Cortex XDR by Palo Alto Networks Reviews

My main use cases include workload protection, endpoint and perimeter protection of the environment, data center, and also the cloud.

The most valuable aspect of Cortex XDR by Palo Alto Networks for me is its integration with AI detection, where we get to know the behavioral detection based on users, traffic patterns, and different services that we consume. It's more about user and behavior analysis with upfront detection rules and automation that we can integrate with for orchestration purposes.

It's effective. We have seen multiple occasions where we were notified with the detection rule, and the SOC team engaged with us, and we took the remediation action as and when it was highlighted.

The positive impacts I see from Cortex XDR by Palo Alto Networks include a complete 360-degree view of our security posture altogether, being a uniform platform where we are ingesting logs from multiple resources. We have AI detection for different levels of user behaviors, and we integrate with the firewall engines and WAF, along with the EDRs and XDR, so that we have a complete overall security view and have gained much more confidence in it.

Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items.

The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there.

They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now.

Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.

Almost two to three years now.

Cortex XDR by Palo Alto Networks is very much stable. The thresholds we've seen on our firewall boxes at some instances reached 80% to 85%, but even at that level of utilization, we don't observe any latency or any issues reported with respect to accessing the application.

It's scalable for our workload.

It's always good. We have a dedicated customer success representative, and we get to address all our tickets with them.

For tech support, I would give close to eight or nine. Most of the cases are getting resolved well within the SLAs. There is no back and forth, and they know what we are asking for and come up with the best resolution for a solution.

Positive

We've moved to Palo Alto firewalls and VMware firewalls, so we are not using Cisco anymore.

It was straightforward since we did the deployment from scratch. Rather than fixing the firewall into the design, we did the design by handling the high-level design and documentation from scratch. It was smooth with no major issues.

It was a mix. For the POCs, we were involved, but for the actual production workload, we did consult with the CSP managers to see if we were doing things right.

Cortex XDR by Palo Alto Networks is one of the top-tier products. When you get engaged for a long-term contract, they do provide some discounts and negotiation on that. It's open for negotiation based on the business need. I would say it is definitely not a cheap product, considering how mature it is and how scalable all Palo Alto products are together. That's the price that you have to pay for using such a tool.

It's a direct purchase.

We did a couple of POCs with different vendors. SonicWall, we had FortiGate and Fortinet, and also we did some POC on cloud-native firewalls and other options.

Overall, Cortex XDR by Palo Alto Networks covers all our business needs with scalability and not much operational overhead. There is much less operational overhead and complete visibility in the environment. I would rate this product an 8.5 out of 10.

On-premises

Other

I have been using Cortex for my internship at Palo Alto, where I have used Cortex XDR and Snort tools to detect endpoint and endpoint detection. I have also used similar tools like threat intelligence management to analyze the alerts and suspicious activities. Cortex is the best tool for endpoint detection.

I have used Cortex in a specific scenario where there are certain types of threat intelligence management features. I have used it to verify hashes or domains to identify malicious activity. I also use Cortex XSOAR and Xnor to trigger playbooks that automate and gather endpoint logs, block malicious processes, and update incident tickets, showcasing end-to-end processes with automation in investigation and reducing the analysis workflow.

I have used Cortex for my internship and afterward in certain projects where I'm working with my college. In those projects, I have been using Cortex for automation through playbooks and using intelligence to prioritize the incidents. I have also practiced to understand the incident lifecycle management from detection to containment.

Cortex is deployed in my organization as part of a hybrid cloud setup, where Cortex XDR and Xnor components are primarily cloud-hosted by Palo Alto Networks. This arrangement allows for easier management and updates while integrating sensitive data sources with our on-premises systems for security and compliance reasons. The hybrid approach balances the scalability and availability of the cloud while maintaining control and data security with on-premises infrastructure.

The best features Cortex offers in my experience include its capability for detection and investigation, along with several types of threat intelligence management. It includes machine learning to easily analyze data and detect complex threats across endpoints, networks, or clouds. In playbooks, automation handles responding actions such as isolating endpoints or enriching IOCs, along with reducing mean time to detect and mean time to respond. I have used this for my SOC operations environment, discussing it with my college.

Automation and playbooks have helped me significantly. If there is a threat, detecting it used to be a lengthy process. Now, with the advancement in technology, Cortex Xnor's playbooks predefine the workflow of the automation, such as response processes, alert triggering, and enriching the context. These automations collect relevant indicators such as hashes, IP addresses, or domains efficiently and can detect and block malicious attacks with firewalls. It is very useful for eliminating workload of human errors, speeding responses for next-generation operations. Playbooks are customizable with dynamic analysis that align with organizational policies.

I think Cortex is the best tool, but there are a few points that could be added to improve it. For instance, enhancing UI simplicity and playbook flexibility are areas that could benefit from more low-code automation options for smoother integrations. AI-based alert prioritization features could enhance efficiency for SOC units.

Cortex is a very good and accurate tool, and if some other tools could be integrated, such as third-party tools including Splunk, ServiceNow, and Microsoft, it would significantly enhance usability. Improving reporting and dashboard customization, along with the addition of real-time and exportable reports, would help SOC teams greatly. APIs should be efficient, coupled with simpler low-code notebooks for customizing smart AI-based incident prioritization systems.

While using Cortex, I noticed some aspects that could be improved, such as increasing the synchronization speed between XDR and Xnor. Although the synchronization is fast, it could be enhanced to generate new alerts more quickly. There could also be more granular role-based access control for better permission management, along with built-in playbook templates for common incident types such as phishing, allowing users to deploy automations more swiftly.

