Cortex XDR by Palo Alto Networks Reviews

Officially, I'm an MSP, but I also host it for our own internal software. I've got XDR installed on 26,000 devices. It is used for threat prevention, policy enforcement, firewall rules, and DLP. We use it for pretty much everything. Our firewalls also integrate with XDR.

We use XDR Pro. It is in the cloud, and we have got version 7 at the moment, which is probably the latest update of it.

The key thing is the visibility of what's going on in our networks and on our end devices. It gives us visibility.

It provides the ability to query. I can query for any file or any IOC on any of the devices installed, and it will search for a data link.

The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine. 

In general, it has been able to see every single threat that has ever come up and it helps us stop it. 

I've used it for a great many years now, and it worked really well. From the Palo Alto side, whatever they buy, they integrate that really well into their integration suite, and that makes a massive difference.

The onboarding process could be better. 

It tends to do 99.9% of things. The only thing I'd like is single sign-on authentication into their cloud platform so that my users can be properly authenticated against it.

Its stability is very good.

Its scalability is very good. It is on my servers as well as my end users. I've got five and a half thousand end-users plugged in, and they're all on, and then I have 26,000 servers on it as well.

I would rate them a 9 out of 10. The only reason why they lose a point is that if I escalate, it gets done really quickly. I've got all the various contacts I could ever need inside Palo Alto, but some of my other colleagues don't have that same level of contact. So, if I'm doing it, it is rapid, but if they're doing it, it is slower.

Positive

I've worked with Carbon Black, which Cortex XDR beats hands down. The reason it beats it hands down is because of the ability to query. I couldn't do that with Carbon Black. For me, that was a genuine issue with Carbon Black. That was one of the main reasons why we've literally moved 22,000 devices off Carbon Black into Cortex XDR.

We also use Sophos, McAfee, and BitDefender. As a group, we buy multiple companies a year. So, we come across most of them.

If it is my own device, I would love to have Cortex, but I can't buy one license. I have to buy a minimum of 250 licenses. So, I normally go for something like BitDefender because it has the least amount of bloatware.

It is straightforward. It is pretty much out of the box. It works how you want it to work. So, you can't really ask for more.

It is also easy to maintain.

It was implemented in-house.

In the company I'm in, we make software. On that basis, we've gone for what we need to make sure our software and all of our customer data are secure. That drives us more than the ROI. It may sound a little weird, but it is the way we run because, for us, the ROI is almost pointless if we lose all our data.

I have the full Pro Prevent license. So, I've got post analytics, forensics, and the whole lot of it.

My advice to others who would like to start working with Cortex is to not dip your toe in the water. Go big or go home. If you integrate everything in, you'll get fantastic results. You shouldn't do some bits here and there. You need to use their ecosystem as a whole. If you're in their entire ecosystem, the results are amazing.

I would rate it a 10 out of 10.

We primarily use the solution for security.

We're trying to explore Cortex's possibly to detect digital forensics and the source of the issues. 

The initial setup isn't too bad.

I have run into some detection issues with Cortex XDR. 

If they had pulse rate detection, it would be better.

The whole state IPS should be better. 

It needs to be better at detection of internal attacks. 

We started using the solution since about 2019 or 2020. It's been around two or three years.

The stability is pretty good except for one or two cases. Based on the performance, it's been okay. It's got pretty high performance. There are no bugs or glitches. It doesn't crash or freeze. 

We have around 4,500 users on the solution currently. It usually handles around 1,400 people. We have these devices across many departments. 

The solution has the capability to scale. A company can expand it as necessary.

I've contacted technical support one or two times and found that their support is very fast to respond. They are helpful in each case. We are very satisfied with their level of service.

We used to use Symantec. We have since stopped.

Symantec can easily be put on a USB device, and then they can check it all to scan within the computer. However, we tried to submit a case for a feature enhancement, and, after two or three years, they still do not have this feature enabled and available. 

The initial setup isn't overly difficult on the cloud. We do not wish to have endpoint clients plow into our internal environment. The deployment shouldn't take up too much manpower. 

The pricing is pretty good. It's reasonable. I'd rate it four out of five. Of course, it could always be a bit lower. 

I'm a customer and end-user. 

I'd rate the solution seven out of ten. 

This solution is a next-generation antivirus with more advanced capability and security. We have a partnership with Palo Alto.

Cortex XDR is very easy to deploy and has great threat detection capabilities and good internal threat intelligence.

It uses advanced AI analytics, behavior analytics, and custom-made detection to detect advanced threats before they occur.

If a customer says it's expensive- let's say I will say no it is not. Other values are added then it is more reasonable having strong features.

With a click, I can access the system and isolate it from other networks, and then go into a further forensic investigation of the current threat without compromising anything else.

Its stitches with external logs are perfect and enhanced.

1. Disk Encryption capability.

2. User group-wise admin role. They have module-wise roles but a user group-wise role is not available.

We've been supplying this solution to customers for two years. 

I have found this solution as NG AV is most stable compare with other solution

The scalability is perfect.

The initial setup is very easy.

We implemented the solution with a vendor team, HTH Global Network. Their expertise is an eight out of ten.

