Cortex XDR by Palo Alto Networks Reviews

We are not using it for our purposes because we are a Palo Alto partner. We propose it for our customers based on their requirements.

We are both a service provider and a reseller.

When the pandemic first began, the use cases were mostly for remote users. We deployed this for the majority of remote users.

When the pandemic started, Palo Alto came up with many solutions, which helped with the quick shift from on-premises to the cloud. We have a lot of advantages as a result.

It's a very simple implementation, and I have direct Palo Alto implementation available as well. So it's very simple. We haven't found any issues, so far the implementation is going well, I don't see any gaps.

In general, the price could be more competitive.

In Palo Alto, we also work with all product lines, including Prisma and other product lines as required. Is a mix, it's a subproduct, we work with the mix of products.

We have been working with Cortex XDR by Palo Alto Networks for two to three years.

We get updates from Palo Alto directly.

Cortex XDR by Palo Alto Networks is a stable product.

It's a scalable solution, we have not had any challenges with the scalability of Cortex XDR by Palo Alto Networks.

Our customers range from medium to large enterprise companies. The adoption rate in small businesses is much less, but the majority of our requirements come from mid-to enterprise-sized businesses.

Technical support is the best in class, in my opinion, because they have invested heavily in research and development. In terms of comparison and today's challenges, such as security and layers, Palo Alto complies with all of the challenges.

In terms of Security, we are working with a few products and a few brands.

We use Palo Alto and we also work with Barracuda. These solutions are used on the web firewall and for email protection.

We work with the entire Barracuda product line, but specifically for email protection and web filtering.

Barracuda Essentials is included with O365 protections, we work with those solutions. 

Palo Alto is part of a different vertical layer than Barracuda. It's distinct. They are very different.

The initial setup depends on the environment, but as a technology, I would say it's simple. It's not that difficult.

The length of time it takes for deployment is determined by the project and the surrounding environment. We can only determine the timeframe based on that, pinpointing a specific time period is difficult.

It does not require maintenance because regular updates and monitoring are required. So if there is anything, new patches and the like, it is done automatically, and there is no additional implementation unless there are any infrastructure changes.

In comparison to other competing products, it is based on the customer's needs and the environment. However, when compared to other products, the price is slightly higher, but when considering technology and new innovation, that is the plus I would say when it comes to being XDR.

The price could be more competitive because it is not on the price wall when you go and question Palo Alto XDR. It is present, but when compared to other competitive products, I would say it is not less expensive; however, when all of the other added values are considered, the price is reasonable.

So far, it has met all of our requirements, and it should be able to cater to a wide range of product lines.

We must first determine what their business requirements are, as well as what other technical layers we are considering, and then propose the appropriate sizing and solution.

We mostly promote Palo Alto, but it depends on the customer's needs, as well as their budget, infrastructure, and what their business requires, all of those factors come into play when recommending a solution.

When you compare it with other products, I would rate Cortex XDR by Palo Alto Networks a nine out of ten.

It's close to being rated a ten out of ten because of their level of support, and the other is the solution and the most recent technology.

It can work as a standalone solution, however, it also fully integrates with the firewall. It operates on an endpoint level and on firewall level. It's endpoint security, so there are not 35 use cases. It's pretty specific.

Overall, it's a great platform. It integrates very well with other solutions from Palo Alto and also with our vendors. 

The ease of use is excellent. 

I love the root cause analysis from Cortex, which is amazing. It's really fantastic. In a few clicks, you can just have the full root cause. 

The price is quite interesting. It's not overly expensive.

The solution is stable. 

I've found the solution to be highly scalable for enterprises. 

What would be interesting, is if it could also read IoT protocols. If they can improve on the IoT part that would be great. In general, in this area, they can still improve.

It's not an ideal choice for smaller businesses, as you need a minimum of 200 endpoints to even use the solution at all. 

The solution is quite new. I've been using it for approximately the last two years. It hasn't been that long just yet. 

There are no performance issues. It's really very stable. I haven't dealt with bugs or glitches. It doesn't crash or freeze. It's reliable. 

The product is absolutely scalable. It's an enterprise solution. However, one less positive thing about it, is that it's only from 200 users, from 200 endpoints. That's bad. What do you do with clients who have only 100 endpoints? They cannot purchase Cortex. That has to be improved, with high priority. Palo Alto is aware of that.

