Cyber Security Engineer at a media company with 201-500 employees
Real User
Top 20
Jan 12, 2026
Cortex XDR by Palo Alto Networks is more than an antivirus. It collects data and sends it to the Cortex Data Lake, which serves as your central location where you can manage logs and investigate incidents. If something is being blocked, you can investigate further to understand what is blocking on the second or third layer of the application. For example, if you have a trusted application that is not working as it should, Cortex XDR can help identify the issue. Cortex XDR not only verifies the executable that you are running, but it also analyzes all the dependencies that this executable is trying to call and sends all this information to the cloud database, to Cortex Data Lake. The product inspects the program that is running and also its dependencies. It also inspects the connections where that executable is connecting and from where it is connecting, along with all its dependencies. After that, it is more than an antivirus, and what I can add is it depends also on the license that you have. If you have the basic license, there are some things that you cannot control. For example, you have SAP running, and SAP is calling for a DLL to print something on a specific printer. That DLL is not signed because it is a makeshift drive, a specific driver for that printer. When you try to print and it is not printing, Cortex XDR blocked it. If you have a basic license, the only thing that you can do is allow or not allow that dependency to run. If you have the Pro license, you can tweak further. You can create rules by behavior, not just allow everything from that application, but you can allow a specific behavior, just that behavior, that communication, that port. It will allow the communication to be made. If that DLL tries to communicate from a different behavior, from a different port, or if that DLL makes a different behavior, Cortex XDR will detect and block it. This depends on the license. Cortex XDR is internet dependent, but you can make it offline. You have to install a middleware server that you have access to in Palo Alto to install, which is a broker VM. The broker VM has to have internet connections and will update Cortex XDR and retain the logs from all Cortex agents on the network and send it to the Cortex Data Lake. In Cortex Data Lake, there is machine learning that is not in the agent per se, but in the cloud on your own tenant. When you buy a license, you have a tenant and Palo Alto gives you storage space for log retention. All these logs and behaviors that the agents on the endpoints collect are sent to Cortex Data Lake, which is on the cloud. Those logs are being read by machine learning from Palo Alto to determine those behaviors and specific behaviors from applications or even the system, and it will help you on the control panel from Cortex XDR. You will see all the incidents and be able to see incidents. All that data is going to your tenant, to your cloud, and yours only. Cortex Data Lake is a Palo Alto data center, but your data is your data. Your logs are your logs. They are not shared with anyone. On the Data Lake, there is machine learning that inspects all these logs and therefore can detect specific behaviors that are happening on the endpoint. From the start, you can inspect specific behaviors, abnormal behaviors, or even incidents that may be a false positive or true positive. If there is malware, spyware, or something similar, it detects the behavior of the applications and dependencies from the second layer or third layer. If something is fishy, basically, it will be flagged. The cyber engineer has to check that incident and basically, give it a go or not, or block it, or create a new rule or deploy on all networks if it is a normal behavior from the application. For example, getting back to that example from the DLL of the printer or driver from a specific printer from SAP, and that DLL is trying to communicate to the printer on a specific port, Cortex XDR will detect it and it might, if it doesn't know what it is, block it. Then you can deploy and create a rule for that specific behavior and allow it on the network or part of the network or just an endpoint or two or three, depending on the group and depending on the scale that you have.
Technical engineer (SOC Analyst) at Hitachi Systems, Ltd.
Real User
Top 5
Dec 4, 2025
I have used Cortex for more than I worked in Cortex. I have around 2.1 years of experience using Cortex XDR, but currently, I am using Cortex. My main use case for Cortex is to prepare the chart flow of the main Cortex XDR. In Cortex XDR, we have to alert for our auto-triaging and repetitive tasks, and we use it for triage automatically. We use it for CTI Cyber Threat Intelligence enrichment, such as IP, URL, and IOCs, automatically. It also has reputation checks using VirusTotal, abuse.ch, and others for the purpose of the uses in Cortex XDR. It also includes playbook automation. For example, Cortex has many playbooks for phishing, malware, infection, ransomware, and lateral movement. These playbooks automatically conduct the entire investigation and response. In case management, it stores details, timelines, evidence, and others for easier incident tracking. From the SOC perspective, we have to reduce false positive cases, and it reduces duplicate alerts, allowing our SOC analyst to respond faster. On the other hand, for the use of the EDR, Cortex provides detection behavior, attack prevention, and can always identify file-less and memory-based attacks and UEBA normally. An additional point I need to add in Cortex XDR is manual commands during the investigation, such as Cortex war room commands, IP reputation checks, hash look analysis, and endpoint isolation. These help us to conduct a faster investigation. Additionally, we need to create and modify playbooks according to the organization and the needs of the organization's use cases, for example, auto-disabling a user in case of a suspicious login, auto-quarantining an endpoint with malware, and an auto-phishing and investigation workflow. We use Cortex for reporting to generate incident summary reports, post-incident reviews, and RCA documentation. We integrate it with tools such as SIEM, EDR, firewall, email security, web, and others for alert correlation.
