Try our new research platform with insights from 80,000+ expert users

Cortex XDR by Palo Alto Networks Valuable Features

EC
Cyber Security Manager at Welab bank

Cortex XDR features advanced threat detection capabilities. The handling GUI allows for advanced searches, rule creation, and local detection. It incorporates AI for normal behavior detection, distinguishing unusual operations. 

These features make the product very effective for threat detection. Additionally, the GUI is user-friendly and the product offers robust AI or normal behavior detection.

View full review »
PK
Cyber Security Information Security Specialist at MHM Holding GmbH

The features of Cortex XDR by Palo Alto Networks that I find most effective in threat detection involve two main aspects. Our red teaming expert attempted to break Cortex XDR, and it generated detailed logs. The behavioral engine is another significant feature we appreciate. If a user doesn't click any link within 30 days and on the 31st day clicks a new link, Cortex XDR immediately alerts us that this user has clicked on an uncommon link or their behavior is uncommon. As an organization and implementer, we value these two features: the behavioral engine and the logging capability.

View full review »
NiteshSharma - PeerSpot reviewer
Pre-Sales Architect at network techlab
Cortex XDR by Palo Alto Networks is a good product, serving as a next-generation antivirus with extended detection and response features. It offers threat prevention, behavioral control, automation in threat response, and analytics capabilities, which enhance security measures. The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs. View full review »
Buyer's Guide
Cortex XDR by Palo Alto Networks
July 2025
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
860,825 professionals have used our research since 2012.
Rehaman Syed - PeerSpot reviewer
Technical Specialist at HCL Technologies

The solution's most valuable feature is that it protects against unknown malware and activities and offers behavioral threat detection functionalities. With a wildcard and based on whatever configurations, it gives alerts and offers an XDR Quick Scan facility. We get proper results from the tool, and after scanning, we can see them on the dashboard.

View full review »
Bandi Rakesh - PeerSpot reviewer
Cyber Security Analyst at HALA INFOSEC

The best thing about Cortex XDR is that it has host servers, networks, and proxy servers. On the other hand, CrowdStrike has only hosts and servers. The solution helps find bugs, and it is safe to use to prevent attacks by hackers.

View full review »
Saleh Bala Doma - PeerSpot reviewer
Head Of Information Technology at Diha Travels and Tours Limited

The most valuable feature of the solution stems from the fact that the tool provides real-time visibility of our network activity and allows us to detect threats early and respond quickly. It is an easy-to-use tool. The tool's interface is good and simple to use.

View full review »
Sudheer Kumar - PeerSpot reviewer
Lead Security Engineer at AeoLogic Technologies

The solution's most valuable feature is its general integration with various Palo Alto Networks products. The tool is a unified platform that includes a firewall, Prisma Cloud, and Cortex's storage. It is also a single data platform that consolidates data from endpoints and network traffic into a single data lake. For behavior analytics, the tool uses advanced behavior analytics and machine learning to detect sophisticated threats.

View full review »
Mohammad Qaw - PeerSpot reviewer
Senior Security Consultant at helpag

The solution perfectly correlates with Palo Alto's Networks Firewall to perform XDR capabilities such as network traffic plus endpoint security. This is what distinguishes the solution from other products. 

From a single pane of glass, you can easily manage all of your endpoints.

The dashboard is intuitive so you can easily investigate or track incidents. 

The solution has a fair amount of integrations with certain intelligence tools or third-party products. 

View full review »
Vyshnavi Jyothermai - PeerSpot reviewer
Sr. Endpoint Security Engineer at iOPEX Technologies

The most valuable feature of the solution is Broker VM, which is the best functionality, as I haven't found such a feature in any other product I have worked on till now.

View full review »
reviewer2511138 - PeerSpot reviewer
Senior Consultant Cybersecurity at a consultancy with 10,001+ employees

The solution's most valuable feature is the user interface. I've used other solutions like Cylance and CrowdStrike, but Cortex XDR stands out from all the products. It has also moved to XSIAM. Cortex XDR introduced it long ago, while other tools are implementing it now.

