Cortex XDR by Palo Alto Networks Reviews

I use the solution for endpoint security to capture endpoint security devices' logs and security events.

The solution's most valuable feature is its general integration with various Palo Alto Networks products. The tool is a unified platform that includes a firewall, Prisma Cloud, and Cortex's storage. It is also a single data platform that consolidates data from endpoints and network traffic into a single data lake. For behavior analytics, the tool uses advanced behavior analytics and machine learning to detect sophisticated threats.

I think sometimes Cortex XDR agent automatically stops event capturing from the device, and then even the dashboard does not get any notifications from the agent. A particular endpoint message with the events captured gets stopped, making it an area where there is a need to improve the agent's real-time monitoring.

I have been using Cortex XDR by Palo Alto Networks for around five years.

The tool is designed to scale for large enterprises and handle large volumes of data. The tool has a scalable architecture, and accessing or processing data is leveraged by the tool, making it a robust infrastructure process that allows for efficient data analysis and timely detection and response.

In my company, around 15,000 employees use the tool.

Many times, I raised requests for follow-up with the support team, but only sometimes there is a response. Palo Alto's team needs to work on its issues so that they can provide twenty-four hours and seven days of support to users.

From a deployment and integration perspective, I can say it is an easy and user-friendly tool, so I don't face any challenges with the tool.

The solution is deployed on the cloud and in the on-premises model. Mostly, the tool was in the cloud for my previous client.

One needs to look into the support and services, especially Palo Alto's support and professional services, which is an area that is not yet available. When it comes to the implementation and optimized XDR solutions, sometimes third-party integrations do not happen with XDR. When it comes to third-party integrations, a playbook in Palo Alto should be there for all the third-party tools, showing how we can implement them.

The tool is very easy and user-friendly.

I rate the tool an eight and a half out of ten.

Our company uses the solution for endpoint protection, detection, and response. The solution has antivirus and EDR capabilities. Our SOC analysts use it to investigate incidents. We currently have 300 to 400 users with two admins for management. The solution is installed on all user laptops to protect workstations.

We also implement the solution for customers as a service. Most customers buy the solution for registry reasons and compliance standards. It gives you all the compliance points and improves how your SOC functions because it provides comprehensive visibility over the entire network and endpoints. It is called XDR because it not only looks at endpoints but also network traffic. 

The solution is offered on Palo Alto's private network. I think the underlying provider is Google Cloud, but that doesn't really matter. You are asked the region of your instance for connection such as Europe or the Middle East. 

The solution perfectly correlates with Palo Alto's Networks Firewall to perform XDR capabilities such as network traffic plus endpoint security. This is what distinguishes the solution from other products. 

From a single pane of glass, you can easily manage all of your endpoints.

The dashboard is intuitive so you can easily investigate or track incidents. 

The solution has a fair amount of integrations with certain intelligence tools or third-party products. 

The solution should force customers to integrate with network traffic to see the full benefits of XDR. If you are not integrating it or feeding in your network traffic, then you are just buying a normal antivirus which doesn't make any sense. You are paying double the price to use the antivirus feature or to say you have XDR, but in reality you are not using it. 

The solution should include an on-premises option because some customers want only on-premises. It would be hard, but good to do if possible. 

Open XDR would be beneficial in the future. Right now, the solution is Closed XDR so cannot communicate with the few new vendors in the Open XDR market. 

I have been using the solution more than two years. 

The solution used to be called Traps when it was on-premises only. It was rebranded as Cortex XDR when it became a cloud solution. 

The solution is stable so I rate stability a nine out of ten. 

The solution is very scalable. You can have 500 users and scale tomorrow to 10,000 with no extra work but just purchasing the licenses needed. 

I rate scalability a ten out of ten. 

The level of support fluctuates but on average is rated an eight out of ten. 

Positive

The setup is very easy because it is a cloud solution. You just log in and use it immediately. I rate setup a nine out of ten. 

We are a third-party integrator and implement the solution for customers. One staff person can handle an implementation. 

As a customer, you receive a link which is your tenant for login. From there, deployment time is just how long it takes to get the installer agent and put on all of your endpoints. For example, if you are a corporation that has 300 laptops, then you install the agent on each and every server. 

You will need about three hours to configure the solution and then it is up to your admins to install the agent on all endpoints. There is usually a way to automatically install agents from the Active Directory or other tools.

You need to integrate your network traffic to the XDR itself. If you have a Palo Alto Firewall, it is easy to navigate through integration. If you have FortiGate or Cisco firewalls, then you can configure the firewall to send the log to the cloud. It is sometimes hard to convince customers to send or keep their logs on the cloud. 

The solution has one subscription for endpoint protection and one subscription for detection and response. The two licenses combined give you the BRO version. 

