Cortex XDR by Palo Alto Networks Reviews

My customer wanted to use EDR. We worked with the POC to demonstrate the antivirus and how it has more features for detecting threats.

It makes it easier and faster to investigate problems and incidents.

The most valuable features are that it can integrate the firewalls and determine the tendencies of the attacks.

It investigates problems and incidents quickly. Cortex is good at reducing alerts and for having a custom barrier. It's a new generation antivirus, with protection endpoints and detection response.

Cortex detects and shows what the problem is and how to resolve the problem or incident. Cortex is very easy to use and everybody can operate the solution.

It has tools for threat hunting and it has very good incident response features.

It is not easy to sell Cortex XDR, not because it isn't a good tool. Its marketing needs to be improved.

I've been using it for a year.

Setting it up is very simple.

It has a higher cost than other solutions, like CrowdStrike or Microsoft’s EDR tools, but it reduces the cost of our operations because it’s a new generation antivirus tool.

I'm rating this solution a ten out of ten because it is very good for managed threat hunting and incident response. It is the best XDR solution. It's better than other tools because it uses enterprise architecture. Everybody will find that this solution is easy to use. 

We use Palo Alto Networks Traps (Version 6) to protect our endpoints against NG malware via behavior analysis, artificial intelligence and machine learning. Both the PA Traps endpoint logs, our PA firewall traffic logs and the Wildfire sandbox are used to provide immediate threat response and feed this information to the PA Threat Intelligence cloud.

Palo Alto Networks Traps improves our security posture and lowers risk by providing next-gen methods to combat against modern threats on all the major platforms.

The one feature that our organization finds most valuable is being able to control the USB ports on the endpoints

The MAC agent is not as robust feature-wise as the PC version. I need to control USB ports on MAC laptops and cannot. This is a MUST so I opened a case with Palo Alto and requested this feature for an upcoming update.

I would like to see more automation and self-healing for incidents that can be easily classified as malware.

No issues

Palo Alto Networks Traps features excellent protection, cost and scalability. We are a small group of 4 employees and have 2 people dedicated to deployment and monitoring of 1400+ endpoints.

Palo Alto Network's technical support is excellent. 

Since we were a Fortinet shop, we previously used the FortiClient endpoint agent. We switched to Palo alto FWs and endpoint protection because it is a more mature product with advanced next-gen capabilities not available from the Fortinet solution.

The initial setup was done by a Palo Alto certified service provider.

This product pays for itself with only one ransomware denial!

Our license runs on a monthly basis with a recurring monthly charge. If you want additional options like secure remote access with policies, that requires an additional cost. 

Palo Alto Networks Traps does not apply secure remote access to devices without policies, which we are implementing. If you want to apply more policies, like an anti-virus program, anti-malware, or configurations for using a VPN on remote connections, that would also be an additional cost. We're not doing that.

Cylance, Carbon Black, Crowdstrike, Microsoft Windows Defender ATP, Sophos, SentinelONE

On a scale from 1-10, I would rate Palo Alto Networks Traps with an eight. It is great, but I have some issues with the cost of the product license.

Cortex XDR does the stitching between a number of security domains, like email security, API security, and web security. The solution does the stitching from different sources and makes a logical incident.

We can use Cortex XDR to get the entire graph of the incidents from source to destination, and we can take remedial action. We don't need to navigate different solutions and tools or use our human intelligence to correlate all the information to make the logic. Cortex XDR entirely does it, and we can take action.

Cortex XDR should have a lightweight agent, and the agent size should not be heavy. Cortex XDR’s technical support should also be improved.

Cortex XDR should provide a feature to remove or uninstall an agent directly from the console itself without the help of an IT engineer. No one wants to do a manual installation of the agent. Everyone is looking for a solution to remove the agent from the console directly.

I have been working with Cortex XDR by Palo Alto Networks for two years.

I rate Cortex XDR a ten out of ten for stability.

I rate Cortex XDR a five out of ten for scalability.

The technical support of Cortex XDR and other OEM products is not very good. Cortex XDR's technical support does not usually respond quickly.

Neutral

I rate Cortex XDR’s initial setup an eight out of ten.

Cortex XDR’s pricing is very reasonable. I rate Cortex XDR a five out of ten for pricing.

I am using the latest version of Cortex XDR by Palo Alto Networks. Cortex XDR is usually deployed in our clients’ organization on cloud. The time it takes to deploy Cortex XDR depends totally upon the organization.

The biggest drawback of Cortex XDR is that it has a heavyweight agent. Cortex XDR would be a good product if this issue could be resolved.

Overall, I rate Cortex XDR an eight out of ten.

I primarily use Cortex XDR to protect end-users from ransomware, malware, spam, and phishing.

Cortex XDR alerts us on the dashboard when there's a threat, which allows us to restrict that user and helps secure our infrastructure.

Cortex XDR's most valuable feature is its intelligence-based dashboards.

Cortex XDR could be improved with more GUI features.

I've been using Cortex XDR for a year.

Cortex XDR is quite stable.

