I use the solution in my company to protect our clients from unknown malware and threats. We also use the tool in our environment as an antivirus, EDR, and XDR solution.
Sr. Endpoint Security Engineer at iOPEX Technologies
Real User
Top 10
2024-08-21T14:52:27Z
Aug 21, 2024
I am a tech support engineer or an endpoint security engineer who works with Cortex XDR's team itself, looking after all the support cases related to our technical stuff, specifically malware cases.
Our primary use case for Cortex XDR is endpoint detection and response (EDR) across our enterprise environment, which includes over 1000 endpoints distributed globally. We use it to monitor and protect against advanced threats, perform real-time threat hunting, and streamline incident response processes.
Network Security Engineer at a tech services company with 10,001+ employees
MSP
Top 10
2024-07-09T08:27:08Z
Jul 9, 2024
Cortex XDR mainly focuses on endpoint protection. Unlike other antivirus products, it is way more advanced. It allows you to manage your endpoints and includes advanced threat analytics and behavioral analytics. For example, it offers a behavioral analysis, the main purpose of which is to identify suspicious activity. If any application performs suspicious activities, such as changing registries or modifying other applications, Cortex XDR detects and blocks the entire application. This ensures that unauthorized actions are prevented. Another feature of Cortex XDR is its ability to mitigate ransomware issues. It creates duplicate files on the endpoint, and if any ransomware attempts to access these files, it detects and identifies the ransomware attack. Cortex XDR offers many such advanced features in its cloud platform.
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
There are GRC rules in Cortex XDR, which engage IOC very quickly. There's file detection and delay. Compared to competitors, this feature allows for selling and deleting files. We can utilize the report if the file has already been deleted. This integration enhances the system. Apart from standard policies, explicit and exploit policies provide various options. We can modify policies using profiles. We can modify the policies as we want. It also has reporting for everyone. You can customize the queue in the dashboard, and most of the features are more common among others. It has file detection. The search is very simple. The console is very user-friendly in the system. Anyone can get trained within an hour. You don't need much expertise to handle it. If someone has the proper training, he can handle it very easily.
Senior Business Development Manager at a tech services company with 201-500 employees
Real User
Top 20
2023-05-04T09:21:00Z
May 4, 2023
It is used as a device that can detect any issues and changes when people are not at work. In one case, we use it when someone is not at work or has already used their allotted time off. This helps us understand any issues that may arise when someone is not at work, which could lead to changes in the way we work.
Servicio Posventa at a security firm with 11-50 employees
Real User
Top 5
2023-02-02T21:36:10Z
Feb 2, 2023
Our clients want to correlate information they have in their network. Many engineers or companies have different tools like CMs, firewalls, VPNs, and some other things related to networks. They mentioned that after they acquired the Cortex XDR solution they have all of the information in one place. That is important because they improved the time to solve security issues.
Site administrator officer at a tech services company with 11-50 employees
Real User
Top 10
2023-01-16T17:15:26Z
Jan 16, 2023
Cortex XDR is used for monitoring and securing large numbers of endpoints, typically in the range of 5,000 to 10,000. It is considered to be an effective solution for mitigating security risks in these environments.
Our company uses the solution for endpoint protection, detection, and response. The solution has antivirus and EDR capabilities. Our SOC analysts use it to investigate incidents. We currently have 300 to 400 users with two admins for management. The solution is installed on all user laptops to protect workstations. We also implement the solution for customers as a service. Most customers buy the solution for registry reasons and compliance standards. It gives you all the compliance points and improves how your SOC functions because it provides comprehensive visibility over the entire network and endpoints. It is called XDR because it not only looks at endpoints but also network traffic. The solution is offered on Palo Alto's private network. I think the underlying provider is Google Cloud, but that doesn't really matter. You are asked the region of your instance for connection such as Europe or the Middle East.
System Engineer at a logistics company with 5,001-10,000 employees
Real User
2022-06-07T07:19:37Z
Jun 7, 2022
We're using it just to make sure that the customers, or our users, don't use any prohibited applications. We make sure that every application they use is on the allowed list. Any other application that is not only allowed is blocked until further notice. It's mainly to make sure that our organization is secure and that the software that the users are working on is secured too. This is the main reason. also to be aware and secured from any potential attack or ransomware etc.
This solution has replaced our traditional antivirus solutions; it protects our environment and safeguards our endpoints from any malware or exploitation. We are based in Azerbaijan, I'm the CISO of the company and we are customers of Palo Alto.
