Cortex XDR by Palo Alto Networks Reviews

Cortex XDR by Palo Alto Networks is the antivirus solution we use for Androids.

The solution's most valuable feature is its ability to rapidly detect certain hardware files.

All other features of Cortex XDR by Palo Alto Networks are fine.

We have implemented a product that blocks USB usage and also provides device control for our company. 

Currently, we are monitoring all USB drives and ports but we would like to improve our device control capabilities. 

Although we are using this feature, we allow specific systems and USB devices. For example, we enable certain users to use external hard drives but we may disable them if necessary. However, due to the nature of our organization, we do not have a dedicated department for this task.

I have been working with Cortex XDR by Palo Alto Networks for approximately seven years.

We are working with the most recent version.

The stability of Cortex XDR by Palo Alto Networks is a nine out of ten.

I would rate the scalability of Cortex XDR by Palo Alto Networks a ten out of ten.

In our organization, we have 2,700 licenses. Our users are mostly IT specialists.

Our organization is using the Cortex system across all platforms, including servers running Linux, Mac, and Windows operating systems.

Maintenance is done by the vendor.

Technical support is good.

We have also used them for Palo Alto Firewalls.

We do not have any issues with support, I would rate them a nine out of ten.

Previously, approximately one year ago, we used Kaspersky.

We are currently using both Kaspersky and Cortex XDR by Palo Alto Networks.

The installation process is straightforward, and the software itself is lightweight.

The installation process takes less than a minute.

Our license will require renewal in August, after which the maintenance will continue as usual.

I am not aware of the fees, it is handled by our financial department.

I would recommend this solution to others who are interested in using it.

I would rate Cortex XDR by Palo Alto Networks nine out of ten.

We are still in the testing stages so there is not currently any primary use case beyond the base use of endpoint protection.  

Cortex has several good features that I am interested in. There is a nice Sandbox function that is very strong, there is the Traps (endpoint protection) solution, the real-time filtering of suspect linkages is good, and the automatic blocking of suspect behavior is always active and protecting the network.  

As an improvement, I would like to see enhanced connection speeds. On China's side, we need to set up a local server for the definition updates, and the performance has not been very good for the company when directly connected to the internet. We are a little disappointed with that.  

We have been using Cortex XDR (Extended Detection and Response) for around two months.  

It is stable. From the moment we installed it has been up with no restarts of maintenance until now.  

I think that this product is scalable. The testing environment we use right now has around 200 users. In the future, when we deploy it to the company we will move up to around 4,000 users.  

The technical support is okay. They have already helped us to fix the installation and then we had an issue and they were available for correction of the problem. They also have made some useful suggestions. So the support team is okay in my estimation.  

We have been exploring a similar solution. Right now I am also doing testing on Sentinel at the center. This is a similar solution. But we have only just begun testing Sentinel, so we do not really have enough experience with it to comment on the product.  

As we just started with Cortex and we are using a cloud solution, I do not have the impression that it was difficult to install and begin using.  

The setup costs are a bit higher than some other solutions. Overall it is a little bit expensive, I think. If we could get it for around a 10% discount then that would be a better price point for us.  

For our pricing plan, we are not on a subscription, so we do not have to pay every month. We have a yearly license for the product.  

The approximate amount we pay per license is around $80 per user per year.  

My suggestion for people considering this product is that Cortex is a very good total solution on the endpoints. Because I needed Cortex to work for external and internal users and devices, it helps that it is cloud-based because it is good for working in the office or other locations. So we wanted to have the total end-to-end protection including on the mobile devices, that is what we got. This product will be a good suggestion for people who need the same capability.  

On a scale from one to ten where one is the worst and ten is the best, I would rate Cortex XDR as around nine-out-of-ten. The cost is the reason it would not be higher. Nine is good but this is a very good product except for the cost.  

I am a tech support engineer or an endpoint security engineer who works with Cortex XDR's team itself, looking after all the support cases related to our technical stuff, specifically malware cases.

The most valuable feature of the solution is Broker VM, which is the best functionality, as I haven't found such a feature in any other product I have worked on till now.

Some feature requests are coming up from the customers. I feel like there should be a quick improvement. There is a little gap in implementing the tool's features as the team needs to do an investigation, which would take more time than expected, leaving the customers frustrated. The product team's investigation to decide on the features to be introduced in the solution should be a little quick. When it comes to malware files, it should be a little quick because, at times, it would give a wrong result in the sense of what it might be on malware, even if it still might be a normal one. At that point in time, we need to change the tool's version, and it generally needs to be changed from our end with Java and Jira. Maybe it should be a little improved in that case.

I have been using Cortex XDR by Palo Alto Networks for two years. I am an endpoint security engineer for Cortex XDR's team. I worked with a client company as a foreign technical support engineer.

