Cortex XDR by Palo Alto Networks Reviews

My primary use of this solution is as an endpoint security client.

This product has not improved my organization - in fact, we are in the process of moving back to another product as a result of Cortex's horrible impact on system performance.

The most valuable features of this product are the management capabilities, which allow an IT organization to get quite a good picture of attempted cyber attacks, and its out-of-the-box investigation capabilities.

The product's impact on system performance is horrible, adding a lot of delays for users. 

I have been using this solution for four months.

The onboarding process was quite cumbersome. It took some time to deploy as we had to investigate about 500 cases of clients who did not get the agent immediately.

I implemented using a vendor team.

I would rate this solution as five out of ten.

We don't have many customers moving to Cortex XDR by Palo Alto Networks. But recently, we started offering them both pro and basic options. 

It's a nice product that's stable and scalable.

It would be better if they could educate the customers more. Some sort of seminars and roadshows will help educate the customers and show what the product can do. The price could be better. It would also help if they had a team for deployment and support.

The product is stable. Palo Alto only works on security, and the product by default is stable. They are releasing new features, OS, and an ML-based thing on the firewall itself, which is quite impressive. Palo Alto is quite stable compared to other competitors in the market.

It's scalable. I see whatever is written on their datasheets, and all it's real. If I talk to some other vendor and they say that they currently provide 20 Gbps reports, but when you activate it, IPSec and all, it goes to 2 Gbps. With Palo Alto, whatever is there is working, and it's scalable.

Technical support is quite good. When compared to others, I feel it's quite impressive.

The price is on the higher side, but it's okay.

I would tell potential users that it's a complete solution from Palo Alto with firewalls and all to give you more precise logs and information. Product-wise, it's top of the line. If you have investment, always go for that and go for the best solution. 

Palo Alto is one of the tech vendors that always provides top-of-the-line products. Price-wise it will be on the higher side, but it depends on how you deal with the backend support or the account manager of Palo Alto to get that discount. 

On a scale from one to ten, I would give Cortex XDR by Palo Alto Networks a seven.

The primary use case is mainly endpoint protection.

Previously, we had to install endpoint protection per machine and then scan and update. If there were any possible threats, then you would have to go manually to the machine and scan. Cortex XDR basically does that centrally and predictably.

We get notified, and if need be, we'll investigate an endpoint. For the most part, we haven't had to do a whole lot of that because most of the time, it just stops the threat before it even becomes one. So, we have more time to do day-to-day work rather than spend time chasing those endpoints.

I like the centralized console and the predictive analysis it does of malware.

It is very stable and also scalable.

It is easy to deploy and update. It does not require a lot of maintenance.

It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue. So, making exceptions would be easier and would probably be better for logging.

It would be nice if it were easier to use and if there were some free training hours.

As for additional features, I would suggest having mobile access to the console, perhaps through a mobile app for the console.

I've been using it for about three years now.

The stability is great. I think they set the standard for SDR solutions at the moment.

It's very scalable. We have it on Macs, Windows, Windows servers, and multiple flavors of Linux.

We have about 460 endpoints deployed. As far as technical users, we have a team of about 10, and that's mixed between server admins and their subsupport users.

The usage is extensive, and we've recently deployed it everywhere. We do plan on probably increasing usage because we have current consultants who use the product in order to access our systems.

I wish there could have been more live contact with technical support rather than updated tickets and possible notifications via email. When I've had live encounters, it's been amazing. Sometimes, I think they could be a little bit more responsive live wise, but for the most part, it's been good.

We previously used Sophos, and it was okay. The only thing I liked about Sophos was that it was easier to deploy to the desktop, but with Cortex XDR, once you have it already deployed, updating it is easy.

We needed something that was going to work with Macs and Linux, different products. Also, we needed something that would be more predictive versus relying on definition files that are publicly available. You don't want to be in a zero-day attack. With Cortex XDR, it's one of those where you can download any virus. It's just not going to run on your machine. Most malware products rely on a database to tell you that there's a virus file.

