Cortex XDR by Palo Alto Networks OverviewUNIXBusinessApplication

Cortex XDR by Palo Alto Networks is the #1 ranked solution in XDR Security products and #4 ranked solution in endpoint security software. PeerSpot users give Cortex XDR by Palo Alto Networks an average rating of 8.2 out of 10. Cortex XDR by Palo Alto Networks is most commonly compared to CrowdStrike Falcon: Cortex XDR by Palo Alto Networks vs CrowdStrike Falcon. Cortex XDR by Palo Alto Networks is popular among the large enterprise segment, accounting for 58% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 19% of all views.
Cortex XDR by Palo Alto Networks Buyer's Guide

Download the Cortex XDR by Palo Alto Networks Buyer's Guide including reviews and more. Updated: November 2022

What is Cortex XDR by Palo Alto Networks?

Cortex XDR by Palo Alto Networks is the first threat detection and response software to combine both visibility across all types of data as well as autonomous machine learning analytics. Threat detection very often requires analysts to divide their attention among many different data streams. This platform unifies a vast variety of data flows, which allows analysts to assess threats from a single location. Users can now maintain a level of visibility that other threat detection programs simply cannot offer. This level of transparency lends itself to both quick identification of problems that arise and the equally quick development of a potential solution.

Cortex XDR’s machine learning works on many different levels to detect and prevent threats. It is constantly scanning for threats and vulnerabilities. The solution can scan up to 5.4 billion IP addresses in three-quarters of an hour. This allows it to spot weak points in the system and notify administrators long before hackers can take advantage of vulnerabilities. Once the Artificial Intelligence (AI) discovers an issue or an area where an issue could potentially take place the system creates a log of the information and subsequently sends an alert to system administrators. The AI takes the information that it has gathered and uses it to assign threat levels to the issues that it detects. Following this, a human analyst will be assigned to manually assess the issue and deal with it accordingly. You can set it to automatically respond to the threat by isolating the issue while analysts investigate it.

Benefits of Cortex XDR

Some of Cortex XDR’s benefits include:

  • The use of advanced AI analytics, behavior analytics, and custom-made detection to detect advanced threats before they occur.
  • The ability to group similar threat alerts, reducing incoming alerts by as much as 98%. This allows analysts to avoid being overwhelmed by the volume of incoming alerts.
  • The ability to investigate threats as much as 8 times faster than would be possible with other software. The machine learning, when coupled with the unified data stream that Cortex XDR collects, significantly increases the ability to more quickly discover the root cause of a threat.

Reviews from Real Users

Cortex XDR by Palo Alto Networks software stands out among its competitors for a number of reasons. Two major ones are its ability to isolate threats while enabling them to be studied and the way that the software combines all of the data that it gathers into a single, more complete picture than other solutions offer.

PeerSpot users note the effectiveness of these features. A network designer at a computer software company wrote, “The solution has a very helpful isolation feature. If any system gets compromised, with one click I can access the system and isolate it from other networks, and then go into further forensic investigation of the current threat without compromising anything else.”

Jeff W., Vice President/CTO at Sinnott Wolach Technology Group, noted, “The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly.”



Cortex XDR by Palo Alto Networks was previously known as Cyvera, Cortex XDR, Palo Alto Networks Traps.

Cortex XDR by Palo Alto Networks Customers

CBI Health Group, University Honda, VakifBank

Cortex XDR by Palo Alto Networks Video

Archived Cortex XDR by Palo Alto Networks Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Darshil Sanghvi - PeerSpot reviewer
Consultant at a tech services company with 501-1,000 employees
Reseller
Top 5Leaderboard
User friendly, stable, and automatically correlates events and logs
Pros and Cons
  • "It can automatically correlate events and logs, which is very helpful for an IT administrator. It can correlate different kinds of malware activities over a network, agent, or host system. You do not need to do it manually. It is a good feature. It is also a user-friendly solution. We have deployed it on the cloud because our space does not provide any flexibility for on-premises deployment, but Palo Alto has added some flexibility to install it on-premises. It must be like the same Cortex XDR agent for all the VPN services, web filtering services, and everything else."
  • "It is not a suitable solution if you are looking for a single product with multiple features such as DLP, encryption, rollback, etc."

What is our primary use case?

We mainly use it for endpoint protection, exploit prevention, and malware prevention. 

What is most valuable?

It can automatically correlate events and logs, which is very helpful for an IT administrator. It can correlate different kinds of malware activities over a network, agent, or host system. You do not need to do it manually. It is a good feature. 

It is also a user-friendly solution. We have deployed it on the cloud because our space does not provide any flexibility for on-premises deployment, but Palo Alto has added some flexibility to install it on-premises. It must be like the same Cortex XDR agent for all the VPN services, web filtering services, and everything else.

What needs improvement?

It is not a suitable solution if you are looking for a single product with multiple features such as DLP, encryption, rollback, etc.
this is good as an endpoint protection to prevent malware, exploits, zero days, ransomware, botnet etc. For features like Host DLP or encryption or patch management, or any such features which are available in basic anti-virus, you cannot expect it in Palo Alto Network's Cortex XDR solution. rest, all features work as expected, without any lagg or slowness observed in the system.

For how long have I used the solution?

I have been using this solution for a year or something like that. We have been using it from the day they launched or released version 4.0. Currently, they are on version 7.

Buyer's Guide
Cortex XDR by Palo Alto Networks
November 2022
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
653,757 professionals have used our research since 2012.

What do I think about the stability of the solution?

It is stable. I have never faced any kind of issues or never heard from any of my colleagues that they have faced any kind of issue.

What do I think about the scalability of the solution?

There is no problem with scalability. Currently, we have around 150 users. In our company, it is compulsory to install this agent on all systems. If we want to scale it, we just need to install an agent. There is no upgrading the server or the hardware because it is a SaaS service provided by Palo Alto Networks.

How are customer service and support?

We directly raise issues with Palo Alto Networks, and they support us. I've never directly created a support query because our IT team looks into support queries, but I think it's pretty easy. You'll never face any kind of issues or challenges in raising support queries.

How was the initial setup?

It was straightforward. In earlier versions, such as version 4.0, it was a bit difficult to install the server and then upgrade the agents and servers. These processes were difficult. There are no complications now.

It took us more than a week to deploy because we were implementing it on the systems of various users who were working from home.

What about the implementation team?

We are a partner of Palo Alto Networks, so we have deployed it directly.

Which other solutions did I evaluate?

We evaluated multiple products. We have evaluated Trend Micro, McAfee, Broadcom Symantec, Sophos, and many other products. Each product is good in its own field. We chose Cortex because we already had a Palo Alto Networks firewall. It got integrated easily, and the co-relation part and the co-relation engine worked very well.

What other advice do I have?

If you are looking for security, mainly for advanced threat prevention from ransomware and malware attacks, I would recommend Cortex. Even if you want to integrate your firewall, I would recommend Cortex, but if you are looking for a single product with multiple options or features, such as DLP, encryption, rollback, and other features, I would not recommend Cortex.

I would rate Cortex XDR a nine out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
it_user1237689 - PeerSpot reviewer
Network Designer at a computer software company with 1,001-5,000 employees
Real User
Easy to set up with excellent trend analytics and isolation feature
Pros and Cons
  • "The initial setup is pretty easy."
  • "In reporting they should have a customizable dashboard due to the fact that C-level people don't like reporting to the IT department. They prefer to have a real-time dashboard. That kind of dashboard needs to have various customizations."

What is our primary use case?

We primarily use the product as endpoint security which we have deployed on all servers and locations. This is not limited to the endpoint, however, as it has further integration with the firewalls and email solutions. Therefore, it can give us quick visibility in case there is any malicious or suspicious activity happening.

What is most valuable?

The solution offers a very high-performance. 

The solution has analytics that watch patterns and trends. If there is a change in user behavior or communication, it has the ability to track that. 

The solution has a very helpful isolation feature. If any system gets compromised, with one click I can access the system and isolate it from other networks, and then go into further forensic investigation of the current threat without compromising anything else.