I haven't used any tools before Cortex during my internship. This was my first experience with an endpoint detection tool, and I find it to be the best tool I have encountered.

In my experience, I have not faced any issues with Cortex; it functions seamlessly. There are no major downtimes reported, and the system remains reliable and efficient, with only minor sync delays under high data loads.

Cortex remains fast and responsive, even with increasing data and alerts. Although there is a slight delay during peak load, the overall performance is stable and efficient.

Cortex can handle data loads effectively, showing its scalability.

As an intern, I manage my tasks independently, utilizing the extensive resources available online to learn how to use Cortex without needing customer support.

Positive

I haven't used any tools before Cortex during my internship. This was my first experience with an endpoint detection tool, and I find it to be the best tool I have encountered.

Cortex is the only tool provided to me throughout my internship, and I believe it is an excellent choice for endpoint detection and automation. I have enjoyed a great user experience with it, making it a standout tool.

Before using Cortex, it's essential to research its features and capabilities. This knowledge aids users in becoming proficient. I advise new users to start small with playbooks, focus on data quality for XDRs, and plan integrations carefully for improved response speed and efficiency.

I believe Cortex is a great tool that everyone working in cybersecurity should try. Those who use it will fall in love with it due to its automation capabilities and the numerous helpful features it offers. I would rate this product a nine out of ten.

Hybrid Cloud

Amazon Web Services (AWS)

Our use case for Cortex XDR by Palo Alto Networks is for SIEM and XDR. We install the agents in every endpoint and we monitor those endpoints using our SIEM.

The best features of Cortex XDR by Palo Alto Networks, which I have been using for almost a year, include the very nice operating system and user interface that is so user-friendly, making it very beginner-friendly. You can learn it in less than a week, covering almost all the queries and everything. You can understand the alert very simply. It makes investigation easier and faster, which is the main highlight.

I assess the effectiveness of the AI-driven endpoint security in Cortex XDR by Palo Alto Networks and I know that we only know the risks which are found before. We don't know the risks which are coming in the future. The AI-based detection and BIOC rule detection may help in the future for detecting new threats, which will be helpful for the company.

Cortex XDR by Palo Alto Networks helps a lot with blocking sophisticated threats in real-time because we don't have to care much about the threats which are prioritized by ourselves. If we are only getting the detection and XDR detects it, it means we have to take further action. If we set the priority to block or prevent the action, it will automatically do it. This helps to save our time and allows us to do our further investigation after that.

How much faster it has become to detect and respond to threats depends on the device and defense actions, averaging around 30 minutes.

I have experienced a reduction in alert triage since integrating Cortex XDR by Palo Alto Networks because you can configure the rules and fine-tune them according to the alerts we get. This will be very helpful to prevent false positives. It is very easy to fine-tune in XDR and will take around 15 to 20 minutes if you understand the concept. This can actually prevent the flooding of alerts and will be helpful for triaging the most prioritized alerts.

Implementing Cortex XDR by Palo Alto Networks has had a significant impact on my security analyst workload because it becomes much easier. If you are installing something like an antivirus, it cannot actually prevent us from accessing the endpoint through our computer. Cortex XDR actually helps to access the computer very easily in a short time. The tool is actually really fast and connects very quickly if you want to access the system. It detects and prevents according to the BIOC rule very well, and we get the alert as well. Then we can do the further investigation using that alert. The UI is very simple, and you can connect and check whatever you want in another device. In our company, we mostly depend on XDR.

Cortex XDR by Palo Alto Networks saves me a lot of time because when we get the alert in some other tools, we used to check the alerts using XDR. It only takes a simple time to check the endpoint and determine what activities are going on with XDR. You don't have to get the user's laptop or approach the user at all. You can actually do it from your device very easily. This actually saves a massive amount of time per day.

Last week, the UI of Cortex XDR by Palo Alto Networks actually changed, so I am learning the new UI. I didn't use the UI much, so I'm not aware of the new UI yet. But I think they updated almost all the misconfigurations and everything, making it more easy to use and more beginner-friendly. I don't have any suggestions for improvement as it is already the best.

I have been using Cortex XDR by Palo Alto Networks for the past eight months.

I rate the stability of Cortex XDR by Palo Alto Networks at 8.

For scalability, I confidently rate it a 10.

I haven't contacted the XDR team yet for technical support. It is actually the work of the Endpoint Security team, which is another department. I work in SOC, so the Endpoint Security team contacts the XDR team and connects with them to fix issues. In my case, I have faced issues with XDR two or three times, and they are fixed in around 5 to 10 minutes. I think we can rate this an 8 out of 10.

When I compare Cortex XDR by Palo Alto Networks with other solutions or vendors, I have tried configuring Wazuh(Not an XDR but can be used for endpoint security) agent and found that the UI of other agents feels much harder. In this case, Cortex XDR feels simpler, more normal, and more straightforward as an application UI. Other device solutions' UI feels more old and outdated. It feels more outdated and a bit hard. In this case, it is simpler and much easier to use.

I am not actually aware of how Cortex XDR by Palo Alto Networks is deployed, but we usually install the agents from our IT team. When we get the laptop itself, the IT team installs the agent on each endpoint and it is linked to our ticketing system. We get tickets in our ticketing system using the simple SOAR.

The admin access of Cortex XDR by Palo Alto Networks is with the security team only. There are around many employees in our organization, and for each endpoint, we have installed the XDR. In our cloud instances, everything, we installed the XDR agents. Cortex XDR by Palo Alto Networks is mainly used by us, the security team, mainly around (confidential) N number of people.