Sometimes, there are false positives. If it's a legit file or application that an end user is trying to download and use on their machine, it won't allow that. With Cortex XDR, however, they can download the file. It's just going to be rendered useless until you enable it and make an exception for it. It can run what identifies it and just sends you a notification saying that it's a malicious file and that it's there. It's not going to do anything to the system. That was a huge selling factor with Cortex XDR.

The initial setup is pretty straightforward. It took a couple of hours and was pretty easy to deploy.

Once it's deployed in your system, you can push updates yourself. In the case of Macs, when you get new releases you sometimes have to tweak it and then push it out manually to end users. One admin could dedicate a couple of hours a week at best because there's not much maintenance.

Palo Alto got on the phone with us and walked us through it. They were very helpful.

It's about $55 per license on a yearly basis.

Learn the product because once you deploy it and a lot of people look at it from an endpoint perspective, they get the endpoint protection instantly. However, there are other things that you need to learn more about. Once you deploy Cortex XDR, you get a subscription to a data lake, which helps you retain logs. We have Palo Alto firewalls and later on learned that we can also integrate our firewalls and get the logs.

You have a limited amount of space for log retention, but things like that are important in cases where you need to have PCI compliance or have a company policy of retaining a certain amount of logs.

So, learn all the features and ask questions, and perhaps if it's going to be something that you're going to use as an investment for your company, take a training class.

On a scale from one to ten, I would rate Cortex XDR at nine.

As with any advanced malware protection tool, it's really about the results and getting the security you need. We are end users and I'm a cybersecurity incident response analyst.

I like that the product has behavior-based detection which offers many benefits over signature-based detection. When it comes to zero day attacks and targeted attacks, signature detection is not able to detect problems. Behavior-based detection is able to detect attacks tailored specifically for your environment, or malware that doesn't yet have a known malicious signature. It's the nature of how the data is processed that makes the tool really powerful. 

The downside to the solution is that there are a large number of false positives. There are a whole lot of different things for business automated actions, and it's hard to sort through all that. Without some assistance and suppression of false positives from Palo Alto or some event triaging that you might have enabled on your SIEM, you'll continue to get the high number of false positives. It's related more to the lack of capability to easily identify and suppress false positives before they're presented to you. There needs to be a function for suppressing false positives for types of machines and not necessarily for the actual groups.

I've used this solution for close to six months while we were evaluating it. 

Since Palo Alto was giving us the proof of concept, we had direct access to them.

It takes quite a few people to set it up. I would say the biggest difference between Palo Alto XDR and something like Cisco AMP outside of the actual detection is going to be the ease of implementation. Cisco AMP only requires one person to go through all the groups and configure policies. With XDR you define groups based on types of machines and commonalities in the machines. It's not like you just send a connector to machines and they're part of that group in that policy. It means there is a whole lot more to configure on XDR.

The same things apply to anyone looking to implement any form of anti-malware agent. You really want to take the time to make sure your environment is organized and configured the way that you want it to be, because once you start getting empty policies and machines in run groups, you run into a pretty big mess. Another thing would be documentation. If you're adding suppressions or custom detections or your AOCs, keep a document which logs all the changes, because people come and go, and handing down an anti-malware tool to somebody that doesn't know how or why it was configured a certain way, could make things difficult.

It would be a tremendous amount of work for us to implement Networks in a company our size. We have a whole bunch of projects going on right now that are pretty important and since we already have that advanced malware protection tool and AMP, which we think is good, we don't necessarily think Networks is as powerful at detection. On other projects, if we were going to go ahead and turn around and move forward with Palo Alto, it would mean taking a step backwards and reimplementing an anti-malware agent that we already have. That said, my impression is that it's a really good tool and you can get a lot out of it. 

I rate this solution a nine out of 10. 

We use it for our own company as well for our clients. It is mainly used for protecting the endpoints. Like everybody else nowadays, we're all working from home, and we have access to data on the public cloud, private cloud, and on-prem. We got to make sure that we're not exposing our endpoints to anything out there that could be malicious and that could cause any problems within our networking environment.

