool, but there are a few points that could be added to improve it. For instance, enhancing UI simplicity and playbook flexibility are areas that could benefit from more low-code automation options for smoother integrations. AI-based alert prioritization features could enhance efficiency for SOC units.

Cortex is a very good and accurate tool, and if some other tools could be integrated, such as third-party tools including Splunk, ServiceNow, and Microsoft, it would significantly enhance usability. Improving reporting and dashboard customization, along with the addition of real-time and exportable reports, would help SOC teams greatly. APIs should be efficient, coupled with simpler low-code notebooks for customizing smart AI-based incident prioritization systems.

While using Cortex, I noticed some aspects that could be improved, such as increasing the synchronization speed between XDR and Xnor. Although the synchronization is fast, it could be enhanced to generate new alerts more quickly. There could also be more granular role-based access control for better permission management, along with built-in playbook templates for common incident types such as phishing, allowing users to deploy automations more swiftly.

View full review »

Last week, the UI of Cortex XDR by Palo Alto Networks actually changed, so I am learning the new UI. I didn't use the UI much, so I'm not aware of the new UI yet. But I think they updated almost all the misconfigurations and everything, making it more easy to use and more beginner-friendly. I don't have any suggestions for improvement as it is already the best.

View full review »

I saw one improvement needed for Cortex XDR by Palo Alto Networks. I feel that it should not be a licensed activity because a feature should allow us to see applications running on end devices. However, Cortex XDR by Palo Alto Networks provides it under license for that feature. I feel that it should be added as a free feature because it is more of a concern about applications.

View full review »

Cortex XDR by Palo Alto Networks is a very good product, but financially, it is very expensive, so the company should look into that area. View full review »

If Palo Alto reduces the pricing slightly for their products, it would make them more scalable in markets such as India and globally for cybersecurity.

Pricing flexibility is the main area of improvement I see. If Palo Alto reduces some prices on their devices and licensing solutions, it would enhance the scalability of their product significantly in the Indian market.

View full review »

More integration and marketing would be beneficial. This is a full cloud solution, but there are some GRC-related issues that can be bypassed to some extent. In the future, there may be some issues in the environment because although the product receives telemetry and it works, it is actually getting much more information for analysis.

The preference would be to have separated isolated zones where if working in the Middle East, that data should reside in the Middle East, be analyzed and processed, and not be shared through other regions.

The ESA, customer success, and focus services are paid for, and these services can be utilized for other products as well, which is a huge advantage. However, if you do not have Palo Alto in your environment, you are paying these additional services just for Cortex XDR by Palo Alto Networks, so it is not a cost-effective solution.

View full review »

I do not see any weak points in Cortex XDR by Palo Alto Networks at this time. Every solution must have a weak point, and I have not seen a weak point until now.

View full review »

I think there are areas that they can continue to improve and additional features that would be nice.

View full review »

For Cortex XDR by Palo Alto Networks, if I had to point out improvements, I would say the UI is still somewhat difficult for beginners. However, once you start using this product, it becomes very easy to understand where all the features are located because it has threat management, inventory, and other capabilities. In the incident response tab, there are many features such as query builders, playbooks, scripts, playground, automation rules, and more. These are very helpful features, but Palo Alto Networks needs to showcase these prime features on the dashboard itself to make them more discoverable.

View full review »

The main issue I could point out is the offline agents and the way that it is missing. Even if you create and isolate your network, for example, if you are proxying all your communications and not allowing any endpoint to connect directly through the internet, servers can have servers that are isolated, which is absolutely normal, yet the agent needs time to connect to the internet. It shouldn't be that way because it is a problem. You have to expose the servers to connect and then allow the upgrade or update that the agent may need or just to do the heartbeat and then close that network again. It is an unnecessary hassle because if you have a broker VM as a middleware, it shouldn't happen. The broker VM should do all the work.

View full review »

There are no other improvements Cortex needs in my opinion.