Cortex XDR by Palo Alto Networks does require maintenance, but it is mostly done by us itself because of the fine-tuning. The platform security actually maintains Cortex XDR by Palo Alto Networks and they contact the XDR people and do the monthly maintenance.

We are deploying Cortex XDR by Palo Alto Networks on every device, actually. Every device includes Mac, Windows, and Linux.

I would recommend Cortex XDR by Palo Alto Networks to other users, especially if the user has a big MNC or big company. If he is using a smaller company, he can depend on some other tools because Cortex XDR by Palo Alto Networks is a bit expensive. I have given this review a rating of 9.

On-premises

Other

Our main use case for Cortex XDR by Palo Alto Networks is to manage most of the clinics in the healthcare sector because we acquire a lot of clinics in Ontario and throughout Canada. When we acquire our clinics, we have to enter user devices into our network. At that time, we install Cortex XDR by Palo Alto Networks in their devices to determine if any malicious activities are running on their devices. We have to be 100% sure before we connect their devices into our network. That is why we are using Cortex XDR by Palo Alto Networks to avoid any incidents in our network.

The main function of Cortex XDR by Palo Alto Networks is to prevent any malicious activities that occur on end devices. Beyond that, sometimes I have to add an exception. For example, sometimes our developers team develops some of the healthcare sector applications. At that time, Cortex XDR by Palo Alto Networks behavior analysis detects it as malicious because those applications sometimes acquire user privileges. At that time we have to whitelist those hash files or sometimes the path. Those are uses that I employ for my day-to-day work.

Cortex XDR by Palo Alto Networks offers simplicity and is easy to manage through the GUI.

If you want to add whitelisting to avoid any false positive scenarios with Cortex XDR by Palo Alto Networks, we can easily right-click and add the whitelist for those hash files or perform any whitelisting. It is quite simple operationally.

I can say that Cortex XDR by Palo Alto Networks is doing a very good job because we are acquiring so many clinics, and some of the clinics actually run without any XDR application. In those scenarios, we have to install Cortex XDR by Palo Alto Networks and sometimes we figure out that some malicious applications have been running on those devices. Because of that, we have been able to identify those applications and clean their devices to keep our environment safe.

In that case, I can say that Cortex XDR by Palo Alto Networks has helped me communicate security value or risk reduction to leadership and executives because most of the time we show our dashboard to our top management. Sometimes our SOC team extracts reports showing how many incidents have occurred during the past month. We have different kinds of reports and dashboards to show our management.

I saw one improvement needed for Cortex XDR by Palo Alto Networks. I feel that it should not be a licensed activity because a feature should allow us to see applications running on end devices. However, Cortex XDR by Palo Alto Networks provides it under license for that feature. I feel that it should be added as a free feature because it is more of a concern about applications.

I have been using Cortex XDR by Palo Alto Networks for around two years now.

Cortex XDR by Palo Alto Networks is cautiously stable.

Most of the time we put end devices on auto-update, so there is nothing to worry about. It is automatically updated.

We have not faced any issues with the scalability of Cortex XDR by Palo Alto Networks so far.

Customer support for Cortex XDR by Palo Alto Networks is excellent. I have opened a couple of TAC cases. Most TAC cases are enrolled and resolved within a couple of hours. The support team is quite responsive and quite effective.

I am not sure which solution our current company was using before Cortex XDR by Palo Alto Networks. I have no idea about whether my company evaluated other options before choosing Cortex XDR by Palo Alto Networks.

When I joined this company, Cortex XDR by Palo Alto Networks was already deployed. I do not have any idea about what challenges they were facing before they deployed Cortex XDR by Palo Alto Networks. I do not have any idea about how long it took my team to start seeing meaningful value from Cortex XDR by Palo Alto Networks after deployment, because it was deployed before I joined this company.

Our SOC team has a monitoring team for Cortex XDR by Palo Alto Networks detection. They are the team who monitor the system. Once they monitor and identify any issue, they contact our team. Then we determine if we need to add any whitelisting or handle any false positive action, and we respond accordingly.

I can highlight that we have not faced any security incidents with Cortex XDR by Palo Alto Networks. Our environment is quite dynamic. Even though our environment is dynamic, we have not faced any security incident with Cortex XDR by Palo Alto Networks until now.

I can say that on the employee side, with Cortex XDR by Palo Alto Networks, we need only fewer employees. In Cortex XDR by Palo Alto Networks, most of the remediation is automated and the accuracy is quite good. We do not need a huge staff to manage 8,000 devices.

The decision for Cortex XDR by Palo Alto Networks pricing, setup cost, and licensing was made by our top management, not from our side. We make a decision for technical feasibility and the security side. We recommend the device to them, and then the pricing decision is taken by our top management.

We had some review about whether we were going to move to a different XDR platform for Cortex XDR by Palo Alto Networks, but in that scenario, my recommendation was to stay with the same XDR because we have not had any issues with Cortex XDR by Palo Alto Networks. Why would we change without any issues with Cortex XDR by Palo Alto Networks?

I mentioned which improvements were needed for Cortex XDR by Palo Alto Networks, and I have nothing further to add at this time.

I can say that compared to other products, Cortex XDR by Palo Alto Networks is quite easy and effective because I have used a couple of different XDR solutions such as SentinelOne.

We do not know about the cloud provider for Cortex XDR by Palo Alto Networks. It is provided by Palo Alto Networks. We do not have any information about it, and we cannot see which cloud provider is used from their back-end side. We just get the console. We do not have any back-end access activity. We do not know which cloud provider is used for hosting the Cortex XDR by Palo Alto Networks console.

