Cortex XDR by Palo Alto Networks Reviews

We use the solution to deduct from the endpoints any files in the network or any suspicious thing happening in the host machine or servers. We have the Palo Alto Networks Firewall team, and we check the connection from the Palo Alto Networks Firewalls using Cortex XDR by collecting all the information.

The best thing about Cortex XDR is that it has host servers, networks, and proxy servers. On the other hand, CrowdStrike has only hosts and servers. The solution helps find bugs, and it is safe to use to prevent attacks by hackers.

The solution should add unwanted malicious hash values to a block list so that whenever the action is triggered, it will automatically prevent the malicious content. We can even block the IP address in malicious content. If any host is affected, we can isolate the host, rectify that problem, and prevent it from happening in the future.

I have been using Cortex XDR by Palo Alto Networks for one year.

More than 15,000 people are using the solution in our organization.

We contacted the technical support team for a downgrade issue with Cortex XDR. Due to some network errors, we worked with the support team. They rectified the problem, but it affected us for over two hours. We had to check all the hosts and servers connected to Cortex XDR. We rechecked and reinstalled Cortex XDR. I was happy with the support team’s fast response time.

We are also using CrowdStrike. Compared to CrowdStrike, Cortex XDR gives more detailed information for us to work with. We can connect to the host's live terminal, work with that host in an emergency, and prevent that host.

The solution's ease of deployment depends on the user's experience. It would be easy for someone with experience.

Compared to CrowdStrike, Cortex XDR is an expensive solution.

A beginner will take some time to learn to use the solution. I would recommend the solution to other users.

Overall, I rate the solution an eight out of ten.

Officially, I'm an MSP, but I also host it for our own internal software. I've got XDR installed on 26,000 devices. It is used for threat prevention, policy enforcement, firewall rules, and DLP. We use it for pretty much everything. Our firewalls also integrate with XDR.

We use XDR Pro. It is in the cloud, and we have got version 7 at the moment, which is probably the latest update of it.

The key thing is the visibility of what's going on in our networks and on our end devices. It gives us visibility.

It provides the ability to query. I can query for any file or any IOC on any of the devices installed, and it will search for a data link.

The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine. 

In general, it has been able to see every single threat that has ever come up and it helps us stop it. 

I've used it for a great many years now, and it worked really well. From the Palo Alto side, whatever they buy, they integrate that really well into their integration suite, and that makes a massive difference.

The onboarding process could be better. 

It tends to do 99.9% of things. The only thing I'd like is single sign-on authentication into their cloud platform so that my users can be properly authenticated against it.

Its stability is very good.

Its scalability is very good. It is on my servers as well as my end users. I've got five and a half thousand end-users plugged in, and they're all on, and then I have 26,000 servers on it as well.

I would rate them a 9 out of 10. The only reason why they lose a point is that if I escalate, it gets done really quickly. I've got all the various contacts I could ever need inside Palo Alto, but some of my other colleagues don't have that same level of contact. So, if I'm doing it, it is rapid, but if they're doing it, it is slower.

Positive

I've worked with Carbon Black, which Cortex XDR beats hands down. The reason it beats it hands down is because of the ability to query. I couldn't do that with Carbon Black. For me, that was a genuine issue with Carbon Black. That was one of the main reasons why we've literally moved 22,000 devices off Carbon Black into Cortex XDR.

We also use Sophos, McAfee, and BitDefender. As a group, we buy multiple companies a year. So, we come across most of them.

If it is my own device, I would love to have Cortex, but I can't buy one license. I have to buy a minimum of 250 licenses. So, I normally go for something like BitDefender because it has the least amount of bloatware.

It is straightforward. It is pretty much out of the box. It works how you want it to work. So, you can't really ask for more.

It is also easy to maintain.

It was implemented in-house.

In the company I'm in, we make software. On that basis, we've gone for what we need to make sure our software and all of our customer data are secure. That drives us more than the ROI. It may sound a little weird, but it is the way we run because, for us, the ROI is almost pointless if we lose all our data.

I have the full Pro Prevent license. So, I've got post analytics, forensics, and the whole lot of it.

My advice to others who would like to start working with Cortex is to not dip your toe in the water. Go big or go home. If you integrate everything in, you'll get fantastic results. You shouldn't do some bits here and there. You need to use their ecosystem as a whole. If you're in their entire ecosystem, the results are amazing.

I would rate it a 10 out of 10.

We primarily use the solution for security.

We're trying to explore Cortex's possibly to detect digital forensics and the source of the issues. 

The initial setup isn't too bad.

I have run into some detection issues with Cortex XDR. 