View full review »
EhabAli - PeerSpot reviewer
Sr. Cybersecurity Solutions Architect at BMB

Cortex covers everything I need. It's a perfect solution. Cortex provides a different level of visibility because it's an extended EDR, allowing you to grab logs from the network and firewalls. Palo Alto invented the concept of the extended EDR or XDR.

View full review »
Kush Kumar - PeerSpot reviewer
IT Specialist at RateGain

The most valuable features are incident creation, policy-based protection, IP whitelisting, and device encryption. These are beneficial for endpoint and server security.

View full review »
CV
Information Security Manager at a financial services firm with 1,001-5,000 employees

The solution is a new generation XDR that has a lot of artificial intelligence modules. 

The solution's communication methods are very effective. 

Configuring or eradicating terminals is easy. 

View full review »
reviewer1389378 - PeerSpot reviewer
Divisional Operations Director at a tech vendor with 1,001-5,000 employees

The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine. 

In general, it has been able to see every single threat that has ever come up and it helps us stop it. 

I've used it for a great many years now, and it worked really well. From the Palo Alto side, whatever they buy, they integrate that really well into their integration suite, and that makes a massive difference.

View full review »
Mirko Minuzzo - PeerSpot reviewer
Business development manager for Palo Alto Networks at Westcon-Comstor

The product's most valuable features are massive user and feature intelligence exploit detection. It is very useful in detecting threats to databases. The last meter statistics prove the efficient capabilities of the solution.

View full review »
BibinMathew - PeerSpot reviewer
Cash Management Officer at a retailer with 1,001-5,000 employees

The solution's most valuable feature is its ability to rapidly detect certain hardware files.

All other features of Cortex XDR by Palo Alto Networks are fine.

View full review »
SS
Network Security Engineer at I Dream networks pvt ltd

User control in Cortex XDR allows users to restrict access to certain websites from a company laptop used over a home network. The solution allows control over the user and his machine through Cortex XDR security policies.

View full review »
Shibin V. - PeerSpot reviewer
Senior Security Engineer at Gadgeon Systems Inc.

The solution allows us to gain remote access without the user's knowledge and take the necessary actions on the device. For investigation, we can just drop down and easily elaborate on the issues, like where the user went and what they downloaded. We can use the solution to find out everything easily.

View full review »
reviewer1416024 - PeerSpot reviewer
Sr. Network Engineer at a construction company with 10,001+ employees

The most valuable feature of Cortex XDR by Palo Alto Networks is the low consumption of system resources. The solution uses a lot of AI and machine learning.

View full review »
Kelvin Choy - PeerSpot reviewer
Security Specialist at Television Broadcasts Ltd

We're trying to explore Cortex's possibly to detect digital forensics and the source of the issues. 

The initial setup isn't too bad.

View full review »
Disha Shah - PeerSpot reviewer
Technical Associate at HTH Global Network

Cortex XDR is very easy to deploy and has great threat detection capabilities and good internal threat intelligence.

It uses advanced AI analytics, behavior analytics, and custom-made detection to detect advanced threats before they occur.

If a customer says it's expensive- let's say I will say no it is not. Other values are added then it is more reasonable having strong features.

With a click, I can access the system and isolate it from other networks, and then go into a further forensic investigation of the current threat without compromising anything else.

Its stitches with external logs are perfect and enhanced.

View full review »
MartinPulpan - PeerSpot reviewer
Owner and Executive Director at Cloud 9 s.r.o.

Cortex XDR is a very capable solution for protecting large networks and a lot of endpoints. It's very useful because the automation is very high, and if you combine it with the features on Palo Alto firewalls, it provides very strong protection.

View full review »
Kamil Fahmi - PeerSpot reviewer
Site administrator officer at a tech services company with 11-50 employees

The most valuable feature of Cortex XDR by Palo Alto Networks is its machine-learning capabilities. Additionally, there is full integration with other solutions.