So far, I haven't found any stability issues in the tool. Right now, I am on post-maternity leave, so I left the company six or seven months ago. To date, I haven't found any stability issues with the tool. Stability-wise, I rate the solution an eight and a half out of ten.

The tool is not used in my organization because I work within the tool's XDR team related to Palo Alto. I don't have an exact count of the users because we have different customers on a larger scale.

It is a scalable solution. Scalability-wise, I rate the solution a nine out of ten.

I am not required to contact the solution's technical support since I handle the customers' tickets.

My company was involved in mass deployment. I am not involved in the deployment stuff because we work as a break-and-fix team. We generally don't go ahead with a mass deployment. For individual deployment, it is a quick and easy-to-install tool. Cortex XDR by Palo Alto Networks is not like every other antivirus product, and I think it is an easy-to-install tool. There is a team for the tool to help you out, but certain pre-requirements need to be filled. If all the pre-requirements are met, there will be no issue with the installation.

I am not sure about the tool's pricing because we are not from the accounts team. The tool's pricing is managed by the accounts department.

I recommend the tool as it is an emerging or upcoming product with a set of features. My recommendation of the tool surely depends upon the scale of the business.

The tool is easy to use. We even have an accounts team where they can help you from scratch. We have a tech support team who would definitely suggest it to you over the session, so nothing as such is required as they will definitely help the users with the tool.

I rate the tool an eight and a half or nine out of ten.

I've found the security protection modules there, have been the most valuable.

I started using it from 4.1, but it didn't change that much. Some features and some fixes have been added to 4.2, but not that much. They need to improve reporting, the end-point reporting. They could also enhance their notification statuses. In the current version, you will see some threat alerts, or if anything is executable, but you will not see behavioral analysis. You will see what was being blocked, and that's it. If Traps logs something, you will get a notification. Otherwise, you have to generate the dump file and investigate on your own.

In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are a big company, so they can surely improve the UI a little bit. The UI, the reports, the log system can all be improved. But overall, when we speak about security and protection, they are one of the top providers.

It's very stable. I've never experienced downtime for the ASM console or ASM core. But we experienced this for the database, and it was not clear in Trap's interface. So, Trap's server stopped working, stopped getting jobs, stopped the enforcing policies because the database was full. We did not get any alert for that, so you will not see any alert on the ESM console that says that your database is about to fill up. It was not reachable and there was no warning or indication for this. You have to go to some tools internally and check in the command line, to see. You will see some errors for the DB, and you will realize that it's a DB issue. I've never experienced any issue with the Traps itself, but with the database.

It's very easy to scale if you have file availability. If it's more clear, we can do high availability, but it's a bit tricky. We deployed this for 4,000 endpoints, and it was very easy. Two ASM core servers were enough to deploy it for 4,000 plus endpoints. These are enterprises, not SMBs. They're government institutions.

I would not say that technical support is bad, but it's not that good. It could be better.

Basically, they don't provide customer support tools just to investigate the logs. From a reseller or authorized center for Palo Alto, I can't get that much information from the logs because it's a bit complicated. If they have support tools, for example, to analyze the logs as they have for the Palo Alto firewall. They don't have for this for Traps. They need to have some tools to analyze the logs. We can generate something called tech support files from Traps, but it's useless. Nothing's there. You will not get that much from the tech support file.

But for the firewall, if we get the tech support file and upload it to somewhere they have some tools, we can get many useful logs and alerts. For Traps, this is not possible.

The initial setup was straightforward. They are using MySQL database, and I think it's a disadvantage because you need to buy a license for MySQL also to deploy it. They don't have this concept of file availability between DS and core servers.

We are a reseller. We are implementing it on customer premises for our clients.

The main advice I can share is to watch out for your database and make sure to give it enough resources. That's it.

I would rate this solution eight out of 10.

We're using it just to make sure that the customers, or our users, don't use any prohibited applications. We make sure that every application they use is on the allowed list. Any other application that is not only allowed is blocked until further notice. It's mainly to make sure that our organization is secure and that the software that the users are working on is secured too. This is the main reason. also to be aware and secured from any potential attack or ransomware etc.

The good thing about the product is that it's always scanning. It does real-time scanning for customers. If there's anything related to the applications that it's installed, for example, if an application needs some upgrades, or updates, or add-ons, we already have a server that is downloading this for the users, the computers. In terms of the laptops, we are not managing the laptops from the servers, since the users take the laptops with them and they are managing their laptops by themselves. There is any variability. The application gives us a notification on the Cloud so that we can handle this problem or make sure that the laptop is secured. The customers or the users don't have much experience to pick what is right and know what is wrong. It's a very, very informational application. 

The initial setup is easy.