The pricing is quite good. It's interesting. It's not a particularly expensive option. 

We are using the Cortex Pro version of the solution. 

I'd advise users to do a proof of concept (POC) and try it out. It's amazing. 

I'd rate the solution at a nine out of ten. It's one of the top solutions on the market. We've been very happy with it so far.

I am an integrator. I deploy and implement solutions for our customers.

It is a simple platform to use.

The dashboard is good, it's very clean and very simple to read. The information the dashboard provides is very clear.

This solution is not complete enough to help us. We use a different platform that provides us with more information.

In my opinion, it is not a very complete program. I prefer to work with Carbon Black. It's a better solution as well as Cynet. For example, I use Cynet when I check installations, which provides me with more information. It is not easy to use for beginners, but it provides me with more information, which is lacking in Cortex. When it comes to core analysis, and security analysis, Cortex needs to provide more information. Cynet is a complete platform in my opinion.

We are ready to use a new solution called Deep Instinct. It's a new concept of the security platform. It's a very new company from the USA.

I would like to see a feature that allows you to check the endpoints included. I am currently having trouble checking the endpoints when using Cortex. Including this feature would benefit the platform's endpoints.

Cortex XDR by Palo Alto Networks is absolutely stable.

Cortex XDR by Palo Alto Networks is a scalable platform.

I am currently using QRadar in more than one enterprise, as well as Cynet, and Darktrace. We also use all of the Microsoft platforms with QRadar.

I have a team working on this solution. So I assisted a customer in deploying and implementing this solution. My colleague and I have formed a team. I am a SOC manager, my new role is that of a SOC manager. I don't use it directly, but I try to assist my colleague in working with more enterprises or customers. We have, I believe, five or six different IBM QRadar platforms.

We use several solutions and they are all good, but each one is different.

Cynet is a good platform, but helpful for my team because it is not simple to understand.

I would rate Cortex XDR by Palo Alto Networks a seven out of ten.

I primarily use Cortex XDR for endpoint security.

PALO ALTO CORTEX XDR brings visibility of all activity going in end point system and server. This helps us to investigate and take corrective action by blocking and allowing necessary services in the system. 

Alerts regarding the incidence happening in system and easy to block and allow the services and external device control.

An area for improvement is the remote connection for administrators - this is available in the current version but is limited as it's a command-based model rather than GUI-based.

I have been using Cortex XDR for around four months.

Cortex XDR is stable.

The product is really easy to scale.

Good support and services

Positive

Previously, I used McAfee Antivirus, Memory utilization very high which doesn't yet have virtualization or a dashboard. I found that product to be a little difficult, and it was not linked to a real solution, so I decided to go with Cortex XDR as it's one of the best XDR solutions for security.

The initial setup is a little complex because it requires a lot of preparation in terms of understanding each system and going through the documentation and dashboards.

I implemented with the help of one partner who did the basic configuration of our firewall. Deployment took approximately ten days.

Security of systems

This is a very costly product.

We have evaluated Cynet, Crowed Strike and Sentinel.

Cortex is the best solution for avoiding security breaches, malware attacks, and other kinds of security issues. I would rate this solution as eight out of ten.

We are in the testing stage of using Cortex XDR by Palo Alto Networks. We are using it in order to ensure the corporate network servers are protected. Additionally, we need to use a specialized tool.

Cortex XDR by Palo Alto Networks is easy to use and does not consume a lot of hardware resources. 

Cortex analyzes the network and users to detect additional risks and threats that the other vendor's solutions don't detect.

We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky.

The tool should have the ability to test an environment to see what percentage it is secure against threats, such as ransomware. This would allow for adjustments to be made to the network for more security. We don't have the capability to test the networks daily there should be a parameter in order to report on the healthy of the network for security vulnerabilities.

I have been using Cortex XDR by Palo Alto Networks for approximately two weeks.

Cortex XDR by Palo Alto Networks is highly stable. 

We don't have any user reports suggesting that there is a high level of resource consumption.

In regard to the scalability, the tool could have additional agents to provide a full installation in the company. This would make the installation much easier when scaling the solution, we should not have to use another tool.

The installation approach is to do it one computer at a time, but if Cotex could provide an additional tool in order for us to reach all the elements of the network would be very helpful. It should be done automatically. I understand that if the tool has the capability to analyze the network, it should be able to read the computers' elements in the network and in other ways.

