Cortex XDR by Palo Alto Networks Reviews

The typical use case for Cortex XDR by Palo Alto Networks is that it has many features that traditional antivirus doesn't possess. Traditional antivirus doesn't have the capacity to dig down into the forensic part of any threat. The beauty of the product is that it digs down into forensics and provides a graphical view of each and every file that is called or clicked by the user.

The features of Cortex XDR by Palo Alto Networks that I find most effective in threat detection involve two main aspects. Our red teaming expert attempted to break Cortex XDR, and it generated detailed logs. The behavioral engine is another significant feature we appreciate. If a user doesn't click any link within 30 days and on the 31st day clicks a new link, Cortex XDR immediately alerts us that this user has clicked on an uncommon link or their behavior is uncommon. As an organization and implementer, we value these two features: the behavioral engine and the logging capability.

Areas of Cortex XDR by Palo Alto Networks that have room for improvement include the pricing structure. They are charging for Network Traffic Analyzer (NTA) services, so if the per GB data could be provided at a certain level free of cost or at the same cost which the customer is taking for the entire bundle, that would be better. We have to invest significantly more for NTA due to total sizing and per data licenses.

I have been working with Cortex XDR by Palo Alto Networks for more than 10 to 11 months since we procured this product in August 2024.

The stability of Cortex XDR by Palo Alto Networks is good. For the last 11 months, we haven't faced any outage issues, so it is a stable product.

Regarding the scalability of Cortex XDR by Palo Alto Networks, it's a good product from a scalability perspective, and all the previously mentioned points can be considered in terms of scalability.

I would rate technical support from Palo Alto on a scale from one to ten as an eight, as I find it good.

Before using Cortex XDR by Palo Alto Networks, we were using Microsoft Defender.

The initial setup of Cortex XDR by Palo Alto Networks is easy to implement. We have installed it with the help of GP Active Directory GP policy, and it was quite easy because we have installed it on more than 3,000 endpoints.

I have seen a return on investment with Cortex XDR by Palo Alto Networks, as this product is offered at a minimal cost, and we can find a good ROI from it.

The switch from Microsoft Defender to Cortex XDR by Palo Alto Networks was made because we had a limited license with Microsoft, and the cost of Microsoft Defender is quite higher than that of Cortex XDR.

Cortex XDR by Palo Alto Networks integrates with other security tools in our infrastructure; we have integrated it with a third-party SOC.

Based on my experience, I would recommend Cortex XDR by Palo Alto Networks to other people.

I would rate this solution a nine out of ten, as I find it to be the best solution.

Public Cloud

My impression of Cortex XDR by Palo Alto Networks agent's ability to block sophisticated threats in real time is positive, as the last time I used an application from Huawei, Cortex blocked it in a very fast way. It has a false positive, but I think it's very fast and detectable. It detects in a fast way.

This has affected my overall security posture, as I know that sometimes the security may be difficult on the end user, but the security of the endpoint is very important, even though it may be difficult.

Palo Alto helps me in these scenarios with the security endpoints protection because Cortex XDR by Palo Alto Networks is necessary to protect the end user. Sometimes we face the false positive issue, where an application is not a malicious file, but Cortex has detected it as one. So we need to call the Cortex administrator to whitelist these files and handle the difficulties that may arise.

Cortex XDR by Palo Alto Networks is a very strong solution, and it offers many features including XDR, EDR and NDR solutions, and also offers an encryption feature.

What I like about Cortex XDR by Palo Alto Networks is that it is a comprehensive solution that contains everything the organization may need when using endpoints.

I would assess the effectiveness of Cortex XDR by Palo Alto Networks' AI-driven endpoint security in reducing risk for my organization by saying that it is integrated with AI, so it has many features that secure my organization in an efficient way.

The main benefits that Cortex XDR by Palo Alto Networks brings to the table include the fact that it is just on the cloud. You don't need to install it on your servers and there is no need for disk allocation for the server. It's on the cloud, so any device connected to the internet can communicate with the Cortex manager and get the updates and definitions of viruses and malware. That's a good feature.

The impact that Cortex XDR by Palo Alto Networks has had on my security analyst workload is significant, as it has improved the analyst security in my organization. Cortex XDR by Palo Alto Networks has many events, incidents, alerts, and alarms that help a security analyst detect malicious files or prepare for attacks or malicious activity.