View full review »
Jitendra_Singh - PeerSpot reviewer
Senior Vice President at Chi Networks

Cortex XDR's most valuable feature is its intelligence-based dashboards.

View full review »
DT
Team Lead at MindTree

One thing that I like about Cortex XDR is its ability to detect all the suspicious or malicious binaries, and it can integrate with Palo Alto Firewall. 

View full review »
Ahmed Sief - PeerSpot reviewer
System Engineer at a logistics company with 5,001-10,000 employees

The good thing about the product is that it's always scanning. It does real-time scanning for customers. If there's anything related to the applications that it's installed, for example, if an application needs some upgrades, or updates, or add-ons, we already have a server that is downloading this for the users, the computers. In terms of the laptops, we are not managing the laptops from the servers, since the users take the laptops with them and they are managing their laptops by themselves. There is any variability. The application gives us a notification on the Cloud so that we can handle this problem or make sure that the laptop is secured. The customers or the users don't have much experience to pick what is right and know what is wrong. It's a very, very informational application. 

The initial setup is easy.

View full review »
CB
Senior System Administrator at a government with 10,001+ employees

Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them. The hash that they use is pretty comprehensive. I like WildFire. It gives us a better idea of what is a true virus and what is a false positive.

View full review »
Rustam-Rustamli - PeerSpot reviewer
CISO at International Bank of Azerbaijan

I chose this solution because they constantly add new features and are very proactive about that. To my mind, signature-based antivirus is a thing of the past. These days it's machine-learning technology and behavior-based analytics features that make us more secure. XDR feels secure because of those features.

View full review »
GR
SOC Manager at Nais Srl

It is a simple platform to use.

The dashboard is good, it's very clean and very simple to read. The information the dashboard provides is very clear.

View full review »
Zubair Ahmad - PeerSpot reviewer
Senior Chief Manager at Arcil

Alerts regarding the incidence happening in system and easy to block and allow the services and external device control.

View full review »
MZ
Digital Business Solutions Manager at Bahrain Telecommunication Company BSC (Batelco)

It's a nice product that's stable and scalable.

View full review »
FT
System Manager at a consumer goods company with 10,001+ employees

Cortex has several good features that I am interested in. There is a nice Sandbox function that is very strong, there is the Traps (endpoint protection) solution, the real-time filtering of suspect linkages is good, and the automatic blocking of suspect behavior is always active and protecting the network.  

View full review »
Ragesh Singh - PeerSpot reviewer
Cyber Security Engineer at ACPL

We can use Cortex XDR to get the entire graph of the incidents from source to destination, and we can take remedial action. We don't need to navigate different solutions and tools or use our human intelligence to correlate all the information to make the logic. Cortex XDR entirely does it, and we can take action.

View full review »
reviewer2082015 - PeerSpot reviewer
Servicio Posventa at a security firm with 11-50 employees

One of the things that I enjoy the most is using policy extensions. It's like having host firewalls to control USB connections. I think it's a wonderful tool to restrict use when connecting to our computers. 

Another important tool is Home Insights. That is an add-on to the Cortex solution. I like that because we can see all the vulnerabilities in the environment and control what assets are connected to our network.

View full review »
reviewer1870953 - PeerSpot reviewer
IT Security Administrator at a tech services company with 1-10 employees

Their XDR agent and their behavioral indicators of compromise (BIOC) are pretty nice. Their managed threat hunting is also pretty nice. They also have WildFire, which is a service for actively looking for malware. It's quite useful.

View full review »
reviewer1379898 - PeerSpot reviewer
Senior IT Specialist at a manufacturing company with 1,001-5,000 employees

Monitoring is most valuable.

View full review »
GA
Information Technology Consultant at Trillennium (Pvt) Ltd

When the pandemic started, Palo Alto came up with many solutions, which helped with the quick shift from on-premises to the cloud. We have a lot of advantages as a result.

It's a very simple implementation, and I have direct Palo Alto implementation available as well. So it's very simple. We haven't found any issues, so far the implementation is going well, I don't see any gaps.

