IT Central Station is now PeerSpot: Here's why

What advice do you have for others considering Cortex XDR by Palo Alto Networks?

If you were talking to someone whose organization is considering Cortex XDR by Palo Alto Networks, what would you say?

How would you rate it and why? Any other tips or advice?

PeerSpot user
3838 Answers

reviewer1379898 - PeerSpot reviewer
Top 5Real User

My advice for people who are looking into implementing this system is that they should be aware of the complexity of the installation and the management of the system. I would preferably buy this from a partner. We have not yet completed our review of the product. At this time, I would rate it a five out of 10.

Guhaneson Arumugam - PeerSpot reviewer
Top 5Reseller

So far, it has met all of our requirements, and it should be able to cater to a wide range of product lines. We must first determine what their business requirements are, as well as what other technical layers we are considering, and then propose the appropriate sizing and solution. We mostly promote Palo Alto, but it depends on the customer's needs, as well as their budget, infrastructure, and what their business requires, all of those factors come into play when recommending a solution. When you compare it with other products, I would rate Cortex XDR by Palo Alto Networks a nine out of ten. It's close to being rated a ten out of ten because of their level of support, and the other is the solution and the most recent technology.

reviewer1704321 - PeerSpot reviewer
Real User

My advice for anybody who is implementing this product is to ensure that the project plan has appropriate troubleshooting time in it. Overall, I'm quite happy with the product. I would rate this solution an eight out of ten.

AlbertoGonzaga - PeerSpot reviewer
Top 20MSP

I'm rating this solution a ten out of ten because it is very good for managed threat hunting and incident response. It is the best XDR solution. It's better than other tools because it uses enterprise architecture. Everybody will find that this solution is easy to use.

RICARDO VALENCIA - PeerSpot reviewer
Top 20Real User

It is important to have security tools in order to review, monitoring and hunt the potential attacks. We have found in our test Cortex XDR by Palo Alto Networks to be a very good tool. It's an efficient solution. I recommend this solution to my business partners and other companies. I rate Cortex XDR by Palo Alto Networks a ten out of ten. Other solutions I have used I would rate a seven out of ten. There is not something that comes close to this solution.

reviewer1544832 - PeerSpot reviewer
Top 5Real User

I have found the solution to be very easy in respect of the integration and configurable. The integrations are out-of-the-box, as are the playbooks. The solution is deployed solely on-premises on a single server. As of now, there are six users making use of the solution. My advice is that the on-premises environments for the product's use should be increased. I rate Cortex XDR by Palo Alto Networks as an eight out of ten.

reviewer1530651 - PeerSpot reviewer
Top 10Real User

I would rate this solution as five out of ten.

reviewer1663611 - PeerSpot reviewer

I would highly recommend it unless you have iOS assets on your network. I would rate Cortex XDR an eight out of 10.

AndyChan3 - PeerSpot reviewer
Top 5LeaderboardReal User

I would recommend this solution to others. I rate Cortex XDR by Palo Alto Networks a nine out of ten.

reviewer1387713 - PeerSpot reviewer
Top 10Real User

I would recommend this solution. I would rate Cortex XDR a seven out of 10.

reviewer1411233 - PeerSpot reviewer
Top 5LeaderboardReal User

I would recommend this solution to others. I rate Cortex XDR by Palo Alto Networks an eight out of ten.

WillAgudo - PeerSpot reviewer
Top 20Real User

Learn the product because once you deploy it and a lot of people look at it from an endpoint perspective, they get the endpoint protection instantly. However, there are other things that you need to learn more about. Once you deploy Cortex XDR, you get a subscription to a data lake, which helps you retain logs. We have Palo Alto firewalls and later on learned that we can also integrate our firewalls and get the logs. You have a limited amount of space for log retention, but things like that are important in cases where you need to have PCI compliance or have a company policy of retaining a certain amount of logs. So, learn all the features and ask questions, and perhaps if it's going to be something that you're going to use as an investment for your company, take a training class. On a scale from one to ten, I would rate Cortex XDR at nine.

KostiantynFrolov - PeerSpot reviewer
Top 5Real User

Cortex XDR is a threat analytics security manager that allows users to see what threats are going to endpoints. It's a very high-security solution. The next step up from Cortex XDR is Cortex XSOAR. XSOAR is an automated threat solution. It's a security solution from Palo Alto. I'd recommend the solution to others. I'd rate it at a nine out of ten overall.

reviewer1428147 - PeerSpot reviewer
Real User

I would recommend this solution to anyone who is interested in using it. I would rate Cortex XDR a seven out of ten.

Mayur Jadhav - PeerSpot reviewer
Top 10Real User

It is a very straightforward product with minimum administer interference, once it is deployed. I would rate this solution a seven out of ten.

reviewer1489881 - PeerSpot reviewer
Top 5Reseller

I would recommend Cortex XDR by Palo Alto Networks to potential users. On a scale from one to ten, I would give Cortex XDR by Palo Alto Networks a nine.

reviewer1437951 - PeerSpot reviewer
Real User

On a scale from one to ten, I would give Cortex XDR by Palo Alto Networks a nine.