I am currently using SIEM solutions such as Sentinel and Microsoft Defender, ELK, and Wazuh as SIEM solutions, and Microsoft Defender as the EDR solution or XDR solution. I am working on VelociRaptor as the threat hunting and incident response component, and I am also working on Cortex XDR by Palo Alto Networks as the EDR component and XDR component. I have been using Cortex XDR by Palo Alto Networks for one year at Inovasys. Our customer uses Cortex XDR by Palo Alto Networks as an on-premises version. I am not working on the deployment of Cortex XDR by Palo Alto Networks that is related to our customer, but we can use it to investigate the generated alerts from the solution, not the implementation of the box.
Head of data centers at a non-profit with 10,001+ employees
Real User
Top 5
Nov 10, 2025
Cortex XDR by Palo Alto Networks is being used for anti-malware purposes, investigation, and device control. Cortex XDR by Palo Alto Networks blocks sophisticated threats in real time effectively, generating alarms on the dashboard, sending emails, and providing excellent threat detection assistance while integrating with the firewall to isolate users within the environment.
We used Cortex XDR by Palo Alto Networks as our XDR solution. We had playbooks on the Cortex Data Lake on the Cortex management console where we configured conditions that start some compromises to protect access to servers, desktops, and laptops. The solution that we had was Cortex XDR by Palo Alto Networks installed in our infrastructure. We did not use the Cortex Cloud feature, just the XDR that we have on the infrastructure.
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: January 2026.
Cyber Security Information Security Specialist at MHM Holding GmbH
Real User
Top 20
Jul 1, 2025
The typical use case for Cortex XDR by Palo Alto Networks is that it has many features that traditional antivirus doesn't possess. Traditional antivirus doesn't have the capacity to dig down into the forensic part of any threat. The beauty of the product is that it digs down into forensics and provides a graphical view of each and every file that is called or clicked by the user.
I work with Cortex XDR by Palo Alto Networks ( /products/cortex-xdr-by-palo-alto-networks-reviews ). My primary use involves utilizing its capabilities as a next-generation antivirus solution, providing extended detection and response features along with threat prevention and behavioral control.
I have been working as a cybersecurity manager. I focus on implementing cybersecurity solutions for different companies, and I have hands-on experience working with Cortex XDR solution by Palo Alto Networks.
I use the solution in my company to protect our clients from unknown malware and threats. We also use the tool in our environment as an antivirus, EDR, and XDR solution.
Sr. Endpoint Security Engineer at iOPEX Technologies
Real User
Top 10
Aug 21, 2024
I am a tech support engineer or an endpoint security engineer who works with Cortex XDR's team itself, looking after all the support cases related to our technical stuff, specifically malware cases.
Network Security Engineer at a tech services company with 10,001+ employees
MSP
Top 10
Jul 9, 2024
Cortex XDR mainly focuses on endpoint protection. Unlike other antivirus products, it is way more advanced. It allows you to manage your endpoints and includes advanced threat analytics and behavioral analytics. For example, it offers a behavioral analysis, the main purpose of which is to identify suspicious activity. If any application performs suspicious activities, such as changing registries or modifying other applications, Cortex XDR detects and blocks the entire application. This ensures that unauthorized actions are prevented. Another feature of Cortex XDR is its ability to mitigate ransomware issues. It creates duplicate files on the endpoint, and if any ransomware attempts to access these files, it detects and identifies the ransomware attack. Cortex XDR offers many such advanced features in its cloud platform.