There are a lot of lead solutions in this space, however, Palo Alto is number one.

The initial setup is pretty easy.

What needs improvement?

The solution should enhance the ADR and reporting. As of right now, they are giving reports, which are okay, however, there are other ways to get better reporting. That is an area where I already requested that Palo Alto work on.

In reporting they should have a customizable dashboard due to the fact that C-level people don't like reporting to the IT department. They prefer to have a real-time dashboard. That kind of dashboard needs to have various customizations. 

They should extend the solution for URL filtering, as other endpoint security products are doing that already. Nowadays, users are working from home and therefore we have plenty of traffic back through the data center just for URL filtering security. If that functionality could be there in the endpoint, then we would be happy. It would ensure users working from home couldn't access malicious websites. 

For how long have I used the solution?

We've been using the solution for one year. Before that, we were using Palo Alto Trap.

What do I think about the stability of the solution?

The solution is very stable. I pretty much depend on product stability. Over the last six months, we have been able to see it's that Palo Alto is more stable than most. There is no such issue in that regard. 

This is a very stable product, whether it is running on a database or email system or on any platform. It works perfectly fine.

What do I think about the scalability of the solution?

The solution is very scalable. This is due to the fact that it is being managed through the cloud making it easy to deploy to a thousand endpoints. There is no issue at all. As long as there's enough space for the solution to expand, it can grow out to any size you need.

How are customer service and technical support?

Technical support from Palo Alto is perfect. However, we have first-level support from a third-party. They sometimes take time to respond, which is not ideal. That said, when we get aligned with the tech support from Palo Alto, that really works well. Their level one support is with other vendors, and level two and level three support is with Palo Alto. That's how they are set up. They deal with bigger issues.

Overall, we've been pretty satisfied with technical support.

Which solution did I use previously and why did I switch?

We're service providers. We offer a variety of solutions to our clients, including Palo Alto, Cisco, Microsoft, and McAfee, depending on their needs. We don't just use or recommend one particular endpoint protection product.

About a year back I implemented Cisco and Palo Alto for our customer. Cisco AMP is also a good solution while it is running with the grid, however, I have not been involved with using it for three years.

In routing and switching, Cisco is good. However, Cisco AMP, which is an endpoint security, requires you to work with many other AMP solutions from Cisco. 

My first preference would be Palo Alto and my second preference would be Cisco AMP.

How was the initial setup?

The initial setup is not complex at all. It is very straightforward and very easy to implement. I implemented it for 1000 or so users, and it took only about one month to execute. Even when we were in a pandemic situation where users were at home, we did it that quickly. It is very easy to deploy.

What's my experience with pricing, setup cost, and licensing?

The pricing is actually very reasonable. Palo Alto is very invested in some commercial endeavors and they have simplified their license. A team license can be used on-cloud, or on-prem. We have not faced segregation on any technologies, so a simple license gets any user anywhere without limitations. It is easy to increase the license as it's a cloud service. You just speak to your account manager and they can increase the licenses for you.

What other advice do I have?

While we deal with the cloud deployment model, we've also often used the on-premises deployment.

I'd advise other companies to use the solution. It really is the best one out there.

Overall, I'd rate the solution nine out of ten. The reporting is a bit weak, and it's my understanding they are working on that. However, performance-wise and security-wise, this is the best product.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Cortex XDR by Palo Alto Networks
November 2022
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
653,757 professionals have used our research since 2012.
Assistant Superintendent with 51-200 employees
Real User
Top 20
Straightforward to set up and the support is highly-rated
Pros and Cons
  • "The interface is easy to use and it is more up to date than our previous solution."
  • "Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want."

What is our primary use case?

This product is part of a package that makes up our security solution.

What is most valuable?

The interface is easy to use and it is more up to date than our previous solution.

What needs improvement?

Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want.

For how long have I used the solution?

We have been using this product for about four months.

What do I think about the scalability of the solution?

We think that this product will help us grow. We think that it meets our needs currently, and we can grow with it over time. There 12 people in the IT department who currently manage it. 

How are customer service and technical support?

The support is excellent. We had a couple of issues that we had to call for and I would say that they are highly rated.

Which solution did I use previously and why did I switch?

Our older solution was from Fortinet. It was out of date and more difficult to use. The IT staff say that the Palo Alto product is better.

How was the initial setup?

The initial setup was straightforward.

What about the implementation team?

We worked with a reseller. They came in, we told them what we wanted to do and they set it up to our spec. The person who came in and helped support us was highly skilled and it worked seamlessly.

What's my experience with pricing, setup cost, and licensing?

We pay about $50,000 USD per year for a bundle that includes Cortex XDR.

Which other solutions did I evaluate?

We evaluated Palo Alto and Trend Micro, and we opted for the Palo Alto Cortex XDR.

What other advice do I have?

I don't use this product on a daily basis but we like what we have so far and I would definitely recommend it to other users.

My advice is to make sure that you have a good implementor and that the reseller you're purchasing from gives you a highly-qualified engineer.

Overall, we are happy with this product but that said, nothing does everything that you want.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
IT Director at a energy/utilities company with 1,001-5,000 employees
Real User
Good protection, stable, it integrates well, and the support is good
Pros and Cons
  • "It integrates well into the environment."
  • "I would like to see them include NDR (Network Detection Response)."

What is our primary use case?

We had firewalls set up and it integrated but didn't meet with our regulations.

We were using this solution for endpoint protection.

What is most valuable?

It's a perfect solution. 

It integrates well into the environment.

What needs improvement?

I would like to see them include NDR (Network Detection Response). Then it would work well with SIEM Response. Also, if they could make an on-premises version we would definitely go with Cortes. At this time, they are not offering an on-premises solution.

For how long have I used the solution?

We had it in our environment for two days.

What do I think about the stability of the solution?

It's a stable solution.

What do I think about the scalability of the solution?

Cortex XDR by Palo Alto Networks is scalable.

How are customer service and technical support?

The technical support was good.

Which other solutions did I evaluate?

We evaluated Fideles and are currently using it, as it meets the regulations and is on-premises.

What other advice do I have?

We had to move away from working with Cortex XDR by Palo Alto Networks due to the regulations. They state that the logs have to be kept in Saudi Arabia. Also, the log is in the cloud, which is against the regulations. 

We chose Fidelis. They meet the regulations and they are on-premises.

We had no issues with Cortex. We were satisfied but it didn't meet with the regional regulations.

I would rate Cortex XDR by Palo Alto Networks an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
System Manager at a consumer goods company with 10,001+ employees
Real User
This is a recommended solution for total end-to-end protection
Pros and Cons
  • "Being a cloud solution it is very flexible in serving internal and external connections and a broad range of devices."
  • "The connection to the internet has not performed as expected."

What is our primary use case?

We are still in the testing stages so there is not currently any primary use case beyond the base use of endpoint protection.  

What is most valuable?

Cortex has several good features that I am interested in. There is a nice Sandbox function that is very strong, there is the Traps (endpoint protection) solution, the real-time filtering of suspect linkages is good, and the automatic blocking of suspect behavior is always active and protecting the network.  

What needs improvement?

As an improvement, I would like to see enhanced connection speeds. On China's side, we need to set up a local server for the definition updates, and the performance has not been very good for the company when directly connected to the internet. We are a little disappointed with that.  

For how long have I used the solution?

We have been using Cortex XDR (Extended Detection and Response) for around two months.  

What do I think about the stability of the solution?

It is stable. From the moment we installed it has been up with no restarts of maintenance until now.  

What do I think about the scalability of the solution?

I think that this product is scalable. The testing environment we use right now has around 200 users. In the future, when we deploy it to the company we will move up to around 4,000 users.  

How are customer service and technical support?

The technical support is okay. They have already helped us to fix the installation and then we had an issue and they were available for correction of the problem. They also have made some useful suggestions. So the support team is okay in my estimation.  

Which solution did I use previously and why did I switch?

We have been exploring a similar solution. Right now I am also doing testing on Sentinel at the center. This is a similar solution. But we have only just begun testing Sentinel, so we do not really have enough experience with it to comment on the product.  