View full review »
OR
Regional Key Account Manager at Orange Cyberdefense

Overall, it's a great platform. It integrates very well with other solutions from Palo Alto and also with our vendors. 

The ease of use is excellent. 

I love the root cause analysis from Cortex, which is amazing. It's really fantastic. In a few clicks, you can just have the full root cause. 

The price is quite interesting. It's not overly expensive.

The solution is stable. 

I've found the solution to be highly scalable for enterprises. 

View full review »
AG
Account Manager at CIPHER

The most valuable features are that it can integrate the firewalls and determine the tendencies of the attacks.

It investigates problems and incidents quickly. Cortex is good at reducing alerts and for having a custom barrier. It's a new generation antivirus, with protection endpoints and detection response.

Cortex detects and shows what the problem is and how to resolve the problem or incident. Cortex is very easy to use and everybody can operate the solution.

It has tools for threat hunting and it has very good incident response features.

View full review »
Mantu Shaw - PeerSpot reviewer
Project Manager at a outsourcing company with 1,001-5,000 employees

The most valuable for us is the correlation feature. You are able to correlate data that is coming from the firewall, network, server, and endpoints. This is one of our main requirements and makes for a good product.

It works with the data lake in an agent-based or agentless manner.

It is easy to integrate most with network devices, including firewalls, and Active Directory. We use firewalls from different vendors including Palo Alto and Check Point, and it supports them.

View full review »
RV
Information Technology Corporate Manager at a consumer goods company with 1,001-5,000 employees

Cortex XDR by Palo Alto Networks is easy to use and does not consume a lot of hardware resources. 

Cortex analyzes the network and users to detect additional risks and threats that the other vendor's solutions don't detect.

View full review »
WA
System Administrator at NATIONAL ASSOCIATION OF REALTORS

I like the centralized console and the predictive analysis it does of malware.

It is very stable and also scalable.

It is easy to deploy and update. It does not require a lot of maintenance.

View full review »
reviewer1451712 - PeerSpot reviewer
Cybersecurity Incident Response Analyst at a computer software company with 5,001-10,000 employees

I like that the product has behavior-based detection which offers many benefits over signature-based detection. When it comes to zero day attacks and targeted attacks, signature detection is not able to detect problems. Behavior-based detection is able to detect attacks tailored specifically for your environment, or malware that doesn't yet have a known malicious signature. It's the nature of how the data is processed that makes the tool really powerful. 

View full review »
MJ
Senior Security Consultant at a tech services company with 201-500 employees

The most valuable feature is that you can select remote access of any machine for sandboxing.

Irrespective of whether you have the rights or not, you can still access it from the cloud.

View full review »
JW
Vice President / Chief Technology Officer at Sinnott Wolach Technology Group

The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly.

The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that.

View full review »
it_user1237689 - PeerSpot reviewer
Network Designer at a computer software company with 1,001-5,000 employees

The solution offers a very high-performance. 

The solution has analytics that watch patterns and trends. If there is a change in user behavior or communication, it has the ability to track that. 

The solution has a very helpful isolation feature. If any system gets compromised, with one click I can access the system and isolate it from other networks, and then go into further forensic investigation of the current threat without compromising anything else.

There are a lot of lead solutions in this space, however, Palo Alto is number one.

The initial setup is pretty easy.

View full review »
MG
Assistant Superintendent with 51-200 employees

The interface is easy to use and it is more up to date than our previous solution.

View full review »
reviewer1388277 - PeerSpot reviewer
Senior Information Security Architect at a tech services company with 201-500 employees

I can call the tweak responses or other items that the customer doesn't like very easily due to the fact that this solution is on the cloud

It collects and caches and the knowledge of machine learning from different customers to take to the cloud. It makes it better to use for everybody. It allows for quick learning and updates and can, therefore, offer zero-day malware security. This sharing of metadata helps make the solution very safe.

Even the firewalls have their signatures. It takes from different resources and takes note of everything. 

The exploits and malware technology are really good. 

