Cortex XDR by Palo Alto Networks Reviews

Our primary use case is anti-malware and anti-exploit.

Traditional anti-virus is signature-based, whereas Traps is behavior-based. Therefore, it doesn't necessarily whitelist things, it looks for anything with bad behavior. Thus, we've had a significant increase in blocking with a decrease in false positives, because it's looking at how the files work, not just a list of files that it's been told to look for.

The anti-exploit is impenetrable. We chose Traps because it is the only product that we were not able to get anything past.

Going from version 4 to version 5, they had a major change in their user interface. Version 5 is now all cloud managed, while it has a very intuitive, useful interface, it doesn't have all the features that were in the version 4 interface. For example, we lost being able to automatically trigger upgrades, like creating manual groups to upgrade with. It doesn't currently have the ability to use the Active Directory to create groups. 

It's fairly stable. They do have bugs which come up every once in a while, but they're usually good about getting them taken care of within a release.

It is definitely scalable.

Primarily, it is just being used by myself. The help desk also uses it. There are probably a total of around ten users.

We've deployed it to about 1500 endpoints so far. There is a possibility that we may expand our usage, but not in the foreseeable future. We are at pretty much at 100 percent deployment at this point.

I would describe Palo Alto's technical support as audio waterboarding. They have the worst support, as a company, that I have ever worked with, as they are difficult to get a hold of and keep on the phone. They don't know what they are talking about when you get them on the phone. They don't like to respond to messages when you send them to them. They like to "research problems" for weeks on end, then pass you off to somebody else.

We were previously using Sophos for antivirus, and are still using Sophos for antivirus, but we're using Traps to augment it.

The initial setup was pretty straightforward on version 4, but on version 5, it is almost idiot-proof.

The initial deployment of getting the servers and everything up took about a week, but getting everything deployed was somewhere closer to six weeks.

We implemented it in-house. We incrementally did some systems to make sure that it wouldn't block anything that it shouldn't. After that, we used Active Directory to push it to everything else.

Very little staff is required for deployment and maintenance, as Traps is self-maintaining.

I feel that we have seen ROI. There have been a number of blocked, bad files that could have gotten through, but were stopped by Traps.

The pricing seems fair, and I do like the licensing model. You use wherever they are, and it is elastic. So, if you have 1100 computers today, you can license that. Therefore, as long as you're below your licensing cap, you're fine.

We looked at Palo Alto vs Sophos, which has a anti-malware system called Intercept X, but it did quite literally nothing. We thought about Symantec, but we didn't end up testing them against Traps.

The implementation is fairly straightforward and easy. With version 5, everything is now on the cloud. It is easy to work with and use. I would use mobile device management (MDM) or Active Directory (AD) to push the file everywhere when installing it, as it will auto go from there. The management is pretty low. Thus, it will be set it, and for the most part, you can forget it.

Advanced endpoint protection.

Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place. We have not had any malware successfully execute on an endpoint since deploying Traps.

Wildfire, advanced detection capabilities, and whitelist/blacklist features. These features have provided us an easy way to lock down our systems to prevent execution of unknown code and scripts and to prevent launching of code from end user writable directories.

The application whitelisting/blacklisting feature is based purely on path and filenames. Changing a filename can bypass it easily. The uninstall admin password for the client is passed in clear text during install. 

There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration. This is ridiculous for an enterprise product. 

Traps 5.0 does not integrate with Palo Alto's Panorama product, which was a big selling point of Traps 4.0. Traps 5.0 has no ability to send an email to alert of detections. Instead customers have to jump through hoops to use Palo Alto's log management service to forward logs into a 3rd party SIEM and then build your alerts from there. No EDR functionality, though this is supposedly coming.

Mostly positive. We've had some episodes early on where upgrades caused some issues with the backend database, but that seems to have cleared up. This issue would not impact the Traps 5.0 users as it is SaaS based.

This software exists on every workstation and server in our company with ~10,000 people using the solution. For on-prem, we run 3 nodes and it handles the load just fine. We could always add more nodes if necessary. For the SaaS solution, that is all on Palo Alto's side.

Setup was pretty straight forward. The product is very granular and customers can turn on features as they are ready/comfortable in order to keep the deployment simple. For organizations with a good understanding of their infrastructure, deployment should be pretty simple.

We deployed Traps ourselves. We went big bang and deployed all features at once. We had a strong understanding of our systems and were able to provide whitelisting settings up front that made sense. There was a bit of post-deployment work to resolve things that were missed, but all things considered the deployment strategy went smoothly and was the right call.