Cortex XDR is scalable.

Cortex XDR's technical support is really good, though their knowledge of endpoint protection could be deeper.

Positive

The initial setup was quite straightforward, and deployment took two to three days.

We used an in-house team.

Cortex XDR's pricing is ok. We pay about $20 a year for our license.

I would give Cortex XDR a rating of eight out of ten.

I primarily use Cortex XDR for endpoint security.

PALO ALTO CORTEX XDR brings visibility of all activity going in end point system and server. This helps us to investigate and take corrective action by blocking and allowing necessary services in the system. 

Alerts regarding the incidence happening in system and easy to block and allow the services and external device control.

An area for improvement is the remote connection for administrators - this is available in the current version but is limited as it's a command-based model rather than GUI-based.

I have been using Cortex XDR for around four months.

Cortex XDR is stable.

The product is really easy to scale.

Good support and services

Positive

Previously, I used McAfee Antivirus, Memory utilization very high which doesn't yet have virtualization or a dashboard. I found that product to be a little difficult, and it was not linked to a real solution, so I decided to go with Cortex XDR as it's one of the best XDR solutions for security.

The initial setup is a little complex because it requires a lot of preparation in terms of understanding each system and going through the documentation and dashboards.

I implemented with the help of one partner who did the basic configuration of our firewall. Deployment took approximately ten days.

Security of systems

This is a very costly product.

We have evaluated Cynet, Crowed Strike and Sentinel.

Cortex is the best solution for avoiding security breaches, malware attacks, and other kinds of security issues. I would rate this solution as eight out of ten.

We use it for our own company as well for our clients. It is mainly used for protecting the endpoints. Like everybody else nowadays, we're all working from home, and we have access to data on the public cloud, private cloud, and on-prem. We got to make sure that we're not exposing our endpoints to anything out there that could be malicious and that could cause any problems within our networking environment.

It has absolutely improved the way our organization functions. We are more secure. It is giving us more peace of mind, and it is doing what it is doing. It has found malicious activity happening on our endpoints that probably would not have been detected if we didn't have it.

The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly.

The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that.

A little bit more automation would be nice.

We've been a reseller for Palo Alto for 13 years. I have been using it for quite a while. They had bought Cyvera for the endpoint security, which was obviously the base for Cortex XDR. I have been seeing how it actually progressed from just a straight endpoint security solution that was a little clunky at one time to a very streamlined, effective solution today.

It is stable. I haven't found any issues.

It is extremely easy to scale. We have about 20 users, and their roles stem from sales to technical, marketing, and administrative.

Palo Alto has got very good tech support. I would give them a ten out of ten.

At one time, I tried Cylance, and it just wasn't that effective for what we needed. At the time, it wasn't really an EDR solution.

The initial setup was very straightforward and easy.

Its pricing is kind of in line with its competitors and everybody else out there.

You don't have to be a Palo Alto customer to implement this solution. Some people think they have to, but no. It is a completely separate solution on its own. I would highly recommend it just because it is a complete package. It not only takes in data from your endpoint; it also takes in data from other sources that are not Palo Alto and helps to create the story about what's going on by stitching things together.

I would rate Cortex XDR a nine out of ten. It is pretty good. The reason for giving a nine is that there is always room for improvement.

We use the solution for telemetry and for its anti-virus capability.

The solution allows us to make investigations. Other XDR solutions also provide similar capabilities but for investigation, Cortex XDR is better.

The product's pricing could be better.

I have been using the tool for several years.

The solution is stable. I would rate its stability a nine out of ten. 

The product is scalable. 

The technical support team is good.

The initial setup was easy.

The tool is worth its money. 

I would rate the solution an eight out of ten. 

We don't have many customers moving to Cortex XDR by Palo Alto Networks. But recently, we started offering them both pro and basic options. 

It's a nice product that's stable and scalable.

It would be better if they could educate the customers more. Some sort of seminars and roadshows will help educate the customers and show what the product can do. The price could be better. It would also help if they had a team for deployment and support.

The product is stable. Palo Alto only works on security, and the product by default is stable. They are releasing new features, OS, and an ML-based thing on the firewall itself, which is quite impressive. Palo Alto is quite stable compared to other competitors in the market.

It's scalable. I see whatever is written on their datasheets, and all it's real. If I talk to some other vendor and they say that they currently provide 20 Gbps reports, but when you activate it, IPSec and all, it goes to 2 Gbps. With Palo Alto, whatever is there is working, and it's scalable.

Technical support is quite good. When compared to others, I feel it's quite impressive.

The price is on the higher side, but it's okay.

I would tell potential users that it's a complete solution from Palo Alto with firewalls and all to give you more precise logs and information. Product-wise, it's top of the line. If you have investment, always go for that and go for the best solution. 

Palo Alto is one of the tech vendors that always provides top-of-the-line products. Price-wise it will be on the higher side, but it depends on how you deal with the backend support or the account manager of Palo Alto to get that discount. 

On a scale from one to ten, I would give Cortex XDR by Palo Alto Networks a seven.