Cortex XSIAM Reviews

The primary use case for Cortex XSOAR is that it requires less management and integration effort. It automates many tasks and integrates seamlessly with other Palo Alto Networks products.

It does a better job of identifying anomalies that are more likely to be incidents of compromise without as many false positives or false negatives.

It could provide more integration with a large variety of products.

I have been using Cortex XSIAM for a year.

The product is stable.

I rate the solution’s stability a ten out of ten.

There have been no issues with the scalability. 1200 FTEs are using this solution.

As our application stack increases, the size will increase.

Splunk is too expensive and too difficult to manage. The additional costs for log ingestion for Splunk were driving the prices up.

The initial setup is straightforward compared to Splunk. It took about three months to complete.

I rate the initial setup an eight out of ten, where one is difficult and ten is easy.

Our engineers were able to do the deployment independently.

We are understaffed on the security side. The XSIAM solution from Cortex reduces and makes it feasible for us to handle incidents that we previously struggled with.

The standard licensing is positive. The number of logs ingested into Splunk was primarily driving its cost up, and that is not as much of an issue with Palo Alto as it was with Splunk.

By incorporating XSIAM, it handles and automates many manual processes but allows users to review things manually before changes are made.

There is minimal maintenance from our side.

I recommend it.

Overall, I rate the solution a nine out of ten.

Cortex XSIAM serves as a comprehensive solution that combines the functionalities of both SIM (Security Information and Event Management) and EDR (Endpoint Detection and Response) with added automation capabilities. It streamlines the entire process into a single, unified solution. Its operation involves data collection, detection, response, and integration. Unlike traditional SIMs, it doesn't only deal with logs but also collects network traffic data and information from various security controls and systems. This holistic approach allows for a more comprehensive understanding of the entire attack cycle. It excels in threat detection and has the potential for even more extensive integration in the future.

It provides a level of detection capabilities that's hard to achieve with other tools, such as traditional SIMs. The key differentiator lies in its holistic analysis, which grants it a broader perspective on the entire attack lifecycle. Unlike solutions composed of multiple integrated components, Cortex XSIAM stands out because it's built as a unified solution. It operates on a single, extensive database which enables it to excel in detecting threats and anomalies across the network and endpoints, delivering a highly effective and comprehensive security solution.

While Cortex XSIAM is making progress in terms of integration, it's not quite at the same level as some other solutions, particularly when it comes to extensive integration. The platform isn't very developer-friendly and it should provide more flexibility and ease.

I had the opportunity to use Cortex XSIAM since its launch last year. I'm fortunate to be among the early partners who had the chance to work closely with it during the initial development phase and beyond.

Due to its cloud-based nature, it has proven to be highly stable in our environment. We have experienced minimal maintenance requirements, and the software remains consistently reliable. I would give it a full score for its stability.

Cortex XSIAM is a fully cloud-based solution, making it highly scalable. I am unsure if this solution will become available for on-premises deployment due to the tool's extensive capabilities. I would only consider giving it a perfect score if it can replicate the same functionality on-premises. On a scale of one to ten, I would rate the scalability a nine.

There were instances when we encountered notifications or issues that didn't align with the provided guidance. When we reached out to the technical support team for assistance and suggestions on improving the situation, they proved to be highly helpful. It was a smooth and efficient process. They promptly addressed the issues, and the resolution steps were laid out clearly, essentially guiding us through the process step by step.

Positive

Our company deals with integrated technology solutions, so we often utilize connectors to link various external solutions. These connections range from IBM QRadar to Splunk and even encompass the entire suite of FireEye products, such as FireEye HX. Cortex XSIAM stands out as the most straightforward option, especially if your environment is cloud-centric.

It operates as a SaaS solution and its setup is straightforward. The only requirement is to deploy the broker, and it automatically connects to your integrations. It's a simple process with minimal steps involved.

The deployment process itself is simple. After you place the order, they handle the installation, which happens quickly. The more time-consuming part is setting up the integrations, particularly on the broker and related configurations. For larger environments, this complexity can be compounded, sometimes necessitating the use of multiple brokers and nodes to ensure everything operates smoothly.

The solution comes at a significant cost.

Before opting for it, it's essential to ensure that your organization is cloud-friendly because Cortex XSIAM is a fully cloud-based solution. You should also be comfortable with the idea of sharing and storing your logs in the cloud, as this might not align with every organization's preferences. I would suggest verifying that the desired controls are fully supported. The platform is still evolving in terms of integrations, as mentioned earlier. When it comes to taking action, it's beneficial to have an on-site developer or if that's not possible, consider purchasing specific services or features that meet the needs. It is crucial to develop a well-thought-out adoption strategy for such a comprehensive solution. Cortex XSIAM offers a wide range of capabilities, and realizing its full potential- might take multiple years and careful planning. I would rate it nine out of ten.

We use the product to integrate several third-party logs into the dashboard and perform micro-automation in response to incidents.

The platform's most valuable features include third-party integration for analyzing incidents across the network, forensic investigation automation, and playbooks.

There is room for improvement in expanding integrations to include more cybersecurity solutions.

I have been working with Cortex XSIAM for two years.

I rate the product stability a ten. 

We have six customers using XSIAM. They are predominantly enterprise businesses. I rate the scalability an eight. 

The technical support team can be slow in providing solutions, often requiring additional research or escalations to resolve issues.

Neutral

The documentation on deployment procedures needed to be improved and the deployment options were limited, 95% being cloud-based. It typically takes one to two weeks, though fine-tuning and integration can extend this timeframe depending on the scope.

The process involves integrating our XDR Cortex platform with the XSIAM SaaS deployment or management console, correlating the necessary information, and creating the analytics rules.

I would rate the initial setup experience as a seven.

The product cost could be considered value for money compared to other solutions in the market, though it is quite high.

I rate the pricing a nine. 

The platform's analytics capabilities are particularly effective in identifying and correlating incidents. It helps identify endpoint-based incidents.

The automation capabilities significantly improve response times by allowing us to respond to incidents from a single dashboard rather than navigating multiple dashboards.

I rate it an eight. 

The most valuable features of Cortex XSIAM are the machine learning used to identify threats, the complexity of the environment of products, and efficiency.

The solution’s pricing and technical support could be improved.

I have been using Cortex XSIAM for five years.

The solution is expensive compared to its competitors.

Users should test the solution quite massively and deeply to verify whether it really suits their needs.

You have to gather some specific knowledge to really get the profits and fully use the functionalities of the product. It's not an out-of-the-box product.

If you have used the product before and know what you want to achieve, it is easy to use the solution. However, if you are newly using the solution, you have to analyze and know what you want to achieve using this tool.

Overall, I rate Cortex XSIAM a seven out of ten.