Our SOC team has a monitoring team for Cortex XDR by Palo Alto Networks detection. They are the team who monitor the system. Once they monitor and identify any issue, they contact our team. Then we determine if we need to add any whitelisting or handle any false positive action, and we respond accordingly.

Public Cloud

Other

Cortex XDR by Palo Alto Networks provides better network visibility for our organization. The telemetry that we look for in EDR was missing from our previous solution. When we ingest and start working with Cortex XDR by Palo Alto Networks, that problem was resolved.

Cortex XDR by Palo Alto Networks definitely helps my security team significantly. The network telemetry and stitching capability is very good, so we don't have to work with multiple alert fatigues. After fine-tuning, the analysis and everything is very impressive.

The best feature of Cortex XDR by Palo Alto Networks is the simplicity of the query languages. You can easily query the languages and everything associated with them. The second thing is the broadness; we can get the telemetry of network devices as well, which is phenomenal, and the ease of using that particular tool is exceptional compared to other tools. Cortex XDR by Palo Alto Networks makes threat hunting activities very easy to use.

The major outcome achieved by my company with Cortex XDR by Palo Alto Networks is that the dwell time of identifying a threat or any incident got minimized. In one single alert, we are getting the network telemetry, endpoint telemetry, email security telemetry, and proxy telemetry all in one single ticket, making it very easy. This helps us reduce alert fatigue and duplicates.

Cortex XDR by Palo Alto Networks definitely helps my company reduce risks and communicate security values. The dwell time got minimized, which is why we are definitely saving ourselves from risks and threats from zero days and many open vulnerabilities.

A potential area of improvement for Cortex XDR by Palo Alto Networks is the cost.

When talking about functionality, they are already working on improvements. They have already completed or added all the details in XIM. If you see XIM, it's a culmination of three products: Cortex XDR by Palo Alto Networks, XDR plus XSOAR. On top of it, they are providing ASM technologies, which is quite good, but the only factor is the cost.

I have been working with Cortex XDR by Palo Alto Networks for more than two years, and my overall experience spans more than four years.

I would rate the stability of Cortex XDR by Palo Alto Networks somewhere around nine, maybe eight, between 8.5 to nine.

The scalability of Cortex XDR by Palo Alto Networks is also an 8 to 9.

For technical support, it depends on the package and license you are taking. Asia Pacific support is not that good, but when you get engineers from the US or Israel, they are better than the others.

Response time depends on the ticket we are raising, and it is good.

Technology-wise, Cortex XDR by Palo Alto Networks is good. Overall performance-wise, if you look at the dwell time and all those details, CrowdStrike excels. SentinelOne is also nearby, but there's a very thin line of difference among all three vendors.

The initial setup for Cortex XDR by Palo Alto Networks is not that difficult, but you need some training and all those elements.

In XDR specifically, it is very easy to install. The reason behind it is that it is using the same agent, which can be pushed via Intune, XSOAR, or XDR. Anything is fine, so nowadays, any XDR or EDR product is very easy to use and implement in the environment. We just have to be very cautious while adding the policies.

We are also handling the reselling part; we are a partner and provide MSSP services with Palo Alto Networks.

Usually, it takes us three months to get live with Cortex XDR by Palo Alto Networks, but it can take three to six months depending on how critical the infrastructure is and how easily they give access.

Based on my experience, a main competitor for Cortex XDR by Palo Alto Networks would be CrowdStrike and SentinelOne.

If I compare the three vendors, I think overall experience-wise, CrowdStrike is the best.

I would definitely recommend Cortex XDR by Palo Alto Networks. I would rate this product 8.5 out of 10.

Public Cloud

Google

Cortex XDR by Palo Alto Networks is being used for anti-malware purposes, investigation, and device control. Cortex XDR by Palo Alto Networks blocks sophisticated threats in real time effectively, generating alarms on the dashboard, sending emails, and providing excellent threat detection assistance while integrating with the firewall to isolate users within the environment.

The threat chain, the investigation process, and device control are the most valuable features in Cortex XDR by Palo Alto Networks. Detection is very good because malware is detected before it activates in the system, making it a very good product. Cortex XDR by Palo Alto Networks is an AI product that has no signature available inside, so everything is based on AI, machine learning, and behavior analysis, which are all very good for reducing risk in the organization.

The most beneficial aspect of Cortex XDR by Palo Alto Networks was when it was first installed in the environment, where there were too many infected and compromised systems. After installing this solution, it identified, blocked, and provided the complete attack chain, which was very helpful. A previous product was not detecting anything, and after installing Cortex XDR by Palo Alto Networks, the experience has been very good.

Cortex XDR by Palo Alto Networks is a very good product, but financially, it is very expensive, so the company should look into that area.

I have been working with Cortex XDR by Palo Alto Networks for about a year and a half.

The setup process for Cortex XDR by Palo Alto Networks is very simple.

Cortex XDR by Palo Alto Networks can be expanded anytime by purchasing another license without any issues related to scalability.

The technical support from Palo Alto deserves a mark of ten because they reach out within an hour whenever assistance is needed.

Positive

Trend Micro was previously used before replacing it with Cortex XDR by Palo Alto Networks.

The configuration process for relevant search in the platform is done by other people as I am heading the security department.

The setup process is done in-house without the need for integrators or consultants for security products.

Cortex XDR by Palo Alto Networks has a very light footprint, so it does not impact the security analysis workload at all.

