We mainly use it for endpoint protection, exploit prevention, and malware prevention.
Consultant at a tech services company with 501-1,000 employees
User friendly, stable, and automatically correlates events and logs
Pros and Cons
- "It can automatically correlate events and logs, which is very helpful for an IT administrator. It can correlate different kinds of malware activities over a network, agent, or host system. You do not need to do it manually. It is a good feature. It is also a user-friendly solution. We have deployed it on the cloud because our space does not provide any flexibility for on-premises deployment, but Palo Alto has added some flexibility to install it on-premises. It must be like the same Cortex XDR agent for all the VPN services, web filtering services, and everything else."
- "It is not a suitable solution if you are looking for a single product with multiple features such as DLP, encryption, rollback, etc."
What is our primary use case?
What is most valuable?
It can automatically correlate events and logs, which is very helpful for an IT administrator. It can correlate different kinds of malware activities over a network, agent, or host system. You do not need to do it manually. It is a good feature.
It is also a user-friendly solution. We have deployed it on the cloud because our space does not provide any flexibility for on-premises deployment, but Palo Alto has added some flexibility to install it on-premises. It must be like the same Cortex XDR agent for all the VPN services, web filtering services, and everything else.
What needs improvement?
It is not a suitable solution if you are looking for a single product with multiple features such as DLP, encryption, rollback, etc.
this is good as an endpoint protection to prevent malware, exploits, zero days, ransomware, botnet etc. For features like Host DLP or encryption or patch management, or any such features which are available in basic anti-virus, you cannot expect it in Palo Alto Network's Cortex XDR solution. rest, all features work as expected, without any lagg or slowness observed in the system.
For how long have I used the solution?
I have been using this solution for a year or something like that. We have been using it from the day they launched or released version 4.0. Currently, they are on version 7.
Buyer's Guide
Cortex XDR by Palo Alto Networks
December 2024
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
What do I think about the stability of the solution?
It is stable. I have never faced any kind of issues or never heard from any of my colleagues that they have faced any kind of issue.
What do I think about the scalability of the solution?
There is no problem with scalability. Currently, we have around 150 users. In our company, it is compulsory to install this agent on all systems. If we want to scale it, we just need to install an agent. There is no upgrading the server or the hardware because it is a SaaS service provided by Palo Alto Networks.
How are customer service and support?
We directly raise issues with Palo Alto Networks, and they support us. I've never directly created a support query because our IT team looks into support queries, but I think it's pretty easy. You'll never face any kind of issues or challenges in raising support queries.
How was the initial setup?
It was straightforward. In earlier versions, such as version 4.0, it was a bit difficult to install the server and then upgrade the agents and servers. These processes were difficult. There are no complications now.
It took us more than a week to deploy because we were implementing it on the systems of various users who were working from home.
What about the implementation team?
We are a partner of Palo Alto Networks, so we have deployed it directly.
Which other solutions did I evaluate?
We evaluated multiple products. We have evaluated Trend Micro, McAfee, Broadcom Symantec, Sophos, and many other products. Each product is good in its own field. We chose Cortex because we already had a Palo Alto Networks firewall. It got integrated easily, and the co-relation part and the co-relation engine worked very well.
What other advice do I have?
If you are looking for security, mainly for advanced threat prevention from ransomware and malware attacks, I would recommend Cortex. Even if you want to integrate your firewall, I would recommend Cortex, but if you are looking for a single product with multiple options or features, such as DLP, encryption, rollback, and other features, I would not recommend Cortex.
I would rate Cortex XDR a nine out of ten.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Relationship Manager at a financial services firm with 5,001-10,000 employees
Easy to use, but can have more security and integrations
Pros and Cons
- "It is easy to use."
- "Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms."
What is our primary use case?
We use it for malicious connections from malicious websites. There might also be some payloads that might be inside the traffic. We also use it to identify malicious processes or bugs that are running on the network and any activities that tend to lead to data infiltration.
What is most valuable?
It is easy to use.
What needs improvement?
Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms.
For how long have I used the solution?
I have been using this solution for about a year.
What do I think about the scalability of the solution?
We have maybe a thousand users of this solution because it is deployed on-prem.
How was the initial setup?
I don't think there were issues with the installation.
What's my experience with pricing, setup cost, and licensing?
It has a yearly renewal.
What other advice do I have?