How was the initial setup?

As we just started with Cortex and we are using a cloud solution, I do not have the impression that it was difficult to install and begin using.  

What's my experience with pricing, setup cost, and licensing?

The setup costs are a bit higher than some other solutions. Overall it is a little bit expensive, I think. If we could get it for around a 10% discount then that would be a better price point for us.  

For our pricing plan, we are not on a subscription, so we do not have to pay every month. We have a yearly license for the product.  

The approximate amount we pay per license is around $80 per user per year.  

What other advice do I have?

My suggestion for people considering this product is that Cortex is a very good total solution on the endpoints. Because I needed Cortex to work for external and internal users and devices, it helps that it is cloud-based because it is good for working in the office or other locations. So we wanted to have the total end-to-end protection including on the mobile devices, that is what we got. This product will be a good suggestion for people who need the same capability.  

On a scale from one to ten where one is the worst and ten is the best, I would rate Cortex XDR as around nine-out-of-ten. The cost is the reason it would not be higher. Nine is good but this is a very good product except for the cost.  

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Information Security Architect at a tech services company with 201-500 employees
Real User
Great machine learning capabilities, a strong cloud platform and good overall features
Pros and Cons
  • "It collects and caches and the knowledge of machine learning from different customers to take to the cloud. It makes it better to use for everybody. It allows for quick learning and updates and can, therefore, offer zero-day malware security. This sharing of metadata helps make the solution very safe."
  • "The solution can never really be an on-premises solution based simply on the way it is set up. It needs metadata to run and improve. Having an on-premises solution would cut it off from making improvements."

What is our primary use case?

I primarily use this solution for my clients. I don't use the solution myself.

What is most valuable?

I can call the tweak responses or other items that the customer doesn't like very easily due to the fact that this solution is on the cloud

It collects and caches and the knowledge of machine learning from different customers to take to the cloud. It makes it better to use for everybody. It allows for quick learning and updates and can, therefore, offer zero-day malware security. This sharing of metadata helps make the solution very safe.

Even the firewalls have their signatures. It takes from different resources and takes note of everything. 

The exploits and malware technology are really good. 

What needs improvement?

It's my understanding that this solution is at end-of-life.

It's hard to use as a product. It's not easy or straightforward. Especially when I deal with a government sector or other sensitive industries. They do not accept that it's so easy to share metadata outside their organization. They prefer on-prem even if it is not as powerful due to the fact that they perceive it as being more secure.

The solution can never really be an on-premises solution based simply on the way it is set up. It needs metadata to run and improve. Having an on-premises solution would cut it off from making improvements.

The deployment is pretty hard. Competitors like Trend Micro or Symantec have features on their console that make them easier to use. This solution does not offer items that would increase its usability.

Before I moved to technical sales, I handled implementation, and I remember it being very difficult. They need to improve this aspect.

The solution provides a lot of false positives. The average amount of false positives you get is 5%. It would be great if this could be lowered.

For how long have I used the solution?

I've been using the solution for a year and a half.

What do I think about the stability of the solution?

Security people usually think it's a very powerful solution. However, government teams always worry about the security of the cloud and always need to send approvals. Since this solution is not a normal endpoint, it can be a bit tricky for compliance purposes.

At the same time, it does its job. It's very good at vulnerability management.

That said, it is really not really flexible to make deployments on certain platforms. It's really complicated. Sometimes the solution falls off.

How are customer service and technical support?

We've contacted technical support in the past and they are very good. They are usually quite capable of closing the issue for us. They're also great if we're working out a new configuration or doing a completely new implementation. We're satisfied with their level of service.

How was the initial setup?

The initial setup is not straightforward. It's not that it's complex per se. It's difficult. 

The IVR needs to be reached on the outside. You need to make it to the server and that's connected to the database that communicates with the agent properly. You have to push the agents and put the sensors inside the network. 

What about the implementation team?

We're an integrator; we implement this solution for our clients.

What other advice do I have?

We have a partnership with Palo Alto. I'm a consultant, I'm pre-sales as a technical sales engineer. I try to show the value of any product for the customer. I don't actually use the solution myself.

The solution does not have an on-premises option. It's only available on the cloud.

For XDR new users just need to make sure they have the right policies in place. The solution does offer pre-configured policies. Organizations will want to make sure it is actually fitting them in the places where they will be working best. It's important as well that they don't make it a default selection. Users need to make sure that it's really configured and whitelisted and everything fits the organization. 

I'd rate the solution eight out of ten. I'd rate it higher, however, the deployment process is poor even though the features are decent. Competitors like Carbon Black have much easier deployments.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
CIO/CTO at a manufacturing company with 501-1,000 employees
Real User
Good GUI, however lacks features overall and tends to eat memory
Pros and Cons
  • "They have a new GUI which is just fantastic."
  • "There's an overall lack of features."

What is our primary use case?

We primarily use the solution for our endpoint server and endpoint protection.

What is most valuable?

There aren't many features we find valuable on the solution.

They have a new GUI which is just fantastic.

What needs improvement?

The solution eats memory of the computer, unlike anything I've ever seen. It eats more memory than Chrome. 

I have a lot of users that are eating my memory each hour every day and it's causing us problems. We have to go and buy more memory for each computer. When you have a lot of computers like we do, is not a very good situation.

Some of the computers are only using 4 GB of memory, so if you put aside the differences, most only have some Chrome, some internet, and Office and that's it. And yet, the memory is getting eaten.

If someone catches something like malware, or something else, I want to know if the file was spread to other machines and what the target was. I want to be able to get ahead of the spread. This solution doesn't do enough to protect us against these types of vulnerabilities or to give us much information about the spread. The tool really does need some more reverse engineering features.

There's an overall lack of features.

The initial setup could use improvement. Currently, I must go to each machine and deploy everything manually. We are in 2020, not in 1980. It seems like such a dated way of doing large deployments.

For how long have I used the solution?

I've been using the solution for a year and a half.

What do I think about the stability of the solution?

When I was experimenting with stability early on, I did run into issues when testing the solution in the sandbox.

Eventually, it catches one of the executive files and if you go to the management section of the solution and you release this file, it takes seven or eight tries to do it. You need to keep trying, again and again, using the same procedures to release the file for usage. That was in the beginning and we still have this issue, even though they made a new GUI for management. It's still not resolved.

What do I think about the scalability of the solution?

We have several hundred users.

I had some issues initially in the sandbox when I was testing scalability.

How are customer service and technical support?

I have reached out to technical support in the past. I find dealing with them is like talking to a wall. They aren't terrible, however, you don't really get any guidance. They ask over and over to get us to send them dump files and we do over and over. After all of the back and forth, nothing is really resolved to our satisfaction. You're paying for their services, and you don't get the level of service you would expect. It's a pain point.

How was the initial setup?

The initial setup was not complex. It was very straightforward.

The deployment did take a lot of time due to the fact that we had seven hundred computers. 

What other advice do I have?

We simply use the solution as a customer.

I would not recommend the solution. I'd advise other companies to rather go with Palo Alto's firewall as a better option. I've already advised others not to touch it. It's not worth it at all to even consider using it.

I'd rate the solution six out of ten. Their new GUI is very nice, however, as a professional service, it's lacking in a lot of areas.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior System Administrator at a government with 10,001+ employees
Real User
Top 10
WildFire AI helps detect and prevent threats, but the dashboard should be more intuitive
Pros and Cons
  • "WildFire AI is the best option for this product."
  • "The dashboard is the area that needs to improve so that we can have the ability to drill down without having to go elsewhere to verify results."

What is our primary use case?

We use Palo Alto Traps in our Windows-based environments. Currently, it only protects our desktops and we use it in conjunction with our Check Point firewall.

How has it helped my organization?

The product is very good, it has caught a lot of exploits that most products would not. The WildFire module is a great AI in detecting and preventing attacks. The only issues that we have are, one the cost, two the dashboard is not very intuitive, even though you can drill down within the dashboard, we usually have to gather information from other sources to determine locations and if its a false positive.

What is most valuable?