I would like to see improvements in Cortex XDR by Palo Alto Networks, especially in some environments such as government organizations, where information cannot go through the cloud. Cortex XDR by Palo Alto Networks needs to be installed on our servers in some organizations, so I think it should also be available on-premises, not just in the cloud. It would be a very good solution. Additionally, I think the price is very high, and if it can be adjusted, I believe it will be a very good solution.

I have been working with Cortex XDR by Palo Alto Networks for eight months.

I find Cortex XDR by Palo Alto Networks stable, as I have not had any crashes, downtimes, or performance issues with it.

Cortex XDR by Palo Alto Networks is scalable.

My experience with Palo Alto tech support is very strong, as I had one case with the TAC support, and they responded on time, with a good response that solved my issue.

Positive

The initial setup process for Cortex XDR by Palo Alto Networks is straightforward, as you get an email with the tenant activation URL, and you just specify where you want the cloud to be, on which country, and proceed through the steps. It's very straightforward.

I don't have any examples to share where I found this AI integration beneficial.

I don't know if I have experienced a reduction in alert triage times since integrating Cortex XDR by Palo Alto Networks.

There are no missing features that I would like to see included in Cortex XDR by Palo Alto Networks in the future, as I think it's a complete solution. However, we can engage AI more with our analysis, but for now, I think it's a complete solution.

From a technical perspective, I think that Cortex XDR by Palo Alto Networks is worth the money, and I find it cost-effective.

The key differences, both pros and cons of Cortex XDR by Palo Alto Networks in comparison to other competitors in the market include the fact that I feel it's the same solution, but every solution has a battle card for its features. Symantec offers a device control that also exists in Cortex XDR by Palo Alto Networks. I think there is one feature that's special to Cortex and one feature that's special to Symantec. Every vendor is special in one feature. It depends on the customer and the prices.

Implementing Cortex XDR by Palo Alto Networks has affected my organization's total cost of ownership for security solutions, as nowadays, our PCs have good specifications, with 16 GB RAM and 256 GB SSD disk, which I think is enough for Cortex XDR by Palo Alto Networks. In my environment, I have two products for endpoint protection: Symantec and Cortex. Sometimes I feel my device is slow, but I think I am using many applications, so that's why. I think normally, using Cortex XDR by Palo Alto Networks will not affect users with good specifications in their PCs or laptops.

I would overall rate Cortex XDR by Palo Alto Networks as a product and solution an 8 out of 10, which I think is a very good solution.

My advice for other organizations considering Cortex XDR by Palo Alto Networks is to be aware of the price, as that seems to be the main concern.

My use cases for Cortex XDR by Palo Alto Networks are mostly for the Palo Alto products. Cortex XDR's use cases are many, including local malware analysis, WildFire analysis, and rare connections to external domains. Additionally, XDR analytics provide detection for abnormal RPC communication, DLL hijacking, credential read, credential harvesting, and in-process shell communication. Many of those use cases will be present in my environment.

What I like most about Cortex XDR by Palo Alto Networks is that it captures credential-related incidents and many MITRE Framework-related incidents. Many MITRE Framework techniques and tactics are captured as anomalies, which is one of the major advantages.

Cortex XDR's agent has the ability to block sophisticated threats in real time, as it has the facility to block many real-time attacks. However, the policy needs to be well-structured, because some organizations may indicate that certain executions can be allowed, which should not be permitted. Mostly, a restricted environment should be enforced, but the agent does have the facility to block approximately ninety percent of threats. I'm not claiming one hundred percent, but this capability is definitely present.

The downsides of Cortex XDR by Palo Alto Networks are that in many incidents, when I enter the causality chain, there are numerous logs. From that abundance of logs, I need to search for a particular event, but it is not properly matched in the initial view itself, and I have to dig through the logs to find the relevant information. For many multiple incidents, I have to create and search for a query and search the logs within that particular timeframe. The logs do not capture properly within the incident itself, which is one disadvantage.

AI-driven endpoint security helps in reducing risks. While this feature has not been implemented yet for Cortex XDR by Palo Alto Networks, it will be implemented in the future.

I have been working with Cortex XDR by Palo Alto Networks for three years.

I have seen some lagging, crashing, or downtime, but I don't think it's due to Cortex XDR by Palo Alto Networks itself. It's because of the logs injected into the system. When proper licensing is in place for the volume of logs, everything is fine, but if there are more logs than licensed, then performance issues will occur.

I would rate the scalability of Cortex XDR by Palo Alto Networks as a seven out of ten.