For an endpoint security service, that is hard to state. We have not seen a malware infection since deployment.

I feel it is fairly priced.

We evaluated 

• Palo Alto Networks Traps vs Carbon Black
• Palo Alto Networks Traps vs Cylance
• Palo Alto Networks Traps vs CrowdStrike
• and Palo Alto Networks Traps vs Sophos X.

I think Traps has the best mix of features by price in the industry. It is not flawless by any means, but Palo Alto seems committed to it and are improving it. Traps 5.0 is promising, though they have a ways to go before I'd be willing to implement it.

The level of security I get for my endpoints and servers is extremely valuable.

No signature updates of the AV needed, so no old signatures. No patching, very little operational effort needed.

Performance at the endpoint is much better than with the old AV.

No signature updates needed.

Stops the attack before it is executed.

Two years.

No.

No.

No.

Perfect.

Real experts.

Yes. We switched because the footprint was heavy, the protection rate decreases and the operational costs (incidence response) were high.

Yes, it took one hour to install the back end and the rollout was done by software deployment. Project lasted four weeks .

In-house.

Ask your local dealer.

Yes.

If you are already a Palo Alto Networks Firewall customer you can have perfect Integration between your clients/servers and your firewalls. Automated response without supporting and APIs.

We use the product to monitor and control all the systems. It helps us understand user behavior.

The product gives full visibility and control of the endpoints in the environment. The users and the employees can protect their systems by investigating files for incidents.

The platform's most valuable feature is being a cloud-based solution. We can visualize and control the activities in the environment from anywhere.

The product's pricing needs improvement. They could provide more discounts. Additionally, the dashboard and control panel could be enhanced.

We have been using Cortex XDR by Palo Alto Networks for two months.

The platform is stable. As far as you have the internet, the product is secure.

The platform is scalable.

They have a good technical support team.

Positive

The initial setup is straightforward. It is easy to maintain as well.

I implemented the product myself.

I recommend Cortex XDR by Palo Alto Networks and rate it an eight out of ten. It is a good solution for the commercial sector as they can work on the cloud. I advise others to refer to user guides for understanding the processes easily.

The solution is like a next-level EDR. It can collect information from other solutions to have a global view of the risks and vulnerabilities.

The product has an intuitive dashboard. The first time a client interacts with the solution, they do not face any problems. It is easy for the client to navigate through the tool.

It is a complex solution to implement.

My organization sells the solution.

I did not have any problem with support.

Positive

I believe the implementation is not very easy, but it is not very complex either.

The price of the product is not very economical. It is suitable for clients that have a lot of money to invest.

Customers often ask for proof of concept. People wanting to use the solution should analyze the different tools that can be integrated with the product. At first, clients only consider it an EDR, but later, they might realize that the tool does not have all the capabilities they need. Overall, I rate the solution an eight out of ten.

The tool's use cases are relevant to security. 

The tool needs to be improved in terms of integration and interface. 

I have been working with the solution for five years. 

The solution is stable. 

I would rate the product's scalability a nine out of ten. 

The product's technical support is good. 

Positive

The tool's setup is easy. The solution's deployment took five days to complete. 

The solution is expensive. It's pricing is on a yearly-basis. 

I would rate the tool a seven out of ten. 

It is used as a device that can detect any issues and changes when people are not at work. In one case, we use it when someone is not at work or has already used their allotted time off. This helps us understand any issues that may arise when someone is not at work, which could lead to changes in the way we work.

There are many areas that could use improvement. One thing that is important to keep in mind is that times change, and we need to be adaptable to what happens. Ultimately, we want to see positive results and improvements.

In the next release, I would add dashboards that allow everyone to see what's happening, not just the security team. Users can view the data and see what's happening. Also, I think the Data Lake from Cortex XDR should be public, not private.

I have been using the solution for two years.

The initial setup was easy.

The pricing is cheap.

I rate it a nine out of ten.

Cortex XDR is a simple platform that's easy for administrators and users. You have a lot of flexibility to change or customize the features. 

The playbooks could be improved to include more functionalities or actions. 

I have been using Cortex XDR for a few months.

Cortex XDR is highly stable. 

Cortex XDR is scalable. 

We previously used McAfee, but we switched because of our customer. We checked Gartner's to learn about each vendor and solution and consulted with the customer about the features they needed. 

Cortex XDR is a cloud-based solution, so the deployment is straightforward. They give you your credentials to access the platform and you change some settings to customize it. 

I rate Cortex XDR by Palo Alto nine out of 10.