WildFire AI is the best option for this product.

What needs improvement?

The dashboard is the area that needs to improve so that we can have the ability to drill down without having to go elsewhere to verify results.

For how long have I used the solution?

We have had this product for two years.

What's my experience with pricing, setup cost, and licensing?

This is an expensive solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Raul Rivera - PeerSpot reviewer
Cybersecurity Engineer at GFR Media
Real User
Improves our endpoint security posture in both performance (no scanning) and protection (NG AI/ML)
Pros and Cons
  • "The one feature of Palo Alto Networks Traps that our organization finds most valuable is the App ID service."
  • "It automatically detects security issues. It should be able to protect our network devices while operating autonomously."

What is our primary use case?

We use Palo Alto Networks Traps (Version 6) to protect our endpoints against NG malware via behavior analysis, artificial intelligence and machine learning. Both the PA Traps endpoint logs, our PA firewall traffic logs and the Wildfire sandbox are used to provide immediate threat response and feed this information to the PA Threat Intelligence cloud.

How has it helped my organization?

Palo Alto Networks Traps improves our security posture and lowers risk by providing next-gen methods to combat against modern threats on all the major platforms.

What is most valuable?

The one feature that our organization finds most valuable is being able to control the USB ports on the endpoints

What needs improvement?

The MAC agent is not as robust feature-wise as the PC version. I need to control USB ports on MAC laptops and cannot. This is a MUST so I opened a case with Palo Alto and requested this feature for an upcoming update.

I would like to see more automation and self-healing for incidents that can be easily classified as malware.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

No issues

What do I think about the scalability of the solution?

Palo Alto Networks Traps features excellent protection, cost and scalability. We are a small group of 4 employees and have 2 people dedicated to deployment and monitoring of 1400+ endpoints.

How are customer service and technical support?

Palo Alto Network's technical support is excellent. 

Which solution did I use previously and why did I switch?

Since we were a Fortinet shop, we previously used the FortiClient endpoint agent. We switched to Palo alto FWs and endpoint protection because it is a more mature product with advanced next-gen capabilities not available from the Fortinet solution.

How was the initial setup?

The initial setup was done by a Palo Alto certified service provider.

What was our ROI?

This product pays for itself with only one ransomware denial!

What's my experience with pricing, setup cost, and licensing?

Our license runs on a monthly basis with a recurring monthly charge. If you want additional options like secure remote access with policies, that requires an additional cost. 

Palo Alto Networks Traps does not apply secure remote access to devices without policies, which we are implementing. If you want to apply more policies, like an anti-virus program, anti-malware, or configurations for using a VPN on remote connections, that would also be an additional cost. We're not doing that.

Which other solutions did I evaluate?

Cylance, Carbon Black, Crowdstrike, Microsoft Windows Defender ATP, Sophos, SentinelONE

What other advice do I have?

On a scale from 1-10, I would rate Palo Alto Networks Traps with an eight. It is great, but I have some issues with the cost of the product license.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user1009236 - PeerSpot reviewer
SOC Analyst at a tech services company with 201-500 employees
Real User
Valuable firewall and IPS features and has good integration with other products

What is most valuable?

The integration with other products, the firewall, and the IPS are good features.

What needs improvement?

The solution needs better reports. I think they should let the customer go in and customize the reports. 

It could also use better graphics and more information.

For how long have I used the solution?

I've been using the solution for four months.

What do I think about the stability of the solution?

The stability of the solution is very good. We have about 100 users on it right now, and we use it twice a week.

How are customer service and technical support?

Technical support has been very good.

What other advice do I have?

I recommend using this solution and I would rate the solution an eight out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security Consultant at a tech services company with 51-200 employees
Reseller
Great security protection modules and is a very stable solution
Pros and Cons
  • "It's very stable. I've never experienced downtime for the ASM console or ASM core."
  • "In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are the big company, so they can improve the UI a little bit. The UI, the reports, the log system can all be improved."

What is most valuable?

I've found the security protection modules there, have been the most valuable.

What needs improvement?

I started using it from 4.1, but it didn't change that much. Some features and some fixes have been added to 4.2, but not that much. They need to improve reporting, the end-point reporting. They could also enhance their notification statuses. In the current version, you will see some threat alerts, or if anything is executable, but you will not see behavioral analysis. You will see what was being blocked, and that's it. If Traps logs something, you will get a notification. Otherwise, you have to generate the dump file and investigate on your own.

In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are a big company, so they can surely improve the UI a little bit. The UI, the reports, the log system can all be improved. But overall, when we speak about security and protection, they are one of the top providers.

For how long have I used the solution?

I've been using the solution for six months.

What do I think about the stability of the solution?

It's very stable. I've never experienced downtime for the ASM console or ASM core. But we experienced this for the database, and it was not clear in Trap's interface. So, Trap's server stopped working, stopped getting jobs, stopped the enforcing policies because the database was full. We did not get any alert for that, so you will not see any alert on the ESM console that says that your database is about to fill up. It was not reachable and there was no warning or indication for this. You have to go to some tools internally and check in the command line, to see. You will see some errors for the DB, and you will realize that it's a DB issue. I've never experienced any issue with the Traps itself, but with the database.

What do I think about the scalability of the solution?

It's very easy to scale if you have file availability. If it's more clear, we can do high availability, but it's a bit tricky. We deployed this for 4,000 endpoints, and it was very easy. Two ASM core servers were enough to deploy it for 4,000 plus endpoints. These are enterprises, not SMBs. They're government institutions.

How are customer service and technical support?

I would not say that technical support is bad, but it's not that good. It could be better.

Basically, they don't provide customer support tools just to investigate the logs. From a reseller or authorized center for Palo Alto, I can't get that much information from the logs because it's a bit complicated. If they have support tools, for example, to analyze the logs as they have for the Palo Alto firewall. They don't have for this for Traps. They need to have some tools to analyze the logs. We can generate something called tech support files from Traps, but it's useless. Nothing's there. You will not get that much from the tech support file.

But for the firewall, if we get the tech support file and upload it to somewhere they have some tools, we can get many useful logs and alerts. For Traps, this is not possible.

How was the initial setup?

The initial setup was straightforward. They are using MySQL database, and I think it's a disadvantage because you need to buy a license for MySQL also to deploy it. They don't have this concept of file availability between DS and core servers.

What about the implementation team?

We are a reseller. We are implementing it on customer premises for our clients.

What other advice do I have?

The main advice I can share is to watch out for your database and make sure to give it enough resources. That's it.

I would rate this solution eight out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
Consultant at a mining and metals company with 51-200 employees
Consultant
Offers a complete overview of all our PCs and it's very easy to handle and use the interface
Pros and Cons
  • "We have a complete overview of all our PCs and it's very easy to handle and to use the interface. It has a lot of benefits for us."
  • "Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats."

What is most valuable?

We have a complete overview of all our PCs and it's very easy to handle and to use the interface. It has a lot of benefits for us.

What needs improvement?

The one area which should improve is not on the user side but on the product itself. Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats. For example, if you had something that was not detected by the former solution, and you install Palo Alto, you will have some difficulty removing the virus with the Palo Alto tool. It would be helpful if they had a tool for removing a virus or threat in these cases.

For how long have I used the solution?

I've been using the solution for two years.

What do I think about the stability of the solution?

The solution is very stable. We have about 350 licenses across all our PCs, and of course, only administrators are allowed to plug in.

What do I think about the scalability of the solution?

Scalability is not an easy question. For us, Palo Alto traps is running on a good environment, so if we have a plan to expand we just adjust the environment and from the Palo Alto side, it is not a problem at all. The only thing I have to do is update the license file and it should work. But in the case of a bigger expansion, you have to separate the servers. For us, it is not a problem at all if we decide to scale Palo Alto traps.

How are customer service and technical support?

Support response was very fast. I'm satisfied with the support.

How was the initial setup?

If you have been educated in Palo Alto, the initial setup is very easy. Without an education it depends. It can be difficult, it depends on the knowledge of the installer.

What other advice do I have?

We use the on-prem version, not the cloud version of Palo Alto.