Information Technology Consultant at Trillennium (Pvt) Ltd
Reseller
2022-02-11T13:57:59Z
Feb 11, 2022
We are not using it for our purposes because we are a Palo Alto partner. We propose it for our customers based on their requirements. We are both a service provider and a reseller. When the pandemic first began, the use cases were mostly for remote users. We deployed this for the majority of remote users.
Information Technology Corporate Manager at a consumer goods company with 1,001-5,000 employees
Real User
2021-11-24T20:05:21Z
Nov 24, 2021
We are in the testing stage of using Cortex XDR by Palo Alto Networks. We are using it in order to ensure the corporate network servers are protected. Additionally, we need to use a specialized tool.
CyberSecurity Consultant at Information Technology Solutions- ITS
Real User
Top 20
2021-11-02T18:30:56Z
Nov 2, 2021
I have deployed some customized playbooks and modified ones which are out-of-the-box with more integration with SIEM solutions such as ArcSight, QRadar, ADRs and Trend Micro.
Relationship Manager at a financial services firm with 5,001-10,000 employees
Real User
2021-07-23T05:07:37Z
Jul 23, 2021
We use it for malicious connections from malicious websites. There might also be some payloads that might be inside the traffic. We also use it to identify malicious processes or bugs that are running on the network and any activities that tend to lead to data infiltration.
Cortex XDR is used for endpoint detection and response. This is software placed into endpoints and work in this cloud. In cloud has the analytics, login, prevention models, et cetera.
Sales Engineer at a security firm with 51-200 employees
Real User
2021-03-24T11:04:37Z
Mar 24, 2021
We use this solution to secure endpoints and to have more visibility on what is happening on the endpoints. We have two customers who are using this solution currently.
Network and Cybersecurity Consultant at a tech services company with 11-50 employees
Reseller
2021-01-27T06:34:21Z
Jan 27, 2021
We're primarily a Palo Alto shop, and we integrate solutions in the Palo Alto ecosystem. But for firewalls and threat hunting, it's all through Cortex XDR. We also compliment the Cortex XDR product with other endpoint protection solutions, like Windows Defender, or whatever the customer is using,
Security Engineer at a tech services company with 11-50 employees
Real User
2021-01-23T07:10:12Z
Jan 23, 2021
We use Cortex XDR by Palo Alto Networks for its ability to detect based on behavior rather than simple virus scan to prevent malicious activities. We also use it to go in and white list things that are okay. This way, they won't get blocked.
Vice President / Chief Technology Officer at Sinnott Wolach Technology Group
Reseller
2021-01-07T19:20:58Z
Jan 7, 2021
We use it for our own company as well for our clients. It is mainly used for protecting the endpoints. Like everybody else nowadays, we're all working from home, and we have access to data on the public cloud, private cloud, and on-prem. We got to make sure that we're not exposing our endpoints to anything out there that could be malicious and that could cause any problems within our networking environment.
Lead Consultant at a tech services company with 1-10 employees
Real User
2020-12-08T16:15:48Z
Dec 8, 2020
We are a solution provider and one of the Palo Alto products that we implement for our clients is Cortex XDR (Extended Detection and Response). It is also known as Traps, and it is mostly used for endpoint protection. For example, when remote users want to connect to their organization using a VPN, they will be protected.
Network Designer at a computer software company with 1,001-5,000 employees
Real User
2020-10-22T14:34:13Z
Oct 22, 2020
We primarily use the product as endpoint security which we have deployed on all servers and locations. This is not limited to the endpoint, however, as it has further integration with the firewalls and email solutions. Therefore, it can give us quick visibility in case there is any malicious or suspicious activity happening.
Senior System Administrator at a government with 10,001+ employees
Real User
2019-11-12T20:23:00Z
Nov 12, 2019
We use Palo Alto Traps in our Windows-based environments. Currently, it only protects our desktops and we use it in conjunction with our Check Point firewall.
We use Palo Alto Networks Traps (Version 6) to protect our endpoints against NG malware via behavior analysis, artificial intelligence and machine learning. Both the PA Traps endpoint logs, our PA firewall traffic logs and the Wildfire sandbox are used to provide immediate threat response and feed this information to the PA Threat Intelligence cloud.
So far, we have only done a PoC of Palo Alto Traps. We deployed Traps on a few devices and then did the PoC. I also attend a workshop for Palo Alto Traps. I learned how it works and how it can block malicious files, etc.
