Coming October 25: PeerSpot Awards will be announced! Learn more

Cortex XDR by Palo Alto Networks Room for Improvement

Ahmed Sief - PeerSpot reviewer
System Engineer at a logistics company with 5,001-10,000 employees

They need to do definition updates. Instead of the version, they just put an update on the portal, and each time we need to upgrade it. Sometimes it's hard to upgrade the offsite clients. Sometimes the internet that they are using is not that stable. It gives us a hard time. Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded. 

It would be ideal if the updates would happen like Symantec updates or other antivirus solutions. The upgrade needs to deploy directly to the users.

View full review »
WillAgudo - PeerSpot reviewer

It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue. So, making exceptions would be easier and would probably be better for logging.

It would be nice if it were easier to use and if there were some free training hours.

As for additional features, I would suggest having mobile access to the console, perhaps through a mobile app for the console.

View full review »
Network Designer at a computer software company with 1,001-5,000 employees

The solution should enhance the ADR and reporting. As of right now, they are giving reports, which are okay, however, there are other ways to get better reporting. That is an area where I already requested that Palo Alto work on.

In reporting they should have a customizable dashboard due to the fact that C-level people don't like reporting to the IT department. They prefer to have a real-time dashboard. That kind of dashboard needs to have various customizations. 

They should extend the solution for URL filtering, as other endpoint security products are doing that already. Nowadays, users are working from home and therefore we have plenty of traffic back through the data center just for URL filtering security. If that functionality could be there in the endpoint, then we would be happy. It would ensure users working from home couldn't access malicious websites. 

View full review »
Buyer's Guide
Cortex XDR by Palo Alto Networks
October 2022
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
635,987 professionals have used our research since 2012.
Consultant at Trillennium (Pvt) Ltd

In general, the price could be more competitive.

View full review »
Divisional Operations Director at a tech vendor with 1,001-5,000 employees

The onboarding process could be better. 

It tends to do 99.9% of things. The only thing I'd like is single sign-on authentication into their cloud platform so that my users can be properly authenticated against it.

View full review »
Information Technology Corporate Manager at a consumer goods company with 1,001-5,000 employees

We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky.

The tool should have the ability to test an environment to see what percentage it is secure against threats, such as ransomware. This would allow for adjustments to be made to the network for more security. We don't have the capability to test the networks daily there should be a parameter in order to report on the healthy of the network for security vulnerabilities.

View full review »
Jeff Wolach - PeerSpot reviewer
Vice President / Chief Technology Officer at Sinnott Wolach Technology Group

A little bit more automation would be nice.

View full review »
Darshil Sanghvi - PeerSpot reviewer
Consultant at a tech services company with 501-1,000 employees

It is not a suitable solution if you are looking for a single product with multiple features such as DLP, encryption, rollback, etc.
this is good as an endpoint protection to prevent malware, exploits, zero days, ransomware, botnet etc. For features like Host DLP or encryption or patch management, or any such features which are available in basic anti-virus, you cannot expect it in Palo Alto Network's Cortex XDR solution. rest, all features work as expected, without any lagg or slowness observed in the system.

View full review »
Cybersecurity Incident Response Analyst at a computer software company with 5,001-10,000 employees

The downside to the solution is that there are a large number of false positives. There are a whole lot of different things for business automated actions, and it's hard to sort through all that. Without some assistance and suppression of false positives from Palo Alto or some event triaging that you might have enabled on your SIEM, you'll continue to get the high number of false positives. It's related more to the lack of capability to easily identify and suppress false positives before they're presented to you. There needs to be a function for suppressing false positives for types of machines and not necessarily for the actual groups.

View full review »
KostiantynFrolov - PeerSpot reviewer
Lead Security Engineer at ESKA

For working with the solution, you only really need a web browser, however, we've found that working on Chrome, for example, is horrible.

Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well.

View full review »
Senior System Administrator at a government with 10,001+ employees

We had a problem with getting our older endpoints up to date, but their newest updates have been really good. I've been pleased with it in terms of what our needs are. It's doing what we want it to do.