We use it daily but we have logs. Normally, if we have an incident in detection from a wire system, there's more effort. But typically it would take about ten minutes in order to check the logs and it's not complex at all. But if you have some threats or viruses then, of course, maintenance takes longer.

In terms of advice, I'd say it depends on the usage of the PCs. For us to use in the main production, Palo Alto benefited us. It was easy to install and performance of the traps themselves are very good. In most cases, you don't have to worry about the performance of the PC at all. Palo Alto Traps takes up very few resources.

I would rate this solution 9 out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Manager Information Technology at Avendus Capital Pvt. Ltd
Real User
Blocks malicious files, but managing the product should be easier
Pros and Cons
  • "It blocks malicious files. It prevents attacks. It doesn't require many updates, it's a very light application."
  • "Managing the product should be easier."

What is our primary use case?

So far, we have only done a PoC of Palo Alto Traps. We deployed Traps on a few devices and then did the PoC. I also attend a workshop for Palo Alto Traps. I learned how it works and how it can block malicious files, etc.

What is most valuable?

  • It blocks malicious files. 
  • It prevents attacks.
  • It doesn't require many updates, it's a very light application.

What needs improvement?

Managing the product should be easier.

What do I think about the stability of the solution?

The stability is good but I did face one issue that I want to point out. I don't know about the new version but in the old version, sometimes not all your devices are showing properly. Sometimes they show as "inactive."

What do I think about the scalability of the solution?

Scalability is good. You can install it on any number of devices that you are licensed for.

How are customer service and technical support?

Technical support is good but people need better knowledge of that particular product. I don't think it's well-known in India. 

If we asked someone about using Traps they would ask, "What is Traps?" Compared to other products like Symantec and Trend Micro, Traps is not well-known endpoint protection. The engineers also don't know much about it, so Palo Alto needs to promote knowledge of this product.

I go through the vendor for support first. If the vendor doesn't resolve the issue then they log the case with Palo Alto. We haven't had any incidents that had to go to Palo Alto. Everything has been resolved by the vendor so I don't know about the direct support of Palo Alto, except that the Palo Alto firewall is a very stable brand. There's no issue.

Which solution did I use previously and why did I switch?

We are using Symantec now. We were thinking of purchasing Palo Alto but because the EDR part was not there at the time, we went with Symantec which has the EDR solution. EDR is essential for our project. I think it has been announced that EDR is part of Traps now.

How was the initial setup?

The initial setup was very simple. We finished the deployment within one day.

For our implementation strategy, it's cloud-based, so we installed the PoC license on the cloud and then started deploying the agent software on my laptop and mobile devices, and then we did the PoC.

What's my experience with pricing, setup cost, and licensing?

We did not negotiate the price because the solution did not fulfill our requirements. But the price was fine. I don't know how it would compare with Symantec because I negotiated a lot with Symantec. I don't know what kind of negotiation I could have done with Palo Alto.

Which other solutions did I evaluate?

We did not check any other options. But I am going to evaluate Traps in the next year because I want to go for a Palo Alto platform, as we already have a Palo Alto firewall. If, next year, all my requirements are fulfilled, then I will definitely go for Traps.

What other advice do I have?

Palo Alto Traps is good but they need to more widely promote it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Manager of Cyber Defence at a government with 1,001-5,000 employees
Real User
Runs in the background and sends things directly to the cloud for sandboxing
Pros and Cons
  • "The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical."
  • "There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, is not user-friendly."

What is our primary use case?

We used it for malware detection and to detect weird DNS calls. Overall, it was for endpoint protection.

How has it helped my organization?

Many people here are surfing the web on Russian sites, Korean sites, Chinese sites, etc., and by definition, they download things that are not very nice. Whenever there was something fishy, most of the anti-virus solutions just wouldn't see it. We needed endpoint protection that would detect as soon as some code started doing funny things. Traps was very good at that.

What is most valuable?

The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical.

What needs improvement?

There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, was not user-friendly.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

The stability was quite good. We never had any issue with it at all.

What do I think about the scalability of the solution?

We had no issue with scalability. We deployed to 220 machines in one go with no problem. We had 130 users. Some people were using many machines. The users were mostly analysts. Ten to 20 of the users were IT people and the rest were doing analysis work on satellites. It was being used extensively, 100 percent in our case. Even the serves had it running. Everybody had Traps installed.

How are customer service and technical support?

The technical support from the consultant was very good. I don't remember having to talk to Palo Alto directly. I had an issue, but I talked to the consultant and then he escalated it.

Which solution did I use previously and why did I switch?

Before Traps we had no endpoint protection.

How was the initial setup?

The setup was not very intuitive to start with, but after you've done it once, it's really straightforward.

The first time I set it up, for one machine, it took about 15 minutes until I understood what was going on, starting from the ESM and using the deployment tool. But as soon as you've done it once, and you understand the ergonomics behind it, it goes fast.

In terms of the implementation strategy, we started with a limited number of machines and the machines of people from IT, who we knew would surf to weird places. Then we deployed a small sample to the people who go to China and Russia and places like that. After a while, while, we decided to go all the way and we used the ESM to deploy it on every machine.

The process from the planning phase until it was fully implemented took about three or four months.

What about the implementation team?

For the first installation we had a consultant, a Palo Alto dealer, consultant, and solution provider here in Madrid - Open3S. They're very good. Our experience with them was very positive. They're really competent. They really know what they're talking about. We were very happy with them.

The deployment required one or two people. Some days two people came, but normally, with one guy, it was okay.

What was our ROI?

It was more like insurance. You hope you're never going to use it, but you have it. It gave us some confidence in what people were doing because we know people were going to weird places on the web. With Traps, we were quite confident that if something wrong happened it would be detected and intercepted and deleted before it was spread around.

What's my experience with pricing, setup cost, and licensing?

When we first bought it, it was a bit expensive, but it was worth it. The licensing was straightforward.

Which other solutions did I evaluate?

We didn't evaluate any other options because we had Palo Alto as firewalls and we were quite satisfied with Palo Alto. So the consultant took the initiative to do a demo and we liked it. Due to the type of business we are in, it's very useful.

What other advice do I have?

Make sure you have a proper inventory of all the applications running. That's something we should have done to start with. We intended to do so but because we're using very strange applications to deal with satellite imagery, and it was giving us some issues. For somebody who's using the standard Microsoft Office, it's really straightforward. But if you have exotic applications, then make sure you test it before you deploy it. You will have issues.

To maintain it, the only thing you have to do is download the latest updates and install them. After that, the only maintenance you need is checking the logs every day to see what has been sent to the cloud for sandboxing and then move to the culprit machine to see what happened. It's difficult to say how many people are required for this. As soon as you get something exotic on the machine, this can take an hour, but that's not related to Traps. Traps is just telling you there's something exotic. After that, it's the time you spend doing all the malware and other analyses. As far as Traps is concerned as such, it doesn't require much maintenance. It's something you set and forget.

I would give Traps a nine out of ten. I think it's a very good application. It detected stuff that other things wouldn't detect. I'm very positive about it and was extremely satisfied with it. We had it for the reason I noted earlier. It has been replaced by something else, but I had a very good experience with it. Had we been in a Microsoft Office business - the normal applications - we never would have moved. But the people in charge of the system went to Microsoft Defender.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Information Technology Manager at a hospitality company with 10,001+ employees
Real User
You can see the value for your money and sleep peacefully at night, not worrying about ransomware attacks
Pros and Cons
  • "After deploying Traps, we saw the performance of the network improve by 65 to 70 percent."
  • "Traps is quite a stable product. Once it was properly deployed and configured, you have nothing to be worried about."
  • "There are some default policies which sometimes affect our applications and cause them to run around. In the hotel industry, we use a different type of data versus Oracle and SQL. By default, there are some policies which stop us from running properly. Because of this, the support level is also not that strong. We have to wait to get a results."

What is our primary use case?

I used the product at my previous company until November 2018.

How has it helped my organization?

