Cortex XDR by Palo Alto Networks Reviews

We use the solution for telemetry and for its anti-virus capability.

The solution allows us to make investigations. Other XDR solutions also provide similar capabilities but for investigation, Cortex XDR is better.

The product's pricing could be better.

I have been using the tool for several years.

The solution is stable. I would rate its stability a nine out of ten. 

The product is scalable. 

The technical support team is good.

The initial setup was easy.

The tool is worth its money. 

I would rate the solution an eight out of ten. 

We primarily use the solution for our endpoint server and endpoint protection.

There aren't many features we find valuable on the solution.

They have a new GUI which is just fantastic.

The solution eats memory of the computer, unlike anything I've ever seen. It eats more memory than Chrome. 

I have a lot of users that are eating my memory each hour every day and it's causing us problems. We have to go and buy more memory for each computer. When you have a lot of computers like we do, is not a very good situation.

Some of the computers are only using 4 GB of memory, so if you put aside the differences, most only have some Chrome, some internet, and Office and that's it. And yet, the memory is getting eaten.

If someone catches something like malware, or something else, I want to know if the file was spread to other machines and what the target was. I want to be able to get ahead of the spread. This solution doesn't do enough to protect us against these types of vulnerabilities or to give us much information about the spread. The tool really does need some more reverse engineering features.

There's an overall lack of features.

The initial setup could use improvement. Currently, I must go to each machine and deploy everything manually. We are in 2020, not in 1980. It seems like such a dated way of doing large deployments.

I've been using the solution for a year and a half.

When I was experimenting with stability early on, I did run into issues when testing the solution in the sandbox.

Eventually, it catches one of the executive files and if you go to the management section of the solution and you release this file, it takes seven or eight tries to do it. You need to keep trying, again and again, using the same procedures to release the file for usage. That was in the beginning and we still have this issue, even though they made a new GUI for management. It's still not resolved.

We have several hundred users.

I had some issues initially in the sandbox when I was testing scalability.

I have reached out to technical support in the past. I find dealing with them is like talking to a wall. They aren't terrible, however, you don't really get any guidance. They ask over and over to get us to send them dump files and we do over and over. After all of the back and forth, nothing is really resolved to our satisfaction. You're paying for their services, and you don't get the level of service you would expect. It's a pain point.

The initial setup was not complex. It was very straightforward.

The deployment did take a lot of time due to the fact that we had seven hundred computers. 

We simply use the solution as a customer.

I would not recommend the solution. I'd advise other companies to rather go with Palo Alto's firewall as a better option. I've already advised others not to touch it. It's not worth it at all to even consider using it.

I'd rate the solution six out of ten. Their new GUI is very nice, however, as a professional service, it's lacking in a lot of areas.

The main use case was the integration with their Palo Alto firewall and Panorama. Apart from that, they also had integration with the FIM solution that they had. Overall, having it at the endpoint and having network integration for the overall threat scenario has been where we use it.

The policy configuration is great. The granularity of policies that are available is very helpful.

It is straightforward to set up.

It has pretty much everything we need and works well within the Palo Alto ecosystem.

The GUI could be improved. It's a little bit cumbersome. It could be more user-friendly.

I've been using the solution for around two years. 

The solution is quite stable. The only hiccup we had experienced was related to some false alerts where there was no detection, yet still the product showed that it detected something. There were a few false positives. Apart from that, it is quite stable.

For cloud purposes, scaling is not an issue. Even with the on-premises deployments, we have not faced any scaling issues. 

Technical support is great. We haven't had any problems with them. 

Positive

The solution is very simple and very straightforward to set up. It's not overly difficult or complex.

I'd rate it four out of five in terms of ease of setup.

I do not deal with licensing costs. That is taken care of by our sales team.

We do hybrid deployments. For some customers, it was on the cloud and for some, it was on-prem.

It's a good solution to go with. If you are dealing with the ecosystem of Palo Alto, like Palo Alto firewall, Palo Alto Prisma Access, and Palo Alto XDR, if you have a Palo Alto ecosystem, it's a must to have Cortex XDR. Individually, it also works well. However, having Palo Alto everywhere will be a better scenario or a better fit if you want to deploy Cortex.

I'd rate the solution eight out of ten. 

It can work as a standalone solution, however, it also fully integrates with the firewall. It operates on an endpoint level and on firewall level. It's endpoint security, so there are not 35 use cases. It's pretty specific.