Jeff Wolach - PeerSpot reviewer
Top 20Reseller

You don't have to be a Palo Alto customer to implement this solution. Some people think they have to, but no. It is a completely separate solution on its own. I would highly recommend it just because it is a complete package. It not only takes in data from your endpoint; it also takes in data from other sources that are not Palo Alto and helps to create the story about what's going on by stitching things together. I would rate Cortex XDR a nine out of ten. It is pretty good. The reason for giving a nine is that there is always room for improvement.

reviewer1460898 - PeerSpot reviewer
Top 5LeaderboardReal User

Overall, this is a good product and I can recommend it to others. I would rate this solution an eight out of ten.

Darshil Sanghvi - PeerSpot reviewer
Top 5LeaderboardReseller

If you are looking for security, mainly for advanced threat prevention from ransomware and malware attacks, I would recommend Cortex. Even if you want to integrate your firewall, I would recommend Cortex, but if you are looking for a single product with multiple options or features, such as DLP, encryption, rollback, and other features, I would not recommend Cortex. I would rate Cortex XDR a nine out of ten.

reviewer1237689 - PeerSpot reviewer
Top 20Real User

While we deal with the cloud deployment model, we've also often used the on-premises deployment. I'd advise other companies to use the solution. It really is the best one out there. Overall, I'd rate the solution nine out of ten. The reporting is a bit weak, and it's my understanding they are working on that. However, performance-wise and security-wise, this is the best product.

MichaelGrove - PeerSpot reviewer
Top 20Real User

I don't use this product on a daily basis but we like what we have so far and I would definitely recommend it to other users. My advice is to make sure that you have a good implementor and that the reseller you're purchasing from gives you a highly-qualified engineer. Overall, we are happy with this product but that said, nothing does everything that you want. I would rate this solution a nine out of ten.

reviewer1361427 - PeerSpot reviewer
Real User

We had to move away from working with Cortex XDR by Palo Alto Networks due to the regulations. They state that the logs have to be kept in Saudi Arabia. Also, the log is in the cloud, which is against the regulations. We chose Fidelis. They meet the regulations and they are on-premises. We had no issues with Cortex. We were satisfied but it didn't meet with the regional regulations. I would rate Cortex XDR by Palo Alto Networks an eight out of ten.

Fred TANG - PeerSpot reviewer
Top 20Real User

My suggestion for people considering this product is that Cortex is a very good total solution on the endpoints. Because I needed Cortex to work for external and internal users and devices, it helps that it is cloud-based because it is good for working in the office or other locations. So we wanted to have the total end-to-end protection including on the mobile devices, that is what we got. This product will be a good suggestion for people who need the same capability. On a scale from one to ten where one is the worst and ten is the best, I would rate Cortex XDR as around nine-out-of-ten. The cost is the reason it would not be higher. Nine is good but this is a very good product except for the cost.

reviewer1388277 - PeerSpot reviewer
Real User

We have a partnership with Palo Alto. I'm a consultant, I'm pre-sales as a technical sales engineer. I try to show the value of any product for the customer. I don't actually use the solution myself. The solution does not have an on-premises option. It's only available on the cloud. For XDR new users just need to make sure they have the right policies in place. The solution does offer pre-configured policies. Organizations will want to make sure it is actually fitting them in the places where they will be working best. It's important as well that they don't make it a default selection. Users need to make sure that it's really configured and whitelisted and everything fits the organization. I'd rate the solution eight out of ten. I'd rate it higher, however, the deployment process is poor even though the features are decent. Competitors like Carbon Black have much easier deployments.

reviewer1371849 - PeerSpot reviewer
Top 5Real User

We simply use the solution as a customer. I would not recommend the solution. I'd advise other companies to rather go with Palo Alto's firewall as a better option. I've already advised others not to touch it. It's not worth it at all to even consider using it. I'd rate the solution six out of ten. Their new GUI is very nice, however, as a professional service, it's lacking in a lot of areas.

Mantu Shaw - PeerSpot reviewer
Top 5LeaderboardReal User

My advice for anybody who is considering Cortex XDR is that it is a complete solution, and has very good features. From my experience, it is one of the better ones in the market. That said, no product is 100%. I would rate this solution a nine out of ten.

ConsulSec67 - PeerSpot reviewer

The main advice I can share is to watch out for your database and make sure to give it enough resources. That's it. I would rate this solution eight out of 10.

it_user1009236 - PeerSpot reviewer
Real User

I recommend using this solution and I would rate the solution an eight out of 10.