After deploying Traps, we saw the performance of the network improve by 65 to 70 percent. There was a drop in the latency rate over the application, when accessed via our users. We received feedback from users that usually when they were downloading a bunch of things or browsing the Internet, ad popups would spring up which are a gateway to bring viruses and stick in temp files. This improved a lot because Traps occasionally gives an alert to them to be careful, such as don't go on play on this site and download malicious things. The overall performance of the entire organization was improved because of this.

When I was monitoring Traps, during the period after we deployed it fully on our organization, there was around 125 users on it. We could see in a whole day that there was around 10 to 15 threats which kept popping up. Because I work in the hotel industry, we have a lot of emails which come through worldwide. They are for reservations and booking. Out of those 50 emails, five to six emails are malicious emails which have the extension of .exe files or other encrypted files. They could have had macros enabled in those files as well. Traps would alert us to these malicious files.

The network was infected when we were using Traps. One of the reservation computer was infected with ransomware. It was detected by the Traps. In Traps, it shows up that they investigated the file which was in a zip format. We uncompressed it to view the file and saw Traps detected this infection. It does analysis of all the files to an in-depth level, which was helpful for us to detect and avoid that infection being spread around.

What is most valuable?

A majority of its features are very good, well-designed, and programmed. Most of the machine learning has features where we took a deep analysis on kernel level scanning. It has shown that if in case of anything happens, like first-level operation fails or it went to the next level that it will protect the machine. You can see the artificial intelligence working on it. 

What needs improvement?

There are some default policies which sometimes affect our applications and cause them to run around. In the hotel industry, we use a different type of data versus Oracle and SQL. By default, there are some policies which stop us from running properly. Because of this, the support level is also not that strong. We have to wait to get a results. 

Originally, we wanted to uninstall Traps because we could not run our operations because Traps, by default, had blocked applications and files. This is still a thing, as we still have to give flexibility to certain policies which are pre-defined in the Traps application.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Traps is quite a stable product. Once it was properly deployed and configured, you have nothing to be worried about.

When the product was updated, I also worked on the latest version.

What do I think about the scalability of the solution?

It is scalable. 

We had 150 end users. The end users ranged from the manager level to the supervisor level. These users include salespeople who carry their laptops when travel out of the country on business trips.

How are customer service and technical support?

In this region, I find there are not many good engineers available for Traps. The one guy who specializes in the work functionality, if any issue comes up, might not be available in the country. Therefore, it's a challenging to get the specialized person who knows how to troubleshoot and get the fix. Otherwise, we have to wait for at least 24 hours to get support and results. If an issue comes up because of a new version which we deployed and updated has any changes, we need support immediately, not in 24 hours. For example, we don't know  what changes were made to which parameters, what we need to disable or activate, and if they blocked any of the applications, then our operation will get stuck.

Which solution did I use previously and why did I switch?

We were the victim of ransomware. Prior to that we were using an antivirus application from Sophos, which was not able to detect that ransomware engine which encrypted our servers and client machine. So, it was a disaster, and we started looking for another solution which could perform better and give us zero-day threat alerts. I researched which would be the better solution and came across Traps. We ran version 3.5 for a period of one month, where we tested it against malware, viruses, etc. The performance of the Traps has proven itself to work very well in detection.

How was the initial setup?

The initial setup is very straightforward. 

The deployment took five minutes to be fully functional and configured. It was just one simple utility which we had to install on the computers. It was not a complex thing once we had it installed. We created a whitelist policy for whatever applications were there. This was a one-time job to streamline the access levels to be allowed. Once the one-time job was done, it gets pushed out to the entire organization. 

During the PoC stage, we discussed with the engineer how we wanted it because we had an Active Directory and all the user accounts were connected to the directory. We deployed the data from Traps onto one of the server, then data to the Active Directory. From there, we pushed all the agents to all the users, then we took the file and deployed it. Whenever the users login, it gets deployed and installed. The deployment went very well and was properly executed.

What about the implementation team?

The deployment was done by two engineer from Palo Alto and me. They assured me by installing in two to three machines. There were very simple steps to follow, like three to four steps, for the installation. Afterwards, they took care of deploying Traps for all the users.

The admin has been responsible for maintaining it.

What was our ROI?

The return on investment is from the user side because we have seen the performance of it increase the delivery time of the product if we are using too many web-based and on-premise applications. In indirect ways, we saw the return of investment in terms of performance and user satisfaction increase.

What's my experience with pricing, setup cost, and licensing?

It is cost-effective compared to similar solutions. It fits for the small businesses through to the big businesses.

Which other solutions did I evaluate?

I have worked with different product lines: McAfee, ESET Endpoint Security, and Sophos. However, I find the Traps to be much better in comparison to all the other competitors available in the market. 

I did PoCs on products called Cylance and CrowdStrike. Although, I consider these products and they were also good, when it come to cost and budgetary factors, Traps has been proven to be better than the other two products. It is quite cost-effective and delivers all the entire solution which we require.

What other advice do I have?

Overall, Traps is a very good application when you compare endpoint security solutions available in the market. You can see your value for your money. You can see the results and sleep peacefully. You don't have to worry about a ransomware attack. Traps is very well-designed. It also does good things with deep machine learning. If it finds any malicious activity, it will alert you.

Based on our feedback and recommendations, our sister companies had been looking forward to replacing their current solution with the Traps.

My current company is in the process of evaluating the solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Omar Sánchez (Mr.Tech) - PeerSpot reviewer
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
Consultant
Leaderboard
You can quickly locate exceptions and can configure process exceptions
Pros and Cons
  • "If the user leaves our premises or network, Palo Alto Traps will still be on that endpoint and will still apply our policies."
  • "Traps doesn't work with McAfee. You need to remove McAfee to install Traps. This is very common, and its nothing that should be an issue. Some antivirus engines recognize Traps as an threat component, so maybe they need to shake hands somewhere."

What is our primary use case?

The primary use case is endpoint security. The product is my main endpoint, IP, and threat management.

How has it helped my organization?

In organizations where they don't implement a NAC, this product helps stop threats at the endpoint level. Everything goes through the endpoint. By the time you get something to a server, you are compromised at your perimeter, and you might be compromised at your ID or main control. With a third-party, you need a NAC, so you can put on something like McAfee or you need authorization so the organization can scan your computer, then you can connect to the network.

We can't do that for a daily operation. We can't just have personnel waiting for someone to connect, and say, "We need to scan your computer before you go into our network." We don't have time for that." So, you need to implement a NAC. However, if you don't implement a NAC from day one of your business, it is very complicated to do it after many years because the NAC is not like a security software. You have to go server by server and do an assessment. Meanwhile, you need to protect your organization. So, you can use tools like Traps to manage your security, even stopping the threat at the last contact. 

For organizations which do not have a NAC implemented, there has to be some type of endpoint security, and it needs to be tough, like Traps. With Traps, you can search events, manage them quickly, and locate any half exceptions. Trap's traffic is encrypted. 

We like the features where you can quickly locate exceptions and can configure process exceptions. You are building your own defense. Therefore, you are not only relying on Palo Alto, but you are applying day-to-day operations of configured language that a tool can understand.

What is most valuable?

If the user leaves our premises or network, Palo Alto Traps will still be on that endpoint and will still apply our policies. For example, if you take that endpoint out of our network, go to a Starbucks with a company laptop, then connect to our our virtualized gateway. That local endpoint will still have our network policies.

I'm so used to IPS IDS endpoint security that I don't see anything else that catches my attention other than it's working fine. It's a very good tool. It's the best one that we have.

It has Android support.

What needs improvement?

There are some limitations on the Traps agents. Traps for Windows has limitations and Traps for Linux too. Traps doesn't work with McAfee. You need to remove McAfee to install Traps. This is very common, and its nothing that should be an issue. Some antivirus engines recognize Traps as an threat component, so maybe they need to shake hands somewhere.

With Windows 7 and Windows 8 64-bit, when you want to install Traps, because its Windows, it will crash. They need a little more flexibility with antivirus engines.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

You can grow as much as you want.

We have four users: a cybersecurity analyst, two infrastructure security personnel, and a security administrator.

