Cortex XDR by Palo Alto Networks Reviews

Cortex XDR mainly focuses on endpoint protection. Unlike other antivirus products, it is way more advanced. It allows you to manage your endpoints and includes advanced threat analytics and behavioral analytics. For example, it offers a behavioral analysis, the main purpose of which is to identify suspicious activity.

If any application performs suspicious activities, such as changing registries or modifying other applications, Cortex XDR detects and blocks the entire application. This ensures that unauthorized actions are prevented.

Another feature of Cortex XDR is its ability to mitigate ransomware issues. It creates duplicate files on the endpoint, and if any ransomware attempts to access these files, it detects and identifies the ransomware attack. Cortex XDR offers many such advanced features in its cloud platform.

Product might have some bugs. But these will be fixed in the next version. They'll try to work on that and fix those issues. They won't let it go easily.

I've been implementing and supporting this product for one year.

The end users are around thousands.

I am from the support team. I fix things. If customers have any issues with the product, they call me. That's the role of my job. I am from the partner side.

The deployment and setup process is handled by a different team. So I have never deployed Cortex, but I know the steps. It is not easy, but at the same time, it is not very complicated.

It's cloud-based. You don't have to set up a server; it's all on the cloud. You have to set up your tenant on their dedicated server once you subscribe to the product.

Price-wise, Cortex XDR is quite expensive compared to regular endpoints. It is a bit more expensive than other products, but it's worth the money.

Cortex is a good product. But like every other product, it has some flaws. Not every product is ideal. Every product has its flaws. So when compared with other products, Cortex is one of the good products. I would suggest you take the product because it is really one of the good products, but it has some flaws.

So, I would rate it an eight out of ten. 

We are using Cortex XDR by Palo Alto Networks as an endpoint solution.

One thing that I like about Cortex XDR is its ability to detect all the suspicious or malicious binaries, and it can integrate with Palo Alto Firewall. 

I have been using the product for about three and a half years.

The stability is very good.

It is scalable for those who use it.

If they want to do a POC, they can look for other market trenders that are there like Trend Micro. They also have their XDR solution. FireEye also has its XDR solution. They should do a comparison on what is based on their requirement. Based on their requirement, they should select the vendor. We saw that there were quite a few ransomware attacks that were not detected by traditional antivirus, so we moved to the Palo Alto solution. Likewise, the companies who want to implement EDR solutions, have to look at the problem statement. Based on their problem statement, they should work and find out a feasible solution.

The setup is quite easy. We had appropriate support from the manager. One thing that was missing was the integration part. Currently, they don't have out-of-box integration with IBM QRadar, or if they have the integration, the integration doesn't work well. That is something that they have to look at going forward.

It took around three to four weeks, because there was a full process change, and then we had to get approval for getting it deployed. 

I would rate Cortex XDR by Palo Alto Networks a nine out of ten.

This solution has replaced our traditional antivirus solutions; it protects our environment and safeguards our endpoints from any malware or exploitation. We are based in Azerbaijan, I'm the CISO of the company and we are customers of Palo Alto. 

We've seen benefits because the solution includes a big data approach to cyber security. All information is collected from the network, the endpoints, and the logs and analyzed by applying a big-data approach that shows up anomalies. 

I chose this solution because they constantly add new features and are very proactive about that. To my mind, signature-based antivirus is a thing of the past. These days it's machine-learning technology and behavior-based analytics features that make us more secure. XDR feels secure because of those features.

There are still a few gaps with this solution. For example, real-time, on-demand antivirus is not there. If you're looking for compliance XDR is somewhat lacking. There is also no recovery feature; if some endpoint is under attack there must be the possibility of recovering it or restoring it to a normal state. That is currently lacking in XDR. 

I've been using this solution for about two years. 

The solution is stable. 

This solution is scalable. 

We have premium Palo Alto support and they provide good service. 

The initial setup is straightforward. 

I think any XDR technology is best for protecting an environment from cyber attacks. The visibility it provides is crucial and XDR gives us that, we can see all effect vectors. 

I rate this solution eight out of 10. 

I used the solution for investigating incidents and malware analysis.

The solution allows us to gain remote access without the user's knowledge and take the necessary actions on the device. For investigation, we can just drop down and easily elaborate on the issues, like where the user went and what they downloaded. We can use the solution to find out everything easily.

It takes time to scan the servers and devices. Scanning the server sometimes takes two to three days. If the device is offline, the scan gets disconnected.

I have been using Cortex XDR by Palo Alto Networks for one and a half years.

Cortex XDR by Palo Alto Networks is a stable solution.

Around seven people used the solution in our organization.

Cortex XDR by Palo Alto Networks is quite an expensive solution.

I use the solution for investigation, which includes incident handling and incident alerts. There is a separate part in Cortex XDR where we can use timestamps to categorize the alert or attack type. Based on the attack criticality, we can investigate and fine-tune a lot of things. In Cortex XDR, we can get the same alert at different times. We can fine-tune using the Cortex XDR tool.