Cortex XDR by Palo Alto Networks is the first threat detection and response software to combine both visibility across all types of data as well as autonomous machine learning analytics. Threat detection very often requires analysts to divide their attention among many different data streams. This platform unifies a vast variety of data flows, which allows analysts to assess threats from a single location. Users can now maintain a level of visibility that other threat detection programs...
I use the solution in my company to protect our clients from unknown malware and threats. We also use the tool in our environment as an antivirus, EDR, and XDR solution.
I am a tech support engineer or an endpoint security engineer who works with Cortex XDR's team itself, looking after all the support cases related to our technical stuff, specifically malware cases.
Our primary use case for Cortex XDR is endpoint detection and response (EDR) across our enterprise environment, which includes over 1000 endpoints distributed globally. We use it to monitor and protect against advanced threats, perform real-time threat hunting, and streamline incident response processes.
Cortex XDR mainly focuses on endpoint protection. Unlike other antivirus products, it is way more advanced. It allows you to manage your endpoints and includes advanced threat analytics and behavioral analytics. For example, it offers a behavioral analysis, the main purpose of which is to identify suspicious activity. If any application performs suspicious activities, such as changing registries or modifying other applications, Cortex XDR detects and blocks the entire application. This ensures that unauthorized actions are prevented. Another feature of Cortex XDR is its ability to mitigate ransomware issues. It creates duplicate files on the endpoint, and if any ransomware attempts to access these files, it detects and identifies the ransomware attack. Cortex XDR offers many such advanced features in its cloud platform.
I used the solution for investigating incidents and malware analysis.
Cortex XDR by Palo Alto Networks is an antivirus tool that provides EDR and XDR.
There are GRC rules in Cortex XDR, which engage IOC very quickly. There's file detection and delay. Compared to competitors, this feature allows for selling and deleting files. We can utilize the report if the file has already been deleted. This integration enhances the system. Apart from standard policies, explicit and exploit policies provide various options. We can modify policies using profiles. We can modify the policies as we want. It also has reporting for everyone. You can customize the queue in the dashboard, and most of the features are more common among others. It has file detection. The search is very simple. The console is very user-friendly in the system. Anyone can get trained within an hour. You don't need much expertise to handle it. If someone has the proper training, he can handle it very easily.
We use the product to monitor and control all the systems. It helps us understand user behavior.
We use the product as a detection and response application.
The solution is like a next-level EDR. It can collect information from other solutions to have a global view of the risks and vulnerabilities.
Cortex XDR by Palo Alto Networks is the antivirus solution we use for Androids.
It is used as a device that can detect any issues and changes when people are not at work. In one case, we use it when someone is not at work or has already used their allotted time off. This helps us understand any issues that may arise when someone is not at work, which could lead to changes in the way we work.
We use the solution for telemetry and for its anti-virus capability.
Our clients want to correlate information they have in their network. Many engineers or companies have different tools like CMs, firewalls, VPNs, and some other things related to networks. They mentioned that after they acquired the Cortex XDR solution they have all of the information in one place. That is important because they improved the time to solve security issues.
Cortex XDR is used for monitoring and securing large numbers of endpoints, typically in the range of 5,000 to 10,000. It is considered to be an effective solution for mitigating security risks in these environments.
Our company uses the solution for endpoint protection, detection, and response. The solution has antivirus and EDR capabilities. Our SOC analysts use it to investigate incidents. We currently have 300 to 400 users with two admins for management. The solution is installed on all user laptops to protect workstations. We also implement the solution for customers as a service. Most customers buy the solution for registry reasons and compliance standards. It gives you all the compliance points and improves how your SOC functions because it provides comprehensive visibility over the entire network and endpoints. It is called XDR because it not only looks at endpoints but also network traffic. The solution is offered on Palo Alto's private network. I think the underlying provider is Google Cloud, but that doesn't really matter. You are asked the region of your instance for connection such as Europe or the Middle East.
We are using Cortex XDR by Palo Alto Networks for all of our remote users because they are not connected to our on-premise data center.
Cortex XDR by Palo Alto Networks is a network management solution.
I'm testing the product right now. I use the solution for endpoint security.
We primarily use the solution for security.
We're using it just to make sure that the customers, or our users, don't use any prohibited applications. We make sure that every application they use is on the allowed list. Any other application that is not only allowed is blocked until further notice. It's mainly to make sure that our organization is secure and that the software that the users are working on is secured too. This is the main reason. also to be aware and secured from any potential attack or ransomware etc.