Senior Business Development Manager at a tech services company with 201-500 employees
Real User
May 4, 2023
It is used as a device that can detect any issues and changes when people are not at work. In one case, we use it when someone is not at work or has already used their allotted time off. This helps us understand any issues that may arise when someone is not at work, which could lead to changes in the way we work.
Servicio Posventa at a security firm with 11-50 employees
Real User
Feb 2, 2023
Our clients want to correlate information they have in their network. Many engineers or companies have different tools like CMs, firewalls, VPNs, and some other things related to networks. They mentioned that after they acquired the Cortex XDR solution they have all of the information in one place. That is important because they improved the time to solve security issues.
Site administrator officer at a tech services company with 11-50 employees
Real User
Jan 16, 2023
Cortex XDR is used for monitoring and securing large numbers of endpoints, typically in the range of 5,000 to 10,000. It is considered to be an effective solution for mitigating security risks in these environments.
Our company uses the solution for endpoint protection, detection, and response. The solution has antivirus and EDR capabilities. Our SOC analysts use it to investigate incidents. We currently have 300 to 400 users with two admins for management. The solution is installed on all user laptops to protect workstations. We also implement the solution for customers as a service. Most customers buy the solution for registry reasons and compliance standards. It gives you all the compliance points and improves how your SOC functions because it provides comprehensive visibility over the entire network and endpoints. It is called XDR because it not only looks at endpoints but also network traffic. The solution is offered on Palo Alto's private network. I think the underlying provider is Google Cloud, but that doesn't really matter. You are asked the region of your instance for connection such as Europe or the Middle East.
System Engineer at a logistics company with 5,001-10,000 employees
Real User
Jun 7, 2022
We're using it just to make sure that the customers, or our users, don't use any prohibited applications. We make sure that every application they use is on the allowed list. Any other application that is not only allowed is blocked until further notice. It's mainly to make sure that our organization is secure and that the software that the users are working on is secured too. This is the main reason. also to be aware and secured from any potential attack or ransomware etc.
This solution has replaced our traditional antivirus solutions; it protects our environment and safeguards our endpoints from any malware or exploitation. We are based in Azerbaijan, I'm the CISO of the company and we are customers of Palo Alto.
Information Technology Consultant at Trillennium (Pvt) Ltd
Reseller
Feb 11, 2022
We are not using it for our purposes because we are a Palo Alto partner. We propose it for our customers based on their requirements. We are both a service provider and a reseller. When the pandemic first began, the use cases were mostly for remote users. We deployed this for the majority of remote users.
Information Technology Corporate Manager at a consumer goods company with 1,001-5,000 employees
Real User
Nov 24, 2021
We are in the testing stage of using Cortex XDR by Palo Alto Networks. We are using it in order to ensure the corporate network servers are protected. Additionally, we need to use a specialized tool.
CyberSecurity Consultant at Information Technology Solutions- ITS
Real User
Nov 2, 2021
I have deployed some customized playbooks and modified ones which are out-of-the-box with more integration with SIEM solutions such as ArcSight, QRadar, ADRs and Trend Micro.
Relationship Manager at a financial services firm with 5,001-10,000 employees
Real User
Jul 23, 2021
We use it for malicious connections from malicious websites. There might also be some payloads that might be inside the traffic. We also use it to identify malicious processes or bugs that are running on the network and any activities that tend to lead to data infiltration.
Cortex XDR is used for endpoint detection and response. This is software placed into endpoints and work in this cloud. In cloud has the analytics, login, prevention models, et cetera.
Sales Engineer at a security firm with 51-200 employees
Real User
Mar 24, 2021
We use this solution to secure endpoints and to have more visibility on what is happening on the endpoints. We have two customers who are using this solution currently.
Network and Cybersecurity Consultant at a tech services company with 11-50 employees
Real User
Top 10
Jan 27, 2021
We're primarily a Palo Alto shop, and we integrate solutions in the Palo Alto ecosystem. But for firewalls and threat hunting, it's all through Cortex XDR. We also compliment the Cortex XDR product with other endpoint protection solutions, like Windows Defender, or whatever the customer is using,
Security Engineer at a tech services company with 11-50 employees
Real User
Jan 23, 2021
We use Cortex XDR by Palo Alto Networks for its ability to detect based on behavior rather than simple virus scan to prevent malicious activities. We also use it to go in and white list things that are okay. This way, they won't get blocked.