Also, we can use queries in Cortex XDR for automation, accessing the device, or scanning the device. The query part is good, but we need to spend a little time learning about the query. It's easy to understand the query.

There is a template that you can use to click and say something. If you are going to investigate, many tabs are given based on the tactics, techniques, and procedures. It is easy to understand, and we can gather basic information from there. It is easy for a new user to learn to use the solution for the first time.

Overall, I rate the solution ten out of ten.

We use it to make sure that our antivirus is up to par. 

It used to be on-prem, but now, it's completely on the cloud. In terms of the version, we've got some old endpoints that we had to manually bring up to date, but for the most part, it's up to date.

I don't have to do much monitoring with it. I don't have to have anybody manually looking at this. It gives us reports, and it lets us know if something needs to be addressed, and we can easily address it. I've been pleased with it. It's been a really good product for us.

Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them. The hash that they use is pretty comprehensive. I like WildFire. It gives us a better idea of what is a true virus and what is a false positive.

We had a problem with getting our older endpoints up to date, but their newest updates have been really good. I've been pleased with it in terms of what our needs are. It's doing what we want it to do.

We've been using it for at least three years.

It has been stable. I have not had any issues with it.

For our use, we didn't need scalability with it. It has just been working as we needed it to work.

The only time we had to deal with their support was when we had a problem with getting our older endpoints up to date. They made the upgrades and gave us the solutions on what we needed to do, and that has been working for us. 

It was pretty straightforward, and now that it does an automatic update, I don't even have to remember to update it anymore. Once a definition expires, it automatically goes in and puts in the newest definitions, and updates all the endpoints. It is way better than what it used to be.

I don't recall what the cost was, but it wasn't really that expensive.

The only thing I would advise is to get a solution for which you don't have to do a lot of monitoring. It helps when we don't have to have an extra person to manually go through and look at each endpoint to make sure things are up to date and all definitions are up to date. 

I would rate it a nine out of ten because it's a really stable platform, and it is doing everything that I need it to do. You can always have improvement, but I'm really not sure what that improvement would be.

The primary use case is mainly endpoint protection.

Previously, we had to install endpoint protection per machine and then scan and update. If there were any possible threats, then you would have to go manually to the machine and scan. Cortex XDR basically does that centrally and predictably.

We get notified, and if need be, we'll investigate an endpoint. For the most part, we haven't had to do a whole lot of that because most of the time, it just stops the threat before it even becomes one. So, we have more time to do day-to-day work rather than spend time chasing those endpoints.

I like the centralized console and the predictive analysis it does of malware.

It is very stable and also scalable.

It is easy to deploy and update. It does not require a lot of maintenance.

It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue. So, making exceptions would be easier and would probably be better for logging.

It would be nice if it were easier to use and if there were some free training hours.

As for additional features, I would suggest having mobile access to the console, perhaps through a mobile app for the console.

I've been using it for about three years now.

The stability is great. I think they set the standard for SDR solutions at the moment.

It's very scalable. We have it on Macs, Windows, Windows servers, and multiple flavors of Linux.

We have about 460 endpoints deployed. As far as technical users, we have a team of about 10, and that's mixed between server admins and their subsupport users.

The usage is extensive, and we've recently deployed it everywhere. We do plan on probably increasing usage because we have current consultants who use the product in order to access our systems.

I wish there could have been more live contact with technical support rather than updated tickets and possible notifications via email. When I've had live encounters, it's been amazing. Sometimes, I think they could be a little bit more responsive live wise, but for the most part, it's been good.

We previously used Sophos, and it was okay. The only thing I liked about Sophos was that it was easier to deploy to the desktop, but with Cortex XDR, once you have it already deployed, updating it is easy.

We needed something that was going to work with Macs and Linux, different products. Also, we needed something that would be more predictive versus relying on definition files that are publicly available. You don't want to be in a zero-day attack. With Cortex XDR, it's one of those where you can download any virus. It's just not going to run on your machine. Most malware products rely on a database to tell you that there's a virus file.

Sometimes, there are false positives. If it's a legit file or application that an end user is trying to download and use on their machine, it won't allow that. With Cortex XDR, however, they can download the file. It's just going to be rendered useless until you enable it and make an exception for it. It can run what identifies it and just sends you a notification saying that it's a malicious file and that it's there. It's not going to do anything to the system. That was a huge selling factor with Cortex XDR.

The initial setup is pretty straightforward. It took a couple of hours and was pretty easy to deploy.

Once it's deployed in your system, you can push updates yourself. In the case of Macs, when you get new releases you sometimes have to tweak it and then push it out manually to end users. One admin could dedicate a couple of hours a week at best because there's not much maintenance.

Palo Alto got on the phone with us and walked us through it. They were very helpful.

It's about $55 per license on a yearly basis.

Learn the product because once you deploy it and a lot of people look at it from an endpoint perspective, they get the endpoint protection instantly. However, there are other things that you need to learn more about. Once you deploy Cortex XDR, you get a subscription to a data lake, which helps you retain logs. We have Palo Alto firewalls and later on learned that we can also integrate our firewalls and get the logs.