View full review »

Areas of Cortex XDR by Palo Alto Networks that have room for improvement include the pricing structure. They are charging for Network Traffic Analyzer (NTA) services, so if the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better. We have to invest significantly more for NTA due to total sizing and per data licenses.

View full review »

I would like to see improvements in Cortex XDR by Palo Alto Networks, especially in some environments such as government organizations, where information cannot go through the cloud. Cortex XDR by Palo Alto Networks needs to be installed on our servers in some organizations, so I think it should also be available on-premises, not just in the cloud. It would be a very good solution. Additionally, I think the price is very high, and if it can be adjusted, I believe it will be a very good solution.

View full review »

I recommend adding a data loss prevention (DLP) solution to Cortex XDR by Palo Alto Networks. The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products. Additionally, multi-tenancy and multi-cloud features are not available and should be considered for inclusion. View full review »

The downsides of Cortex XDR by Palo Alto Networks are that in many incidents, when I enter the causality chain, there are numerous logs. From that abundance of logs, I need to search for a particular event, but it is not properly matched in the initial view itself, and I have to dig through the logs to find the relevant information. For many multiple incidents, I have to create and search for a query and search the logs within that particular timeframe. The logs do not capture properly within the incident itself, which is one disadvantage.

AI-driven endpoint security helps in reducing risks. While this feature has not been implemented yet for Cortex XDR by Palo Alto Networks, it will be implemented in the future.

View full review »

Cortex XDR by Palo Alto Networks is already good at what they're doing in terms of detections, but I think they should improve their integration capabilities, especially for their XDR capabilities, which are more tied down to their own ecosystems.

For Cortex XDR by Palo Alto Networks to get closer to ten or at least nine, I would like to see more openness in terms of the integrations for their XDR capabilities. The second improvement I would like to see is more into the response and the detection and response capabilities for backups of the system state of the endpoint, such as what we have on SentinelOne.

View full review »

One of the downsides of Cortex XDR by Palo Alto Networks is the KQL language. When I was working as a security analyst using Cortex, there was a disadvantage. People need to have knowledge of the KQL language to understand the fine-tuning of alerts or the creation of new rules. That would be a drawback. Additionally, when investigating a particular alert or case, the complete information is not available in the GUI table if we compare it to other XDRs or other tools.

I would suggest that Cortex XDR by Palo Alto Networks' AI-driven endpoint security would work better. Whenever we are investigating something, the AI would help us by simply writing into a description box. For example, if I want user login information for a particular user, I would write it and the AI would automatically generate all login events from that host. I would suggest that this would be a better feature.

View full review »

Cortex XDR could improve its sales support team, including better commission structures and referral programs. Enhancements in marketing and AI features would also be beneficial. It would be advantageous to deploy more rules to the front end and on end-user devices.

View full review »

The product could be improved in several areas. The complexity and confusion regarding product variants, such as XDR, Forexiant, and Forexon, must be addressed. There is also a need for clearer differentiation between features and capabilities within Cortex's suite, as the overlap between XDR and XIM can be confusing.

Improvements in the user interface and more intuitive KQL query handling could also enhance usability. Additionally, better support for various deployment scenarios and cost management options would be beneficial.

View full review »

Improvements are required in Cortex XDR agent whenever they are releasing the latest version. Whenever the tool releases a new version when deploying the product across the organization, I feel like there are some disturbances in the CPU usage after upgrading the tool to the latest version. Whenever Palo Alto releases the latest version and when you are deploying the package into the server, we see some disturbances in the CPU usage, like the RAM utilization is more. Generally, the CPU utilization is higher. Disabling one by one component from the profile manager, we are unable to find the exact cause of the issue. When we go to Palo Alto, even after sharing the logs and mentioning the issue, the solution team comes back and gives us some more versions of the tool. If Cortex XDR Agent 8.4.0 is having issues, then the tool's team offers us Cortex XDR Agent 8.4.1. Some updates can update the tool to the latest version.

