Cortex XSIAM Reviews

The primary use case for Cortex XSOAR is that it requires less management and integration effort. It automates many tasks and integrates seamlessly with other Palo Alto Networks products.

It does a better job of identifying anomalies that are more likely to be incidents of compromise without as many false positives or false negatives.

It could provide more integration with a large variety of products.

I have been using Cortex XSIAM for a year.

The product is stable.

I rate the solution’s stability a ten out of ten.

There have been no issues with the scalability. 1200 FTEs are using this solution.

As our application stack increases, the size will increase.

Splunk is too expensive and too difficult to manage. The additional costs for log ingestion for Splunk were driving the prices up.

The initial setup is straightforward compared to Splunk. It took about three months to complete.

I rate the initial setup an eight out of ten, where one is difficult and ten is easy.

Our engineers were able to do the deployment independently.

We are understaffed on the security side. The XSIAM solution from Cortex reduces and makes it feasible for us to handle incidents that we previously struggled with.

The standard licensing is positive. The number of logs ingested into Splunk was primarily driving its cost up, and that is not as much of an issue with Palo Alto as it was with Splunk.

By incorporating XSIAM, it handles and automates many manual processes but allows users to review things manually before changes are made.

There is minimal maintenance from our side.

I recommend it.

Overall, I rate the solution a nine out of ten.

We use Cortex XSIAM as a NextGen antivirus to detect malware in endpoints and devices. We have integration with data sources and other third-party data sources, enabling us to ingest logs from a third-party website to the Cortex XSIAM console. This allows the management of detailed data. It aims to keep track of work ingested through Cortex.

Cortex XSIAM is user-friendly, allowing users to easily understand activities within Cortex. Customers can resolve issues by themselves with easy-to-follow documentation, which helps reduce reliance on technical support.

The most valuable feature is the integration capability. It is user-friendly and allows easy integration with third-party vendors. The centralized endpoints are secured, even if they are not exposed to the Internet. It provides a more secure and futuristic feature set.

I am not sure if any improvements are needed right now. The current features are satisfactory, and new features are implemented following customer feature requests.

I have been working with the Cortex XSIAM product for around one year and eight months.

Sometimes, stability issues occur, especially after content updates or new version releases. It is important how quickly these are resolved. However, currently, it is performing well.

There are no scalability issues.

If a customer reports an issue, we look for the best resolution from our end. If we are unable to resolve it, a ticket is raised to the engineering team.

Positive

Currently, I do not have experience with any other products similar to Cortex XSIAM.

Feedback related to revenue and benefits of Cortex is shared with the accounts team, not typically with technical support.

We do not deal with licensing. Only the accounts team handles that information.

I was not part of the evaluation process and did not evaluate other options before going with Cortex XSIAM.

I would recommend Cortex XSIAM to other users because it is a leading solution in the market. I suggest using the trial version to get to know Cortex before proceeding with a full license.

I'd rate the solution ten out of ten.

We use the product to integrate several third-party logs into the dashboard and perform micro-automation in response to incidents.

The platform's most valuable features include third-party integration for analyzing incidents across the network, forensic investigation automation, and playbooks.

There is room for improvement in expanding integrations to include more cybersecurity solutions.

I have been working with Cortex XSIAM for two years.

I rate the product stability a ten. 

We have six customers using XSIAM. They are predominantly enterprise businesses. I rate the scalability an eight. 

The technical support team can be slow in providing solutions, often requiring additional research or escalations to resolve issues.

Neutral

The documentation on deployment procedures needed to be improved and the deployment options were limited, 95% being cloud-based. It typically takes one to two weeks, though fine-tuning and integration can extend this timeframe depending on the scope.

The process involves integrating our XDR Cortex platform with the XSIAM SaaS deployment or management console, correlating the necessary information, and creating the analytics rules.

I would rate the initial setup experience as a seven.

The product cost could be considered value for money compared to other solutions in the market, though it is quite high.

I rate the pricing a nine. 

The platform's analytics capabilities are particularly effective in identifying and correlating incidents. It helps identify endpoint-based incidents.

The automation capabilities significantly improve response times by allowing us to respond to incidents from a single dashboard rather than navigating multiple dashboards.

I rate it an eight. 

The most valuable features of Cortex XSIAM are the machine learning used to identify threats, the complexity of the environment of products, and efficiency.

The solution’s pricing and technical support could be improved.

I have been using Cortex XSIAM for five years.

The solution is expensive compared to its competitors.

Users should test the solution quite massively and deeply to verify whether it really suits their needs.

You have to gather some specific knowledge to really get the profits and fully use the functionalities of the product. It's not an out-of-the-box product.

If you have used the product before and know what you want to achieve, it is easy to use the solution. However, if you are newly using the solution, you have to analyze and know what you want to achieve using this tool.

Overall, I rate Cortex XSIAM a seven out of ten.