It has absolutely improved the way our organization functions. We are more secure. It is giving us more peace of mind, and it is doing what it is doing. It has found malicious activity happening on our endpoints that probably would not have been detected if we didn't have it.

The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly.

The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that.

A little bit more automation would be nice.

We've been a reseller for Palo Alto for 13 years. I have been using it for quite a while. They had bought Cyvera for the endpoint security, which was obviously the base for Cortex XDR. I have been seeing how it actually progressed from just a straight endpoint security solution that was a little clunky at one time to a very streamlined, effective solution today.

It is stable. I haven't found any issues.

It is extremely easy to scale. We have about 20 users, and their roles stem from sales to technical, marketing, and administrative.

Palo Alto has got very good tech support. I would give them a ten out of ten.

At one time, I tried Cylance, and it just wasn't that effective for what we needed. At the time, it wasn't really an EDR solution.

The initial setup was very straightforward and easy.

Its pricing is kind of in line with its competitors and everybody else out there.

You don't have to be a Palo Alto customer to implement this solution. Some people think they have to, but no. It is a completely separate solution on its own. I would highly recommend it just because it is a complete package. It not only takes in data from your endpoint; it also takes in data from other sources that are not Palo Alto and helps to create the story about what's going on by stitching things together.

I would rate Cortex XDR a nine out of ten. It is pretty good. The reason for giving a nine is that there is always room for improvement.

We primarily use the product as endpoint security which we have deployed on all servers and locations. This is not limited to the endpoint, however, as it has further integration with the firewalls and email solutions. Therefore, it can give us quick visibility in case there is any malicious or suspicious activity happening.

The solution offers a very high-performance. 

The solution has analytics that watch patterns and trends. If there is a change in user behavior or communication, it has the ability to track that. 

The solution has a very helpful isolation feature. If any system gets compromised, with one click I can access the system and isolate it from other networks, and then go into further forensic investigation of the current threat without compromising anything else.

There are a lot of lead solutions in this space, however, Palo Alto is number one.

The initial setup is pretty easy.

The solution should enhance the ADR and reporting. As of right now, they are giving reports, which are okay, however, there are other ways to get better reporting. That is an area where I already requested that Palo Alto work on.

In reporting they should have a customizable dashboard due to the fact that C-level people don't like reporting to the IT department. They prefer to have a real-time dashboard. That kind of dashboard needs to have various customizations. 

They should extend the solution for URL filtering, as other endpoint security products are doing that already. Nowadays, users are working from home and therefore we have plenty of traffic back through the data center just for URL filtering security. If that functionality could be there in the endpoint, then we would be happy. It would ensure users working from home couldn't access malicious websites. 

We've been using the solution for one year. Before that, we were using Palo Alto Trap.

The solution is very stable. I pretty much depend on product stability. Over the last six months, we have been able to see it's that Palo Alto is more stable than most. There is no such issue in that regard. 

This is a very stable product, whether it is running on a database or email system or on any platform. It works perfectly fine.

The solution is very scalable. This is due to the fact that it is being managed through the cloud making it easy to deploy to a thousand endpoints. There is no issue at all. As long as there's enough space for the solution to expand, it can grow out to any size you need.

Technical support from Palo Alto is perfect. However, we have first-level support from a third-party. They sometimes take time to respond, which is not ideal. That said, when we get aligned with the tech support from Palo Alto, that really works well. Their level one support is with other vendors, and level two and level three support is with Palo Alto. That's how they are set up. They deal with bigger issues.

Overall, we've been pretty satisfied with technical support.

We're service providers. We offer a variety of solutions to our clients, including Palo Alto, Cisco, Microsoft, and McAfee, depending on their needs. We don't just use or recommend one particular endpoint protection product.

About a year back I implemented Cisco and Palo Alto for our customer. Cisco AMP is also a good solution while it is running with the grid, however, I have not been involved with using it for three years.

In routing and switching, Cisco is good. However, Cisco AMP, which is an endpoint security, requires you to work with many other AMP solutions from Cisco. 

My first preference would be Palo Alto and my second preference would be Cisco AMP.