Overall, it's a great platform. It integrates very well with other solutions from Palo Alto and also with our vendors. 

The ease of use is excellent. 

I love the root cause analysis from Cortex, which is amazing. It's really fantastic. In a few clicks, you can just have the full root cause. 

The price is quite interesting. It's not overly expensive.

The solution is stable. 

I've found the solution to be highly scalable for enterprises. 

What would be interesting, is if it could also read IoT protocols. If they can improve on the IoT part that would be great. In general, in this area, they can still improve.

It's not an ideal choice for smaller businesses, as you need a minimum of 200 endpoints to even use the solution at all. 

The solution is quite new. I've been using it for approximately the last two years. It hasn't been that long just yet. 

There are no performance issues. It's really very stable. I haven't dealt with bugs or glitches. It doesn't crash or freeze. It's reliable. 

The product is absolutely scalable. It's an enterprise solution. However, one less positive thing about it, is that it's only from 200 users, from 200 endpoints. That's bad. What do you do with clients who have only 100 endpoints? They cannot purchase Cortex. That has to be improved, with high priority. Palo Alto is aware of that.

The pricing is quite good. It's interesting. It's not a particularly expensive option. 

We are using the Cortex Pro version of the solution. 

I'd advise users to do a proof of concept (POC) and try it out. It's amazing. 

I'd rate the solution at a nine out of ten. It's one of the top solutions on the market. We've been very happy with it so far.

My customer wanted to use EDR. We worked with the POC to demonstrate the antivirus and how it has more features for detecting threats.

It makes it easier and faster to investigate problems and incidents.

The most valuable features are that it can integrate the firewalls and determine the tendencies of the attacks.

It investigates problems and incidents quickly. Cortex is good at reducing alerts and for having a custom barrier. It's a new generation antivirus, with protection endpoints and detection response.

Cortex detects and shows what the problem is and how to resolve the problem or incident. Cortex is very easy to use and everybody can operate the solution.

It has tools for threat hunting and it has very good incident response features.

It is not easy to sell Cortex XDR, not because it isn't a good tool. Its marketing needs to be improved.

I've been using it for a year.

Setting it up is very simple.

It has a higher cost than other solutions, like CrowdStrike or Microsoft’s EDR tools, but it reduces the cost of our operations because it’s a new generation antivirus tool.

I'm rating this solution a ten out of ten because it is very good for managed threat hunting and incident response. It is the best XDR solution. It's better than other tools because it uses enterprise architecture. Everybody will find that this solution is easy to use. 

We use this solution specifically in endpoint response, endpoint detection, endpoint sandboxing, and as a firewall.

The product is mostly automated, and we do not have to make decisions. All the decisions are made by the product itself. 

We are not required to create any custom policies. 

The policies that are created are well defined in the product itself.

The most valuable feature is that you can select remote access of any machine for sandboxing.

Irrespective of whether you have the rights or not, you can still access it from the cloud.

I would like to see some sort of attachment scanning included.

Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access.

I want a plugin for email attachment scanning and email body scanning.

I have been using this solution for two years.

We are using version seven.

Scalability is not a problem with this solution.

It's a cloud setup. You can scale in and you can scale out as per the cloud.

We have close to 500 users in our company.

Technical support is very good, but it can be a problem, especially in the Gulf region.

If you do not take direct support, you have to wait for 72 hours. 

Also, direct support is a little bit costly.

We used McAfee previously. We switched because the solution is pretty automated. You don't have to manually decide on the policy.

The initial setup is pretty straightforward.

In one hour, you can deploy the entire setup and get started.

After the setup, deployment can take up to three to four days.

We had one admin test the solution and maintain it for us.

We did not use an integrator or vendor team. 

The pricing is okay, although direct support can be expensive.

It is a very straightforward product with minimum administer interference, once it is deployed.

I would rate this solution a seven out of ten.

I primarily use this solution for my clients. I don't use the solution myself.

I can call the tweak responses or other items that the customer doesn't like very easily due to the fact that this solution is on the cloud

It collects and caches and the knowledge of machine learning from different customers to take to the cloud. It makes it better to use for everybody. It allows for quick learning and updates and can, therefore, offer zero-day malware security. This sharing of metadata helps make the solution very safe.

Even the firewalls have their signatures. It takes from different resources and takes note of everything. 

The exploits and malware technology are really good. 