The support is very efficient and professional. They have provided us with the tools and the basic elements to understand how the solution works. They have helped us prepare some specifics for our installation.

We use the Kaspersky protection solution. Kaspersky works based on blacklists, if you are on the blacklist it is working well but if you are not Kaspersky does not work.

The installation of Cortex XDR by Palo Alto Networks is easy. The setup is not complicated.

It would be a good idea for the company to provide at their website videos that are translated in Spanish related to technical skills. This would be very useful and would have a lot of value.

The world in commercial terms, speaks English, we have to understand that with tools such as this, if the solution was in other languages more companies would be able to exploit the tool. If we don't have this information in our native language, we will not use the tool to its full potential.

In terms of the cost Cortex XDR by Palo Alto Networks is very expensive because we are a Mexican company and when you translate dollars to pesos the cost is very high. The solution is very expensive for Mexican companies. I understand that they have international prices, but I do not think it offsets the price enough for many companies in countries, such as Mexico. The amount it is reduced is not a massive percentage.

I recommend that the company review the pricing model in the Latin American market. They need to determine how to impose, or how to bring a more accessible cost in order to accelerate the implementations in American countries.

We have been comparing Cortex XDR by Palo Alto Networks to Cisco solutions.

It is important to have security tools in order to review, monitoring and hunt the potential attacks. We have found in our test Cortex XDR by Palo Alto Networks to be a very good tool.

It's an efficient solution. I recommend this solution to my business partners and other companies.

I rate Cortex XDR by Palo Alto Networks a ten out of ten.

Other solutions I have used I would rate a seven out of ten. There is not something that comes close to this solution.

We don't have many customers moving to Cortex XDR by Palo Alto Networks. But recently, we started offering them both pro and basic options. 

It's a nice product that's stable and scalable.

It would be better if they could educate the customers more. Some sort of seminars and roadshows will help educate the customers and show what the product can do. The price could be better. It would also help if they had a team for deployment and support.

The product is stable. Palo Alto only works on security, and the product by default is stable. They are releasing new features, OS, and an ML-based thing on the firewall itself, which is quite impressive. Palo Alto is quite stable compared to other competitors in the market.

It's scalable. I see whatever is written on their datasheets, and all it's real. If I talk to some other vendor and they say that they currently provide 20 Gbps reports, but when you activate it, IPSec and all, it goes to 2 Gbps. With Palo Alto, whatever is there is working, and it's scalable.

Technical support is quite good. When compared to others, I feel it's quite impressive.

The price is on the higher side, but it's okay.

I would tell potential users that it's a complete solution from Palo Alto with firewalls and all to give you more precise logs and information. Product-wise, it's top of the line. If you have investment, always go for that and go for the best solution. 

Palo Alto is one of the tech vendors that always provides top-of-the-line products. Price-wise it will be on the higher side, but it depends on how you deal with the backend support or the account manager of Palo Alto to get that discount. 

On a scale from one to ten, I would give Cortex XDR by Palo Alto Networks a seven.

The primary use case is mainly endpoint protection.

Previously, we had to install endpoint protection per machine and then scan and update. If there were any possible threats, then you would have to go manually to the machine and scan. Cortex XDR basically does that centrally and predictably.

We get notified, and if need be, we'll investigate an endpoint. For the most part, we haven't had to do a whole lot of that because most of the time, it just stops the threat before it even becomes one. So, we have more time to do day-to-day work rather than spend time chasing those endpoints.

I like the centralized console and the predictive analysis it does of malware.

It is very stable and also scalable.

It is easy to deploy and update. It does not require a lot of maintenance.

It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue. So, making exceptions would be easier and would probably be better for logging.

It would be nice if it were easier to use and if there were some free training hours.

As for additional features, I would suggest having mobile access to the console, perhaps through a mobile app for the console.

I've been using it for about three years now.

The stability is great. I think they set the standard for SDR solutions at the moment.

It's very scalable. We have it on Macs, Windows, Windows servers, and multiple flavors of Linux.

We have about 460 endpoints deployed. As far as technical users, we have a team of about 10, and that's mixed between server admins and their subsupport users.

The usage is extensive, and we've recently deployed it everywhere. We do plan on probably increasing usage because we have current consultants who use the product in order to access our systems.