I recommend this solution, it works well and I rate it a nine out of ten.

Cortex XDR is an artificial intelligence-based solution that automatically detects malicious activity performed by users or user machines, blocking it with the help of AI. We also create security policies on Cortex XDR that can be managed by Cortex XDR. Let's say that a company wants a security policy to work for a home user or VPN client user. It also includes an enterprise network at home.

User control in Cortex XDR allows users to restrict access to certain websites from a company laptop used over a home network. The solution allows control over the user and his machine through Cortex XDR security policies.

Cortex XDR is not that smart compared to Check Point. We also deal with Check Point. Check Point solutions, Check Point Firewall, Check Point solution WAF technology, or anti-virus technology can be considered smart because of Palo Alto. The detection of malicious activities performed by Check Point is good. Artificial intelligence is not a good match for Check Point because sometimes Palo Alto Networks Cortex XDR does not detect malicious activity like in other anti-virus solutions like Trend Micro and Windows with Cisco.

I also want a better detection feature like the one in Check Point and any other anti-virus, for a matter of fact.

I am a consultant for the solution. I work with Palo Alto, our solution provider, and offer Cortex solutions and Palo Alto firewalls. We also sell Cortex XDR at Mac Global. It has been approximately six months to a year since I started working with this solution. Speaking about the version, it is the Cortex XDR client. Our responsibilities are centered around the client-based solution, including managing clients and installing software and rules. Palo Alto’s team manages the other aspects of the solution.

It is a stable solution since it is on the cloud. CPU utilization and hardware requirements are not necessary. According to some user licenses, when we purchase them, we get much utilization of hardware requirements through the cloud.

Cortex XDR is a scalable solution with around 500 to 600 users. User visibility, user policy, and security policy can be implemented in one view on Cortex XDR. The approximate number of clients constantly using Cortex XDR is between 200 to 250.

I am working with iDream Networks, and we are partners of Palo Alto Networks.

I will give 50 out of 100 points since the setup of Cortex XDR is neither too easy nor too difficult to implement. Its dashboard is very easy to manage since no other sites need to be opened to manage it. Also, it can be managed from anywhere. I am not involved in the deployment process as I only manage the solution.

The configuration and implementation are done by Palo Alto’s team.

Licensing for Palo Alto Networks Cortex XDR can be costly, especially when it comes to a hundred users. A license is required for each user, and the subscription must be renewed on a yearly basis.

I recommend Palo Alto Networks Cortex XDR as a dependable option for future requirements. Cyberattacks are on the rise, and so that's why I have Palo Alto’s XDR. I also suggest Palo Alto Networks Cortex XDR to all customers. On a scale of 100, I rate this solution at 85, and on a scale of one to ten, I give it an eight.

We are using Cortex XDR by Palo Alto Networks for all of our remote users because they are not connected to our on-premise data center.

The most valuable feature of Cortex XDR by Palo Alto Networks is the low consumption of system resources. The solution uses a lot of AI and machine learning.

Cortex XDR by Palo Alto Networks could improve by offering remote management. It would be useful to look at the client's issue to fix it.

I have been using Cortex XDR by Palo Alto Networks for approximately two years.

Cortex XDR by Palo Alto Networks is stable.

Cortex XDR by Palo Alto Networks is scalable. add license and add many clients.

We have approximately 300 users using this solution in my company.

I have not had an issue to need the support.

We have previously used antivirus solutions. We decided to use Cortex XDR by Palo Alto Networks because of its flexibility.

The initial setup of Cortex XDR by Palo Alto Networks is straightforward because it is in the cloud. The whole deployment took approximately one day.

I rate the setup of Cortex XDR by Palo Alto Networks a four out of five.

We used the vendor to do the implementation of the solution.

After the deployment of this solution, there is no need for maintenance.

I recommend this solution to others because it is easy to manage, reliable, and overall good to use.

I rate Cortex XDR by Palo Alto Networks an eight out of ten.

We're using it just to make sure that the customers, or our users, don't use any prohibited applications. We make sure that every application they use is on the allowed list. Any other application that is not only allowed is blocked until further notice. It's mainly to make sure that our organization is secure and that the software that the users are working on is secured too. This is the main reason. also to be aware and secured from any potential attack or ransomware etc.

The good thing about the product is that it's always scanning. It does real-time scanning for customers. If there's anything related to the applications that it's installed, for example, if an application needs some upgrades, or updates, or add-ons, we already have a server that is downloading this for the users, the computers. In terms of the laptops, we are not managing the laptops from the servers, since the users take the laptops with them and they are managing their laptops by themselves. There is any variability. The application gives us a notification on the Cloud so that we can handle this problem or make sure that the laptop is secured. The customers or the users don't have much experience to pick what is right and know what is wrong. It's a very, very informational application. 

The initial setup is easy.

They need to do definition updates. Instead of the version, they just put an update on the portal, and each time we need to upgrade it. Sometimes it's hard to upgrade the offsite clients. Sometimes the internet that they are using is not that stable. It gives us a hard time. Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded. 