I have contacted the technical support and customer support. The speed and quality of support for Cortex XDR by Palo Alto Networks are quite good. Speed and responsiveness are satisfactory overall. If I were to rate them on a scale from one to ten, I would give them an eight.

Positive

I have used solutions similar to Cortex XDR by Palo Alto Networks, including Defender and CrowdStrike. When I compare them, Cortex XDR by Palo Alto Networks has more visibility into incident names and more detailed explanations. When it comes to CrowdStrike, it's almost the same, with not much divergence between them. For all three solutions, the complexity in log search is common across the board.

I hear that the deployment of Cortex XDR by Palo Alto Networks is easy, but I'm not involved in the deployment process. I am an end-user for that solution, not an administrator. The person who communicated with me asked about my role, and I indicated that I'm not a power user; I'm an end-user that uses logs, alerts, and incidents for analysis. From what I have heard, deployment is very straightforward and not that difficult. It's simply an installation of one agent.

Cortex XDR by Palo Alto Networks saves time in various ways, although the user interface is fairly standard. It's similar to any other XDR or EDR tool, with nothing particularly special about it; it's almost all the same as competitors.

The user interface of Cortex XDR by Palo Alto Networks is quite good. I have access to the dashboard facility and everything, so it's effective overall.

If a person has EDR knowledge from working with CrowdStrike or Defender, they can easily learn Cortex XDR by Palo Alto Networks. However, a person coming from a SIEM background will take some additional time. I would rate this product an eight overall.

I recommend Cortex XDR by Palo Alto Networks for a company that would like to have a more stable platform that does not disrupt their business or applications.

Cortex XDR by Palo Alto Networks's ability to block sophisticated threats in real time is quite good and is on par with SentinelOne's.

I assess the effectiveness of Cortex XDR by Palo Alto Networks's AI-driven endpoint security and find that both have very good results. The difference is around the details. SentinelOne is winning in this area in terms of the detailed information that can be captured and the detailed information in terms of the detections. SentinelOne also has superior storyline capabilities, which is why I think we use it for forensics as well. Cortex XDR by Palo Alto Networks is winning due to the simplicity and non-intrusive detection capabilities.

In terms of detections, SentinelOne has advantages, but also disadvantages since they are intrusive. The result is that there are many threats that can be detected, but there are also many false positives. Cortex XDR by Palo Alto Networks is non-intrusive, but in terms of the detail, sometimes potential threats cannot be captured.

Cortex XDR by Palo Alto Networks is already good at what they're doing in terms of detections, but I think they should improve their integration capabilities, especially for their XDR capabilities, which are more tied down to their own ecosystems.

For Cortex XDR by Palo Alto Networks to get closer to ten or at least nine, I would like to see more openness in terms of the integrations for their XDR capabilities. The second improvement I would like to see is more into the response and the detection and response capabilities for backups of the system state of the endpoint, such as what we have on SentinelOne.

Cortex XDR by Palo Alto Networks is more stable than SentinelOne because the detections are not too intrusive.

The technical support by Palo Alto Networks is quite standard, so I think it's acceptable.

Positive

SentinelOne is more complex to operate since they have so many options and rules that can be changed, which can take some time for a SOC analyst to learn about.

Cortex XDR by Palo Alto Networks is easy to implement.

Cortex XDR by Palo Alto Networks is more expensive than SentinelOne right now.

In terms of the average cost of top-tier EDR platforms, I think Cortex XDR by Palo Alto Networks is still reasonable. However, if you compare it to SentinelOne, which has more functionalities and detection capabilities on an open platform, the pricing on SentinelOne is far more reasonable and cheaper than Cortex XDR by Palo Alto Networks.

Both are almost the same in popularity, but if I can choose one, SentinelOne is quite hyped right now.

They have a representative in Indonesia for both SentinelOne and Cortex XDR by Palo Alto Networks.

Palo Alto Networks has slightly more advantages in terms of the architecture since they have options for their endpoint that cannot connect directly to the internet to have a proxy site, which is something that SentinelOne does not have.

Cortex XDR by Palo Alto Networks is more of a closed system. I have given this review a rating of eight.

We were using Cortex XDR by Palo Alto Networks for different use cases such as Windows login failures, disabled account login failures, and user additions to domain groups. There were multiple use cases that were totally dependent upon the client, including what log ingestions they wanted and what rules they wanted us to apply to it.

