We use the solution for telemetry and for its anti-virus capability.
Mdr of Presales & Customer Success Head at a financial services firm with 1-10 employees
A stable and scalable solution with good customer support
Pros and Cons
- "The solution allows us to make investigations. Other XDR solutions also provide similar capabilities but for investigation, Cortex XDR is better."
- "The product's pricing could be better."
What is our primary use case?
What is most valuable?
The solution allows us to make investigations. Other XDR solutions also provide similar capabilities but for investigation, Cortex XDR is better.
What needs improvement?
The product's pricing could be better.
For how long have I used the solution?
I have been using the tool for several years.
Buyer's Guide
Cortex XDR by Palo Alto Networks
November 2024
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
817,354 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution is stable. I would rate its stability a nine out of ten.
What do I think about the scalability of the solution?
The product is scalable.
How are customer service and support?
The technical support team is good.
How was the initial setup?
The initial setup was easy.
What was our ROI?
The tool is worth its money.
What other advice do I have?
I would rate the solution an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Digital Business Solutions Manager at Bahrain Telecommunication Company BSC (Batelco)
A stable and scalable extended detection and response platform, but it would be better if they educated their customers more
Pros and Cons
- "It's a nice product that's stable and scalable."
- "It would be better if they could educate the customers more. Some sort of seminars and roadshows will help educate the customers and show what the product can do. The price could be better. It would also help if they had a team for deployment and support."
What is our primary use case?
We don't have many customers moving to Cortex XDR by Palo Alto Networks. But recently, we started offering them both pro and basic options.
What is most valuable?
It's a nice product that's stable and scalable.
What needs improvement?
It would be better if they could educate the customers more. Some sort of seminars and roadshows will help educate the customers and show what the product can do. The price could be better. It would also help if they had a team for deployment and support.
What do I think about the stability of the solution?
The product is stable. Palo Alto only works on security, and the product by default is stable. They are releasing new features, OS, and an ML-based thing on the firewall itself, which is quite impressive. Palo Alto is quite stable compared to other competitors in the market.
What do I think about the scalability of the solution?
It's scalable. I see whatever is written on their datasheets, and all it's real. If I talk to some other vendor and they say that they currently provide 20 Gbps reports, but when you activate it, IPSec and all, it goes to 2 Gbps. With Palo Alto, whatever is there is working, and it's scalable.
How are customer service and technical support?
Technical support is quite good. When compared to others, I feel it's quite impressive.
What's my experience with pricing, setup cost, and licensing?
The price is on the higher side, but it's okay.
What other advice do I have?
I would tell potential users that it's a complete solution from Palo Alto with firewalls and all to give you more precise logs and information. Product-wise, it's top of the line. If you have investment, always go for that and go for the best solution.
Palo Alto is one of the tech vendors that always provides top-of-the-line products. Price-wise it will be on the higher side, but it depends on how you deal with the backend support or the account manager of Palo Alto to get that discount.
On a scale from one to ten, I would give Cortex XDR by Palo Alto Networks a seven.
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Buyer's Guide
Cortex XDR by Palo Alto Networks
November 2024
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
817,354 professionals have used our research since 2012.
Cloud and Security Architect at a transportation company with 51-200 employees
Robust with powerful security correlation features
Pros and Cons
- "The stability of this product is very good."
- "It's very time-consuming to log support issues and the people that answer the tickets aren't very knowledgeable."
What is our primary use case?
Security correlation is our main use case.
What needs improvement?
This product could be simpler to use. For example, the onboarding process and getting it started could be improved.
The technical support is in need of improvement.
For how long have I used the solution?
I have been working with Cortex XDR by Palo Alto Networks for one year.
What do I think about the stability of the solution?
The stability of this product is very good.
What do I think about the scalability of the solution?
Scalability-wise, this is a very good solution. We have 100 people using it across a variety of roles. It's deployed for everybody, although it's only actively used by myself and one other person.
Our company size is quite static so I don't expect that we will increase our usage.
How are customer service and support?
The technical support is not very good. I find the process difficult. It's very time-consuming to log support issues and the people that answer the tickets aren't very knowledgeable.
Which solution did I use previously and why did I switch?
I also use Sophos Intercept X.
How was the initial setup?