Vice President / Chief Technology Officer at Sinnott Wolach Technology Group
Reseller
Jan 7, 2021
We use it for our own company as well for our clients. It is mainly used for protecting the endpoints. Like everybody else nowadays, we're all working from home, and we have access to data on the public cloud, private cloud, and on-prem. We got to make sure that we're not exposing our endpoints to anything out there that could be malicious and that could cause any problems within our networking environment.
Lead Consultant at a tech services company with 1-10 employees
Real User
Dec 8, 2020
We are a solution provider and one of the Palo Alto products that we implement for our clients is Cortex XDR (Extended Detection and Response). It is also known as Traps, and it is mostly used for endpoint protection. For example, when remote users want to connect to their organization using a VPN, they will be protected.
Network Designer at a computer software company with 1,001-5,000 employees
Real User
Oct 22, 2020
We primarily use the product as endpoint security which we have deployed on all servers and locations. This is not limited to the endpoint, however, as it has further integration with the firewalls and email solutions. Therefore, it can give us quick visibility in case there is any malicious or suspicious activity happening.
Senior System Administrator at a government with 10,001+ employees
Real User
Nov 12, 2019
We use Palo Alto Traps in our Windows-based environments. Currently, it only protects our desktops and we use it in conjunction with our Check Point firewall.
We use Palo Alto Networks Traps (Version 6) to protect our endpoints against NG malware via behavior analysis, artificial intelligence and machine learning. Both the PA Traps endpoint logs, our PA firewall traffic logs and the Wildfire sandbox are used to provide immediate threat response and feed this information to the PA Threat Intelligence cloud.
So far, we have only done a PoC of Palo Alto Traps. We deployed Traps on a few devices and then did the PoC. I also attend a workshop for Palo Alto Traps. I learned how it works and how it can block malicious files, etc.
Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall...
Cortex XDR by Palo Alto Networks is more than an antivirus. It collects data and sends it to the Cortex Data Lake, which serves as your central location where you can manage logs and investigate incidents. If something is being blocked, you can investigate further to understand what is blocking on the second or third layer of the application. For example, if you have a trusted application that is not working as it should, Cortex XDR can help identify the issue. Cortex XDR not only verifies the executable that you are running, but it also analyzes all the dependencies that this executable is trying to call and sends all this information to the cloud database, to Cortex Data Lake. The product inspects the program that is running and also its dependencies. It also inspects the connections where that executable is connecting and from where it is connecting, along with all its dependencies. After that, it is more than an antivirus, and what I can add is it depends also on the license that you have. If you have the basic license, there are some things that you cannot control. For example, you have SAP running, and SAP is calling for a DLL to print something on a specific printer. That DLL is not signed because it is a makeshift drive, a specific driver for that printer. When you try to print and it is not printing, Cortex XDR blocked it. If you have a basic license, the only thing that you can do is allow or not allow that dependency to run. If you have the Pro license, you can tweak further. You can create rules by behavior, not just allow everything from that application, but you can allow a specific behavior, just that behavior, that communication, that port. It will allow the communication to be made. If that DLL tries to communicate from a different behavior, from a different port, or if that DLL makes a different behavior, Cortex XDR will detect and block it. This depends on the license. Cortex XDR is internet dependent, but you can make it offline. You have to install a middleware server that you have access to in Palo Alto to install, which is a broker VM. The broker VM has to have internet connections and will update Cortex XDR and retain the logs from all Cortex agents on the network and send it to the Cortex Data Lake. In Cortex Data Lake, there is machine learning that is not in the agent per se, but in the cloud on your own tenant. When you buy a license, you have a tenant and Palo Alto gives you storage space for log retention. All these logs and behaviors that the agents on the endpoints collect are sent to Cortex Data Lake, which is on the cloud. Those logs are being read by machine learning from Palo Alto to determine those behaviors and specific behaviors from applications or even the system, and it will help you on the control panel from Cortex XDR. You will see all the incidents and be able to see incidents. All that data is going to your tenant, to your cloud, and yours only. Cortex Data Lake is a Palo Alto data center, but your data is your data. Your logs are your logs. They are not shared with anyone. On the Data Lake, there is machine learning that inspects all these logs and therefore can detect specific behaviors that are happening on the endpoint. From the start, you can inspect specific behaviors, abnormal behaviors, or even incidents that may be a false positive or true positive. If there is malware, spyware, or something similar, it detects the behavior of the applications and dependencies from the second layer or third layer. If something is fishy, basically, it will be flagged. The cyber engineer has to check that incident and basically, give it a go or not, or block it, or create a new rule or deploy on all networks if it is a normal behavior from the application. For example, getting back to that example from the DLL of the printer or driver from a specific printer from SAP, and that DLL is trying to communicate to the printer on a specific port, Cortex XDR will detect it and it might, if it doesn't know what it is, block it. Then you can deploy and create a rule for that specific behavior and allow it on the network or part of the network or just an endpoint or two or three, depending on the group and depending on the scale that you have.