What I appreciate most about Cortex XDR by Palo Alto Networks is that it has a good tenant feature in which we have multiple tenants. We were working in EU tenants, and apart from this, the GUI is completely easy to understand.

Cortex XDR by Palo Alto Networks has helped lighten the load of our security analysts because it was the major tool that we were using and the one we utilized most. I would suggest it was a good solution for me.

One of the downsides of Cortex XDR by Palo Alto Networks is the KQL language. When I was working as a security analyst using Cortex, there was a disadvantage. People need to have knowledge of the KQL language to understand the fine-tuning of alerts or the creation of new rules. That would be a drawback. Additionally, when investigating a particular alert or case, the complete information is not available in the GUI table if we compare it to other XDRs or other tools.

I would suggest that Cortex XDR by Palo Alto Networks' AI-driven endpoint security would work better. Whenever we are investigating something, the AI would help us by simply writing into a description box. For example, if I want user login information for a particular user, I would write it and the AI would automatically generate all login events from that host. I would suggest that this would be a better feature.

I have used Cortex XDR by Palo Alto Networks for around one and a half years.

I have seen lagging with Cortex XDR by Palo Alto Networks. There was one time when we faced a threat actor trying to gain access to our system. When our team utilized the tool, we were all on the same dashboard and we faced a lag issue at that time of around five minutes, which was quite significant.

I think scalability for Cortex XDR by Palo Alto Networks is good. I would rate it nine out of ten.

I have contacted Cortex XDR by Palo Alto Networks' technical support because we got stuck somewhere during deployment in our systems on a technical matter. The help was excellent, and I would rate the support a ten out of ten. The support was very good.

Positive

I have used CrowdStrike as an alternative to Cortex XDR by Palo Alto Networks.

The deployment of Cortex XDR by Palo Alto Networks is moderate level. I deployed it in my organization last year. You just need a little bit of knowledge, but apart from this, everything is good.

The pricing for Cortex XDR by Palo Alto Networks depends on the organization and the number of endpoints and hosts you are adding, as well as the bandwidth. I cannot specify what the pricing is. However, if you keep it minimal, then it will attract other organizations and you will grab the market.

I prefer CrowdStrike more than Cortex XDR by Palo Alto Networks because it has better features. It has a graphical GUI in which if any threats come in, you will have a whole map of it and you can figure out from where the chain of the threat has started. You can check what the initial access was and stop it from there.

I would suggest that Cortex XDR by Palo Alto Networks' agent ability to block more sophisticated or complicated threats in real-time has been effective so far. I have seen that it blocks almost ninety percent of the threats. Sometimes we are left with some IOCs which are zero-day vulnerabilities. In those cases, we have to manually send it to the Cortex XDR by Palo Alto Networks team that manages all the back-end. They filter out the rules, create the workflows, then block all of the things. I would suggest that from one hundred, it works ninety percent of the time.

Cortex XDR by Palo Alto Networks does require maintenance after the deployment on my end. It has requirements. Sometimes we need fine-tuning of the alerts and sometimes we face errors. We occasionally require help when we get stuck somewhere. We reach out to Palo Alto and they help us. The after-service is very good. I would rate this review an eight out of ten overall.

Amazon Web Services (AWS)

I have been working as a cybersecurity manager. I focus on implementing cybersecurity solutions for different companies, and I have hands-on experience working with Cortex XDR solution by Palo Alto Networks.

Cortex XDR features advanced threat detection capabilities. The handling GUI allows for advanced searches, rule creation, and local detection. It incorporates AI for normal behavior detection, distinguishing unusual operations. 

These features make the product very effective for threat detection. Additionally, the GUI is user-friendly and the product offers robust AI or normal behavior detection.

Cortex XDR could improve its sales support team, including better commission structures and referral programs. Enhancements in marketing and AI features would also be beneficial. It would be advantageous to deploy more rules to the front end and on end-user devices.

I have been familiar with Cortex XDR for about three or four years.

Cortex XDR is stable, offering high quality and reliable performance. It is consistent and dependable in its operation.

Customer support from Palo Alto Networks is generally adequate. It depends on how I escalate the issue. Every vendor has similar support; it depends on how the case is handled and raised.

Positive

I was a reseller for Palo Alto Networks solutions.

I have worked with many different vendors and their products, such as Microsoft Defender, and I am familiar with various cybersecurity solutions from different companies.