The initial setup is not complex at all. It is very straightforward and very easy to implement. I implemented it for 1000 or so users, and it took only about one month to execute. Even when we were in a pandemic situation where users were at home, we did it that quickly. It is very easy to deploy.

The pricing is actually very reasonable. Palo Alto is very invested in some commercial endeavors and they have simplified their license. A team license can be used on-cloud, or on-prem. We have not faced segregation on any technologies, so a simple license gets any user anywhere without limitations. It is easy to increase the license as it's a cloud service. You just speak to your account manager and they can increase the licenses for you.

While we deal with the cloud deployment model, we've also often used the on-premises deployment.

I'd advise other companies to use the solution. It really is the best one out there.

Overall, I'd rate the solution nine out of ten. The reporting is a bit weak, and it's my understanding they are working on that. However, performance-wise and security-wise, this is the best product.

This product is part of a package that makes up our security solution.

The interface is easy to use and it is more up to date than our previous solution.

Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want.

We have been using this product for about four months.

We think that this product will help us grow. We think that it meets our needs currently, and we can grow with it over time. There 12 people in the IT department who currently manage it. 

The support is excellent. We had a couple of issues that we had to call for and I would say that they are highly rated.

Our older solution was from Fortinet. It was out of date and more difficult to use. The IT staff say that the Palo Alto product is better.

The initial setup was straightforward.

We worked with a reseller. They came in, we told them what we wanted to do and they set it up to our spec. The person who came in and helped support us was highly skilled and it worked seamlessly.

We pay about $50,000 USD per year for a bundle that includes Cortex XDR.

We evaluated Palo Alto and Trend Micro, and we opted for the Palo Alto Cortex XDR.

I don't use this product on a daily basis but we like what we have so far and I would definitely recommend it to other users.

My advice is to make sure that you have a good implementor and that the reseller you're purchasing from gives you a highly-qualified engineer.

Overall, we are happy with this product but that said, nothing does everything that you want.

I would rate this solution a nine out of ten.

We are still in the testing stages so there is not currently any primary use case beyond the base use of endpoint protection.  

Cortex has several good features that I am interested in. There is a nice Sandbox function that is very strong, there is the Traps (endpoint protection) solution, the real-time filtering of suspect linkages is good, and the automatic blocking of suspect behavior is always active and protecting the network.  

As an improvement, I would like to see enhanced connection speeds. On China's side, we need to set up a local server for the definition updates, and the performance has not been very good for the company when directly connected to the internet. We are a little disappointed with that.  

We have been using Cortex XDR (Extended Detection and Response) for around two months.  

It is stable. From the moment we installed it has been up with no restarts of maintenance until now.  

I think that this product is scalable. The testing environment we use right now has around 200 users. In the future, when we deploy it to the company we will move up to around 4,000 users.  

The technical support is okay. They have already helped us to fix the installation and then we had an issue and they were available for correction of the problem. They also have made some useful suggestions. So the support team is okay in my estimation.  

We have been exploring a similar solution. Right now I am also doing testing on Sentinel at the center. This is a similar solution. But we have only just begun testing Sentinel, so we do not really have enough experience with it to comment on the product.  

As we just started with Cortex and we are using a cloud solution, I do not have the impression that it was difficult to install and begin using.  

The setup costs are a bit higher than some other solutions. Overall it is a little bit expensive, I think. If we could get it for around a 10% discount then that would be a better price point for us.  

For our pricing plan, we are not on a subscription, so we do not have to pay every month. We have a yearly license for the product.  

The approximate amount we pay per license is around $80 per user per year.  

My suggestion for people considering this product is that Cortex is a very good total solution on the endpoints. Because I needed Cortex to work for external and internal users and devices, it helps that it is cloud-based because it is good for working in the office or other locations. So we wanted to have the total end-to-end protection including on the mobile devices, that is what we got. This product will be a good suggestion for people who need the same capability.  

On a scale from one to ten where one is the worst and ten is the best, I would rate Cortex XDR as around nine-out-of-ten. The cost is the reason it would not be higher. Nine is good but this is a very good product except for the cost.