Coming October 25: PeerSpot Awards will be announced! Learn more
2018-12-12T10:13:00Z
Julia Frohwein - PeerSpot reviewer
Senior Director of Delivery at PeerSpot (formerly IT Central Station)
  • 0
  • 399

What is your primary use case for Cortex XDR by Palo Alto Networks?

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

41
PeerSpot user
41 Answers
Dennis Ngetich - PeerSpot reviewer
Cloud Specialist at Eazzy Solutions
Reseller
Top 20
2022-08-08T13:33:29Z
08 August 22

Cortex XDR by Palo Alto Networks is a network management solution.

MA
Network and security engineer at a tech services company with 11-50 employees
Real User
Top 20
2022-06-28T15:48:36Z
28 June 22

I'm testing the product right now. I use the solution for endpoint security.

Kelvin Choy - PeerSpot reviewer
Security Specialist at Television Broadcasts Ltd
Real User
Top 10
2022-06-21T06:05:00Z
21 June 22

We primarily use the solution for security.

Ahmed Sief - PeerSpot reviewer
System Engineer at a logistics company with 5,001-10,000 employees
Real User
Top 20
2022-06-07T07:19:37Z
07 June 22

We're using it just to make sure that the customers, or our users, don't use any prohibited applications. We make sure that every application they use is on the allowed list. Any other application that is not only allowed is blocked until further notice. It's mainly to make sure that our organization is secure and that the software that the users are working on is secured too. This is the main reason. also to be aware and secured from any potential attack or ransomware etc.

Rustam-Rustamli - PeerSpot reviewer
CISO at International Bank of Azerbaijan
Real User
Top 20
2022-05-12T06:57:51Z
12 May 22

This solution has replaced our traditional antivirus solutions; it protects our environment and safeguards our endpoints from any malware or exploitation. We are based in Azerbaijan, I'm the CISO of the company and we are customers of Palo Alto.

PM
Senior IT Specialist at a manufacturing company with 1,001-5,000 employees
Real User
Top 20
2022-03-16T12:38:21Z
16 March 22

It has just been about a month.

Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,952 professionals have used our research since 2012.
GA
Consultant at Trillennium (Pvt) Ltd
Reseller
Top 20
2022-02-11T13:57:59Z
11 February 22

We are not using it for our purposes because we are a Palo Alto partner. We propose it for our customers based on their requirements. We are both a service provider and a reseller. When the pandemic first began, the use cases were mostly for remote users. We deployed this for the majority of remote users.

DP
Cloud and Security Architect at a transportation company with 51-200 employees
Real User
2022-01-20T10:23:15Z
20 January 22

Security correlation is our main use case.

AlbertoGonzaga - PeerSpot reviewer
Account Manager at CIPHER
MSP
Top 20
2021-12-22T17:22:00Z
22 December 21

My customer wanted to use EDR. We worked with the POC to demonstrate the antivirus and how it has more features for detecting threats.

RV
Information Technology Corporate Manager at a consumer goods company with 1,001-5,000 employees
Real User
Top 20
2021-11-24T20:05:21Z
24 November 21

We are in the testing stage of using Cortex XDR by Palo Alto Networks. We are using it in order to ensure the corporate network servers are protected. Additionally, we need to use a specialized tool.

SA
CyberSecurity Consultant at a tech services company with 51-200 employees
Real User
Top 5
2021-11-02T18:30:56Z
02 November 21

I have deployed some customized playbooks and modified ones which are out-of-the-box with more integration with SIEM solutions such as ArcSight, QRadar, ADRs and Trend Micro.

AA
EMEA IT Infrastructure Manager at a consumer goods company with 5,001-10,000 employees
Real User
Top 10
2021-11-02T18:27:00Z
02 November 21

My primary use of this solution is as an endpoint security client.

HS
IT manager at a computer software company with 11-50 employees
Reseller
2021-09-03T16:10:43Z
03 September 21

I use it for visibility, mitigation, and analysis of advanced threat attacks.

AndyChan3 - PeerSpot reviewer
General manager at a tech services company with 201-500 employees
Real User
Top 5
2021-07-30T09:54:52Z
30 July 21

I use the solution for endpoint protection.

AA
Relationship Manager at a financial services firm with 5,001-10,000 employees
Real User
Top 10
2021-07-23T05:07:37Z
23 July 21

We use it for malicious connections from malicious websites. There might also be some payloads that might be inside the traffic. We also use it to identify malicious processes or bugs that are running on the network and any activities that tend to lead to data infiltration.

TS
Security consultant at a tech services company with 1,001-5,000 employees
Real User
Top 5Leaderboard
2021-07-06T18:47:00Z
06 July 21

We use this solution to protect our computer system against threats, such as exploits and malware.

WillAgudo - PeerSpot reviewer
System Administrator at NATIONAL ASSOCIATION OF REALTORS
Real User
Top 20
2021-06-30T17:51:45Z
30 June 21

The primary use case is mainly endpoint protection.

KostiantynFrolov - PeerSpot reviewer
Lead Security Engineer at ESKA
Real User
Top 5
2021-04-05T18:32:14Z
05 April 21

Cortex XDR is used for endpoint detection and response. This is software placed into endpoints and work in this cloud. In cloud has the analytics, login, prevention models, et cetera.