This solution has replaced our traditional antivirus solutions; it protects our environment and safeguards our endpoints from any malware or exploitation. We are based in Azerbaijan, I'm the CISO of the company and we are customers of Palo Alto.
It has just been about a month.
We are not using it for our purposes because we are a Palo Alto partner. We propose it for our customers based on their requirements. We are both a service provider and a reseller. When the pandemic first began, the use cases were mostly for remote users. We deployed this for the majority of remote users.
Security correlation is our main use case.
My customer wanted to use EDR. We worked with the POC to demonstrate the antivirus and how it has more features for detecting threats.
We are in the testing stage of using Cortex XDR by Palo Alto Networks. We are using it in order to ensure the corporate network servers are protected. Additionally, we need to use a specialized tool.
I have deployed some customized playbooks and modified ones which are out-of-the-box with more integration with SIEM solutions such as ArcSight, QRadar, ADRs and Trend Micro.
My primary use of this solution is as an endpoint security client.
I use it for visibility, mitigation, and analysis of advanced threat attacks.
I use the solution for endpoint protection.
We use it for malicious connections from malicious websites. There might also be some payloads that might be inside the traffic. We also use it to identify malicious processes or bugs that are running on the network and any activities that tend to lead to data infiltration.
We use this solution to protect our computer system against threats, such as exploits and malware.
The primary use case is mainly endpoint protection.
Cortex XDR is used for endpoint detection and response. This is software placed into endpoints and work in this cloud. In cloud has the analytics, login, prevention models, et cetera.
We use this solution to secure endpoints and to have more visibility on what is happening on the endpoints. We have two customers who are using this solution currently.
We use this solution specifically in endpoint response, endpoint detection, endpoint sandboxing, and as a firewall.
We're primarily a Palo Alto shop, and we integrate solutions in the Palo Alto ecosystem. But for firewalls and threat hunting, it's all through Cortex XDR. We also compliment the Cortex XDR product with other endpoint protection solutions, like Windows Defender, or whatever the customer is using,
We use Cortex XDR by Palo Alto Networks for its ability to detect based on behavior rather than simple virus scan to prevent malicious activities. We also use it to go in and white list things that are okay. This way, they won't get blocked.
We use it for our own company as well for our clients. It is mainly used for protecting the endpoints. Like everybody else nowadays, we're all working from home, and we have access to data on the public cloud, private cloud, and on-prem. We got to make sure that we're not exposing our endpoints to anything out there that could be malicious and that could cause any problems within our networking environment.
We are a solution provider and one of the Palo Alto products that we implement for our clients is Cortex XDR (Extended Detection and Response). It is also known as Traps, and it is mostly used for endpoint protection. For example, when remote users want to connect to their organization using a VPN, they will be protected.
We mainly use it for endpoint protection, exploit prevention, and malware prevention.
We primarily use the product as endpoint security which we have deployed on all servers and locations. This is not limited to the endpoint, however, as it has further integration with the firewalls and email solutions. Therefore, it can give us quick visibility in case there is any malicious or suspicious activity happening.
This product is part of a package that makes up our security solution.
We had firewalls set up and it integrated but didn't meet with our regulations. We were using this solution for endpoint protection.
We are still in the testing stages so there is not currently any primary use case beyond the base use of endpoint protection.
I primarily use this solution for my clients. I don't use the solution myself.
We primarily use the solution for our endpoint server and endpoint protection.
We use Cortex XDR as part of our security solution.
We use Palo Alto Traps in our Windows-based environments. Currently, it only protects our desktops and we use it in conjunction with our Check Point firewall.
We use Palo Alto Networks Traps (Version 6) to protect our endpoints against NG malware via behavior analysis, artificial intelligence and machine learning. Both the PA Traps endpoint logs, our PA firewall traffic logs and the Wildfire sandbox are used to provide immediate threat response and feed this information to the PA Threat Intelligence cloud.
We used it for malware detection and to detect weird DNS calls. Overall, it was for endpoint protection.
I used the product at my previous company until November 2018.
So far, we have only done a PoC of Palo Alto Traps. We deployed Traps on a few devices and then did the PoC. I also attend a workshop for Palo Alto Traps. I learned how it works and how it can block malicious files, etc.
The primary use case is endpoint security. The product is my main endpoint, IP, and threat management.
We use it for primary endpoint protection.
Our primary use case is anti-malware and anti-exploit.
Advanced endpoint protection.