I would recommend this solution. I would rate Cortex XDR a seven out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cortex XDR by Palo Alto Networks
December 2024
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Lead Consultant at a tech services company with 1-10 employees
Helpful support that can be reached quickly and easily, and the endpoint reporting is good
Pros and Cons
- "The protection offered by this product is good, as is the endpoint reporting."
- "Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer."
What is our primary use case?
We are a solution provider and one of the Palo Alto products that we implement for our clients is Cortex XDR (Extended Detection and Response).
It is also known as Traps, and it is mostly used for endpoint protection. For example, when remote users want to connect to their organization using a VPN, they will be protected.
What is most valuable?
The protection offered by this product is good, as is the endpoint reporting.
Once installed, this product is easy to manage, whether it is on-premises or the cloud-based management system.
What needs improvement?
There are a lot of logs generated and an engineer has to go through all of the events to find out exactly what the bottleneck is. We do need to collect the events but this can be time-consuming. Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer.
A better pricing plan would make this product more competitive.
For how long have I used the solution?
We have been dealing with Palo Alto, including Cortex XDR for more than three years.
What do I think about the stability of the solution?
This is a stable product and it is good, but we will keep evaluating other products as we continue to offer this type of solution to our customers.
What do I think about the scalability of the solution?
Cortex XDR is a scalable solution.
How are customer service and technical support?
The technical support team is good, and we can reach them quickly and easily. However, finding a resolution might take time.
Which solution did I use previously and why did I switch?
We have used Cylance in the past, although we stopped using it about three years ago.
We are currently using K7 Endpoint Protection. Unfortunately, it is not catching anything, whether it is malware or a virus.
How was the initial setup?
When we first implemented this product, it was called Traps. However, I don't see any difference, other than the name. For new customers, it might be a bit difficult to install and set up. It takes perhaps eight hours to install.
What about the implementation team?
I deployed this product, and I was also involved with the initial POC.
Only one admin is needed for deployment and a second person should be available to work with the users.
What's my experience with pricing, setup cost, and licensing?
This is an expensive solution.
Which other solutions did I evaluate?
We are currently trying to evaluate ELK.
What other advice do I have?
Overall, this is a good product and I can recommend it to others.
I would rate this solution an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
IT manager at a computer software company with 11-50 employees
Provides ability to see what's going on with your assets and react to cyber attacks
Pros and Cons
- "Its ability to react to cyber data attacks is awesome. That is pretty much the use of it. What blows your mind is the ability to access your assets remotely and see what is actually going on with them. You can not only see them in a console. You can also react very rapidly to your assets that are compromised."
- "It should support more mobile operating systems. That is one of the cons of their infrastructure right now."
What is our primary use case?
I use it for visibility, mitigation, and analysis of advanced threat attacks.
What is most valuable?
Its ability to react to cyber data attacks is awesome. That is pretty much the use of it. What blows your mind is the ability to access your assets remotely and see what is actually going on with them. You can not only see them in a console. You can also react very rapidly to your assets that are compromised.
What needs improvement?
It should support more mobile operating systems. That is one of the cons of their infrastructure right now.
For how long have I used the solution?
I have been using this solution for more than four years.
What do I think about the stability of the solution?
It has been extremely stable.
What do I think about the scalability of the solution?
It is easily scalable. For example, if you have version 2, Palo Alto upgrades it automatically. The agents for your assets are also scalable for new operating systems. So, it is very scalable.
How are customer service and technical support?
Their technical support is very agile and very good. I would rate them a nine out of 10.
How was the initial setup?
It is way too easy to deploy it and set it up.
What other advice do I have?
I would highly recommend it unless you have iOS assets on your network.
I would rate Cortex XDR an eight out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer:
Director of Cloud Security at a comms service provider with 51-200 employees
Solid solution
Pros and Cons
- "The dashboard is customizable."
- "The dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard."
What needs improvement?
In terms of what could be improved in Cortex XDR, definitely the host insights module. The ability to kind of take a look at what applications are running on the endpoint is a new feature, but there is a lot of room for improvement there in terms of versioning and so forth.
Additionally, the dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard.
For how long have I used the solution?
I have been working with Cortex XDR over the last year, at least.
What other advice do I have?
On a scale of one to ten, I would give Cortex XDR by Palo Alto Networks an eight.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Highly scalable, effective intelligence, and reliable
Pros and Cons
- "One of the main benefits of the solution is its intelligence to correlate the events into an incident."
- "The solution could improve by providing better integration with their own products and others."
What is our primary use case?
I use the solution for endpoint protection.
What is most valuable?
One of the main benefits of the solution is its intelligence to correlate the events into an incident.