View full review »
IT Security Administrator at a tech services company with 1-10 employees

They've been having some issues with updating their endpoint agents, and it has been quite frustrating.

View full review »
Lead Consultant at a tech services company with 1-10 employees

There are a lot of logs generated and an engineer has to go through all of the events to find out exactly what the bottleneck is. We do need to collect the events but this can be time-consuming. Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer.

A better pricing plan would make this product more competitive.

View full review »
Prathamesh Samant - PeerSpot reviewer
Presales Manager at Doyen

The GUI could be improved. It's a little bit cumbersome. It could be more user-friendly.

View full review »
Mayur Jadhav - PeerSpot reviewer
Senior Security Consultant at a tech services company with 201-500 employees

I would like to see some sort of attachment scanning included.

Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access.

I want a plugin for email attachment scanning and email body scanning.

View full review »
Gian Michele Roletto - PeerSpot reviewer
SOC Manager at Nais Srl

This solution is not complete enough to help us. We use a different platform that provides us with more information.

In my opinion, it is not a very complete program. I prefer to work with Carbon Black. It's a better solution as well as Cynet. For example, I use Cynet when I check installations, which provides me with more information. It is not easy to use for beginners, but it provides me with more information, which is lacking in Cortex. When it comes to core analysis, and security analysis, Cortex needs to provide more information. Cynet is a complete platform in my opinion.

We are ready to use a new solution called Deep Instinct. It's a new concept of the security platform. It's a very new company from the USA.

I would like to see a feature that allows you to check the endpoints included. I am currently having trouble checking the endpoints when using Cortex. Including this feature would benefit the platform's endpoints.

View full review »
Kelvin Choy - PeerSpot reviewer
Security Specialist at Television Broadcasts Ltd

I have run into some detection issues with Cortex XDR. 

If they had pulse rate detection, it would be better.

The whole state IPS should be better. 

It needs to be better at detection of internal attacks. 

View full review »
Olivier Regal - PeerSpot reviewer
Regional Key Account Manager at Orange Cyberdefense

What would be interesting, is if it could also read IoT protocols. If they can improve on the IoT part that would be great. In general, in this area, they can still improve.

It's not an ideal choice for smaller businesses, as you need a minimum of 200 endpoints to even use the solution at all. 

View full review »
Mantu Shaw - PeerSpot reviewer
Sr. Technology Architect at Incedo Inc.

There are some third-party solutions that are difficult to integrate with, which is something that can be improved.

View full review »
Network and Cybersecurity Consultant at a tech services company with 11-50 employees

It would be good to have a better way to search for a file within the UI. Like in SentinelOne, you can search for an arbitrary file, and in Cortex XDR, you can't. You can do it with an addendum license, but I think we could all benefit from getting it with the standard license. Because if you want to do threat hunting with this product, you have to search for files now and not wait to get a license.

View full review »
Zubair Ahmad - PeerSpot reviewer
Chief Manager at Arcil

An area for improvement is the remote connection for administrators - this is available in the current version but is limited as it's a command-based model rather than GUI-based.

View full review »
Assistant Superintendent with 51-200 employees

Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want.

View full review »
MuhammadZubair - PeerSpot reviewer
Digital Business Solutions Manager at Bahrain Telecommunication Company BSC (Batelco)

It would be better if they could educate the customers more. Some sort of seminars and roadshows will help educate the customers and show what the product can do. The price could be better. It would also help if they had a team for deployment and support.

View full review »
CyberSecurity Consultant at a tech services company with 51-200 employees

The solution should offer more dashboards and they should be better customized. The case number of items should be addressed. 

I have found the interface of Azure to be more simple and customizable than that of the solution. 

View full review »
Network and security engineer at a tech services company with 11-50 employees

I'd like the solution to provide URL filtering and web-based prevention. We'd like to block web pages at a high level.

We would also like to have advanced tech protection and email scanning.

View full review »
Rustam-Rustamli - PeerSpot reviewer
CISO at International Bank of Azerbaijan

There are still a few gaps with this solution. For example, real-time, on-demand antivirus is not there. If you're looking for compliance XDR is somewhat lacking. There is also no recovery feature; if some endpoint is under attack there must be the possibility of recovering it or restoring it to a normal state. That is currently lacking in XDR. 