Cortex XDR by Palo Alto Networks was compared with Kaspersky, Trend Micro, and Bitdefender during the evaluation process. Cortex XDR by Palo Alto Networks was chosen because, during the POC, it was the only product that detected and blocked threats among various modified samples that were tested.

Cortex XDR by Palo Alto Networks is working to reduce the number of risks. A reduction in alert triage time has been noticed. The alert triage time is reduced, and since Cortex XDR by Palo Alto Networks is an AI product, it integrates with the gateway, sharing threat information between Cortex XDR by Palo Alto Networks and the Palo Alto firewall. Cortex XDR by Palo Alto Networks is also used as an end user. There is absolute satisfaction with the functionality of Cortex XDR by Palo Alto Networks, with no issues, and another best-in-industry product was removed for installation. Cortex XDR by Palo Alto Networks was purchased through a partner. This review has an overall rating of eight.

Hybrid Cloud

Other

There are many clients' use cases for Cortex XDR by Palo Alto Networks, including endpoint protection, the managed service for some resellers who are using it to boost their managed service solutions, and protection reaction.

Cortex XDR by Palo Alto Networks is specifically designed to prevent zero-day attacks. The design of the solution is completely different from other vendors because it is based on the detection of exploit techniques used by attackers. While other vendors are trying to reduce the mean time to respond when an attacker is present, Cortex XDR by Palo Alto Networks aims to prevent zero-day attacks that are becoming more common due to the usage of AI. The reactive approach used by competitors exposes customers to being attacked and exfiltrated more easily. Cortex XDR by Palo Alto Networks can prevent this by design.

Another aspect is that Cortex XDR by Palo Alto Networks is part of an ecosystem of Palo Alto, providing customers with a long-term vision to modify and redesign how security is applied in their company. Palo Alto is probably one of the few vendors that has developed a real platform where the products are not separate identities but part of a unique platform, exchanging data and information natively. Starting from a small piece, a customer can attain the full picture of the Palo Alto product set smoothly.

Cortex XDR by Palo Alto Networks helps to communicate security value or risk reduction to leadership executives primarily due to its effectiveness in working on exploits natively, thereby dramatically reducing the possibility of zero-day attacks. The second risk reduction comes from being part of an ecosystem, which significantly reduces blind spots. By adding modules from Palo Alto's framework, you have the full set of features and coverage for the customer. This also affects operational costs and integration issues between different tools. The massive usage of AI by Palo Alto is something they have been investing in since 2015, which gives them a significant edge. Palo Alto retrieves metadata and information from each customer installation to create a clear picture of what is happening on the internet on a daily basis, processing around 100 petabytes of data each day. This substantial data volume improves the system's ability to proactively respond to attacks.

Cortex XDR by Palo Alto Networks has been designed for a SOC-led service partner environment. If you have this kind of environment, it is the right product for the right place. It is less a next-gen antivirus, as other solutions in the market work more as an evolution or a next-gen antivirus. They require a lot of post-processing by an operator or SOC analyst. In Palo Alto, the solution has been designed to be used by a SOC analyst. Where the SOC analyst is not present, it is having a very good Ferrari without having the wheels.

The negative aspect I see is the economic model used by Palo Alto.

The reason is that the minimum license model is 200 licenses per user, per company, or tenant, and it is not really applicable to Italy, where many companies have less than 200 users. The second area for improvement is the lack of a real MSSP model, which would involve a pay-as-you-go approach on a monthly basis where the reseller buys a certain number of licenses without needing to manage where those licenses are allocated.

The two major areas for improvement are the MSSP model and the economic model. The minimum license of 200 is too high. I understand that Palo Alto is mainly an enterprise-led company and wants to approach the mid-market, but they need to reduce the number of licenses to 50, which could be a good threshold. Below 50, I would not care about these customers, as they are too small and managing them involves more effort than potential gain.

When you have at least 200 users, the price of Cortex XDR by Palo Alto Networks is fine, but if you only have 50 users, you are out of the market.

Since 2021, I have been working with Cortex XDR by Palo Alto Networks.

Cortex XDR by Palo Alto Networks is pretty stable.

The scalability for Cortex XDR by Palo Alto Networks is not an issue; it is super scalable and easy to scale up or out.

In general, I think Palo Alto is experiencing some growing pains in terms of support quality, which is not exceptional at the moment. They have delegated a lot of customer management responsibilities to distributors, so when I sell a Palo Alto solution, I also sell support services from Westcon, not from Palo Alto, to alleviate pressure on their support.

If I were to rate support from zero to ten, I would give it a five because I think it is currently overloaded.

The deployment procedure for Cortex XDR by Palo Alto Networks requires a certain level of know-how. It is not about the installation itself, but the configuration is so powerful that you need to understand the environment where it is installed. If not carefully managed, you may inadvertently block solutions that should be permitted.

Compared to others, I think Cortex XDR by Palo Alto Networks at the moment has the best performances in the market. The MITRE framework states that. The comparable solutions are CrowdStrike, for example, and Cynet, but unfortunately in Italy, Cortex XDR by Palo Alto Networks is not well awarded by the end user or the partners due to the economic model applied by Palo Alto, because Cortex XDR by Palo Alto Networks is mainly an enterprise-led product and not for PMI. PMI are small companies, and as you see in Italy, our market is mainly led by PMI.

When comparing Cortex XDR by Palo Alto Networks to competitors such as CrowdStrike, it seems their model can scale down more easily than Palo Alto's. CrowdStrike has an MSSP program that allows them to cover a broader market than Palo Alto. Regarding Cynet, I do not have a clear picture of their pricing model, but I have heard it is a good product. The EDR and XDR market is very crowded today, so competition is strong.