If they had pulse rate detection, it would be better.

The whole state IPS should be better. 

It needs to be better at detection of internal attacks. 

We started using the solution since about 2019 or 2020. It's been around two or three years.

The stability is pretty good except for one or two cases. Based on the performance, it's been okay. It's got pretty high performance. There are no bugs or glitches. It doesn't crash or freeze. 

We have around 4,500 users on the solution currently. It usually handles around 1,400 people. We have these devices across many departments. 

The solution has the capability to scale. A company can expand it as necessary.

I've contacted technical support one or two times and found that their support is very fast to respond. They are helpful in each case. We are very satisfied with their level of service.

We used to use Symantec. We have since stopped.

Symantec can easily be put on a USB device, and then they can check it all to scan within the computer. However, we tried to submit a case for a feature enhancement, and, after two or three years, they still do not have this feature enabled and available. 

The initial setup isn't overly difficult on the cloud. We do not wish to have endpoint clients plow into our internal environment. The deployment shouldn't take up too much manpower. 

The pricing is pretty good. It's reasonable. I'd rate it four out of five. Of course, it could always be a bit lower. 

I'm a customer and end-user. 

I'd rate the solution seven out of ten. 

There are GRC rules in Cortex XDR, which engage IOC very quickly. There's file detection and delay. Compared to competitors, this feature allows for selling and deleting files. We can utilize the report if the file has already been deleted. This integration enhances the system. Apart from standard policies, explicit and exploit policies provide various options. We can modify policies using profiles.

We can modify the policies as we want. It also has reporting for everyone. You can customize the queue in the dashboard, and most of the features are more common among others. It has file detection.  The search is very simple. The console is very user-friendly in the system. Anyone can get trained within an hour. You don't need much expertise to handle it. If someone has the proper training, he can handle it very easily.

Since IOC is already in the market, I can include it. I can ingest and manage it, whether a process, file or anything else.

Secondly, we can easily prioritize using the app if something goes wrong within the network. If there are multiple alerts, the app will automatically create and rate an event instead of going through each one. We get a simple view where I can easily see the exact child and parent processes, all summarized at each level with a simple click. From there, I can isolate the device and work on remediation. Using that, I will search for this file throughout the network and delete it. I can block or delete the network or block a particular end system.

Additionally, they do not have interactive remote shells when accessing remote shares. While I can access files and directories, competitors often provide a command prompt.

The licensing model is complex to understand. It requires expertise to explain how the licensing works. You need expertise to guide you through the subscription plan.

Everything is fine. However, if there are any security suggestions, they should be addressed promptly. For instance, configuring the tool and setting up email configurations are essential. Additionally, web filtering is crucial; if there are any high-risk URLs or logs, they should be filtered. Palo Alto Networks already has a robust database for this purpose, which they utilize in their perimeter-level devices by leveraging this database and integrating it into Cortex XDR, enhancing the security posture. Automatic security suggestions are also provided for individual devices, further enhancing security. Adding URLs and addressing the mentioned points are essential steps. They're aggregating all the logs from various devices.

I have been using Cortex XDR by Palo Alto Networks as a distributor for 1 to 2 years.

The product is stable enough.

I rate the solution’s stability a ten out of ten.

The solution’s scalability is good. The solution is well-fit for medium businesses since the cost of this product is too high.

I rate the solution’s scalability an eight out of ten.

Technical support is not good. They do not have the expertise. I observed it two to three times. They understand the exact issue, and they deploy it. They will give a resolution after two or three calls. It takes a week for simple solutions. They are providing the solution, but it’s taking time.

Neutral

The initial setup depends on the environment. It will take a minimum of time.

I rate the initial setup a nine out of ten, where one is difficult and ten is easy.

The solution is very expensive.

I rate the solution’s pricing a five out of ten, where one is cheap, and ten is expensive.

No one is providing effective training, and it's not reaching customers or partners properly. The product is good. All of these things are correct, including their behavior analysis efficiency. It monitors processes and immediately blocks them. When I test it with a customer or partner in my lab, I showcase how ransomware protection works. It's very effective, and it's also available in the library. Instead of monitoring all files and processes, it monitors devices. It triggers an immediate response if someone tries to encrypt, rename, delegate, or modify files. It sends a response and blocks the process immediately, signaling something malicious has occurred. 

The central team is utilizing it. They aren't using any custom rules or anything. Just this specific tech is just starting to utilize AI. We can integrate it into process or behavior monitoring, making it faster.

I recommend the solution.

Overall, I rate the solution a ten out of ten.

I am a tech support engineer or an endpoint security engineer who works with Cortex XDR's team itself, looking after all the support cases related to our technical stuff, specifically malware cases.