Traps677 - PeerSpot reviewer

We use the on-prem version, not the cloud version of Palo Alto. We use it daily but we have logs. Normally, if we have an incident in detection from a wire system, there's more effort. But typically it would take about ten minutes in order to check the logs and it's not complex at all. But if you have some threats or viruses then, of course, maintenance takes longer. In terms of advice, I'd say it depends on the usage of the PCs. For us to use in the main production, Palo Alto benefited us. It was easy to install and performance of the traps themselves are very good. In most cases, you don't have to worry about the performance of the PC at all. Palo Alto Traps takes up very few resources. I would rate this solution 9 out of 10.

Raul Rivera - PeerSpot reviewer
Real User

On a scale from 1-10, I would rate Palo Alto Networks Traps with an eight. It is great, but I have some issues with the cost of the product license.

Netw9886 - PeerSpot reviewer
Real User

Make sure you have a proper inventory of all the applications running. That's something we should have done to start with. We intended to do so but because we're using very strange applications to deal with satellite imagery, and it was giving us some issues. For somebody who's using the standard Microsoft Office, it's really straightforward. But if you have exotic applications, then make sure you test it before you deploy it. You will have issues. To maintain it, the only thing you have to do is download the latest updates and install them. After that, the only maintenance you need is checking the logs every day to see what has been sent to the cloud for sandboxing and then move to the culprit machine to see what happened. It's difficult to say how many people are required for this. As soon as you get something exotic on the machine, this can take an hour, but that's not related to Traps. Traps is just telling you there's something exotic. After that, it's the time you spend doing all the malware and other analyses. As far as Traps is concerned as such, it doesn't require much maintenance. It's something you set and forget. I would give Traps a nine out of ten. I think it's a very good application. It detected stuff that other things wouldn't detect. I'm very positive about it and was extremely satisfied with it. We had it for the reason I noted earlier. It has been replaced by something else, but I had a very good experience with it. Had we been in a Microsoft Office business - the normal applications - we never would have moved. But the people in charge of the system went to Microsoft Defender.

Amjad  Khan - PeerSpot reviewer
Real User

Overall, Traps is a very good application when you compare endpoint security solutions available in the market. You can see your value for your money. You can see the results and sleep peacefully. You don't have to worry about a ransomware attack. Traps is very well-designed. It also does good things with deep machine learning. If it finds any malicious activity, it will alert you. Based on our feedback and recommendations, our sister companies had been looking forward to replacing their current solution with the Traps. My current company is in the process of evaluating the solution.

Saidatta HIndlekar - PeerSpot reviewer
Real User

Palo Alto Traps is good but they need to more widely promote it.

Omar Sánchez (Mr.Tech) - PeerSpot reviewer

Test normal behavior of the Traps agents (injection and policy) and confirm that there has been no change in the user experience.

Luke Teeters - PeerSpot reviewer
Real User

If ransomware were to spread throughout your company, you would not want your file shares to be encrypted nor your servers to be affected. My advice would be get Traps on your servers and on your workstations. Go with version 5 and the cloud instance, then turn on all the features that you can. Some of them come by default disabled out-of-the-box, but you want to turn on all of the features, such as local analysis, file quarantine, WildFire, malicious and grayware blocking and quarantine, restrictions (don't allow executables to run from USB drives, unless it's whitelisted). Turn on all the exploit protections with dynamic updates, and just let it just update. Since we all know the next version of Flash Player is going to have a vulnerability which no one knows about until it's discovered. Then, at that point, it could have already been out there for a while. With Traps, it could potentially determine the exploit before it's even a known vulnerability. Turn on every single feature you can without taking an impact to performance. Once it's fine-tuned and doing its thing, I have never witnessed Traps not working properly. They have put in improvements over the years. We have been using the product for over four years now (since I've been with the company). They have added support for additional operating systems, such as Android, macOS, and Linux. They used to be Windows only. They put improvements where they no longer require you to have an on-premise server, so you can host it on the cloud. Thus, when endpoints leave the environment, they can connect to a cloud host and have full connectivity to your policies. When Traps does sandbox tests, it checks the verdict against their sandbox: WildFire. Having it in the cloud is great, because then the machine doesn't have to be on a VPN or within the company walls with connectivity to an on-premise server. Therefore, having the cloud implementation was definitely an improvement. When Palo Alto acquires a technology, they implement it into Traps and make the product better. They have done this in the past, and there are cool things coming in the future from these acquisitions.

Rob Haller - PeerSpot reviewer
Real User

The implementation is fairly straightforward and easy. With version 5, everything is now on the cloud. It is easy to work with and use. I would use mobile device management (MDM) or Active Directory (AD) to push the file everywhere when installing it, as it will auto go from there. The management is pretty low. Thus, it will be set it, and for the most part, you can forget it.

ManagerO5d72 - PeerSpot reviewer
Real User

I think Traps has the best mix of features by price in the industry. It is not flawless by any means, but Palo Alto seems committed to it and are improving it. Traps 5.0 is promising, though they have a ways to go before I'd be willing to implement it.

Buyer's Guide
Cortex XDR by Palo Alto Networks
May 2022
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: May 2022.
596,970 professionals have used our research since 2012.