At the moment, Palo Alto is slightly defocusing on Cortex XDR by Palo Alto Networks because they launched a platform called Cortex XSIAM, which includes the functionalities of Cortex XDR by Palo Alto Networks inside an autonomous SOC, so a SOC with AI-driven intelligence where human intervention is minimized.

Currently, I do not have specific figures, but if you look at reports such as the Verizon Data Breach Investigations Report, you can find that the mean cost of an attack is significant for a company.

The time it takes to start seeing value from the product after deployment is finished is not clear; it depends on the customer and the market they are in. For example, if a customer is in the defense market producing tanks, the risk of an attack is very high, so it is critical to not afford even one attack. However, if a customer is selling screws, the revenue may be high, but the risk of an attack is low, which changes how quickly they recognize value.

What eventually convinces a customer to choose the product is sometimes through a proof of concept; sometimes I find myself in a situation where there is an attack already present.

AWS for me is more a channel for reselling than for deployment, because the cloud solution is provided by Palo Alto. You have an instance on their cloud, which can be installed anywhere, so the main concern is about configuring the cloud instance rather than installing on a specified cloud.

We are partners with Amazon, and we are starting to interact with AWS Marketplace.

Considering the fact that there is an issue with the economic model, I would give the product an eight overall rating.

Public Cloud

Amazon Web Services (AWS)

My clients primarily use Cortex XDR by Palo Alto Networks for the purpose of replacing existing signature-based antivirus on laptops. The last project I completed was about moving away from Symantec antivirus, which is now Broadcom, to a new solution that does not perform signature-based scanning, as that slows down the system whenever scanning occurs. We wanted a next-generation antivirus with integration to the existing Palo Alto firewalls that the client had, leveraging EDR and NDR capabilities for extended detection. We wanted to move from traditional signature-based antivirus to extended detection and response, and consolidate logs, transforming it into an advanced SOC project.

The biggest positive impact I see from Cortex XDR by Palo Alto Networks is a significant reduction in the number of people required to manage it. It stitches the entire lifecycle of an attack; if there is malware or infection on an endpoint, it can track every single activity phase. The tool automatically prioritizes high-risk detections, and it reports anomaly-based behaviors in your network, including zero-day attacks.

The most significant improvement is the performance of your endpoints and servers because, unlike traditional signature-based scanning, there are no delays, which was essential for the financial services institution running high-frequency trading applications on their endpoints.

The major outcomes achieved with Cortex XDR by Palo Alto Networks include improved threat detection, especially for instances where there are no signatures, such as zero-day attacks. We saw improved threat intelligence and contextual risk scores, along with a great GUI that makes managing the solution easy. Regarding ROI, significant savings come from reduced human resources; for example, we went from twenty-four or twenty-five people managing the solution down to about ten, which is a cost reduction and leads to efficient application performance.

For future product updates, I would appreciate integrations with AI-enabled red teaming tools to streamline policy adjustments during penetration testing activities. Additionally, there should be more integrations with non-Palo products to enhance usability without forcing customers to purchase additional Palo Alto products.

Finally, I see room for improvement in container security within Cortex XDR by Palo Alto Networks, particularly regarding Kubernetes orchestration tools.

As a service provider for Palo Alto, I am not using it in the current deployment, and the last time I worked on it was approximately four to five months ago.

Regarding stability, it is good; Palo Alto maintains the system and notifies us about maintenance periods with no disruptions.

Cortex XDR by Palo Alto Networks is easy to scale, providing presence in all locations except China. I am uncertain about current capabilities there, but everywhere else, the cloud scales effectively.

I am very happy with the technical support from Palo Alto; they are the best.

The deployment procedure for Cortex XDR by Palo Alto Networks is straightforward. I push the package from the endpoint manager, install it, and it registers with Cortex XDR by Palo Alto Networks cloud.

It took us about a month and a half to realize meaningful value from Cortex XDR by Palo Alto Networks with seventeen or eighteen thousand workloads primarily in a hybrid multi-cloud environment. The initial onboarding was straightforward, but tuning the policies took time, approximately seven months in total, due to the need for thorough configuration and whitelisting of directories to avoid impacting applications.

It is possible to observe ROI from reduced spending on human resources since we brought the number of people managing the solution down significantly. The investments in the tool shift to human resources, allowing for better ROI. The integration with other solutions also enhances ROI, as it is not only about Cortex XDR by Palo Alto Networks but the overall ecosystem, improving the cumulative result.

Comparing Cortex XDR by Palo Alto Networks to other market solutions, CrowdStrike is the closest alternative that does decent work. There are point solutions such as SentinelOne, but none integrates as thoroughly with other products as Cortex XDR by Palo Alto Networks does.

There is not much of a marketplace; it operates as an agent on a server, and while I can install it on AWS EC2 instances through Systems Manager, it is not a product purchased from AWS.

Cortex XDR by Palo Alto Networks is the solution to choose if you are already a Palo Alto customer because if you are purchasing other parallel services, it allows for reusing existing resources, leading to cost efficiency. You do not want to replicate products you already have, and there should be a strategic roadmap if you plan to purchase Cortex XDR by Palo Alto Networks.

Cortex XDR by Palo Alto Networks changes the way my security team detects, investigates, and responds to threats.

I have not seen anything negative recently with Cortex XDR by Palo Alto Networks; however, when Traps was acquired, false positives were an issue, but that has already been overcome. It is expensive, and the best value is achieved if you are a Palo Alto shop with products such as next-generation firewalls and Prisma. If you are using open-source firewalls or non-Palo solutions, the ability to realize the gains of XDR diminishes as it ends up being only EDR.