You have a limited amount of space for log retention, but things like that are important in cases where you need to have PCI compliance or have a company policy of retaining a certain amount of logs.

So, learn all the features and ask questions, and perhaps if it's going to be something that you're going to use as an investment for your company, take a training class.

On a scale from one to ten, I would rate Cortex XDR at nine.

We primarily use the product as endpoint security which we have deployed on all servers and locations. This is not limited to the endpoint, however, as it has further integration with the firewalls and email solutions. Therefore, it can give us quick visibility in case there is any malicious or suspicious activity happening.

The solution offers a very high-performance. 

The solution has analytics that watch patterns and trends. If there is a change in user behavior or communication, it has the ability to track that. 

The solution has a very helpful isolation feature. If any system gets compromised, with one click I can access the system and isolate it from other networks, and then go into further forensic investigation of the current threat without compromising anything else.

There are a lot of lead solutions in this space, however, Palo Alto is number one.

The initial setup is pretty easy.

The solution should enhance the ADR and reporting. As of right now, they are giving reports, which are okay, however, there are other ways to get better reporting. That is an area where I already requested that Palo Alto work on.

In reporting they should have a customizable dashboard due to the fact that C-level people don't like reporting to the IT department. They prefer to have a real-time dashboard. That kind of dashboard needs to have various customizations. 

They should extend the solution for URL filtering, as other endpoint security products are doing that already. Nowadays, users are working from home and therefore we have plenty of traffic back through the data center just for URL filtering security. If that functionality could be there in the endpoint, then we would be happy. It would ensure users working from home couldn't access malicious websites. 

We've been using the solution for one year. Before that, we were using Palo Alto Trap.

The solution is very stable. I pretty much depend on product stability. Over the last six months, we have been able to see it's that Palo Alto is more stable than most. There is no such issue in that regard. 

This is a very stable product, whether it is running on a database or email system or on any platform. It works perfectly fine.

The solution is very scalable. This is due to the fact that it is being managed through the cloud making it easy to deploy to a thousand endpoints. There is no issue at all. As long as there's enough space for the solution to expand, it can grow out to any size you need.

Technical support from Palo Alto is perfect. However, we have first-level support from a third-party. They sometimes take time to respond, which is not ideal. That said, when we get aligned with the tech support from Palo Alto, that really works well. Their level one support is with other vendors, and level two and level three support is with Palo Alto. That's how they are set up. They deal with bigger issues.

Overall, we've been pretty satisfied with technical support.

We're service providers. We offer a variety of solutions to our clients, including Palo Alto, Cisco, Microsoft, and McAfee, depending on their needs. We don't just use or recommend one particular endpoint protection product.

About a year back I implemented Cisco and Palo Alto for our customer. Cisco AMP is also a good solution while it is running with the grid, however, I have not been involved with using it for three years.

In routing and switching, Cisco is good. However, Cisco AMP, which is an endpoint security, requires you to work with many other AMP solutions from Cisco. 

My first preference would be Palo Alto and my second preference would be Cisco AMP.

The initial setup is not complex at all. It is very straightforward and very easy to implement. I implemented it for 1000 or so users, and it took only about one month to execute. Even when we were in a pandemic situation where users were at home, we did it that quickly. It is very easy to deploy.

The pricing is actually very reasonable. Palo Alto is very invested in some commercial endeavors and they have simplified their license. A team license can be used on-cloud, or on-prem. We have not faced segregation on any technologies, so a simple license gets any user anywhere without limitations. It is easy to increase the license as it's a cloud service. You just speak to your account manager and they can increase the licenses for you.

While we deal with the cloud deployment model, we've also often used the on-premises deployment.

I'd advise other companies to use the solution. It really is the best one out there.

Overall, I'd rate the solution nine out of ten. The reporting is a bit weak, and it's my understanding they are working on that. However, performance-wise and security-wise, this is the best product.

We use the product as a detection and response application.

The product's most valuable features are massive user and feature intelligence exploit detection. It is very useful in detecting threats to databases. The last meter statistics prove the efficient capabilities of the solution.

It is an enterprise-level solution. Its price could be less expensive.

We have been using Cortex XDR by Palo Alto Networks for three years.

The product is 100% stable. I have never received any complaints from the customers.

Cortex XDR by Palo Alto Networks is easily scalable as it is a cloud-based product.

We provide support services for our customers. Palo Alto's support services are expensive, and customers also encounter language barriers.

The initial process is simple. It requires training of about three to four days to understand the installation process. It is deployed on the cloud. The number of software engineers required depends on the number of the endpoints.

We pay in advance for the product's license. It has reasonable pricing for the use cases it provides to the company. We can split this payment monthly, quarterly, or yearly, according to the customer's requirements. For a cost-benefit analysis when choosing a security solution, consider factors such as the number of attacks prevented, the impact of those attacks, potential losses, and other hidden costs.

I rate Cortex XDR by Palo Alto Networks for ten out of ten. It could be improved from a commercial perspective. It could approach the SMB market as well.