View full review »

The solution should add unwanted malicious hash values to a block list so that whenever the action is triggered, it will automatically prevent the malicious content. We can even block the IP address in malicious content. If any host is affected, we can isolate the host, rectify that problem, and prevent it from happening in the future.

View full review »

I would like to see improvement in the tool's user interface, particularly in the area of managing alerts and providing more reporting capabilities. The user interface should include a built-in compliance framework, and I think it will make the tool even more valuable for organizations with statistical regulatory requirements.

View full review »

I think sometimes Cortex XDR agent automatically stops event capturing from the device, and then even the dashboard does not get any notifications from the agent. A particular endpoint message with the events captured gets stopped, making it an area where there is a need to improve the agent's real-time monitoring.

View full review »

The solution should force customers to integrate with network traffic to see the full benefits of XDR. If you are not integrating it or feeding in your network traffic, then you are just buying a normal antivirus which doesn't make any sense. You are paying double the price to use the antivirus feature or to say you have XDR, but in reality you are not using it. 

The solution should include an on-premises option because some customers want only on-premises. It would be hard, but good to do if possible. 

Open XDR would be beneficial in the future. Right now, the solution is Closed XDR so cannot communicate with the few new vendors in the Open XDR market. 

View full review »

There's room for improvement with Mac device installations, which can be challenging.

View full review »

Some feature requests are coming up from the customers. I feel like there should be a quick improvement. There is a little gap in implementing the tool's features as the team needs to do an investigation, which would take more time than expected, leaving the customers frustrated. The product team's investigation to decide on the features to be introduced in the solution should be a little quick. When it comes to malware files, it should be a little quick because, at times, it would give a wrong result in the sense of what it might be on malware, even if it still might be a normal one. At that point in time, we need to change the tool's version, and it generally needs to be changed from our end with Java and Jira. Maybe it should be a little improved in that case.

View full review »

The solution lags to the real-time scenarios here and there.

View full review »

We have implemented a product that blocks USB usage and also provides device control for our company. 

Currently, we are monitoring all USB drives and ports but we would like to improve our device control capabilities. 

Although we are using this feature, we allow specific systems and USB devices. For example, we enable certain users to use external hard drives but we may disable them if necessary. However, due to the nature of our organization, we do not have a dedicated department for this task.

View full review »

Product might have some bugs. But these will be fixed in the next version. They'll try to work on that and fix those issues. They won't let it go easily.

View full review »

The server sometimes stops continuously to check things so it would be helpful to receive access updates or technical reasons. 

View full review »

The price could be a little lower. 

View full review »

The onboarding process could be better. 

It tends to do 99.9% of things. The only thing I'd like is single sign-on authentication into their cloud platform so that my users can be properly authenticated against it.

View full review »

I have run into some detection issues with Cortex XDR. 

If they had pulse rate detection, it would be better.

The whole state IPS should be better. 

It needs to be better at detection of internal attacks. 

View full review »

1. Disk Encryption capability.

2. User group-wise admin role. They have module-wise roles but a user group-wise role is not available.

View full review »

Cortex XDR is not that smart compared to Check Point. We also deal with Check Point. Check Point solutions, Check Point Firewall, Check Point solution WAF technology, or anti-virus technology can be considered smart because of Palo Alto. The detection of malicious activities performed by Check Point is good. Artificial intelligence is not a good match for Check Point because sometimes Palo Alto Networks Cortex XDR does not detect malicious activity like in other anti-virus solutions like Trend Micro and Windows with Cisco.

I also want a better detection feature like the one in Check Point and any other anti-virus, for a matter of fact.

View full review »

Cortex XDR by Palo Alto Networks could improve by offering remote management. It would be useful to look at the client's issue to fix it.

View full review »

They need to do definition updates. Instead of the version, they just put an update on the portal, and each time we need to upgrade it. Sometimes it's hard to upgrade the offsite clients. Sometimes the internet that they are using is not that stable. It gives us a hard time. Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded. 

It would be ideal if the updates would happen like Symantec updates or other antivirus solutions. The upgrade needs to deploy directly to the users.