Cortex XDR by Palo Alto Networks is not only pricey; it is extremely expensive. I would rate this product an eight out of ten.

Hybrid Cloud

Amazon Web Services (AWS)

At the internet page, we use Palo Alto Firewall, and for endpoint protection, we use Cortex XDR by Palo Alto Networks.

We purchased Cortex XDR by Palo Alto Networks licenses from a vendor known as PCS in India.

The main benefit of using Cortex XDR by Palo Alto Networks while employing Palo Alto Firewall at the internet edge is that it improves security on our endpoint devices, integrating seamlessly with Palo Alto Firewalls to deliver comprehensive network, analyst, and security details all in a single dashboard, which allows us to manage everything from our network devices.

One of our cases in the dashboard showed that one of our endpoints was interrupted with malware, and when we did not know what type of malware it was, we searched on the AI-driven model within Cortex XDR by Palo Alto Networks to identify the malware, its effects, and mitigation strategies, which serves as a beneficial example.

The best feature of Cortex XDR by Palo Alto Networks is that it provides end-to-end encryption and control over the security of the end devices, and it also offers a simplified web interface to understand each and every aspect from an analyst's perspective, including details about antivirus, malware, and viruses on a simplified GUI management for all the endpoints we have deployed in the network.

Cortex XDR by Palo Alto Networks is compatible with AI-driven solutions and provides all the data fetched from the internet in a single place.

Cortex XDR by Palo Alto Networks blocks threats in real-time and provides a detailed overview, including case details and artifacts, and it provides comprehensive details in the dashboard.

From the perspective of a security analyst, Cortex XDR by Palo Alto Networks reduces the workload because it provides a detailed workflow and artifacts in a single dashboard, enabling me to easily track malicious IPs and various activity details, including AI-driven insights about these malicious sources.

If Palo Alto reduces the pricing slightly for their products, it would make them more scalable in markets such as India and globally for cybersecurity.

Pricing flexibility is the main area of improvement I see. If Palo Alto reduces some prices on their devices and licensing solutions, it would enhance the scalability of their product significantly in the Indian market.

I have been working with Cortex XDR by Palo Alto Networks for around nine to ten months.

The tech support for Palo Alto is fantastic. When I contact them, they respond immediately to tickets and phone calls, leading to an excellent experience.

I rate the technical support of Palo Alto at nine out of ten.

Positive

Before Cortex XDR by Palo Alto Networks, we were using Fortinet SASE.

We decided to switch to Cortex XDR by Palo Alto Networks because Palo Alto is a well-known vendor providing reliable security devices such as firewalls and Cortex XDR by Palo Alto Networks, which is regarded as one of the safest products globally.

When I joined my company, we started transitioning from other products to Palo Alto Networks. In terms of competition, there are multiple competitors in the market for Cortex XDR by Palo Alto Networks.

The main difference I see is that Fortinet products can lag in behavior during network operation, which often leads to device hanging and lacks GUI management, while with Palo Alto, I have not encountered such issues.

In comparison to Fortinet, I do not see any disadvantages of Palo Alto, but I can identify several shortcomings of Fortinet.

The implementation of Palo Alto cybersecurity solutions is somewhat complex compared to Fortinet.

TCS, the vendor through which we procured Palo Alto, provided implementation guidance to our team and helped us deploy Palo Alto in our network.

The cost of Cortex XDR by Palo Alto Networks depends on the number of users, as we must purchase licenses according to how many we want to deploy in the network, which is purely dependent on the company's income department.

The cost also depends on the users of the company.

Since we integrated Cortex XDR by Palo Alto Networks into our network, alert triage times have decreased significantly.

In a monthly scenario, the alert triage time is reduced by approximately ten to fifteen percent.

The workload is reduced by approximately fifteen to twenty percent, and the time saved is also around fifteen to twenty percent.

As of now, I do not notice any missing information in Cortex XDR by Palo Alto Networks from my side.

I do not expect any new features to be added to Cortex XDR by Palo Alto Networks in the future because it already provides a simplified GUI and management that I find very satisfactory.

I rate Cortex XDR by Palo Alto Networks at eight as a product and nine as a solution. I do not assign it a ten because while Palo Alto is the best now, we cannot predict the future and there are other good vendors such as Check Point that might come into prominence.

To other organizations considering Cortex XDR by Palo Alto Networks, I recommend definitely considering it.

I would recommend Cortex XDR by Palo Alto Networks over other solutions.

For users who want to start using Cortex XDR by Palo Alto Networks, my advice is to switch immediately from other vendors to Palo Alto.

I find that the onboarding process for Palo Alto is very good overall.

Palo Alto is one of the most stable and scalable vendors in the market, which is why I admire their OS and devices.

I rate Cortex XDR by Palo Alto Networks with an overall review rating of eight.

On-premises

Cortex XDR by Palo Alto Networks has been in use for more than two or three years, starting in 2022.

The most important features of Cortex XDR by Palo Alto Networks are the tight integration with the Palo Alto environment. It is not just an EDR solution, but a full security suite with automation as the main driver, as well as the networking side.

EDR solutions are generally lacking on the networking side as they focus solely on the endpoint side. The SOAR side is another valuable feature because it is being used extensively, particularly the Triage functionality and effective triage without human intervention.

In the future with new AI technologies, there is significant potential. A POC is currently being conducted with ARIS, the Palo Alto AI offering, and it is planned to be purchased for the next year.