My customers have reported good ROI since implementing Cortex XDR. They appreciate the rich telemetry data from the solution, as it provides in-depth threat identification.

Cortex XDR is perceived as expensive by some customers, yet offers dynamic pricing. Other companies have not shared similar complaints, and it always pitches itself well to customers.

I'd rate the solution nine out of ten.

I give Cortex XDR a nine out of ten. Although it has a stable and high-quality performance, customer alignment still plays a significant role in the decision-making process.

Other

I work with Cortex XDR by Palo Alto Networks. My primary use involves utilizing its capabilities as a next-generation antivirus solution, providing extended detection and response features along with threat prevention and behavioral control.

Cortex XDR by Palo Alto Networks is a good product, serving as a next-generation antivirus with extended detection and response features. It offers threat prevention, behavioral control, automation in threat response, and analytics capabilities, which enhance security measures. The product provides automation responses in case of a threat attack, severity assessments, centralized manageability, and comprehensive compliance features, resulting in reduced costs.

I recommend adding a data loss prevention (DLP) solution to Cortex XDR by Palo Alto Networks. The inclusion of this feature would allow the application of DLP policies alongside antivirus policies via a single agent and console, making it more competitive as other OEMs often offer DLP solutions as part of their antivirus products. Additionally, multi-tenancy and multi-cloud features are not available and should be considered for inclusion.

I have been discussing Cortex XDR by Palo Alto Networks and have utilized its different facets and features in my professional experience.

I have not faced any challenges with the customer support from Palo Alto Networks. Their support is efficient and responsive whenever I raise a ticket through my portal.

Neutral

There are good return on investment possibilities from using Cortex XDR by Palo Alto Networks due to its cost-saving compliance features, which can attract customers by reducing expenses and offering comprehensive compliance solutions.

Compared to competitors such as CrowdStrike and Sophos, the pricing of Cortex XDR by Palo Alto Networks is similar to CrowdStrike but more expensive than Sophos. Check Point Harmony, Trend Micro, and Sophos offer lower prices.

Competition in the market includes CrowdStrike, Sophos, and Check Point Harmony. They provide similar technology and capabilities like email security, endpoint protection, and DLP solutions in a single console.

On a scale from one to ten, I would rate Cortex XDR by Palo Alto Networks a nine. The tool is exceptional in its capabilities, particularly with the Unit 42 feature set and its other integrated options.

I use the solution in my company to protect our clients from unknown malware and threats. We also use the tool in our environment as an antivirus, EDR, and XDR solution.

The solution's most valuable feature is that it protects against unknown malware and activities and offers behavioral threat detection functionalities. With a wildcard and based on whatever configurations, it gives alerts and offers an XDR Quick Scan facility. We get proper results from the tool, and after scanning, we can see them on the dashboard.

Improvements are required in Cortex XDR agent whenever they are releasing the latest version. Whenever the tool releases a new version when deploying the product across the organization, I feel like there are some disturbances in the CPU usage after upgrading the tool to the latest version. Whenever Palo Alto releases the latest version and when you are deploying the package into the server, we see some disturbances in the CPU usage, like the RAM utilization is more. Generally, the CPU utilization is higher. Disabling one by one component from the profile manager, we are unable to find the exact cause of the issue. When we go to Palo Alto, even after sharing the logs and mentioning the issue, the solution team comes back and gives us some more versions of the tool. If Cortex XDR Agent 8.4.0 is having issues, then the tool's team offers us Cortex XDR Agent 8.4.1. Some updates can update the tool to the latest version.

I have been using Cortex XDR by Palo Alto Networks for eighteen months. I use Cortex XDR 8.4.0. I am a user of the tool.

It is a stable solution. The tool doesn't have bugs.

The tool is used by three members who are supporting 5,000 desktops, including workstations and servers.

I haven't directly contacted the solution's technical support much, but I have reached out to them via email. I called the tool's support team twice, and during the call, we discussed some troubleshooting steps. I am happy with the tool's support.

When I joined my current company, I saw that the tool was being used. I don't work directly for the company. I have clients and I support Cortex XDR agents for them.

The product's initial setup phase is very easy.

The solution is deployed on an on-premises model.

I recommend the tool to first-time users. Before using Cortex XDR agent, the previous antivirus and EDR solution needs to be set with the new or the latest Cortex XDR agent, especially the policies.

The tool is easy to learn, understand, and manage with a one-day training session compared to other products.

I rate the tool a nine out of ten.

On-premises