I have used Cortex for more than I worked in Cortex. I have around 2.1 years of experience using Cortex XDR, but currently, I am using Cortex. My main use case for Cortex is to prepare the chart flow of the main Cortex XDR. In Cortex XDR, we have to alert for our auto-triaging and repetitive tasks, and we use it for triage automatically. We use it for CTI Cyber Threat Intelligence enrichment, such as IP, URL, and IOCs, automatically. It also has reputation checks using VirusTotal, abuse.ch, and others for the purpose of the uses in Cortex XDR. It also includes playbook automation. For example, Cortex has many playbooks for phishing, malware, infection, ransomware, and lateral movement. These playbooks automatically conduct the entire investigation and response. In case management, it stores details, timelines, evidence, and others for easier incident tracking. From the SOC perspective, we have to reduce false positive cases, and it reduces duplicate alerts, allowing our SOC analyst to respond faster. On the other hand, for the use of the EDR, Cortex provides detection behavior, attack prevention, and can always identify file-less and memory-based attacks and UEBA normally. An additional point I need to add in Cortex XDR is manual commands during the investigation, such as Cortex war room commands, IP reputation checks, hash look analysis, and endpoint isolation. These help us to conduct a faster investigation. Additionally, we need to create and modify playbooks according to the organization and the needs of the organization's use cases, for example, auto-disabling a user in case of a suspicious login, auto-quarantining an endpoint with malware, and an auto-phishing and investigation workflow. We use Cortex for reporting to generate incident summary reports, post-incident reviews, and RCA documentation. We integrate it with tools such as SIEM, EDR, firewall, email security, web, and others for alert correlation.
My main use cases include workload protection, endpoint and perimeter protection of the environment, data center, and also the cloud.
I am currently using SIEM solutions such as Sentinel and Microsoft Defender, ELK, and Wazuh as SIEM solutions, and Microsoft Defender as the EDR solution or XDR solution. I am working on VelociRaptor as the threat hunting and incident response component, and I am also working on Cortex XDR by Palo Alto Networks as the EDR component and XDR component. I have been using Cortex XDR by Palo Alto Networks for one year at Inovasys. Our customer uses Cortex XDR by Palo Alto Networks as an on-premises version. I am not working on the deployment of Cortex XDR by Palo Alto Networks that is related to our customer, but we can use it to investigate the generated alerts from the solution, not the implementation of the box.
Cortex XDR by Palo Alto Networks is being used for anti-malware purposes, investigation, and device control. Cortex XDR by Palo Alto Networks blocks sophisticated threats in real time effectively, generating alarms on the dashboard, sending emails, and providing excellent threat detection assistance while integrating with the firewall to isolate users within the environment.
We used Cortex XDR by Palo Alto Networks as our XDR solution. We had playbooks on the Cortex Data Lake on the Cortex management console where we configured conditions that start some compromises to protect access to servers, desktops, and laptops. The solution that we had was Cortex XDR by Palo Alto Networks installed in our infrastructure. We did not use the Cortex Cloud feature, just the XDR that we have on the infrastructure.