The most valuable feature of the solution is Broker VM, which is the best functionality, as I haven't found such a feature in any other product I have worked on till now.

Some feature requests are coming up from the customers. I feel like there should be a quick improvement. There is a little gap in implementing the tool's features as the team needs to do an investigation, which would take more time than expected, leaving the customers frustrated. The product team's investigation to decide on the features to be introduced in the solution should be a little quick. When it comes to malware files, it should be a little quick because, at times, it would give a wrong result in the sense of what it might be on malware, even if it still might be a normal one. At that point in time, we need to change the tool's version, and it generally needs to be changed from our end with Java and Jira. Maybe it should be a little improved in that case.

I have been using Cortex XDR by Palo Alto Networks for two years. I am an endpoint security engineer for Cortex XDR's team. I worked with a client company as a foreign technical support engineer.

So far, I haven't found any stability issues in the tool. Right now, I am on post-maternity leave, so I left the company six or seven months ago. To date, I haven't found any stability issues with the tool. Stability-wise, I rate the solution an eight and a half out of ten.

The tool is not used in my organization because I work within the tool's XDR team related to Palo Alto. I don't have an exact count of the users because we have different customers on a larger scale.

It is a scalable solution. Scalability-wise, I rate the solution a nine out of ten.

I am not required to contact the solution's technical support since I handle the customers' tickets.

My company was involved in mass deployment. I am not involved in the deployment stuff because we work as a break-and-fix team. We generally don't go ahead with a mass deployment. For individual deployment, it is a quick and easy-to-install tool. Cortex XDR by Palo Alto Networks is not like every other antivirus product, and I think it is an easy-to-install tool. There is a team for the tool to help you out, but certain pre-requirements need to be filled. If all the pre-requirements are met, there will be no issue with the installation.

I am not sure about the tool's pricing because we are not from the accounts team. The tool's pricing is managed by the accounts department.

I recommend the tool as it is an emerging or upcoming product with a set of features. My recommendation of the tool surely depends upon the scale of the business.

The tool is easy to use. We even have an accounts team where they can help you from scratch. We have a tech support team who would definitely suggest it to you over the session, so nothing as such is required as they will definitely help the users with the tool.

I rate the tool an eight and a half or nine out of ten.

The primary use case is endpoint security. The product is my main endpoint, IP, and threat management.

In organizations where they don't implement a NAC, this product helps stop threats at the endpoint level. Everything goes through the endpoint. By the time you get something to a server, you are compromised at your perimeter, and you might be compromised at your ID or main control. With a third-party, you need a NAC, so you can put on something like McAfee or you need authorization so the organization can scan your computer, then you can connect to the network.

We can't do that for a daily operation. We can't just have personnel waiting for someone to connect, and say, "We need to scan your computer before you go into our network." We don't have time for that." So, you need to implement a NAC. However, if you don't implement a NAC from day one of your business, it is very complicated to do it after many years because the NAC is not like a security software. You have to go server by server and do an assessment. Meanwhile, you need to protect your organization. So, you can use tools like Traps to manage your security, even stopping the threat at the last contact. 

For organizations which do not have a NAC implemented, there has to be some type of endpoint security, and it needs to be tough, like Traps. With Traps, you can search events, manage them quickly, and locate any half exceptions. Trap's traffic is encrypted. 

We like the features where you can quickly locate exceptions and can configure process exceptions. You are building your own defense. Therefore, you are not only relying on Palo Alto, but you are applying day-to-day operations of configured language that a tool can understand.

If the user leaves our premises or network, Palo Alto Traps will still be on that endpoint and will still apply our policies. For example, if you take that endpoint out of our network, go to a Starbucks with a company laptop, then connect to our our virtualized gateway. That local endpoint will still have our network policies.

I'm so used to IPS IDS endpoint security that I don't see anything else that catches my attention other than it's working fine. It's a very good tool. It's the best one that we have.

It has Android support.

There are some limitations on the Traps agents. Traps for Windows has limitations and Traps for Linux too. Traps doesn't work with McAfee. You need to remove McAfee to install Traps. This is very common, and its nothing that should be an issue. Some antivirus engines recognize Traps as an threat component, so maybe they need to shake hands somewhere.

With Windows 7 and Windows 8 64-bit, when you want to install Traps, because its Windows, it will crash. They need a little more flexibility with antivirus engines.

It is very stable.

You can grow as much as you want.

We have four users: a cybersecurity analyst, two infrastructure security personnel, and a security administrator.

The technical support is very good.

We were previously using Malwarebytes and McAfee. We are still using them along with Traps.