How are customer service and technical support?

The technical support is very good.

Which solution did I use previously and why did I switch?

We were previously using Malwarebytes and McAfee. We are still using them along with Traps.

How was the initial setup?

The initial setup was straightforward, after we had to remove McAfee first.

The deployment took a couple of weeks. We centralized all our perimeter firewalls first, then we started deploying the agent.

We needed two personnel for deployment and maintenance: an infrastructure security person and a security administrator.

What about the implementation team?

Our third-party installer was very efficient.

What was our ROI?

Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance. Security teams will spend less time and effort managing and mitigating breaches. They will be able to avoid having to activate their organization’s incident response team.

What's my experience with pricing, setup cost, and licensing?

It is "expensive" and flexible.

Which other solutions did I evaluate?

We evaluated the following other large endpoint security companies: Kaspersky Endpoint Security, CrowdStrike Falcon Endpoint Protection, Symantec Endpoint Protection, and McAfee Endpoint Security.

If you have Malwarebytes and you want to control a malware that you have on your computer, Malwarebytes will quarantine that malware. However, it depends how infected you got.

What other advice do I have?

Test normal behavior of the Traps agents (injection and policy) and confirm that there has been no change in the user experience.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Luke Teeters - PeerSpot reviewer
Lead IT Security Analyst at a mining and metals company with 1,001-5,000 employees
Real User
Its multi-layer approach helps my organization with anti-malware, exploit protection, and restrictions
Pros and Cons
  • "The multi-layered approach to the product gives you confidence that it will stop exploits, ransomware, worms, or viruses from compromising endpoints, essentially providing peace of mind."
  • "Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files. It was unable to retrieve new file verdicts. It was using a thing called "local analysis" to determine if something was a malicious file or not. There was no dynamic analysis."

What is our primary use case?

We use it for primary endpoint protection.

How has it helped my organization?

Its multi-layer approach helps my organization with anti-malware, exploit protection, and restrictions. A good analogy would be like peeling back an onion, getting through those layers. It gives you the confidence that it will stop exploits, ransomware, worms, or viruses from compromising endpoints, essentially providing peace of mind.

What is most valuable?

The multi-layered approach to the product is its best feature. Each layer has a different method of protecting its endpoint. 

What needs improvement?

With cloud integration, there were several improvements made:

  • Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files. It was unable to retrieve new file verdicts. It was using a thing called "local analysis" to determine if something was a malicious file or not. There was no dynamic analysis. With the cloud implementation, we now have connectivity to the server at any moment, as long as we have an internet connection.
  • A new user interface, which is a lot easier to use. Making it similar to managing a firewall.
  • Additional OS support.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

Stability has improved over the years, as there were noticeable bugs in earlier releases, such as 3.x. With the later releases, versions 4.1 through 5, they have polished the product. It has gotten much better.

When major releases come out with new features, it is a fairly simple process to upgrade these releases.

It is 100 percent utilized with every feature turned on. We leverage their product to the fullest extent.

What do I think about the scalability of the solution?

Scalability is great with servers and workstations. At a moment's notice, you can add hundreds of endpoints. With Traps 5 being on the cloud, there is no scalability risk. You're not going to overload it, as it is a cloud portal. It is their problem, not yours. If you have any issues, call support. I'm confident I can push the client out to 1000 machines, and it will still check in.

We have over 2500 people in our organization using Traps (the entire organization).

How are customer service and technical support?

The technical support has gotten better over the years. When they first started Traps, the support was overseas, and there was a language barrier being from the United States. Over the years, they have distributed that support throughout their company. Now, we will call and get someone in the United States, so there is no language barrier, which is an improvement. 

I feel like the support group has definitely improved over the years. If I call now, I'm positive I'm going to get someone who knows the product very well and is going to help me to resolve whatever issue I'm seeing. We have had weird issues, and they actually have done forensic analysis of what was going on. They have adjustments to future dynamic updates because of these issues. Thus, we have had an impact on the product by bringing them an issue, then having them correct it.

Which solution did I use previously and why did I switch?

We previously used McAfee vs Palo Alto. McAfee is a traditional antivirus. It provided little to no value. We didn't see it stop anything. It wasn't blocking anything. The management was difficult to use because of the virus definitions, where you had to sync every endpoint each day with these updates.

How was the initial setup?

I set up Traps 5 without even looking at the administrative guide. I set it up using logic. Looking at it, reading it, testing it and pushing it out. I set it up in an afternoon with a colleague of mine.

It is easy to implement. It also has dynamic updates, making it smarter. Therefore, there is not much work to be done once you get it configured and pushed out. You can manage it with a small crew of people. Because of its ease of use, businesses might require a full-time employee to manage it. 

It's just one of the tools in the toolbox, and it save us time.

They made it very easy to set up, because you just log into the portal and activate it. They have an automated process to spin up your environment in the cloud. It all happens behind the scenes. 

From a user perspective, it is a click of a button. You just put in the key that was paid for and click a button, then it runs through the setup. Then, they essentially give you a button on your portal, you click it, and it brings you to your management console. Everything is already set up. They manage the upgrades, which is another bonus when being in the cloud, because when it was on-premise, you have to care and feed the server, patch it, upgrade it, and manage the database.

It takes 10 minutes for everything to initialize, since it is a brand new environment. You get to pick your URL, and Palo Alto manages the certificates. When your endpoints connect to the URL, it's just a trusted signed public certificate authority. As long as your endpoints are patched and up-to-date, they trust that certificate. 

Palo Alto is making it easier to implement and manage. They're making it easier to upgrade. The dynamic updates came within the last year or two. Previously, you have to upgrade the actual endpoint software to get more features. 

With dynamic updates, it's an automatic process. It makes the software logic smarter. 

When I first set up Traps four years ago, it took a lot longer because I had to set up a server with the operating system. That takes time. I had to install the software and configure it. I had to have a database, which took time and involved other people. There was a client to deploy to endpoints. Then, there was a certificate to set up for the portal to have our endpoints to communicate with the portal over our SSL. There were a lot of steps.

What about the implementation team?

We did our implementation in-house. We required three to four people for the initial deployment: database administrator, network engineer, server administrator, and security analyst. Afterwards, it takes two people to maintain the solution, but it could be done with one person. We use two people for quality control.

For implementation strategy, if it was a new push or a build, set up your cloud portal, then do a test group, such as a pilot. Set up your policies how you would want them. From there, with your test group, you want to see if any alerts come in and what your endpoints are doing. Then, depending on your company, do a site-by-site implementation. It is integrated with Active Directory, so you can also do group implementation.

What was our ROI?

We have peace of mind knowing that ransomware isn't spreading through our environment.

The product checks a lot of boxes for compliance efforts. The value is there, because these days no one can afford to experience a breach or have a compromised endpoint. Since these would have to be reported, depending on your industry, it would look bad for the company.

What's my experience with pricing, setup cost, and licensing?

We didn't have to pay any additional fee for the cloud instance. It just came with the renewal, which was nice.

What other advice do I have?

If ransomware were to spread throughout your company, you would not want your file shares to be encrypted nor your servers to be affected. My advice would be get Traps on your servers and on your workstations. Go with version 5 and the cloud instance, then turn on all the features that you can. Some of them come by default disabled out-of-the-box, but you want to turn on all of the features, such as local analysis, file quarantine, WildFire, malicious and grayware blocking and quarantine, restrictions (don't allow executables to run from USB drives, unless it's whitelisted). Turn on all the exploit protections with dynamic updates, and just let it just update. Since we all know the next version of Flash Player is going to have a vulnerability which no one knows about until it's discovered. Then, at that point, it could have already been out there for a while.

With Traps, it could potentially determine the exploit before it's even a known vulnerability. Turn on every single feature you can without taking an impact to performance. Once it's fine-tuned and doing its thing, I have never witnessed Traps not working properly.

They have put in improvements over the years. We have been using the product for over four years now (since I've been with the company). They have added support for additional operating systems, such as Android, macOS, and Linux. They used to be Windows only. They put improvements where they no longer require you to have an on-premise server, so you can host it on the cloud. Thus, when endpoints leave the environment, they can connect to a cloud host and have full connectivity to your policies.

