Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Servicio Posventa at a security firm with 11-50 employees
Real User
Top 5
2023-02-02T21:36:10Z
Feb 2, 2023
One of the things that I enjoy the most is using policy extensions. It's like having host firewalls to control USB connections. I think it's a wonderful tool to restrict use when connecting to our computers.
Another important tool is Home Insights. That is an add-on to the Cortex solution. I like that because we can see all the vulnerabilities in the environment and control what assets are connected to our network.
Site administrator officer at a tech services company with 11-50 employees
Real User
Top 10
2023-01-16T17:15:26Z
Jan 16, 2023
The most valuable feature of Cortex XDR by Palo Alto Networks is its machine-learning capabilities. Additionally, there is full integration with other solutions.
Cortex covers everything I need. It's a perfect solution. Cortex provides a different level of visibility because it's an extended EDR, allowing you to grab logs from the network and firewalls. Palo Alto invented the concept of the extended EDR or XDR.
Sr. Network Engineer at a construction company with 10,001+ employees
Real User
2022-10-26T08:24:25Z
Oct 26, 2022
The most valuable feature of Cortex XDR by Palo Alto Networks is the low consumption of system resources. The solution uses a lot of AI and machine learning.
Cortex XDR can integrate the firewalls and determine the tendencies of the attacks. It's a new generation antivirus, with protection endpoints and detection response. It is very easy to use and everybody can operate the solution.
IT manager at a computer software company with 11-50 employees
Reseller
2021-09-03T16:10:43Z
Sep 3, 2021
Its ability to react to cyber data attacks is awesome. That is pretty much the use of it. What blows your mind is the ability to access your assets remotely and see what is actually going on with them. You can not only see them in a console. You can also react very rapidly to your assets that are compromised.
Vice President / Chief Technology Officer at Sinnott Wolach Technology Group
Reseller
2021-01-07T19:20:58Z
Jan 7, 2021
The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly.
The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that.
Consultant at a tech services company with 501-1,000 employees
Reseller
2020-11-24T00:53:45Z
Nov 24, 2020
It can automatically correlate events and logs, which is very helpful for an IT administrator. It can correlate different kinds of malware activities over a network, agent, or host system. You do not need to do it manually. It is a good feature.
It is also a user-friendly solution. We have deployed it on the cloud because our space does not provide any flexibility for on-premises deployment, but Palo Alto has added some flexibility to install it on-premises. It must be like the same Cortex XDR agent for all the VPN services, web filtering services, and everything else.
Senior Information Security Architect at a tech services company with 201-500 employees
Real User
2020-07-19T08:15:00Z
Jul 19, 2020
It collects and caches and the knowledge of machine learning from different customers to take to the cloud. It makes it better to use for everybody. It allows for quick learning and updates and can, therefore, offer zero-day malware security. This sharing of metadata helps make the solution very safe.
Network Manager of Cyber Defence at a government with 1,001-5,000 employees
Real User
2019-02-11T08:11:00Z
Feb 11, 2019
The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical.
Lead IT Security Analyst at a mining and metals company with 1,001-5,000 employees
Real User
2019-01-17T10:53:00Z
Jan 17, 2019
The multi-layered approach to the product gives you confidence that it will stop exploits, ransomware, worms, or viruses from compromising endpoints, essentially providing peace of mind.
We've had a significant increase in blocking with a decrease in false positives, because it's looking at how the files work, not just a list of files that it's been told to look for.
Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place.
Cortex XDR by Palo Alto Networks is the first threat detection and response software to combine both visibility across all types of data as well as autonomous machine learning analytics. Threat detection very often requires analysts to divide their attention among many different data streams. This platform unifies a vast variety of data flows, which allows analysts to assess threats from a single location. Users can now maintain a level of visibility that other threat detection programs...
If there are multiple alerts, the app will automatically create and rate an event instead of going through each one.
We can visualize and control the activities in the environment from anywhere.
The product's most valuable features are massive user and feature intelligence exploit detection.
The product has an intuitive dashboard.
The solution's most valuable feature is its ability to rapidly detect certain hardware files.
This software helps us understand any issues that may arise when someone is not at work.
Cortex XDR is a simple platform that's easy for administrators and users. You have a lot of flexibility to change or customize the features.