It's my understanding that this solution is at end-of-life.

It's hard to use as a product. It's not easy or straightforward. Especially when I deal with a government sector or other sensitive industries. They do not accept that it's so easy to share metadata outside their organization. They prefer on-prem even if it is not as powerful due to the fact that they perceive it as being more secure.

The solution can never really be an on-premises solution based simply on the way it is set up. It needs metadata to run and improve. Having an on-premises solution would cut it off from making improvements.

The deployment is pretty hard. Competitors like Trend Micro or Symantec have features on their console that make them easier to use. This solution does not offer items that would increase its usability.

Before I moved to technical sales, I handled implementation, and I remember it being very difficult. They need to improve this aspect.

The solution provides a lot of false positives. The average amount of false positives you get is 5%. It would be great if this could be lowered.

I've been using the solution for a year and a half.

Security people usually think it's a very powerful solution. However, government teams always worry about the security of the cloud and always need to send approvals. Since this solution is not a normal endpoint, it can be a bit tricky for compliance purposes.

At the same time, it does its job. It's very good at vulnerability management.

That said, it is really not really flexible to make deployments on certain platforms. It's really complicated. Sometimes the solution falls off.

We've contacted technical support in the past and they are very good. They are usually quite capable of closing the issue for us. They're also great if we're working out a new configuration or doing a completely new implementation. We're satisfied with their level of service.

The initial setup is not straightforward. It's not that it's complex per se. It's difficult. 

The IVR needs to be reached on the outside. You need to make it to the server and that's connected to the database that communicates with the agent properly. You have to push the agents and put the sensors inside the network. 

We're an integrator; we implement this solution for our clients.

We have a partnership with Palo Alto. I'm a consultant, I'm pre-sales as a technical sales engineer. I try to show the value of any product for the customer. I don't actually use the solution myself.

The solution does not have an on-premises option. It's only available on the cloud.

For XDR new users just need to make sure they have the right policies in place. The solution does offer pre-configured policies. Organizations will want to make sure it is actually fitting them in the places where they will be working best. It's important as well that they don't make it a default selection. Users need to make sure that it's really configured and whitelisted and everything fits the organization. 

I'd rate the solution eight out of ten. I'd rate it higher, however, the deployment process is poor even though the features are decent. Competitors like Carbon Black have much easier deployments.

So far, we have only done a PoC of Palo Alto Traps. We deployed Traps on a few devices and then did the PoC. I also attend a workshop for Palo Alto Traps. I learned how it works and how it can block malicious files, etc.

• It blocks malicious files. 
• It prevents attacks.
• It doesn't require many updates, it's a very light application.

Managing the product should be easier.

The stability is good but I did face one issue that I want to point out. I don't know about the new version but in the old version, sometimes not all your devices are showing properly. Sometimes they show as "inactive."

Scalability is good. You can install it on any number of devices that you are licensed for.

Technical support is good but people need better knowledge of that particular product. I don't think it's well-known in India. 

If we asked someone about using Traps they would ask, "What is Traps?" Compared to other products like Symantec and Trend Micro, Traps is not well-known endpoint protection. The engineers also don't know much about it, so Palo Alto needs to promote knowledge of this product.

I go through the vendor for support first. If the vendor doesn't resolve the issue then they log the case with Palo Alto. We haven't had any incidents that had to go to Palo Alto. Everything has been resolved by the vendor so I don't know about the direct support of Palo Alto, except that the Palo Alto firewall is a very stable brand. There's no issue.

We are using Symantec now. We were thinking of purchasing Palo Alto but because the EDR part was not there at the time, we went with Symantec which has the EDR solution. EDR is essential for our project. I think it has been announced that EDR is part of Traps now.

The initial setup was very simple. We finished the deployment within one day.

For our implementation strategy, it's cloud-based, so we installed the PoC license on the cloud and then started deploying the agent software on my laptop and mobile devices, and then we did the PoC.

We did not negotiate the price because the solution did not fulfill our requirements. But the price was fine. I don't know how it would compare with Symantec because I negotiated a lot with Symantec. I don't know what kind of negotiation I could have done with Palo Alto.

We did not check any other options. But I am going to evaluate Traps in the next year because I want to go for a Palo Alto platform, as we already have a Palo Alto firewall. If, next year, all my requirements are fulfilled, then I will definitely go for Traps.

Palo Alto Traps is good but they need to more widely promote it.