The initial setup is complex. On a scale of one to five, I would rate the complexity a three. It took six months to deploy.
What about the implementation team?
We implemented this product in-house.
What other advice do I have?
My advice for anybody who is implementing this product is to ensure that the project plan has appropriate troubleshooting time in it.
Overall, I'm quite happy with the product.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Manager of Cyber Defence at a government with 1,001-5,000 employees
Runs in the background and sends things directly to the cloud for sandboxing
Pros and Cons
- "The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical."
- "There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, is not user-friendly."
What is our primary use case?
We used it for malware detection and to detect weird DNS calls. Overall, it was for endpoint protection.
How has it helped my organization?
Many people here are surfing the web on Russian sites, Korean sites, Chinese sites, etc., and by definition, they download things that are not very nice. Whenever there was something fishy, most of the anti-virus solutions just wouldn't see it. We needed endpoint protection that would detect as soon as some code started doing funny things. Traps was very good at that.
What is most valuable?
The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical.
What needs improvement?
There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, was not user-friendly.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
The stability was quite good. We never had any issue with it at all.
What do I think about the scalability of the solution?
We had no issue with scalability. We deployed to 220 machines in one go with no problem. We had 130 users. Some people were using many machines. The users were mostly analysts. Ten to 20 of the users were IT people and the rest were doing analysis work on satellites. It was being used extensively, 100 percent in our case. Even the serves had it running. Everybody had Traps installed.
How are customer service and technical support?
The technical support from the consultant was very good. I don't remember having to talk to Palo Alto directly. I had an issue, but I talked to the consultant and then he escalated it.
Which solution did I use previously and why did I switch?
Before Traps we had no endpoint protection.
How was the initial setup?
The setup was not very intuitive to start with, but after you've done it once, it's really straightforward.
The first time I set it up, for one machine, it took about 15 minutes until I understood what was going on, starting from the ESM and using the deployment tool. But as soon as you've done it once, and you understand the ergonomics behind it, it goes fast.
In terms of the implementation strategy, we started with a limited number of machines and the machines of people from IT, who we knew would surf to weird places. Then we deployed a small sample to the people who go to China and Russia and places like that. After a while, while, we decided to go all the way and we used the ESM to deploy it on every machine.
The process from the planning phase until it was fully implemented took about three or four months.
What about the implementation team?
For the first installation we had a consultant, a Palo Alto dealer, consultant, and solution provider here in Madrid - Open3S. They're very good. Our experience with them was very positive. They're really competent. They really know what they're talking about. We were very happy with them.
The deployment required one or two people. Some days two people came, but normally, with one guy, it was okay.
What was our ROI?
It was more like insurance. You hope you're never going to use it, but you have it. It gave us some confidence in what people were doing because we know people were going to weird places on the web. With Traps, we were quite confident that if something wrong happened it would be detected and intercepted and deleted before it was spread around.
What's my experience with pricing, setup cost, and licensing?
When we first bought it, it was a bit expensive, but it was worth it. The licensing was straightforward.
Which other solutions did I evaluate?
We didn't evaluate any other options because we had Palo Alto as firewalls and we were quite satisfied with Palo Alto. So the consultant took the initiative to do a demo and we liked it. Due to the type of business we are in, it's very useful.
What other advice do I have?
Make sure you have a proper inventory of all the applications running. That's something we should have done to start with. We intended to do so but because we're using very strange applications to deal with satellite imagery, and it was giving us some issues. For somebody who's using the standard Microsoft Office, it's really straightforward. But if you have exotic applications, then make sure you test it before you deploy it. You will have issues.
To maintain it, the only thing you have to do is download the latest updates and install them. After that, the only maintenance you need is checking the logs every day to see what has been sent to the cloud for sandboxing and then move to the culprit machine to see what happened. It's difficult to say how many people are required for this. As soon as you get something exotic on the machine, this can take an hour, but that's not related to Traps. Traps is just telling you there's something exotic. After that, it's the time you spend doing all the malware and other analyses. As far as Traps is concerned as such, it doesn't require much maintenance. It's something you set and forget.
