I am trying to check the solution for a new organization I have moved to. Previously, I used the older version of the solution.
Associate Director at a financial services firm with 10,001+ employees
Integration challenges highlight the need for manual workflows
Pros and Cons
- "The flexibility for creating manual workflows stands out."
- "The flexibility for creating manual workflows stands out."
- "The standard integrations are very limited, and the integrations available are not listed in the marketplace."
- "The standard integrations are very limited, and the integrations available are not listed in the marketplace. Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long."
What is our primary use case?
What is most valuable?
The flexibility for creating manual workflows stands out. Although it is time-consuming, it offers significant flexibility.
Additionally, from a ticketing point of view, the platform works very well.
What needs improvement?
The standard integrations are very limited, and the integrations available are not listed in the marketplace. Obtaining validation for integrations from Palo Alto takes around eight months, which is quite long. The solution would benefit from having more standard playbooks and templates available, as in other partners.
Currently, everything must be created from scratch. In terms of incident response automation, it is quite poor due to the lack of integration with all security tools, making manual intervention necessary.
For how long have I used the solution?
I have been familiar with the solution for almost six years.
Buyer's Guide
Security Information and Event Management (SIEM)
January 2025
Find out what your peers are saying about Palo Alto Networks, Microsoft, IBM and others in Security Information and Event Management (SIEM). Updated: January 2025.
838,713 professionals have used our research since 2012.
What do I think about the stability of the solution?
I would rate the stability of Cortex XCM as around seven to 7.5 out of ten.
What do I think about the scalability of the solution?
The solution is only rated five out of ten for scalability. Scalability heavily relies on the integration aspect. Without proper integration, scaling up with more servers is meaningless.
How are customer service and support?
The technical support from Palo Alto is very slow. It is ineffective in terms of responding to basic queries and addressing future requirements. I rate their support at four out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have moved to other products, however, I cannot disclose which ones due to a nondisclosure agreement with my company.
How was the initial setup?
The initial setup was phase-by-phase, with configuration being the most challenging part, especially moving the playbooks manually as they cannot be imported.
What about the implementation team?
There were around ten engineers involved in the installation and deployment.
What was our ROI?
There has been no return on investment.
What's my experience with pricing, setup cost, and licensing?
The product is very expensive. Additional integration and support are not provided by Cortex and must be purchased from partners. This adds to the cost and delays projects due to resource dependency.
What other advice do I have?
Overall, I rate the solution a five out of ten.
I would recommend it to organizations requiring a standardized tool for regulation purposes. It is suitable for highly regulated organizations and not for standard operations seeking automation.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Feb 21, 2025
Flag as inappropriate
Buyer's Guide
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about Palo Alto Networks, Microsoft, IBM, and more!
Updated: January 2025
Product Categories
Security Information and Event Management (SIEM) Identity Threat Detection and Response (ITDR) AI-Powered Cybersecurity PlatformsPopular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
Splunk Enterprise Security
IBM Security QRadar
Elastic Security
Securonix Next-Gen SIEM
Exabeam
Google Chronicle Suite
Sentinel
Google Security Operations
Buyer's Guide
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about Palo Alto Networks, Microsoft, IBM, and more!
Quick Links
Learn More: Questions:
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- What's The Best Way to Trial SIEM Solutions?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- RSA-EMC vs. other SIEM products?
- What Questions Should I Ask Before Buying SIEM?
- What are the pros and cons of internal SOC vs SOC-as-a-Service?