When using Cortex XDR by Palo Alto Networks in a tightly populated environment, all vulnerabilities, threats, and zero-days that can affect the environment become visible, along with how to mitigate them in a fast way to detect and mitigate.

More integration and marketing would be beneficial. This is a full cloud solution, but there are some GRC-related issues that can be bypassed to some extent. In the future, there may be some issues in the environment because although the product receives telemetry and it works, it is actually getting much more information for analysis.

The preference would be to have separated isolated zones where if working in the Middle East, that data should reside in the Middle East, be analyzed and processed, and not be shared through other regions.

The ESA, customer success, and focus services are paid for, and these services can be utilized for other products as well, which is a huge advantage. However, if you do not have Palo Alto in your environment, you are paying these additional services just for Cortex XDR by Palo Alto Networks, so it is not a cost-effective solution.

Cortex XDR by Palo Alto Networks is stable with no performance issues.

Cortex XDR by Palo Alto Networks is scalable.

A special agreement exists with Palo Alto for customer focus and customer success services, so it is not a problem.

Before that, when comparing with other vendors, if you do not have customer CS and PS services, there are two services, and PS as well. Three services have been purchased: customer success, focus services, and professional services.

If all three services are purchased, it is very straightforward. If any of these services are missed, it becomes a problem in terms of support tickets, follow-up, or special configuration that needs to be done in the system. All three services are being paid for. From this perspective, if all three services are purchased and they come with the cost, it is superb. If any of these services are missed or if you do not get a chance to implement these services, it becomes a problem.

Negative

As the IT Security landscape is changing in unprecedented level, Cortex XDR is being selected for major detection, mitigation with rapid Automation capabilities covered in this solution.

In the initial phases, the setup of Cortex XDR by Palo Alto Networks was not straightforward because the product was new. There were some issues, but as the market increased, I can assure that if the project were done this year, it would be much faster and more convenient.

Three years ago, the integration and deployment were not very fast. There were some issues at that time. Now, if the project were started from scratch this year or next year, there would not be any problem.

From the correlation perspective, Cortex XDR by Palo Alto Networks is ahead of CrowdStrike.

Cortex XDR by Palo Alto Networks has been used extensively. This organization is one of the largest Palo Alto companies in the region.

Palo Alto is the core of the security infrastructure in the environment. The products in use related to Palo Alto on the XDR side are mainly integrated with the EDR side, automation, and reporting. It is integrated with Palo Alto XSOAR, Prisma Cloud, Palo Alto firewalls, Prisma Access, and the client side. The cloud SOC side and XDR cloud are also being used. The only thing that has not been tested is the AI Cortex XDR AI agent. Other than this, all functionalities for the XDR side are being used. It is a combination of EDR and automation, as well as logging with Triage.

There is hands-on experience working with Cortex XDR by Palo Alto Networks.

Palo Alto is the main vendor driving the XDR market. It is not an EDR which solely relies on the endpoint agent. The difference is that integration and collection of other log sources and the detection and mitigation technologies are highly valued. It is possible to integrate firewalls, another vendor firewall. It is not just collecting logs, but also making meaning of that log or action compared to other devices.

It is working at the endpoint side, the networking side, the response side, the vulnerability side, as well as the governance side. It is much more sophisticated in terms of detection and mitigation compared to CrowdStrike. CrowdStrike is the main vendor in the market or the head-to-head vendor that can compare with Cortex XDR by Palo Alto Networks.

What is missing in the XDR side is the hype, as EDR started before XDR. As you know, EDR response came first, then XDR followed. CrowdStrike got all the benefits of being first, and then Palo Alto came after. From the customer side, CrowdStrike is much more used in the market, so it has received much more information and IOCs coming from the endpoint compared to Palo Alto. However, Palo Alto IOCs are mainly coming from not only the endpoint side but also from the networking side, cloud side, and any other telemetry mainly from the Palo Alto ecosystem.

CrowdStrike markets itself as the independent vendor which can integrate with major security vendors. You can integrate Palo Alto products with CrowdStrike, you can integrate InfoBlox with CrowdStrike, or you can integrate any product with CrowdStrike because it is an API-driven integration and publicly available in the market. On the XDR side, Palo Alto should make this integration available so that you can integrate it.

Triage can be performed more than two or three times much faster compared to classical triage. However, human intervention is still needed because the product is in English. Since the main language is not English, somebody from the SOC level two conducts additional triage for high and critical incidents.

The main point is related to Palo Alto because the ESA licensing approach is being used. Credits are being received for the Strata side, XDR side, and cloud side. The credit usage is very convenient, but this product is not cheap. Hefty money is being paid to work with and use this product compared to other solutions. In short, this is not a cheap solution.

It cannot be recommended to small companies. It is good for large companies who want the best solutions because Palo Alto offers the best of the best solutions and have the money to pay for it.

Regarding value, security value versus real monetary cost is an effective solution. However, when going into deep analysis, whether this product is needed and if it gives real value is uncertain. It is working fine, but it is not known if it is a deal breaker in terms of cost optimization and effectiveness. It is good.

First, if you have many products with Palo Alto on the networking side, SOAR side, cloud side, and cloud security, Cortex XDR by Palo Alto Networks is the right choice.

If you want an independent solution which is more rapid to deploy and agile, XDR may not be the right choice. Customers need to take into account their usage of the Palo Alto environment. If there is heavy Palo Alto usage, XDR is the right choice. If there is no Palo Alto in the environment, EDR instead of XDR is recommended.

This review gives Cortex XDR by Palo Alto Networks a rating of 8 out of 10.

Public Cloud

Other