View full review »
reviewer1371849 - PeerSpot reviewer
CIO/CTO at a manufacturing company with 501-1,000 employees

There aren't many features we find valuable on the solution.

They have a new GUI which is just fantastic.

View full review »
Mohammad Qaw - PeerSpot reviewer
Senior Security Consultant at helpag

I've found the security protection modules there, have been the most valuable.

View full review »
AK
Information Technology Manager at a hospitality company with 10,001+ employees

A majority of its features are very good, well-designed, and programmed. Most of the machine learning has features where we took a deep analysis on kernel level scanning. It has shown that if in case of anything happens, like first-level operation fails or it went to the next level that it will protect the machine. You can see the artificial intelligence working on it. 

View full review »
ManagerO5d72 - PeerSpot reviewer
Manager of InfoSec at Jo-Ann Stores

Wildfire, advanced detection capabilities, and whitelist/blacklist features. These features have provided us an easy way to lock down our systems to prevent execution of unknown code and scripts and to prevent launching of code from end user writable directories.

View full review »
reviewer2159517 - PeerSpot reviewer
Mdr of Presales & Customer Success Head at a financial services firm with 1-10 employees

The solution allows us to make investigations. Other XDR solutions also provide similar capabilities but for investigation, Cortex XDR is better.

View full review »
Prathamesh Samant - PeerSpot reviewer
Presales Manager at a tech services company with 51-200 employees

The policy configuration is great. The granularity of policies that are available is very helpful.

It is straightforward to set up.

It has pretty much everything we need and works well within the Palo Alto ecosystem.

View full review »
reviewer1530651 - PeerSpot reviewer
EMEA IT Infrastructure Manager at a consumer goods company with 5,001-10,000 employees

The most valuable features of this product are the management capabilities, which allow an IT organization to get quite a good picture of attempted cyber attacks, and its out-of-the-box investigation capabilities.

View full review »
reviewer1663611 - PeerSpot reviewer
IT manager at a computer software company with 11-50 employees

Its ability to react to cyber data attacks is awesome. That is pretty much the use of it. What blows your mind is the ability to access your assets remotely and see what is actually going on with them. You can not only see them in a console. You can also react very rapidly to your assets that are compromised.

View full review »
DB
Assistant PhD at Stefan Cel Mare University of Suceava

Threat identification and detection are the most valuable features of this solution.

View full review »
AndyChan3 - PeerSpot reviewer
General manager at a tech services company with 201-500 employees

One of the main benefits of the solution is its intelligence to correlate the events into an incident.

View full review »
reviewer1387713 - PeerSpot reviewer
Relationship Manager at a financial services firm with 5,001-10,000 employees

It is easy to use.

View full review »
reviewer1411233 - PeerSpot reviewer
Security consultant at a computer software company with 1,001-5,000 employees

The user interface of the solution is sophisticated and straightforward.

View full review »
KF
Lead Security Engineer at ESKA

If a company uses Palo Alto and supports Cortex XDR for endpoint protection it is very well protected. Palo Alto is the best security solution in the market. It's very advanced and its protection is extremely reliable.

The solution doesn't need a high level of technical training. The solution is very usable and doesn't take a lot of personnel.

The product is very scalable.

The stability is very good.

View full review »
reviewer1489881 - PeerSpot reviewer
Network and Cybersecurity Consultant at a tech services company with 11-50 employees

Stability is a primary factor, and then there's the ease of distribution and policy management. Cortex XDR by Palo Alto Networks is very easy to work with, and we're quite happy with them.

View full review »
it_user1437951 - PeerSpot reviewer
Security Engineer at a tech services company with 11-50 employees

The behavior-based detection feature is valuable. 

View full review »
reviewer1460898 - PeerSpot reviewer
Lead Consultant at a tech services company with 1-10 employees

The protection offered by this product is good, as is the endpoint reporting.

Once installed, this product is easy to manage, whether it is on-premises or the cloud-based management system.