The initial setup was straightforward, after we had to remove McAfee first.

The deployment took a couple of weeks. We centralized all our perimeter firewalls first, then we started deploying the agent.

We needed two personnel for deployment and maintenance: an infrastructure security person and a security administrator.

Our third-party installer was very efficient.

Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance. Security teams will spend less time and effort managing and mitigating breaches. They will be able to avoid having to activate their organization’s incident response team.

It is "expensive" and flexible.

We evaluated the following other large endpoint security companies: Kaspersky Endpoint Security, CrowdStrike Falcon Endpoint Protection, Symantec Endpoint Protection, and McAfee Endpoint Security.

If you have Malwarebytes and you want to control a malware that you have on your computer, Malwarebytes will quarantine that malware. However, it depends how infected you got.

Test normal behavior of the Traps agents (injection and policy) and confirm that there has been no change in the user experience.

Cortex XDR by Palo Alto Networks is the antivirus solution we use for Androids.

The solution's most valuable feature is its ability to rapidly detect certain hardware files.

All other features of Cortex XDR by Palo Alto Networks are fine.

We have implemented a product that blocks USB usage and also provides device control for our company. 

Currently, we are monitoring all USB drives and ports but we would like to improve our device control capabilities. 

Although we are using this feature, we allow specific systems and USB devices. For example, we enable certain users to use external hard drives but we may disable them if necessary. However, due to the nature of our organization, we do not have a dedicated department for this task.

I have been working with Cortex XDR by Palo Alto Networks for approximately seven years.

We are working with the most recent version.

The stability of Cortex XDR by Palo Alto Networks is a nine out of ten.

I would rate the scalability of Cortex XDR by Palo Alto Networks a ten out of ten.

In our organization, we have 2,700 licenses. Our users are mostly IT specialists.

Our organization is using the Cortex system across all platforms, including servers running Linux, Mac, and Windows operating systems.

Maintenance is done by the vendor.

Technical support is good.

We have also used them for Palo Alto Firewalls.

We do not have any issues with support, I would rate them a nine out of ten.

Previously, approximately one year ago, we used Kaspersky.

We are currently using both Kaspersky and Cortex XDR by Palo Alto Networks.

The installation process is straightforward, and the software itself is lightweight.

The installation process takes less than a minute.

Our license will require renewal in August, after which the maintenance will continue as usual.

I am not aware of the fees, it is handled by our financial department.

I would recommend this solution to others who are interested in using it.

I would rate Cortex XDR by Palo Alto Networks nine out of ten.

We are still in the testing stages so there is not currently any primary use case beyond the base use of endpoint protection.  

Cortex has several good features that I am interested in. There is a nice Sandbox function that is very strong, there is the Traps (endpoint protection) solution, the real-time filtering of suspect linkages is good, and the automatic blocking of suspect behavior is always active and protecting the network.  

As an improvement, I would like to see enhanced connection speeds. On China's side, we need to set up a local server for the definition updates, and the performance has not been very good for the company when directly connected to the internet. We are a little disappointed with that.  

We have been using Cortex XDR (Extended Detection and Response) for around two months.  

It is stable. From the moment we installed it has been up with no restarts of maintenance until now.  

I think that this product is scalable. The testing environment we use right now has around 200 users. In the future, when we deploy it to the company we will move up to around 4,000 users.  

The technical support is okay. They have already helped us to fix the installation and then we had an issue and they were available for correction of the problem. They also have made some useful suggestions. So the support team is okay in my estimation.  

We have been exploring a similar solution. Right now I am also doing testing on Sentinel at the center. This is a similar solution. But we have only just begun testing Sentinel, so we do not really have enough experience with it to comment on the product.  

As we just started with Cortex and we are using a cloud solution, I do not have the impression that it was difficult to install and begin using.  

The setup costs are a bit higher than some other solutions. Overall it is a little bit expensive, I think. If we could get it for around a 10% discount then that would be a better price point for us.  

For our pricing plan, we are not on a subscription, so we do not have to pay every month. We have a yearly license for the product.  

The approximate amount we pay per license is around $80 per user per year.  

My suggestion for people considering this product is that Cortex is a very good total solution on the endpoints. Because I needed Cortex to work for external and internal users and devices, it helps that it is cloud-based because it is good for working in the office or other locations. So we wanted to have the total end-to-end protection including on the mobile devices, that is what we got. This product will be a good suggestion for people who need the same capability.  

On a scale from one to ten where one is the worst and ten is the best, I would rate Cortex XDR as around nine-out-of-ten. The cost is the reason it would not be higher. Nine is good but this is a very good product except for the cost.