I wish there could have been more live contact with technical support rather than updated tickets and possible notifications via email. When I've had live encounters, it's been amazing. Sometimes, I think they could be a little bit more responsive live wise, but for the most part, it's been good.

We previously used Sophos, and it was okay. The only thing I liked about Sophos was that it was easier to deploy to the desktop, but with Cortex XDR, once you have it already deployed, updating it is easy.

We needed something that was going to work with Macs and Linux, different products. Also, we needed something that would be more predictive versus relying on definition files that are publicly available. You don't want to be in a zero-day attack. With Cortex XDR, it's one of those where you can download any virus. It's just not going to run on your machine. Most malware products rely on a database to tell you that there's a virus file.

Sometimes, there are false positives. If it's a legit file or application that an end user is trying to download and use on their machine, it won't allow that. With Cortex XDR, however, they can download the file. It's just going to be rendered useless until you enable it and make an exception for it. It can run what identifies it and just sends you a notification saying that it's a malicious file and that it's there. It's not going to do anything to the system. That was a huge selling factor with Cortex XDR.

The initial setup is pretty straightforward. It took a couple of hours and was pretty easy to deploy.

Once it's deployed in your system, you can push updates yourself. In the case of Macs, when you get new releases you sometimes have to tweak it and then push it out manually to end users. One admin could dedicate a couple of hours a week at best because there's not much maintenance.

Palo Alto got on the phone with us and walked us through it. They were very helpful.

It's about $55 per license on a yearly basis.

Learn the product because once you deploy it and a lot of people look at it from an endpoint perspective, they get the endpoint protection instantly. However, there are other things that you need to learn more about. Once you deploy Cortex XDR, you get a subscription to a data lake, which helps you retain logs. We have Palo Alto firewalls and later on learned that we can also integrate our firewalls and get the logs.

You have a limited amount of space for log retention, but things like that are important in cases where you need to have PCI compliance or have a company policy of retaining a certain amount of logs.

So, learn all the features and ask questions, and perhaps if it's going to be something that you're going to use as an investment for your company, take a training class.

On a scale from one to ten, I would rate Cortex XDR at nine.

As with any advanced malware protection tool, it's really about the results and getting the security you need. We are end users and I'm a cybersecurity incident response analyst.

I like that the product has behavior-based detection which offers many benefits over signature-based detection. When it comes to zero day attacks and targeted attacks, signature detection is not able to detect problems. Behavior-based detection is able to detect attacks tailored specifically for your environment, or malware that doesn't yet have a known malicious signature. It's the nature of how the data is processed that makes the tool really powerful. 

The downside to the solution is that there are a large number of false positives. There are a whole lot of different things for business automated actions, and it's hard to sort through all that. Without some assistance and suppression of false positives from Palo Alto or some event triaging that you might have enabled on your SIEM, you'll continue to get the high number of false positives. It's related more to the lack of capability to easily identify and suppress false positives before they're presented to you. There needs to be a function for suppressing false positives for types of machines and not necessarily for the actual groups.

I've used this solution for close to six months while we were evaluating it. 

Since Palo Alto was giving us the proof of concept, we had direct access to them.

It takes quite a few people to set it up. I would say the biggest difference between Palo Alto XDR and something like Cisco AMP outside of the actual detection is going to be the ease of implementation. Cisco AMP only requires one person to go through all the groups and configure policies. With XDR you define groups based on types of machines and commonalities in the machines. It's not like you just send a connector to machines and they're part of that group in that policy. It means there is a whole lot more to configure on XDR.

The same things apply to anyone looking to implement any form of anti-malware agent. You really want to take the time to make sure your environment is organized and configured the way that you want it to be, because once you start getting empty policies and machines in run groups, you run into a pretty big mess. Another thing would be documentation. If you're adding suppressions or custom detections or your AOCs, keep a document which logs all the changes, because people come and go, and handing down an anti-malware tool to somebody that doesn't know how or why it was configured a certain way, could make things difficult.

It would be a tremendous amount of work for us to implement Networks in a company our size. We have a whole bunch of projects going on right now that are pretty important and since we already have that advanced malware protection tool and AMP, which we think is good, we don't necessarily think Networks is as powerful at detection. On other projects, if we were going to go ahead and turn around and move forward with Palo Alto, it would mean taking a step backwards and reimplementing an anti-malware agent that we already have. That said, my impression is that it's a really good tool and you can get a lot out of it. 

I rate this solution a nine out of 10.