It would be ideal if the updates would happen like Symantec updates or other antivirus solutions. The upgrade needs to deploy directly to the users.

We've been using the solution for two years. 

It's very stable. There are no errors or problems, even if there is something we need to do on the machine. Due to the configuration we already do, it's locking a lot of things that the users cannot do. Even if the administrator is working, it needs the Cortex XDR permission first. It's very stable and the configuration is easy in the portal. They are enhancing their configuration and its security constantly. 

The only thing that is giving us a hard time is they have a lot of version upgrades. I don't know if it's better to do it as update packages and make the upgrades half-year, quarter a year, or every year. It should be done more regularly.

From an administrative perspective, it'll give us less headache. Each time you need just to go to the portal and make sure that you're testing the product, the upgrade before you deploy it, and then you deploy it. And then you figure out which computer doesn't have the version, and you figure out how to install it. 

If it's a laptop on the other side, it'll take a long time, sometimes a week, to get the customer the upgrade. For installing the upgrade, we must do it. The users can't install this product by themselves. That's why it takes a while. 

The solution is scalable. We are using it for 80 or 90 people. It's a variety of different positions, from engineers to accountants. 

We're changing solutions and moving to SentinelOne. We won't be increasing usage.

They are very helpful and they respond very fast. If there's any ticket open they make sure that they fix the problem the first time. I didn't face any problems with them.

Positive

We are currently moving to SentinelOne.

It is a straightforward setup. It's not overly complex or difficult. The deployment took a maximum of two hours. 

I just installed it first on one of the testing machines and I tested the software package to see if it was still working. Then I just deployed it to the users and I made sure that it was working fine. It might take one day to deploy to the users if I test the version on the test machine first.

I handled the implementation myself. 

Corporate is responsible for licensing. I don't know anything about the pricing.

We are customers and end-users. 

We're using the latest version of the solution. 

Palo Alto is a big company. They are very good at security, so it's good if it's the first time a company is using this product. However, we are moving to SentinelOne as we are corporate. That means, if there is one branch upgraded or moved to something, we must follow. We are following our corporate instructions. If I was given the choice, I would be still using Cortex XDR as it's fulfilling my need. 

I'd rate the solution eight out of ten. The downside is each time I go to the portal and I check the versions, it's outdated. You need to upgrade each month or every forty days and it's a lot.

We use it to make sure that our antivirus is up to par. 

It used to be on-prem, but now, it's completely on the cloud. In terms of the version, we've got some old endpoints that we had to manually bring up to date, but for the most part, it's up to date.

I don't have to do much monitoring with it. I don't have to have anybody manually looking at this. It gives us reports, and it lets us know if something needs to be addressed, and we can easily address it. I've been pleased with it. It's been a really good product for us.

Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them. The hash that they use is pretty comprehensive. I like WildFire. It gives us a better idea of what is a true virus and what is a false positive.

We had a problem with getting our older endpoints up to date, but their newest updates have been really good. I've been pleased with it in terms of what our needs are. It's doing what we want it to do.

We've been using it for at least three years.

It has been stable. I have not had any issues with it.

For our use, we didn't need scalability with it. It has just been working as we needed it to work.

The only time we had to deal with their support was when we had a problem with getting our older endpoints up to date. They made the upgrades and gave us the solutions on what we needed to do, and that has been working for us. 

It was pretty straightforward, and now that it does an automatic update, I don't even have to remember to update it anymore. Once a definition expires, it automatically goes in and puts in the newest definitions, and updates all the endpoints. It is way better than what it used to be.

I don't recall what the cost was, but it wasn't really that expensive.

The only thing I would advise is to get a solution for which you don't have to do a lot of monitoring. It helps when we don't have to have an extra person to manually go through and look at each endpoint to make sure things are up to date and all definitions are up to date. 

I would rate it a nine out of ten because it's a really stable platform, and it is doing everything that I need it to do. You can always have improvement, but I'm really not sure what that improvement would be.

This solution has replaced our traditional antivirus solutions; it protects our environment and safeguards our endpoints from any malware or exploitation. We are based in Azerbaijan, I'm the CISO of the company and we are customers of Palo Alto. 

We've seen benefits because the solution includes a big data approach to cyber security. All information is collected from the network, the endpoints, and the logs and analyzed by applying a big-data approach that shows up anomalies. 

I chose this solution because they constantly add new features and are very proactive about that. To my mind, signature-based antivirus is a thing of the past. These days it's machine-learning technology and behavior-based analytics features that make us more secure. XDR feels secure because of those features.

There are still a few gaps with this solution. For example, real-time, on-demand antivirus is not there. If you're looking for compliance XDR is somewhat lacking. There is also no recovery feature; if some endpoint is under attack there must be the possibility of recovering it or restoring it to a normal state. That is currently lacking in XDR. 

I've been using this solution for about two years. 

The solution is stable. 

This solution is scalable. 

We have premium Palo Alto support and they provide good service. 

The initial setup is straightforward. 

I think any XDR technology is best for protecting an environment from cyber attacks. The visibility it provides is crucial and XDR gives us that, we can see all effect vectors. 

I rate this solution eight out of 10.