PV
Sales Engineer at a security firm with 51-200 employees
Real User
2021-03-24T11:04:37Z
24 March 21

We use this solution to secure endpoints and to have more visibility on what is happening on the endpoints. We have two customers who are using this solution currently.

Mayur Jadhav - PeerSpot reviewer
Senior Security Consultant at a tech services company with 201-500 employees
Real User
Top 10
2021-02-22T21:12:58Z
22 February 21

We use this solution specifically in endpoint response, endpoint detection, endpoint sandboxing, and as a firewall.

RP
Network and Cybersecurity Consultant at a tech services company with 11-50 employees
Reseller
Top 5
2021-01-27T06:34:21Z
27 January 21

We're primarily a Palo Alto shop, and we integrate solutions in the Palo Alto ecosystem. But for firewalls and threat hunting, it's all through Cortex XDR. We also compliment the Cortex XDR product with other endpoint protection solutions, like Windows Defender, or whatever the customer is using,

KS
Security Engineer at a tech services company with 11-50 employees
Real User
2021-01-23T07:10:12Z
23 January 21

We use Cortex XDR by Palo Alto Networks for its ability to detect based on behavior rather than simple virus scan to prevent malicious activities. We also use it to go in and white list things that are okay. This way, they won't get blocked.

Jeff Wolach - PeerSpot reviewer
Vice President / Chief Technology Officer at Sinnott Wolach Technology Group
Reseller
Top 20
2021-01-07T19:20:58Z
07 January 21

We use it for our own company as well for our clients. It is mainly used for protecting the endpoints. Like everybody else nowadays, we're all working from home, and we have access to data on the public cloud, private cloud, and on-prem. We got to make sure that we're not exposing our endpoints to anything out there that could be malicious and that could cause any problems within our networking environment.

RN
Lead Consultant at a tech services company with 1-10 employees
Real User
Top 5Leaderboard
2020-12-08T16:15:48Z
08 December 20

We are a solution provider and one of the Palo Alto products that we implement for our clients is Cortex XDR (Extended Detection and Response). It is also known as Traps, and it is mostly used for endpoint protection. For example, when remote users want to connect to their organization using a VPN, they will be protected.

Darshil Sanghvi - PeerSpot reviewer
Consultant at a tech services company with 501-1,000 employees
Reseller
Top 5Leaderboard
2020-11-24T00:53:45Z
24 November 20

We mainly use it for endpoint protection, exploit prevention, and malware prevention.

CM
Network Designer at a computer software company with 1,001-5,000 employees
Real User
Top 20
2020-10-22T14:34:13Z
22 October 20

We primarily use the product as endpoint security which we have deployed on all servers and locations. This is not limited to the endpoint, however, as it has further integration with the firewalls and email solutions. Therefore, it can give us quick visibility in case there is any malicious or suspicious activity happening.

MG
Assistant Superintendent with 51-200 employees
Real User
Top 20
2020-10-19T09:33:32Z
19 October 20

This product is part of a package that makes up our security solution.

AB
IT Director at a energy/utilities company with 1,001-5,000 employees
Real User
2020-10-13T07:21:37Z
13 October 20

We had firewalls set up and it integrated but didn't meet with our regulations. We were using this solution for endpoint protection.

FT
System Manager at a consumer goods company with 10,001+ employees
Real User
2020-08-30T08:33:28Z
30 August 20

We are still in the testing stages so there is not currently any primary use case beyond the base use of endpoint protection.

AA
Senior Information Security Architect at a tech services company with 201-500 employees
Real User
2020-07-19T08:15:00Z
19 July 20

I primarily use this solution for my clients. I don't use the solution myself.

MJ
CIO/CTO at a manufacturing company with 501-1,000 employees
Real User
2020-07-09T06:27:01Z
09 July 20

We primarily use the solution for our endpoint server and endpoint protection.

Mantu Shaw - PeerSpot reviewer
Sr. Technology Architect at Incedo Inc.
Real User
Top 5
2020-06-21T08:08:11Z
21 June 20

We use Cortex XDR as part of our security solution.

CB
Senior System Administrator at a government with 10,001+ employees
Real User
Top 10
2019-11-12T20:23:00Z
12 November 19

We use Palo Alto Traps in our Windows-based environments. Currently, it only protects our desktops and we use it in conjunction with our Check Point firewall.

Raul Rivera - PeerSpot reviewer
Cybersecurity Engineer at GFR Media
Real User
2019-04-17T08:37:00Z
17 April 19

We use Palo Alto Networks Traps (Version 6) to protect our endpoints against NG malware via behavior analysis, artificial intelligence and machine learning. Both the PA Traps endpoint logs, our PA firewall traffic logs and the Wildfire sandbox are used to provide immediate threat response and feed this information to the PA Threat Intelligence cloud.

MC
Network Manager of Cyber Defence at a government with 1,001-5,000 employees
Real User
2019-02-11T08:11:00Z
11 February 19

We used it for malware detection and to detect weird DNS calls. Overall, it was for endpoint protection.