They need to do definition updates. Instead of the version, they just put an update on the portal, and each time we need to upgrade it. Sometimes it's hard to upgrade the offsite clients. Sometimes the internet that they are using is not that stable. It gives us a hard time. Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded. 

It would be ideal if the updates would happen like Symantec updates or other antivirus solutions. The upgrade needs to deploy directly to the users.

We've been using the solution for two years. 

It's very stable. There are no errors or problems, even if there is something we need to do on the machine. Due to the configuration we already do, it's locking a lot of things that the users cannot do. Even if the administrator is working, it needs the Cortex XDR permission first. It's very stable and the configuration is easy in the portal. They are enhancing their configuration and its security constantly. 

The only thing that is giving us a hard time is they have a lot of version upgrades. I don't know if it's better to do it as update packages and make the upgrades half-year, quarter a year, or every year. It should be done more regularly.

From an administrative perspective, it'll give us less headache. Each time you need just to go to the portal and make sure that you're testing the product, the upgrade before you deploy it, and then you deploy it. And then you figure out which computer doesn't have the version, and you figure out how to install it. 

If it's a laptop on the other side, it'll take a long time, sometimes a week, to get the customer the upgrade. For installing the upgrade, we must do it. The users can't install this product by themselves. That's why it takes a while. 

The solution is scalable. We are using it for 80 or 90 people. It's a variety of different positions, from engineers to accountants. 

We're changing solutions and moving to SentinelOne. We won't be increasing usage.

They are very helpful and they respond very fast. If there's any ticket open they make sure that they fix the problem the first time. I didn't face any problems with them.

Positive

We are currently moving to SentinelOne.

It is a straightforward setup. It's not overly complex or difficult. The deployment took a maximum of two hours. 

I just installed it first on one of the testing machines and I tested the software package to see if it was still working. Then I just deployed it to the users and I made sure that it was working fine. It might take one day to deploy to the users if I test the version on the test machine first.

I handled the implementation myself. 

Corporate is responsible for licensing. I don't know anything about the pricing.

We are customers and end-users. 

We're using the latest version of the solution. 

Palo Alto is a big company. They are very good at security, so it's good if it's the first time a company is using this product. However, we are moving to SentinelOne as we are corporate. That means, if there is one branch upgraded or moved to something, we must follow. We are following our corporate instructions. If I was given the choice, I would be still using Cortex XDR as it's fulfilling my need. 

I'd rate the solution eight out of ten. The downside is each time I go to the portal and I check the versions, it's outdated. You need to upgrade each month or every forty days and it's a lot.

We primarily use the product as endpoint security which we have deployed on all servers and locations. This is not limited to the endpoint, however, as it has further integration with the firewalls and email solutions. Therefore, it can give us quick visibility in case there is any malicious or suspicious activity happening.

The solution offers a very high-performance. 

The solution has analytics that watch patterns and trends. If there is a change in user behavior or communication, it has the ability to track that. 

The solution has a very helpful isolation feature. If any system gets compromised, with one click I can access the system and isolate it from other networks, and then go into further forensic investigation of the current threat without compromising anything else.

There are a lot of lead solutions in this space, however, Palo Alto is number one.

The initial setup is pretty easy.

The solution should enhance the ADR and reporting. As of right now, they are giving reports, which are okay, however, there are other ways to get better reporting. That is an area where I already requested that Palo Alto work on.

In reporting they should have a customizable dashboard due to the fact that C-level people don't like reporting to the IT department. They prefer to have a real-time dashboard. That kind of dashboard needs to have various customizations. 

They should extend the solution for URL filtering, as other endpoint security products are doing that already. Nowadays, users are working from home and therefore we have plenty of traffic back through the data center just for URL filtering security. If that functionality could be there in the endpoint, then we would be happy. It would ensure users working from home couldn't access malicious websites. 

We've been using the solution for one year. Before that, we were using Palo Alto Trap.

The solution is very stable. I pretty much depend on product stability. Over the last six months, we have been able to see it's that Palo Alto is more stable than most. There is no such issue in that regard. 

This is a very stable product, whether it is running on a database or email system or on any platform. It works perfectly fine.

The solution is very scalable. This is due to the fact that it is being managed through the cloud making it easy to deploy to a thousand endpoints. There is no issue at all. As long as there's enough space for the solution to expand, it can grow out to any size you need.

Technical support from Palo Alto is perfect. However, we have first-level support from a third-party. They sometimes take time to respond, which is not ideal. That said, when we get aligned with the tech support from Palo Alto, that really works well. Their level one support is with other vendors, and level two and level three support is with Palo Alto. That's how they are set up. They deal with bigger issues.

Overall, we've been pretty satisfied with technical support.

We're service providers. We offer a variety of solutions to our clients, including Palo Alto, Cisco, Microsoft, and McAfee, depending on their needs. We don't just use or recommend one particular endpoint protection product.