I would give Traps a nine out of ten. I think it's a very good application. It detected stuff that other things wouldn't detect. I'm very positive about it and was extremely satisfied with it. We had it for the reason I noted earlier. It has been replaced by something else, but I had a very good experience with it. Had we been in a Microsoft Office business - the normal applications - we never would have moved. But the people in charge of the system went to Microsoft Defender.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Presales Manager at Doyen
Easy to set up with great policy configuration and is an excellent addition to the Palo Alto ecosystem
Pros and Cons
- "It has pretty much everything we need and works well within the Palo Alto ecosystem."
- "The GUI could be improved."
What is our primary use case?
The main use case was the integration with their Palo Alto firewall and Panorama. Apart from that, they also had integration with the FIM solution that they had. Overall, having it at the endpoint and having network integration for the overall threat scenario has been where we use it.
What is most valuable?
The policy configuration is great. The granularity of policies that are available is very helpful.
It is straightforward to set up.
It has pretty much everything we need and works well within the Palo Alto ecosystem.
What needs improvement?
The GUI could be improved. It's a little bit cumbersome. It could be more user-friendly.
For how long have I used the solution?
I've been using the solution for around two years.
What do I think about the stability of the solution?
The solution is quite stable. The only hiccup we had experienced was related to some false alerts where there was no detection, yet still the product showed that it detected something. There were a few false positives. Apart from that, it is quite stable.
What do I think about the scalability of the solution?
For cloud purposes, scaling is not an issue. Even with the on-premises deployments, we have not faced any scaling issues.
How are customer service and support?
Technical support is great. We haven't had any problems with them.
How would you rate customer service and support?
Positive
How was the initial setup?
The solution is very simple and very straightforward to set up. It's not overly difficult or complex.
I'd rate it four out of five in terms of ease of setup.
What's my experience with pricing, setup cost, and licensing?
I do not deal with licensing costs. That is taken care of by our sales team.
What other advice do I have?
We do hybrid deployments. For some customers, it was on the cloud and for some, it was on-prem.
It's a good solution to go with. If you are dealing with the ecosystem of Palo Alto, like Palo Alto firewall, Palo Alto Prisma Access, and Palo Alto XDR, if you have a Palo Alto ecosystem, it's a must to have Cortex XDR. Individually, it also works well. However, having Palo Alto everywhere will be a better scenario or a better fit if you want to deploy Cortex.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager Information Technology at Avendus
Blocks malicious files, but managing the product should be easier
Pros and Cons
- "It blocks malicious files. It prevents attacks. It doesn't require many updates, it's a very light application."
- "Managing the product should be easier."
What is our primary use case?
So far, we have only done a PoC of Palo Alto Traps. We deployed Traps on a few devices and then did the PoC. I also attend a workshop for Palo Alto Traps. I learned how it works and how it can block malicious files, etc.
What is most valuable?
- It blocks malicious files.
- It prevents attacks.
- It doesn't require many updates, it's a very light application.
What needs improvement?
Managing the product should be easier.
What do I think about the stability of the solution?
The stability is good but I did face one issue that I want to point out. I don't know about the new version but in the old version, sometimes not all your devices are showing properly. Sometimes they show as "inactive."
What do I think about the scalability of the solution?
Scalability is good. You can install it on any number of devices that you are licensed for.
How are customer service and technical support?
Technical support is good but people need better knowledge of that particular product. I don't think it's well-known in India.
If we asked someone about using Traps they would ask, "What is Traps?" Compared to other products like Symantec and Trend Micro, Traps is not well-known endpoint protection. The engineers also don't know much about it, so Palo Alto needs to promote knowledge of this product.
I go through the vendor for support first. If the vendor doesn't resolve the issue then they log the case with Palo Alto. We haven't had any incidents that had to go to Palo Alto. Everything has been resolved by the vendor so I don't know about the direct support of Palo Alto, except that the Palo Alto firewall is a very stable brand. There's no issue.
Which solution did I use previously and why did I switch?
We are using Symantec now. We were thinking of purchasing Palo Alto but because the EDR part was not there at the time, we went with Symantec which has the EDR solution. EDR is essential for our project. I think it has been announced that EDR is part of Traps now.
How was the initial setup?
The initial setup was very simple. We finished the deployment within one day.
For our implementation strategy, it's cloud-based, so we installed the PoC license on the cloud and then started deploying the agent software on my laptop and mobile devices, and then we did the PoC.