View full review »

We had a problem with getting our older endpoints up to date, but their newest updates have been really good. I've been pleased with it in terms of what our needs are. It's doing what we want it to do.

View full review »

There are still a few gaps with this solution. For example, real-time, on-demand antivirus is not there. If you're looking for compliance XDR is somewhat lacking. There is also no recovery feature; if some endpoint is under attack there must be the possibility of recovering it or restoring it to a normal state. That is currently lacking in XDR. 

View full review »

It takes time to scan the servers and devices. Scanning the server sometimes takes two to three days. If the device is offline, the scan gets disconnected.

View full review »

Cortex XDR should have a lightweight agent, and the agent size should not be heavy. Cortex XDR’s technical support should also be improved.

Cortex XDR should provide a feature to remove or uninstall an agent directly from the console itself without the help of an IT engineer. No one wants to do a manual installation of the agent. Everyone is looking for a solution to remove the agent from the console directly.

View full review »

Its price is too high. That's a big problem for customers.

It's more focused on network communication. If a customer wants to increase the level of protection and start working with documents, it's impossible to integrate these features into the system. It's more of a communication-oriented system than a content security-oriented system.

In terms of additional features, there is very strong development. I have seen the roadmap, and we will see what happens. The roadmap looks nice, but it's still more of a network security solution than a content-security solution. The development in network security is quite strong. I'm very happy with that, but if a customer would like to implement a zero-trust security concept, it's necessary to combine this solution with other vendors. There is some part of the integration that is not so easy because you have to integrate rules and some features. It's not so automatic in network communication. You have to make some appropriate automation there, or you have to do it manually. It's time-consuming and it's also expensive.

View full review »

Cortex XDR by Palo Alto Networks could improve by adding a sandbox feature to better compete with their competitors which have it.

View full review »

Cortex XDR by Palo Alto Networks can improve mobile integration to allow access to the console.

View full review »

Cortex XDR could be improved with more GUI features.

View full review »

The GUI could be improved. It's a little bit cumbersome. It could be more user-friendly.

View full review »

They've been having some issues with updating their endpoint agents, and it has been quite frustrating.

View full review »

In terms of areas of improvement, we have not completed our review of the product. We're also looking at other products. So, it's a little bit hard to tell what could be different because we have not completed the review of this product, but based on our experience so far, its implementation is quite complex.

In terms of new features, we don't have any functions or features that we would like to add at the moment. 

View full review »

In general, the price could be more competitive.

View full review »

What would be interesting, is if it could also read IoT protocols. If they can improve on the IoT part that would be great. In general, in this area, they can still improve.

It's not an ideal choice for smaller businesses, as you need a minimum of 200 endpoints to even use the solution at all. 

View full review »

This solution is not complete enough to help us. We use a different platform that provides us with more information.

In my opinion, it is not a very complete program. I prefer to work with Carbon Black. It's a better solution as well as Cynet. For example, I use Cynet when I check installations, which provides me with more information. It is not easy to use for beginners, but it provides me with more information, which is lacking in Cortex. When it comes to core analysis, and security analysis, Cortex needs to provide more information. Cynet is a complete platform in my opinion.

We are ready to use a new solution called Deep Instinct. It's a new concept of the security platform. It's a very new company from the USA.

I would like to see a feature that allows you to check the endpoints included. I am currently having trouble checking the endpoints when using Cortex. Including this feature would benefit the platform's endpoints.

View full review »

An area for improvement is the remote connection for administrators - this is available in the current version but is limited as it's a command-based model rather than GUI-based.

View full review »

We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky.

The tool should have the ability to test an environment to see what percentage it is secure against threats, such as ransomware. This would allow for adjustments to be made to the network for more security. We don't have the capability to test the networks daily there should be a parameter in order to report on the healthy of the network for security vulnerabilities.

View full review »

It would be better if they could educate the customers more. Some sort of seminars and roadshows will help educate the customers and show what the product can do. The price could be better. It would also help if they had a team for deployment and support.