View full review »
DS
Consultant at a tech services company with 501-1,000 employees

It can automatically correlate events and logs, which is very helpful for an IT administrator. It can correlate different kinds of malware activities over a network, agent, or host system. You do not need to do it manually. It is a good feature. 

It is also a user-friendly solution. We have deployed it on the cloud because our space does not provide any flexibility for on-premises deployment, but Palo Alto has added some flexibility to install it on-premises. It must be like the same Cortex XDR agent for all the VPN services, web filtering services, and everything else.

View full review »
reviewer1361427 - PeerSpot reviewer
IT Director at a energy/utilities company with 1,001-5,000 employees

It's a perfect solution. 

It integrates well into the environment.

View full review »
CB
Senior System Administrator at a government with 10,001+ employees

WildFire AI is the best option for this product.

View full review »
RR
Cybersecurity Engineer at GFR Media

The one feature that our organization finds most valuable is being able to control the USB ports on the endpoints

View full review »
it_user1009236 - PeerSpot reviewer
SOC Analyst at a tech services company with 201-500 employees

The integration with other products, the firewall, and the IPS are good features.

View full review »
Traps677 - PeerSpot reviewer
IT-Administration at a mining and metals company with 51-200 employees

We have a complete overview of all our PCs and it's very easy to handle and to use the interface. It has a lot of benefits for us.

View full review »
SH
Manager Information Technology at Avendus
  • It blocks malicious files. 
  • It prevents attacks.
  • It doesn't require many updates, it's a very light application.
View full review »
Netw9886 - PeerSpot reviewer
Network Manager of Cyber Defence at a government with 1,001-5,000 employees

The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical.

View full review »
OS
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services

If the user leaves our premises or network, Palo Alto Traps will still be on that endpoint and will still apply our policies. For example, if you take that endpoint out of our network, go to a Starbucks with a company laptop, then connect to our our virtualized gateway. That local endpoint will still have our network policies.

I'm so used to IPS IDS endpoint security that I don't see anything else that catches my attention other than it's working fine. It's a very good tool. It's the best one that we have.

It has Android support.

View full review »
LT
Lead IT Security Analyst at a mining and metals company with 1,001-5,000 employees

The multi-layered approach to the product is its best feature. Each layer has a different method of protecting its endpoint. 

View full review »
RH
Security Engineer at U.S. Acute Care Solutions

The anti-exploit is impenetrable. We chose Traps because it is the only product that we were not able to get anything past.

View full review »
MK
Head of Network and Communication Department at a program development consultancy with 10,001+ employees

The level of security I get for my endpoints and servers is extremely valuable.

View full review »
reviewer1890849 - PeerSpot reviewer
Network and security engineer at a tech services company with 11-50 employees

Everything is fine. 

It'll not slow down your system when compared to others.

The initial setup is easy.

View full review »
reviewer1678701 - PeerSpot reviewer
ISEC Unit Manager at a tech services company with 11-50 employees

Cortex XDR lets us manage several clients from the same console, and its endpoint defense is more advanced than traditional antivirus.

View full review »
PC
Pre-sales engineer at a tech services company with 51-200 employees

Its interface and pricing are most valuable. It is better than other vendors in terms of security.

View full review »
reviewer1454937 - PeerSpot reviewer
Ingeniero de Soporte at a tech services company with 11-50 employees

They did what they said. This solution could apply to any scenario.

View full review »
AS
Cybersecurity Services Director at ITVikings

The platform's most valuable feature is being a cloud-based solution. We can visualize and control the activities in the environment from anywhere.

View full review »
Lissette Acurio - PeerSpot reviewer
Solution Engineer at Secure Soft Corporation

The product has an intuitive dashboard. The first time a client interacts with the solution, they do not face any problems. It is easy for the client to navigate through the tool.

View full review »
AC
Information information analyst at Seeton

Cortex XDR is a simple platform that's easy for administrators and users. You have a lot of flexibility to change or customize the features. 

View full review »
Buyer's Guide
Cortex XDR by Palo Alto Networks
July 2025
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
860,825 professionals have used our research since 2012.