About a year back I implemented Cisco and Palo Alto for our customer. Cisco AMP is also a good solution while it is running with the grid, however, I have not been involved with using it for three years.

In routing and switching, Cisco is good. However, Cisco AMP, which is an endpoint security, requires you to work with many other AMP solutions from Cisco. 

My first preference would be Palo Alto and my second preference would be Cisco AMP.

The initial setup is not complex at all. It is very straightforward and very easy to implement. I implemented it for 1000 or so users, and it took only about one month to execute. Even when we were in a pandemic situation where users were at home, we did it that quickly. It is very easy to deploy.

The pricing is actually very reasonable. Palo Alto is very invested in some commercial endeavors and they have simplified their license. A team license can be used on-cloud, or on-prem. We have not faced segregation on any technologies, so a simple license gets any user anywhere without limitations. It is easy to increase the license as it's a cloud service. You just speak to your account manager and they can increase the licenses for you.

While we deal with the cloud deployment model, we've also often used the on-premises deployment.

I'd advise other companies to use the solution. It really is the best one out there.

Overall, I'd rate the solution nine out of ten. The reporting is a bit weak, and it's my understanding they are working on that. However, performance-wise and security-wise, this is the best product.

Cortex XDR by Palo Alto Networks is an antivirus tool that provides EDR and XDR.

The solution's most valuable feature is the user interface. I've used other solutions like Cylance and CrowdStrike, but Cortex XDR stands out from all the products. It has also moved to XSIAM. Cortex XDR introduced it long ago, while other tools are implementing it now.

The solution lags to the real-time scenarios here and there.

I have been using Cortex XDR by Palo Alto Networks for five years.

The solution would have bugs, but we get support 24/7 to deal with them.

Cortex XDR by Palo Alto Networks is a scalable solution.

The solution’s initial setup is easy.

Cortex XDR by Palo Alto Networks is an expensive solution.

Cortex XDR by Palo Alto Networks is a cloud-based solution. I would recommend the solution to other users if they can afford it. Cortex XDR by Palo Alto Networks is worth the money. It is easy for a beginner to learn to use the solution for the first time.

Overall, I rate the solution a seven out of ten.

Cortex XDR is an artificial intelligence-based solution that automatically detects malicious activity performed by users or user machines, blocking it with the help of AI. We also create security policies on Cortex XDR that can be managed by Cortex XDR. Let's say that a company wants a security policy to work for a home user or VPN client user. It also includes an enterprise network at home.

User control in Cortex XDR allows users to restrict access to certain websites from a company laptop used over a home network. The solution allows control over the user and his machine through Cortex XDR security policies.

Cortex XDR is not that smart compared to Check Point. We also deal with Check Point. Check Point solutions, Check Point Firewall, Check Point solution WAF technology, or anti-virus technology can be considered smart because of Palo Alto. The detection of malicious activities performed by Check Point is good. Artificial intelligence is not a good match for Check Point because sometimes Palo Alto Networks Cortex XDR does not detect malicious activity like in other anti-virus solutions like Trend Micro and Windows with Cisco.

I also want a better detection feature like the one in Check Point and any other anti-virus, for a matter of fact.

I am a consultant for the solution. I work with Palo Alto, our solution provider, and offer Cortex solutions and Palo Alto firewalls. We also sell Cortex XDR at Mac Global. It has been approximately six months to a year since I started working with this solution. Speaking about the version, it is the Cortex XDR client. Our responsibilities are centered around the client-based solution, including managing clients and installing software and rules. Palo Alto’s team manages the other aspects of the solution.

It is a stable solution since it is on the cloud. CPU utilization and hardware requirements are not necessary. According to some user licenses, when we purchase them, we get much utilization of hardware requirements through the cloud.

Cortex XDR is a scalable solution with around 500 to 600 users. User visibility, user policy, and security policy can be implemented in one view on Cortex XDR. The approximate number of clients constantly using Cortex XDR is between 200 to 250.

I am working with iDream Networks, and we are partners of Palo Alto Networks.

I will give 50 out of 100 points since the setup of Cortex XDR is neither too easy nor too difficult to implement. Its dashboard is very easy to manage since no other sites need to be opened to manage it. Also, it can be managed from anywhere. I am not involved in the deployment process as I only manage the solution.

The configuration and implementation are done by Palo Alto’s team.

Licensing for Palo Alto Networks Cortex XDR can be costly, especially when it comes to a hundred users. A license is required for each user, and the subscription must be renewed on a yearly basis.

I recommend Palo Alto Networks Cortex XDR as a dependable option for future requirements. Cyberattacks are on the rise, and so that's why I have Palo Alto’s XDR. I also suggest Palo Alto Networks Cortex XDR to all customers. On a scale of 100, I rate this solution at 85, and on a scale of one to ten, I give it an eight.