One of the things that I enjoy the most is using policy extensions. It's like having host firewalls to control USB connections. I think it's a wonderful tool to restrict use when connecting to our computers.
Another important tool is Home Insights. That is an add-on to the Cortex solution. I like that because we can see all the vulnerabilities in the environment and control what assets are connected to our network.
The most valuable feature of Cortex XDR by Palo Alto Networks is its machine-learning capabilities. Additionally, there is full integration with other solutions.
Cortex covers everything I need. It's a perfect solution. Cortex provides a different level of visibility because it's an extended EDR, allowing you to grab logs from the network and firewalls. Palo Alto invented the concept of the extended EDR or XDR.
The most valuable feature of Cortex XDR by Palo Alto Networks is the low consumption of system resources. The solution uses a lot of AI and machine learning.
Cortex XDR by Palo Alto Networks should be a stable solution.
It'll not slow down your system when compared to others.
The initial setup isn't too bad.
The initial setup is easy.
Palo Alto is constantly adding new features.
Monitoring is most valuable.
When the pandemic started, Palo Alto came up with many solutions, which helped with the quick shift from on-premises to the cloud.
The stability of this product is very good.
Cortex XDR can integrate the firewalls and determine the tendencies of the attacks. It's a new generation antivirus, with protection endpoints and detection response. It is very easy to use and everybody can operate the solution.
Cortex XDR by Palo Alto Networks is easy to use and does not consume a lot of hardware resources.
The integrations are out-of-the-box, as are the playbooks.
The management capabilities, allow an IT organization to get quite a good picture of attempted cyber attacks.
Its ability to react to cyber data attacks is awesome. That is pretty much the use of it. What blows your mind is the ability to access your assets remotely and see what is actually going on with them. You can not only see them in a console. You can also react very rapidly to your assets that are compromised.
One of the main benefits of the solution is its intelligence to correlate the events into an incident.
It is easy to use.
The user interface of the solution is sophisticated and straightforward.
I like the centralized console and the predictive analysis it does of malware. It is very stable and also scalable.
The solution doesn't need a high level of technical training.
Stability is one of the features we like the most.
The most valuable feature is that you can select remote access of any machine for sandboxing.
Stability is a primary factor, and then there's the ease of distribution and policy management.
The behavior-based detection feature is valuable.
The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly.
The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that.
The protection offered by this product is good, as is the endpoint reporting.
It can automatically correlate events and logs, which is very helpful for an IT administrator. It can correlate different kinds of malware activities over a network, agent, or host system. You do not need to do it manually. It is a good feature.
It is also a user-friendly solution. We have deployed it on the cloud because our space does not provide any flexibility for on-premises deployment, but Palo Alto has added some flexibility to install it on-premises. It must be like the same Cortex XDR agent for all the VPN services, web filtering services, and everything else.
The initial setup is pretty easy.
The interface is easy to use and it is more up to date than our previous solution.
It integrates well into the environment.
Being a cloud solution it is very flexible in serving internal and external connections and a broad range of devices.
It collects and caches and the knowledge of machine learning from different customers to take to the cloud. It makes it better to use for everybody. It allows for quick learning and updates and can, therefore, offer zero-day malware security. This sharing of metadata helps make the solution very safe.
They have a new GUI which is just fantastic.
The most valuable for us is the correlation feature.
WildFire AI is the best option for this product.
It's very stable. I've never experienced downtime for the ASM console or ASM core.
The stability of the solution is very good. We have about 100 users on it right now, and we use it twice a week.
We have a complete overview of all our PCs and it's very easy to handle and to use the interface. It has a lot of benefits for us.
The one feature of Palo Alto Networks Traps that our organization finds most valuable is the App ID service.
The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical.
After deploying Traps, we saw the performance of the network improve by 65 to 70 percent.
It blocks malicious files. It prevents attacks. It doesn't require many updates, it's a very light application.
If the user leaves our premises or network, Palo Alto Traps will still be on that endpoint and will still apply our policies.
The multi-layered approach to the product gives you confidence that it will stop exploits, ransomware, worms, or viruses from compromising endpoints, essentially providing peace of mind.
We've had a significant increase in blocking with a decrease in false positives, because it's looking at how the files work, not just a list of files that it's been told to look for.
Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place.