What needs improvement?
The solution could improve by providing better integration with their own products and others.
For how long have I used the solution?
I have been using this solution for approximately one year.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
It is one of the best in the market for scalability.
We have approximately 500 people using this solution in my organization and we plan to increase usage.
How was the initial setup?
The initial installation is easy.
What about the implementation team?
We did the implantation of the solution with integrators.
What's my experience with pricing, setup cost, and licensing?
The price of the solution is high for the license and in general.
Which other solutions did I evaluate?
We evaluated CrowedStrike and Darktrace.
What other advice do I have?
I would recommend this solution to others.
I rate Cortex XDR by Palo Alto Networks a nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
ISEC Unit Manager at a tech services company with 11-50 employees
We can manage several clients from the same console, and its endpoint defense is more advanced than traditional antivirus
Pros and Cons
- "Cortex XDR lets us manage several clients from the same console, and its endpoint defense is more advanced than traditional antivirus."
- "Cortex XDR is trickier to configure than other Palo Alto products. This is one area where we are not so satisfied."
What is our primary use case?
We have deployed Cortex XDR for a couple of clients in manufacturing.
What is most valuable?
Cortex XDR lets us manage several clients from the same console, and its endpoint defense is more advanced than traditional antivirus.
What needs improvement?
The dashboard could be more user-friendly.
For how long have I used the solution?
I've been using Cortex XDR for two years.
What do I think about the stability of the solution?
Cortex XDR is stable enough.
What do I think about the scalability of the solution?
Cortex's scalability is good. We have about 200 users on it at the moment.
How are customer service and support?
Palo Alto support is great.
How was the initial setup?
Cortex XDR is trickier to configure than other Palo Alto products. This is one area where we are not so satisfied. We need two people to deploy and maintain the solution.
What's my experience with pricing, setup cost, and licensing?
Our clients pay for the license every year. It's just a standard fee with no additional costs.
What other advice do I have?
I rate Cortex XDR eight out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Pre-sales engineer at a tech services company with 51-200 employees
Best support and good interface, price, and security
Pros and Cons
- "Its interface and pricing are most valuable. It is better than other vendors in terms of security."
- "It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control. Currently, Cortex is good in terms of the security of the endpoints, but it is not as good as other vendors in terms of the management of the endpoint."
What is our primary use case?
We are using it for a banking client.
What is most valuable?
Its interface and pricing are most valuable. It is better than other vendors in terms of security.
What needs improvement?
It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control. Currently, Cortex is good in terms of the security of the endpoints, but it is not as good as other vendors in terms of the management of the endpoint.
For how long have I used the solution?
I have been using this solution for two years.
What do I think about the stability of the solution?
It is very stable. I wouldn't recommend the latest version. Being a new version, it would have bugs, which is similar to the new versions of other products.
What do I think about the scalability of the solution?
In Peru, we have approximately 20,000 users. The banking client doesn't have any plans to expand the usage. We might increase its usage by 200 to 500 with new clients.
How are customer service and technical support?
Technical support of Palo Alto is the best.
How was the initial setup?
It is very easy to deploy. The deployment is quick. The deployment of the management console takes just two hours, but the deployment of the agent takes approximately a month.
We have five to eight engineers for deployment and maintenance.
What other advice do I have?
I would rate Cortex XDR a nine out of 10.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Buyer's Guide
Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Endpoint Protection Platform (EPP) Extended Detection and Response (XDR) Ransomware Protection AI-Powered Cybersecurity PlatformsPopular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Cisco Secure Endpoint
SentinelOne Singularity Complete
Fortinet FortiClient
Symantec Endpoint Security
Intercept X Endpoint
Trend Vision One Endpoint Security
Trellix Endpoint Security
Kaspersky Endpoint Security for Business
ESET Endpoint Protection Platform
Check Point Harmony Endpoint
VMware Carbon Black Endpoint
Buyer's Guide
Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which SIEM is best fit with Palo Alto Cortex XDR?
- Which product would you choose: Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks?
- Cortex XDR by Palo Alto vs. Sentinel One
- FortiXDR vs Cortex Pro - which is the best?
- Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
- How is Cortex XDR compared with Microsoft Defender?
- Which is better - Cortex XDR or Symantec End-User Endpoint Security?
- How would you compare BlackBerry Protect vs Cortex XDR by Palo Alto Networks?
- What is the biggest difference between EPP and EDR products?
- Can Cylance be used with Symantec or Kaspersky endpoint solutions without conflict?