What's my experience with pricing, setup cost, and licensing?
We did not negotiate the price because the solution did not fulfill our requirements. But the price was fine. I don't know how it would compare with Symantec because I negotiated a lot with Symantec. I don't know what kind of negotiation I could have done with Palo Alto.
Which other solutions did I evaluate?
We did not check any other options. But I am going to evaluate Traps in the next year because I want to go for a Palo Alto platform, as we already have a Palo Alto firewall. If, next year, all my requirements are fulfilled, then I will definitely go for Traps.
What other advice do I have?
Palo Alto Traps is good but they need to more widely promote it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head of Network and Communication Department at a program development consultancy with 10,001+ employees
The level of security I get for my endpoints and servers is extremely valuable.
What is most valuable?
The level of security I get for my endpoints and servers is extremely valuable.
How has it helped my organization?
No signature updates of the AV needed, so no old signatures. No patching, very little operational effort needed.
What needs improvement?
Performance at the endpoint is much better than with the old AV.
No signature updates needed.
Stops the attack before it is executed.
For how long have I used the solution?
Two years.
What was my experience with deployment of the solution?
No.
What do I think about the stability of the solution?
No.
What do I think about the scalability of the solution?
No.
How are customer service and technical support?
Customer Service:
Perfect.
Technical Support:Real experts.
Which solution did I use previously and why did I switch?
Yes. We switched because the footprint was heavy, the protection rate decreases and the operational costs (incidence response) were high.
How was the initial setup?
Yes, it took one hour to install the back end and the rollout was done by software deployment. Project lasted four weeks .
What about the implementation team?
In-house.
What's my experience with pricing, setup cost, and licensing?
Ask your local dealer.
Which other solutions did I evaluate?
Yes.
What other advice do I have?
If you are already a Palo Alto Networks Firewall customer you can have perfect Integration between your clients/servers and your firewalls. Automated response without supporting and APIs.
Disclosure: My company has a business relationship with this vendor other than being a customer:
EMEA IT Infrastructure Manager at a consumer goods company with 5,001-10,000 employees
Good management capabilities but has poor performance
Pros and Cons
- "The management capabilities, allow an IT organization to get quite a good picture of attempted cyber attacks."
- "Impact on system performance is horrible, adding a lot of delays for users."
What is our primary use case?
My primary use of this solution is as an endpoint security client.
How has it helped my organization?
This product has not improved my organization - in fact, we are in the process of moving back to another product as a result of Cortex's horrible impact on system performance.
What is most valuable?
The most valuable features of this product are the management capabilities, which allow an IT organization to get quite a good picture of attempted cyber attacks, and its out-of-the-box investigation capabilities.
What needs improvement?
The product's impact on system performance is horrible, adding a lot of delays for users.
For how long have I used the solution?
I have been using this solution for four months.
How was the initial setup?
The onboarding process was quite cumbersome. It took some time to deploy as we had to investigate about 500 cases of clients who did not get the agent immediately.
What about the implementation team?
I implemented using a vendor team.
What other advice do I have?
I would rate this solution as five out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Endpoint Protection Platform (EPP) Extended Detection and Response (XDR) Ransomware Protection AI-Powered Cybersecurity PlatformsPopular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Cisco Secure Endpoint
SentinelOne Singularity Complete
Fortinet FortiClient
Symantec Endpoint Security
Intercept X Endpoint
Trend Vision One Endpoint Security
Trellix Endpoint Security
Kaspersky Endpoint Security for Business
ESET Endpoint Protection Platform
Check Point Harmony Endpoint
VMware Carbon Black Endpoint
Buyer's Guide
Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which SIEM is best fit with Palo Alto Cortex XDR?
- Which product would you choose: Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks?
- Cortex XDR by Palo Alto vs. Sentinel One
- FortiXDR vs Cortex Pro - which is the best?
- Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
- How is Cortex XDR compared with Microsoft Defender?
- Which is better - Cortex XDR or Symantec End-User Endpoint Security?
- How would you compare BlackBerry Protect vs Cortex XDR by Palo Alto Networks?
- What is the biggest difference between EPP and EDR products?
- Can Cylance be used with Symantec or Kaspersky endpoint solutions without conflict?