The typical use case for Cortex XDR by Palo Alto Networks is that it has many features that traditional antivirus doesn't possess. Traditional antivirus doesn't have the capacity to dig down into the forensic part of any threat. The beauty of the product is that it digs down into forensics and provides a graphical view of each and every file that is called or clicked by the user.
I work with Cortex XDR by Palo Alto Networks ( /products/cortex-xdr-by-palo-alto-networks-reviews ). My primary use involves utilizing its capabilities as a next-generation antivirus solution, providing extended detection and response features along with threat prevention and behavioral control.
I have been working as a cybersecurity manager. I focus on implementing cybersecurity solutions for different companies, and I have hands-on experience working with Cortex XDR solution by Palo Alto Networks.
I use the solution in my company to protect our clients from unknown malware and threats. We also use the tool in our environment as an antivirus, EDR, and XDR solution.
I am a tech support engineer or an endpoint security engineer who works with Cortex XDR's team itself, looking after all the support cases related to our technical stuff, specifically malware cases.
Cortex XDR mainly focuses on endpoint protection. Unlike other antivirus products, it is way more advanced. It allows you to manage your endpoints and includes advanced threat analytics and behavioral analytics. For example, it offers a behavioral analysis, the main purpose of which is to identify suspicious activity. If any application performs suspicious activities, such as changing registries or modifying other applications, Cortex XDR detects and blocks the entire application. This ensures that unauthorized actions are prevented. Another feature of Cortex XDR is its ability to mitigate ransomware issues. It creates duplicate files on the endpoint, and if any ransomware attempts to access these files, it detects and identifies the ransomware attack. Cortex XDR offers many such advanced features in its cloud platform.
I used the solution for investigating incidents and malware analysis.
Cortex XDR by Palo Alto Networks is an antivirus tool that provides EDR and XDR.
We use the product to monitor and control all the systems. It helps us understand user behavior.
We use the product as a detection and response application.
The solution is like a next-level EDR. It can collect information from other solutions to have a global view of the risks and vulnerabilities.
Cortex XDR by Palo Alto Networks is the antivirus solution we use for Androids.
It is used as a device that can detect any issues and changes when people are not at work. In one case, we use it when someone is not at work or has already used their allotted time off. This helps us understand any issues that may arise when someone is not at work, which could lead to changes in the way we work.
We use the solution for telemetry and for its anti-virus capability.
Our clients want to correlate information they have in their network. Many engineers or companies have different tools like CMs, firewalls, VPNs, and some other things related to networks. They mentioned that after they acquired the Cortex XDR solution they have all of the information in one place. That is important because they improved the time to solve security issues.
Cortex XDR is used for monitoring and securing large numbers of endpoints, typically in the range of 5,000 to 10,000. It is considered to be an effective solution for mitigating security risks in these environments.
Our company uses the solution for endpoint protection, detection, and response. The solution has antivirus and EDR capabilities. Our SOC analysts use it to investigate incidents. We currently have 300 to 400 users with two admins for management. The solution is installed on all user laptops to protect workstations. We also implement the solution for customers as a service. Most customers buy the solution for registry reasons and compliance standards. It gives you all the compliance points and improves how your SOC functions because it provides comprehensive visibility over the entire network and endpoints. It is called XDR because it not only looks at endpoints but also network traffic. The solution is offered on Palo Alto's private network. I think the underlying provider is Google Cloud, but that doesn't really matter. You are asked the region of your instance for connection such as Europe or the Middle East.
We are using Cortex XDR by Palo Alto Networks for all of our remote users because they are not connected to our on-premise data center.
Cortex XDR by Palo Alto Networks is a network management solution.
I'm testing the product right now. I use the solution for endpoint security.
We primarily use the solution for security.
We're using it just to make sure that the customers, or our users, don't use any prohibited applications. We make sure that every application they use is on the allowed list. Any other application that is not only allowed is blocked until further notice. It's mainly to make sure that our organization is secure and that the software that the users are working on is secured too. This is the main reason. also to be aware and secured from any potential attack or ransomware etc.
This solution has replaced our traditional antivirus solutions; it protects our environment and safeguards our endpoints from any malware or exploitation. We are based in Azerbaijan, I'm the CISO of the company and we are customers of Palo Alto.