View full review »

It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue. So, making exceptions would be easier and would probably be better for logging.

It would be nice if it were easier to use and if there were some free training hours.

As for additional features, I would suggest having mobile access to the console, perhaps through a mobile app for the console.

View full review »

The downside to the solution is that there are a large number of false positives. There are a whole lot of different things for business automated actions, and it's hard to sort through all that. Without some assistance and suppression of false positives from Palo Alto or some event triaging that you might have enabled on your SIEM, you'll continue to get the high number of false positives. It's related more to the lack of capability to easily identify and suppress false positives before they're presented to you. There needs to be a function for suppressing false positives for types of machines and not necessarily for the actual groups.

View full review »

The solution should enhance the ADR and reporting. As of right now, they are giving reports, which are okay, however, there are other ways to get better reporting. That is an area where I already requested that Palo Alto work on.

In reporting they should have a customizable dashboard due to the fact that C-level people don't like reporting to the IT department. They prefer to have a real-time dashboard. That kind of dashboard needs to have various customizations. 

They should extend the solution for URL filtering, as other endpoint security products are doing that already. Nowadays, users are working from home and therefore we have plenty of traffic back through the data center just for URL filtering security. If that functionality could be there in the endpoint, then we would be happy. It would ensure users working from home couldn't access malicious websites. 

View full review »

Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want.

View full review »

As an improvement, I would like to see enhanced connection speeds. On China's side, we need to set up a local server for the definition updates, and the performance has not been very good for the company when directly connected to the internet. We are a little disappointed with that.  

View full review »

It is an enterprise-level solution. Its price could be less expensive.

View full review »

The product's pricing could be better.

View full review »

I don't like that they have different types of licenses. For example, if users select a license, they think they will have all the platforms they need to improve their network or security. But after some time, Palo Alto Networks changed their licensing, and some of the features that, for example, were free at the beginning now have a cost. I think the integration can be improved. For example, a lot of tools are just integrated through APIs.

View full review »

This product could be simpler to use. For example, the onboarding process and getting it started could be improved.

The technical support is in need of improvement.

View full review »

The dashboard could be more user-friendly.

View full review »

It is not easy to sell Cortex XDR, not because it isn't a good tool. Its marketing needs to be improved.

View full review »

There are some third-party solutions that are difficult to integrate with, which is something that can be improved.

View full review »

The product's impact on system performance is horrible, adding a lot of delays for users. 

View full review »

The solution should offer more dashboards and they should be better customized. The case number of items should be addressed. 

I have found the interface of Azure to be more simple and customizable than that of the solution. 

View full review »

It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control. Currently, Cortex is good in terms of the security of the endpoints, but it is not as good as other vendors in terms of the management of the endpoint.

View full review »

It should support more mobile operating systems. That is one of the cons of their infrastructure right now.

View full review »

I would like the Panorama module included. It's another solution that is provided by Palo Alto and we are interested in that.

I would like to see some additional features related to email protection included.

View full review »

The solution could improve by providing better integration with their own products and others.

View full review »

Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms.

View full review »

In an upcoming release, the solution could improve by proving hard disk encryption. If it could support this it would be a complete solution.

View full review »

For working with the solution, you only really need a web browser, however, we've found that working on Chrome, for example, is horrible.

Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well.

View full review »

The installation should be easier and the Palo Alto pre-sales and sales should teams have more information on the product because they don't know what they are selling.

They don't know the features of the products they sell.

For example, Cortex XDR includes Cortex XDR Prevent, Cortex XDR Pro, and Cortex XDR Pro per TB. They don't know the real differences between Cortex XDR Pro and Cortex XDR Pro per TB.

Sometimes, they will tell you about features for one edition that belong to another edition. They don't seem to know what features belong to what edition.

View full review »

In terms of what could be improved in Cortex XDR, definitely the host insights module. The ability to kind of take a look at what applications are running on the endpoint is a new feature, but there is a lot of room for improvement there in terms of versioning and so forth.