Omar Sánchez (Mr.Tech) - PeerSpot reviewer
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
Consultant
Leaderboard
2019-02-07T12:28:00Z
07 February 19

The primary use case is endpoint security. The product is my main endpoint, IP, and threat management.

SH
Manager Information Technology at Avendus Capital Pvt. Ltd
Real User
2019-02-07T12:28:00Z
07 February 19

So far, we have only done a PoC of Palo Alto Traps. We deployed Traps on a few devices and then did the PoC. I also attend a workshop for Palo Alto Traps. I learned how it works and how it can block malicious files, etc.

AK
Information Technology Manager at a hospitality company with 10,001+ employees
Real User
2019-02-07T12:28:00Z
07 February 19

I used the product at my previous company until November 2018.

Luke Teeters - PeerSpot reviewer
Lead IT Security Analyst at a mining and metals company with 1,001-5,000 employees
Real User
2019-01-17T10:53:00Z
17 January 19

We use it for primary endpoint protection.

Rob Haller - PeerSpot reviewer
Security Engineer at US Acute Care Solutions
Real User
2019-01-10T08:22:00Z
10 January 19

Our primary use case is anti-malware and anti-exploit.

JN
Manager of InfoSec at Joann Fabrics
Real User
2018-12-12T10:13:00Z
12 December 18

Advanced endpoint protection.

Related Questions
Ammar Jibarah - PeerSpot reviewer
IT Security at Aramex
Sep 08, 2022
Hi community, I work as an IT Security person at a large Logistics company. At the moment, I'm researching these 2 products for my organization: Microsoft Defender for Endpoint and Cortex XDR by Palo Alto Networks. Most comparisons and reviews I found were done in late 2021 and early 2022. As of now, considering all Microsoft Updates on their Defender, which product would you prefer to use?...
2 out of 3 answers
Zubair Ahmad - PeerSpot reviewer
Chief Manager at Arcil
07 September 22
I have not used Microsoft Defender and only used Cortex XDR by Palo Alto Networks. My experience with Cortex is not good as you need to whitelist each and every exe file of each adn every computer. My recommendation for you is to go for Cynet360 MDR which is far better than Cortex in terms of auto detection and remediation. You will get genuine alert.
JH
Director, Customer Success at SecureWorks
07 September 22
I would go for the one with the best independent threat intelligence, a platform that allows you to change, add, move IT and Security infrastructure without impacting your security platform.  I would also place a close attention to storage costs, service levels and the number of resources providing human intelligence on top of machine intelligence for investigation and incident response, all in one platform.  But I am biased ;-)
Nurit Sherman - PeerSpot reviewer
Content Operations Manager at PeerSpot (formerly IT Central Station)
Aug 25, 2021
Hi community,  We all know that it's important to conduct a trial and/or proof-of-concept as part of the buying process.  Do you have any advice for your peers about the best way to conduct a trial/POC?  How do you conduct a trial effectively? Are there any mistakes to avoid?
2 out of 18 answers
JC
consultant
30 July 18
You might want to start out with business cases ... ensuring that your endpoint solution begins to address those. some ideas might include: * antivirus * antivirus updates via automation * antivirus updates via cloud or on premise automation * antivirus reporting to central on premise management server * do you want to rely upon static signatures? * do you want to find the zero days? * what about polymorphic / variants of previously known malware? * will your antivirus mechanism share with other machines / computer their discoveries? * do you want to share your information with the manufacturer (via cloud) or keep your discoveries in house / on premise? * DLP -data loss protection * DLP reporting to central management server * DLP - how easily configurable? * DLP -what type of additional work will this entail for analyses, etc * Host Intrusion Prevention (HIP) * HIP - will it report to a central management server? * How will all the central management servers communicate with each other / other computers? * Do you have to tier the solution due to network segmentation / geographic considerations / size of deployment? * Will the endpoint product talk to or receive from other security devices (email, web filters, etc at the perimeter?) * has Gartner developed some frameworks that are used for testing endpoint solutions? * has Gartner at least testing the solution you are looking at? * potentially check firecompass.com for endpoint solution comparisons? * does endpoint protection support all operating systems you are using? * does endpoint protection interface with other security products on the endpoint? * logging ... is it detailed enough? * do you want to automatically quarantine computer if malware is found? * go through vendors data sheet and ensure you check all capabilities and test them * what things did the vendor promise? test those. * talk to a couple of their customers (same size organization if possible using similar if not same endpoint protection capabilities). discuss roll out, problems faced, vendor assistance, etc. A couple of ideas - certainly not exhaustive. ___________________
JC
consultant
30 July 18
adding: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-111.pdf https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-46r2.pdf Guide to Enterprise Telework, Remote Access, and Bring ... nvlpubs.nist.gov NIST Special Publication 800-46 . Revision 2. Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security . Murugiah Souppaya Guide to storage encryption technologies for end user devices nvlpubs.nist.gov Guide to Storage Encryption Technologies for End User Devices Recommendations of the National Institute of Standards and Technology Karen Scarfone ________________________________
Download Free Report
Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
DOWNLOAD NOW
633,952 professionals have used our research since 2012.