It has just been about a month.
We are not using it for our purposes because we are a Palo Alto partner. We propose it for our customers based on their requirements. We are both a service provider and a reseller. When the pandemic first began, the use cases were mostly for remote users. We deployed this for the majority of remote users.
Security correlation is our main use case.
My customer wanted to use EDR. We worked with the POC to demonstrate the antivirus and how it has more features for detecting threats.
We are in the testing stage of using Cortex XDR by Palo Alto Networks. We are using it in order to ensure the corporate network servers are protected. Additionally, we need to use a specialized tool.
I have deployed some customized playbooks and modified ones which are out-of-the-box with more integration with SIEM solutions such as ArcSight, QRadar, ADRs and Trend Micro.
My primary use of this solution is as an endpoint security client.
I use it for visibility, mitigation, and analysis of advanced threat attacks.
I use the solution for endpoint protection.
We use it for malicious connections from malicious websites. There might also be some payloads that might be inside the traffic. We also use it to identify malicious processes or bugs that are running on the network and any activities that tend to lead to data infiltration.
We use this solution to protect our computer system against threats, such as exploits and malware.
The primary use case is mainly endpoint protection.
Cortex XDR is used for endpoint detection and response. This is software placed into endpoints and work in this cloud. In cloud has the analytics, login, prevention models, et cetera.
We use this solution to secure endpoints and to have more visibility on what is happening on the endpoints. We have two customers who are using this solution currently.
We use this solution specifically in endpoint response, endpoint detection, endpoint sandboxing, and as a firewall.
We're primarily a Palo Alto shop, and we integrate solutions in the Palo Alto ecosystem. But for firewalls and threat hunting, it's all through Cortex XDR. We also compliment the Cortex XDR product with other endpoint protection solutions, like Windows Defender, or whatever the customer is using,
We use Cortex XDR by Palo Alto Networks for its ability to detect based on behavior rather than simple virus scan to prevent malicious activities. We also use it to go in and white list things that are okay. This way, they won't get blocked.
We use it for our own company as well for our clients. It is mainly used for protecting the endpoints. Like everybody else nowadays, we're all working from home, and we have access to data on the public cloud, private cloud, and on-prem. We got to make sure that we're not exposing our endpoints to anything out there that could be malicious and that could cause any problems within our networking environment.
We are a solution provider and one of the Palo Alto products that we implement for our clients is Cortex XDR (Extended Detection and Response). It is also known as Traps, and it is mostly used for endpoint protection. For example, when remote users want to connect to their organization using a VPN, they will be protected.
We mainly use it for endpoint protection, exploit prevention, and malware prevention.
We primarily use the product as endpoint security which we have deployed on all servers and locations. This is not limited to the endpoint, however, as it has further integration with the firewalls and email solutions. Therefore, it can give us quick visibility in case there is any malicious or suspicious activity happening.
This product is part of a package that makes up our security solution.
We had firewalls set up and it integrated but didn't meet with our regulations. We were using this solution for endpoint protection.
We are still in the testing stages so there is not currently any primary use case beyond the base use of endpoint protection.
I primarily use this solution for my clients. I don't use the solution myself.
We primarily use the solution for our endpoint server and endpoint protection.
We use Cortex XDR as part of our security solution.
We use Palo Alto Traps in our Windows-based environments. Currently, it only protects our desktops and we use it in conjunction with our Check Point firewall.
We use Palo Alto Networks Traps (Version 6) to protect our endpoints against NG malware via behavior analysis, artificial intelligence and machine learning. Both the PA Traps endpoint logs, our PA firewall traffic logs and the Wildfire sandbox are used to provide immediate threat response and feed this information to the PA Threat Intelligence cloud.
We used it for malware detection and to detect weird DNS calls. Overall, it was for endpoint protection.
I used the product at my previous company until November 2018.
So far, we have only done a PoC of Palo Alto Traps. We deployed Traps on a few devices and then did the PoC. I also attend a workshop for Palo Alto Traps. I learned how it works and how it can block malicious files, etc.
The primary use case is endpoint security. The product is my main endpoint, IP, and threat management.
We use it for primary endpoint protection.
Our primary use case is anti-malware and anti-exploit.
Advanced endpoint protection.