Additionally, the dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard.

View full review »

I would like to see some sort of attachment scanning included.

Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access.

I want a plugin for email attachment scanning and email body scanning.

View full review »

It would be good to have a better way to search for a file within the UI. Like in SentinelOne, you can search for an arbitrary file, and in Cortex XDR, you can't. You can do it with an addendum license, but I think we could all benefit from getting it with the standard license. Because if you want to do threat hunting with this product, you have to search for files now and not wait to get a license.

View full review »

It'll help if customization was easier. It would be better than how it's now if it came out of the box using their stock set up to get it up-and-running. Then you go in, and you add more restrictive things to make it better.

View full review »

A little bit more automation would be nice.

View full review »

There are a lot of logs generated and an engineer has to go through all of the events to find out exactly what the bottleneck is. We do need to collect the events but this can be time-consuming. Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer.

A better pricing plan would make this product more competitive.

View full review »

It is not a suitable solution if you are looking for a single product with multiple features such as DLP, encryption, rollback, etc.
this is good as an endpoint protection to prevent malware, exploits, zero days, ransomware, botnet etc. For features like Host DLP or encryption or patch management, or any such features which are available in basic anti-virus, you cannot expect it in Palo Alto Network's Cortex XDR solution. rest, all features work as expected, without any lagg or slowness observed in the system.

View full review »

I would like to see them include NDR (Network Detection Response). Then it would work well with SIEM Response. Also, if they could make an on-premises version we would definitely go with Cortes. At this time, they are not offering an on-premises solution.

View full review »

It's my understanding that this solution is at end-of-life.

It's hard to use as a product. It's not easy or straightforward. Especially when I deal with a government sector or other sensitive industries. They do not accept that it's so easy to share metadata outside their organization. They prefer on-prem even if it is not as powerful due to the fact that they perceive it as being more secure.

The solution can never really be an on-premises solution based simply on the way it is set up. It needs metadata to run and improve. Having an on-premises solution would cut it off from making improvements.

The deployment is pretty hard. Competitors like Trend Micro or Symantec have features on their console that make them easier to use. This solution does not offer items that would increase its usability.

Before I moved to technical sales, I handled implementation, and I remember it being very difficult. They need to improve this aspect.

The solution provides a lot of false positives. The average amount of false positives you get is 5%. It would be great if this could be lowered.

View full review »

The solution eats memory of the computer, unlike anything I've ever seen. It eats more memory than Chrome. 

I have a lot of users that are eating my memory each hour every day and it's causing us problems. We have to go and buy more memory for each computer. When you have a lot of computers like we do, is not a very good situation.

Some of the computers are only using 4 GB of memory, so if you put aside the differences, most only have some Chrome, some internet, and Office and that's it. And yet, the memory is getting eaten.

If someone catches something like malware, or something else, I want to know if the file was spread to other machines and what the target was. I want to be able to get ahead of the spread. This solution doesn't do enough to protect us against these types of vulnerabilities or to give us much information about the spread. The tool really does need some more reverse engineering features.

There's an overall lack of features.

The initial setup could use improvement. Currently, I must go to each machine and deploy everything manually. We are in 2020, not in 1980. It seems like such a dated way of doing large deployments.

View full review »

The dashboard is the area that needs to improve so that we can have the ability to drill down without having to go elsewhere to verify results.

View full review »

The MAC agent is not as robust feature-wise as the PC version. I need to control USB ports on MAC laptops and cannot. This is a MUST so I opened a case with Palo Alto and requested this feature for an upcoming update.

I would like to see more automation and self-healing for incidents that can be easily classified as malware.

View full review »

The solution needs better reports. I think they should let the customer go in and customize the reports. 

It could also use better graphics and more information.