When Traps does sandbox tests, it checks the verdict against their sandbox: WildFire. Having it in the cloud is great, because then the machine doesn't have to be on a VPN or within the company walls with connectivity to an on-premise server. Therefore, having the cloud implementation was definitely an improvement.

When Palo Alto acquires a technology, they implement it into Traps and make the product better. They have done this in the past, and there are cool things coming in the future from these acquisitions.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Rob Haller - PeerSpot reviewer
Security Engineer at US Acute Care Solutions
Real User
We've had a significant increase in blocking with a decrease in false positives
Pros and Cons
  • "We've had a significant increase in blocking with a decrease in false positives, because it's looking at how the files work, not just a list of files that it's been told to look for."
  • "The anti-exploit is impenetrable. We chose Traps because it is the only product that we were not able to get anything past."
  • "They have the worst support, as a company, that I have ever worked with, as they are difficult to get a hold of and keep on the phone. They don't know what they are talking about when you get them on the phone. They don't like to respond to messages when you send them to them. They like to "research problems" for weeks on end, then pass you off to somebody else."

What is our primary use case?

Our primary use case is anti-malware and anti-exploit.

How has it helped my organization?

Traditional anti-virus is signature-based, whereas Traps is behavior-based. Therefore, it doesn't necessarily whitelist things, it looks for anything with bad behavior. Thus, we've had a significant increase in blocking with a decrease in false positives, because it's looking at how the files work, not just a list of files that it's been told to look for.

What is most valuable?

The anti-exploit is impenetrable. We chose Traps because it is the only product that we were not able to get anything past.

What needs improvement?

Going from version 4 to version 5, they had a major change in their user interface. Version 5 is now all cloud managed, while it has a very intuitive, useful interface, it doesn't have all the features that were in the version 4 interface. For example, we lost being able to automatically trigger upgrades, like creating manual groups to upgrade with. It doesn't currently have the ability to use the Active Directory to create groups. 

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It's fairly stable. They do have bugs which come up every once in a while, but they're usually good about getting them taken care of within a release.

What do I think about the scalability of the solution?

It is definitely scalable.

Primarily, it is just being used by myself. The help desk also uses it. There are probably a total of around ten users.

We've deployed it to about 1500 endpoints so far. There is a possibility that we may expand our usage, but not in the foreseeable future. We are at pretty much at 100 percent deployment at this point.

How are customer service and technical support?

I would describe Palo Alto's technical support as audio waterboarding. They have the worst support, as a company, that I have ever worked with, as they are difficult to get a hold of and keep on the phone. They don't know what they are talking about when you get them on the phone. They don't like to respond to messages when you send them to them. They like to "research problems" for weeks on end, then pass you off to somebody else.

Which solution did I use previously and why did I switch?

We were previously using Sophos for antivirus, and are still using Sophos for antivirus, but we're using Traps to augment it.

How was the initial setup?

The initial setup was pretty straightforward on version 4, but on version 5, it is almost idiot-proof.

The initial deployment of getting the servers and everything up took about a week, but getting everything deployed was somewhere closer to six weeks.

What about the implementation team?

We implemented it in-house. We incrementally did some systems to make sure that it wouldn't block anything that it shouldn't. After that, we used Active Directory to push it to everything else.

Very little staff is required for deployment and maintenance, as Traps is self-maintaining.

What was our ROI?

I feel that we have seen ROI. There have been a number of blocked, bad files that could have gotten through, but were stopped by Traps.

What's my experience with pricing, setup cost, and licensing?

The pricing seems fair, and I do like the licensing model. You use wherever they are, and it is elastic. So, if you have 1100 computers today, you can license that. Therefore, as long as you're below your licensing cap, you're fine.

Which other solutions did I evaluate?

We looked at Palo Alto vs Sophos, which has a anti-malware system called Intercept X, but it did quite literally nothing. We thought about Symantec, but we didn't end up testing them against Traps.

What other advice do I have?

The implementation is fairly straightforward and easy. With version 5, everything is now on the cloud. It is easy to work with and use. I would use mobile device management (MDM) or Active Directory (AD) to push the file everywhere when installing it, as it will auto go from there. The management is pretty low. Thus, it will be set it, and for the most part, you can forget it.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Manager of InfoSec at Joann Fabrics
Real User
We have not had any malware successfully execute on an endpoint since deploying Traps.
Pros and Cons
  • "Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place."
  • "There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration."

What is our primary use case?

How has it helped my organization?

Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place. We have not had any malware successfully execute on an endpoint since deploying Traps.

What is most valuable?

Wildfire, advanced detection capabilities, and whitelist/blacklist features. These features have provided us an easy way to lock down our systems to prevent execution of unknown code and scripts and to prevent launching of code from end user writable directories.

What needs improvement?

The application whitelisting/blacklisting feature is based purely on path and filenames. Changing a filename can bypass it easily. The uninstall admin password for the client is passed in clear text during install. 

There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration. This is ridiculous for an enterprise product. 

Traps 5.0 does not integrate with Palo Alto's Panorama product, which was a big selling point of Traps 4.0. Traps 5.0 has no ability to send an email to alert of detections. Instead customers have to jump through hoops to use Palo Alto's log management service to forward logs into a 3rd party SIEM and then build your alerts from there. No EDR functionality, though this is supposedly coming.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Mostly positive. We've had some episodes early on where upgrades caused some issues with the backend database, but that seems to have cleared up. This issue would not impact the Traps 5.0 users as it is SaaS based.

What do I think about the scalability of the solution?

This software exists on every workstation and server in our company with ~10,000 people using the solution. For on-prem, we run 3 nodes and it handles the load just fine. We could always add more nodes if necessary. For the SaaS solution, that is all on Palo Alto's side.

How was the initial setup?

Setup was pretty straight forward. The product is very granular and customers can turn on features as they are ready/comfortable in order to keep the deployment simple. For organizations with a good understanding of their infrastructure, deployment should be pretty simple.

What about the implementation team?

We deployed Traps ourselves. We went big bang and deployed all features at once. We had a strong understanding of our systems and were able to provide whitelisting settings up front that made sense. There was a bit of post-deployment work to resolve things that were missed, but all things considered the deployment strategy went smoothly and was the right call.

What was our ROI?

For an endpoint security service, that is hard to state. We have not seen a malware infection since deployment.

What's my experience with pricing, setup cost, and licensing?

I feel it is fairly priced.

Which other solutions did I evaluate?

We evaluated 

What other advice do I have?

I think Traps has the best mix of features by price in the industry. It is not flawless by any means, but Palo Alto seems committed to it and are improving it. Traps 5.0 is promising, though they have a ways to go before I'd be willing to implement it.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Manuel Keller - PeerSpot reviewer
Head of Network and Communication Department at a program development consultancy with 10,001+ employees
Consultant
The level of security I get for my endpoints and servers is extremely valuable.

What is most valuable?

The level of security I get for my endpoints and servers is extremely valuable.

How has it helped my organization?

No signature updates of the AV needed, so no old signatures. No patching, very little operational effort needed.

What needs improvement?

Performance at the endpoint is much better than with the old AV.

No signature updates needed.

Stops the attack before it is executed.

For how long have I used the solution?

Two years.

What was my experience with deployment of the solution?

No.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Customer Service:

Perfect.

Technical Support:

Real experts.

Which solution did I use previously and why did I switch?

Yes. We switched because the footprint was heavy, the protection rate decreases and the operational costs (incidence response) were high.

How was the initial setup?

Yes, it took one hour to install the back end and the rollout was done by software deployment. Project lasted four weeks .

What about the implementation team?

In-house.

What's my experience with pricing, setup cost, and licensing?

Ask your local dealer.

Which other solutions did I evaluate?

Yes.

What other advice do I have?

If you are already a Palo Alto Networks Firewall customer you can have perfect Integration between your clients/servers and your firewalls. Automated response without supporting and APIs.

Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
Buyer's Guide
Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2022
Buyer's Guide
Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.