The solution is neither inexpensive nor expensive, so I rate pricing a three out of ten. 

Nowadays, CrowdStrike, Cortex XDR, and the solution are rebranding and selling their products as XDR. Everyone hears about antivirus but now XDR is available to protect endpoints and get intelligence from the network. 

Most customers who have an XDR product only use the antivirus features. They are not correlating the network traffic with the XDR itself, so they are not getting the full benefit. 

The solution does not force you to correlate so you can use it without integrating with your network. But again, this is not how XDR is supposed to work. 

For example, if you buy a Bugatti but only drive it at 80 kilometers per hour, then you should just go and buy a Nissan. If you buy XDR but do not integrate it with your network traffic, then you just have a Nissan antivirus. 

I recommend the solution and rate it a ten out of ten. 

We use Cortex XDR by Palo Alto Networks for endpoint security. It scans for unwanted and malicious activity on endpoints and servers, creating alerts and incidents.

The most valuable features are incident creation, policy-based protection, IP whitelisting, and device encryption. These are beneficial for endpoint and server security.

There's room for improvement with Mac device installations, which can be challenging.

I have been using the tool for two years. 

About 20 people in our company use Cortex XDR by Palo Alto Networks across the country.

We've had some issues isolating endpoints and have sought support from Palo Alto for that.

The cost depends on your chosen license type, like Pro or other licenses.

I'd recommend using Cortex XDR by Palo Alto Networks for security purposes. It's good at detecting malware and is a better strategy than other antivirus solutions. I rate the overall solution a seven out of ten. 

I am a tech support engineer or an endpoint security engineer who works with Cortex XDR's team itself, looking after all the support cases related to our technical stuff, specifically malware cases.

The most valuable feature of the solution is Broker VM, which is the best functionality, as I haven't found such a feature in any other product I have worked on till now.

Some feature requests are coming up from the customers. I feel like there should be a quick improvement. There is a little gap in implementing the tool's features as the team needs to do an investigation, which would take more time than expected, leaving the customers frustrated. The product team's investigation to decide on the features to be introduced in the solution should be a little quick. When it comes to malware files, it should be a little quick because, at times, it would give a wrong result in the sense of what it might be on malware, even if it still might be a normal one. At that point in time, we need to change the tool's version, and it generally needs to be changed from our end with Java and Jira. Maybe it should be a little improved in that case.

I have been using Cortex XDR by Palo Alto Networks for two years. I am an endpoint security engineer for Cortex XDR's team. I worked with a client company as a foreign technical support engineer.

So far, I haven't found any stability issues in the tool. Right now, I am on post-maternity leave, so I left the company six or seven months ago. To date, I haven't found any stability issues with the tool. Stability-wise, I rate the solution an eight and a half out of ten.

The tool is not used in my organization because I work within the tool's XDR team related to Palo Alto. I don't have an exact count of the users because we have different customers on a larger scale.

It is a scalable solution. Scalability-wise, I rate the solution a nine out of ten.

I am not required to contact the solution's technical support since I handle the customers' tickets.

My company was involved in mass deployment. I am not involved in the deployment stuff because we work as a break-and-fix team. We generally don't go ahead with a mass deployment. For individual deployment, it is a quick and easy-to-install tool. Cortex XDR by Palo Alto Networks is not like every other antivirus product, and I think it is an easy-to-install tool. There is a team for the tool to help you out, but certain pre-requirements need to be filled. If all the pre-requirements are met, there will be no issue with the installation.

I am not sure about the tool's pricing because we are not from the accounts team. The tool's pricing is managed by the accounts department.

I recommend the tool as it is an emerging or upcoming product with a set of features. My recommendation of the tool surely depends upon the scale of the business.

The tool is easy to use. We even have an accounts team where they can help you from scratch. We have a tech support team who would definitely suggest it to you over the session, so nothing as such is required as they will definitely help the users with the tool.

I rate the tool an eight and a half or nine out of ten.

Cortex XDR by Palo Alto Networks is the antivirus solution we use for Androids.

The solution's most valuable feature is its ability to rapidly detect certain hardware files.

All other features of Cortex XDR by Palo Alto Networks are fine.

We have implemented a product that blocks USB usage and also provides device control for our company. 

Currently, we are monitoring all USB drives and ports but we would like to improve our device control capabilities. 

Although we are using this feature, we allow specific systems and USB devices. For example, we enable certain users to use external hard drives but we may disable them if necessary. However, due to the nature of our organization, we do not have a dedicated department for this task.

I have been working with Cortex XDR by Palo Alto Networks for approximately seven years.

We are working with the most recent version.

The stability of Cortex XDR by Palo Alto Networks is a nine out of ten.