View full review »
Cloud and Security Architect at a transportation company with 51-200 employees

This product could be simpler to use. For example, the onboarding process and getting it started could be improved.

The technical support is in need of improvement.

View full review »
AlbertoGonzaga - PeerSpot reviewer
Account Manager at CIPHER

It is not easy to sell Cortex XDR, not because it isn't a good tool. Its marketing needs to be improved.

View full review »
Senior IT Specialist at a manufacturing company with 1,001-5,000 employees

In terms of areas of improvement, we have not completed our review of the product. We're also looking at other products. So, it's a little bit hard to tell what could be different because we have not completed the review of this product, but based on our experience so far, its implementation is quite complex.

In terms of new features, we don't have any functions or features that we would like to add at the moment. 

View full review »
Sales Engineer at a security firm with 51-200 employees

The installation should be easier and the Palo Alto pre-sales and sales should teams have more information on the product because they don't know what they are selling.

They don't know the features of the products they sell.

For example, Cortex XDR includes Cortex XDR Prevent, Cortex XDR Pro, and Cortex XDR Pro per TB. They don't know the real differences between Cortex XDR Pro and Cortex XDR Pro per TB.

Sometimes, they will tell you about features for one edition that belong to another edition. They don't seem to know what features belong to what edition.

View full review »
IT manager at a computer software company with 11-50 employees

It should support more mobile operating systems. That is one of the cons of their infrastructure right now.

View full review »
IT Director at a energy/utilities company with 1,001-5,000 employees

I would like to see them include NDR (Network Detection Response). Then it would work well with SIEM Response. Also, if they could make an on-premises version we would definitely go with Cortes. At this time, they are not offering an on-premises solution.

View full review »
Pre-sales engineer at a tech services company with 51-200 employees

It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control. Currently, Cortex is good in terms of the security of the endpoints, but it is not as good as other vendors in terms of the management of the endpoint.

View full review »
Security Engineer at a tech services company with 11-50 employees

It'll help if customization was easier. It would be better than how it's now if it came out of the box using their stock set up to get it up-and-running. Then you go in, and you add more restrictive things to make it better.

View full review »
Jitendra_Singh - PeerSpot reviewer
Senior Vice President at Chi Networks

Cortex XDR could be improved with more GUI features.

View full review »
Security consultant at a tech services company with 1,001-5,000 employees

In an upcoming release, the solution could improve by proving hard disk encryption. If it could support this it would be a complete solution.

View full review »
ISEC Unit Manager at a tech services company with 11-50 employees

The dashboard could be more user-friendly.

View full review »
AndyChan3 - PeerSpot reviewer
General manager at a tech services company with 201-500 employees

The solution could improve by providing better integration with their own products and others.

View full review »
EMEA IT Infrastructure Manager at a consumer goods company with 5,001-10,000 employees

The product's impact on system performance is horrible, adding a lot of delays for users. 

View full review »
Relationship Manager at a financial services firm with 5,001-10,000 employees

Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms.

View full review »
Ingeniero de Soporte at a tech services company with 11-50 employees

The configuration could be simplified.

I would like to see better protection, specifically to protect email applications.

View full review »
Dennis Ngetich - PeerSpot reviewer
Cloud Specialist at Eazzy Solutions

Cortex XDR by Palo Alto Networks can improve mobile integration to allow access to the console.

View full review »
Assistant PhD at Stefan Cel Mare University of Suceava

I would like the Panorama module included. It's another solution that is provided by Palo Alto and we are interested in that.

I would like to see some additional features related to email protection included.

View full review »
Director of Cloud Security at a comms service provider with 51-200 employees

In terms of what could be improved in Cortex XDR, definitely the host insights module. The ability to kind of take a look at what applications are running on the endpoint is a new feature, but there is a lot of room for improvement there in terms of versioning and so forth.

Additionally, the dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard.

View full review »
Buyer's Guide
Cortex XDR by Palo Alto Networks
October 2022
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
635,987 professionals have used our research since 2012.