View full review »

I started using it from 4.1, but it didn't change that much. Some features and some fixes have been added to 4.2, but not that much. They need to improve reporting, the end-point reporting. They could also enhance their notification statuses. In the current version, you will see some threat alerts, or if anything is executable, but you will not see behavioral analysis. You will see what was being blocked, and that's it. If Traps logs something, you will get a notification. Otherwise, you have to generate the dump file and investigate on your own.

In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are a big company, so they can surely improve the UI a little bit. The UI, the reports, the log system can all be improved. But overall, when we speak about security and protection, they are one of the top providers.

View full review »

The one area which should improve is not on the user side but on the product itself. Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats. For example, if you had something that was not detected by the former solution, and you install Palo Alto, you will have some difficulty removing the virus with the Palo Alto tool. It would be helpful if they had a tool for removing a virus or threat in these cases.

View full review »

Managing the product should be easier.

View full review »

There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, was not user-friendly.

View full review »

There are some default policies which sometimes affect our applications and cause them to run around. In the hotel industry, we use a different type of data versus Oracle and SQL. By default, there are some policies which stop us from running properly. Because of this, the support level is also not that strong. We have to wait to get a results. 

Originally, we wanted to uninstall Traps because we could not run our operations because Traps, by default, had blocked applications and files. This is still a thing, as we still have to give flexibility to certain policies which are pre-defined in the Traps application.

View full review »

There are some limitations on the Traps agents. Traps for Windows has limitations and Traps for Linux too. Traps doesn't work with McAfee. You need to remove McAfee to install Traps. This is very common, and its nothing that should be an issue. Some antivirus engines recognize Traps as an threat component, so maybe they need to shake hands somewhere.

With Windows 7 and Windows 8 64-bit, when you want to install Traps, because its Windows, it will crash. They need a little more flexibility with antivirus engines.

View full review »

With cloud integration, there were several improvements made:

• Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files. It was unable to retrieve new file verdicts. It was using a thing called "local analysis" to determine if something was a malicious file or not. There was no dynamic analysis. With the cloud implementation, we now have connectivity to the server at any moment, as long as we have an internet connection.
• A new user interface, which is a lot easier to use. Making it similar to managing a firewall.
• Additional OS support.

View full review »

Going from version 4 to version 5, they had a major change in their user interface. Version 5 is now all cloud managed, while it has a very intuitive, useful interface, it doesn't have all the features that were in the version 4 interface. For example, we lost being able to automatically trigger upgrades, like creating manual groups to upgrade with. It doesn't currently have the ability to use the Active Directory to create groups. 

View full review »

The application whitelisting/blacklisting feature is based purely on path and filenames. Changing a filename can bypass it easily. The uninstall admin password for the client is passed in clear text during install. 

There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration. This is ridiculous for an enterprise product. 

Traps 5.0 does not integrate with Palo Alto's Panorama product, which was a big selling point of Traps 4.0. Traps 5.0 has no ability to send an email to alert of detections. Instead customers have to jump through hoops to use Palo Alto's log management service to forward logs into a 3rd party SIEM and then build your alerts from there. No EDR functionality, though this is supposedly coming.

View full review »

Performance at the endpoint is much better than with the old AV.

No signature updates needed.

Stops the attack before it is executed.

View full review »

The product's pricing needs improvement. They could provide more discounts. Additionally, the dashboard and control panel could be enhanced.

View full review »

It is a complex solution to implement.

View full review »

The tool needs to be improved in terms of integration and interface. 

View full review »

I'd like the solution to provide URL filtering and web-based prevention. We'd like to block web pages at a high level.

We would also like to have advanced tech protection and email scanning.

View full review »

The configuration could be simplified.

I would like to see better protection, specifically to protect email applications.

View full review »

There are many areas that could use improvement. One thing that is important to keep in mind is that times change, and we need to be adaptable to what happens. Ultimately, we want to see positive results and improvements.

In the next release, I would add dashboards that allow everyone to see what's happening, not just the security team. Users can view the data and see what's happening. Also, I think the Data Lake from Cortex XDR should be public, not private.

View full review »

The playbooks could be improved to include more functionalities or actions. 

View full review »