I would rate the scalability of Cortex XDR by Palo Alto Networks a ten out of ten.

In our organization, we have 2,700 licenses. Our users are mostly IT specialists.

Our organization is using the Cortex system across all platforms, including servers running Linux, Mac, and Windows operating systems.

Maintenance is done by the vendor.

Technical support is good.

We have also used them for Palo Alto Firewalls.

We do not have any issues with support, I would rate them a nine out of ten.

Previously, approximately one year ago, we used Kaspersky.

We are currently using both Kaspersky and Cortex XDR by Palo Alto Networks.

The installation process is straightforward, and the software itself is lightweight.

The installation process takes less than a minute.

Our license will require renewal in August, after which the maintenance will continue as usual.

I am not aware of the fees, it is handled by our financial department.

I would recommend this solution to others who are interested in using it.

I would rate Cortex XDR by Palo Alto Networks nine out of ten.

Cortex XDR mainly focuses on endpoint protection. Unlike other antivirus products, it is way more advanced. It allows you to manage your endpoints and includes advanced threat analytics and behavioral analytics. For example, it offers a behavioral analysis, the main purpose of which is to identify suspicious activity.

If any application performs suspicious activities, such as changing registries or modifying other applications, Cortex XDR detects and blocks the entire application. This ensures that unauthorized actions are prevented.

Another feature of Cortex XDR is its ability to mitigate ransomware issues. It creates duplicate files on the endpoint, and if any ransomware attempts to access these files, it detects and identifies the ransomware attack. Cortex XDR offers many such advanced features in its cloud platform.

Product might have some bugs. But these will be fixed in the next version. They'll try to work on that and fix those issues. They won't let it go easily.

I've been implementing and supporting this product for one year.

The end users are around thousands.

I am from the support team. I fix things. If customers have any issues with the product, they call me. That's the role of my job. I am from the partner side.

The deployment and setup process is handled by a different team. So I have never deployed Cortex, but I know the steps. It is not easy, but at the same time, it is not very complicated.

It's cloud-based. You don't have to set up a server; it's all on the cloud. You have to set up your tenant on their dedicated server once you subscribe to the product.

Price-wise, Cortex XDR is quite expensive compared to regular endpoints. It is a bit more expensive than other products, but it's worth the money.

Cortex is a good product. But like every other product, it has some flaws. Not every product is ideal. Every product has its flaws. So when compared with other products, Cortex is one of the good products. I would suggest you take the product because it is really one of the good products, but it has some flaws.

So, I would rate it an eight out of ten. 

Our company uses the solution to detect behaviors and provide difficulty remediation for malware. The solution acts like a terminal that allows for the renewal of malware directly from the terminal in any meeting room. 

We also have an IOP configuration that allows us to compare our own indicators and compromise rules. This is very efficient because anytime there is an IAP release on the web page, we can update or create a repository of different notification alerts. 

The solution is a new generation XDR that has a lot of artificial intelligence modules. 

The solution's communication methods are very effective. 

Configuring or eradicating terminals is easy. 

The server sometimes stops continuously to check things so it would be helpful to receive access updates or technical reasons. 

I have been using the solution for 18 months. 

Technical support was very responsive. You can present a critical configuration issue and they provide a solution as quickly as possible. 

The Linux agent was a little bit sketchy on our side but we got good support. 

The setup is very straightforward. 

We implemented the solution in-house and worked with one telecom rep for network permissions. 

Two of our cybersecurity engineers deployed to 4,000 endpoints in two months. We had a little bit of an issue with Linux but resolved it so all endpoints were fully operational within three months. 

The pricing is a little bit on the expensive side so is rated a seven out of ten. 

The solution is solid and measures up against other products. I rate the solution an eight out of ten. 

Cortex covers everything I need. It's a perfect solution. Cortex provides a different level of visibility because it's an extended EDR, allowing you to grab logs from the network and firewalls. Palo Alto invented the concept of the extended EDR or XDR.

The price could be a little lower. 

I have been using Cortex for four years.

Palo Alto provides on-the-ground and remote support. They have a local team on the ground and teams in India or other countries. Their support is excellent, and they know what they're doing. 

Positive

Some of my customers have McAfee, Symantec, or Kaspersky. Palo Alto can integrate with other vendors, so it's not locked to one single vendor. Other vendors like Trend Micro, Bitdefender, CrowdStrike, etc. have limitations on log collection from other places. On Palo Alto's datasheet, it tells you that it can talk to Check Point, Fortinet, etc. It's pretty awesome. I believe this is a huge advantage that allows us to implement Cortex anywhere. 

I rate Cortex XDR 10 out of 10 for ease of setup. It can be deployed on-prem or on the cloud. It's an easy process that doesn't take long. 

I rate Cortex XDR 10 out of 10.