Cortex XDR by Palo Alto Networks Reviews

I use the solution in my company to protect our clients from unknown malware and threats. We also use the tool in our environment as an antivirus, EDR, and XDR solution.

The solution's most valuable feature is that it protects against unknown malware and activities and offers behavioral threat detection functionalities. With a wildcard and based on whatever configurations, it gives alerts and offers an XDR Quick Scan facility. We get proper results from the tool, and after scanning, we can see them on the dashboard.

Improvements are required in Cortex XDR agent whenever they are releasing the latest version. Whenever the tool releases a new version when deploying the product across the organization, I feel like there are some disturbances in the CPU usage after upgrading the tool to the latest version. Whenever Palo Alto releases the latest version and when you are deploying the package into the server, we see some disturbances in the CPU usage, like the RAM utilization is more. Generally, the CPU utilization is higher. Disabling one by one component from the profile manager, we are unable to find the exact cause of the issue. When we go to Palo Alto, even after sharing the logs and mentioning the issue, the solution team comes back and gives us some more versions of the tool. If Cortex XDR Agent 8.4.0 is having issues, then the tool's team offers us Cortex XDR Agent 8.4.1. Some updates can update the tool to the latest version.

I have been using Cortex XDR by Palo Alto Networks for eighteen months. I use Cortex XDR 8.4.0. I am a user of the tool.

It is a stable solution. The tool doesn't have bugs.

The tool is used by three members who are supporting 5,000 desktops, including workstations and servers.

I haven't directly contacted the solution's technical support much, but I have reached out to them via email. I called the tool's support team twice, and during the call, we discussed some troubleshooting steps. I am happy with the tool's support.

When I joined my current company, I saw that the tool was being used. I don't work directly for the company. I have clients and I support Cortex XDR agents for them.

The product's initial setup phase is very easy.

The solution is deployed on an on-premises model.

I recommend the tool to first-time users. Before using Cortex XDR agent, the previous antivirus and EDR solution needs to be set with the new or the latest Cortex XDR agent, especially the policies.

The tool is easy to learn, understand, and manage with a one-day training session compared to other products.

I rate the tool a nine out of ten.

We use the solution to deduct from the endpoints any files in the network or any suspicious thing happening in the host machine or servers. We have the Palo Alto Networks Firewall team, and we check the connection from the Palo Alto Networks Firewalls using Cortex XDR by collecting all the information.

The best thing about Cortex XDR is that it has host servers, networks, and proxy servers. On the other hand, CrowdStrike has only hosts and servers. The solution helps find bugs, and it is safe to use to prevent attacks by hackers.

The solution should add unwanted malicious hash values to a block list so that whenever the action is triggered, it will automatically prevent the malicious content. We can even block the IP address in malicious content. If any host is affected, we can isolate the host, rectify that problem, and prevent it from happening in the future.

I have been using Cortex XDR by Palo Alto Networks for one year.

More than 15,000 people are using the solution in our organization.

We contacted the technical support team for a downgrade issue with Cortex XDR. Due to some network errors, we worked with the support team. They rectified the problem, but it affected us for over two hours. We had to check all the hosts and servers connected to Cortex XDR. We rechecked and reinstalled Cortex XDR. I was happy with the support team’s fast response time.

We are also using CrowdStrike. Compared to CrowdStrike, Cortex XDR gives more detailed information for us to work with. We can connect to the host's live terminal, work with that host in an emergency, and prevent that host.

The solution's ease of deployment depends on the user's experience. It would be easy for someone with experience.

Compared to CrowdStrike, Cortex XDR is an expensive solution.

A beginner will take some time to learn to use the solution. I would recommend the solution to other users.

Overall, I rate the solution an eight out of ten.

I use the solution in my company for incident detection and response. We use it to address specific security challenges at work, like detecting and responding to incidents.

The most valuable feature of the solution stems from the fact that the tool provides real-time visibility of our network activity and allows us to detect threats early and respond quickly. It is an easy-to-use tool. The tool's interface is good and simple to use.

I would like to see improvement in the tool's user interface, particularly in the area of managing alerts and providing more reporting capabilities. The user interface should include a built-in compliance framework, and I think it will make the tool even more valuable for organizations with statistical regulatory requirements.

I have been using Cortex XDR by Palo Alto Networks for two years. I don't remember the version of the solution. I am a customer of the tool.

Around three people in my company use the tool.

I have contacted the solution's technical support once. I know of the support team, but I don't think we have ever contacted them multiple times.

Although I have some experience in some intrusion detection software, I have not used them practically, such as Cortex XDR.

The product's initial setup phase is not difficult to do. Anyone can follow the tool's manual to install it.

The tool's price is moderate.

I can recommend the tool to others, especially to organizations that need a robust integration solution for threats, detection, and response.

The tool is easy to learn as the interface is simple to understand, especially if you have some experience with server security and a little bit of knowledge of it. It is a very easy-going platform.

I rate the tool a nine out of ten.

I use the solution for endpoint security to capture endpoint security devices' logs and security events.

The solution's most valuable feature is its general integration with various Palo Alto Networks products. The tool is a unified platform that includes a firewall, Prisma Cloud, and Cortex's storage. It is also a single data platform that consolidates data from endpoints and network traffic into a single data lake. For behavior analytics, the tool uses advanced behavior analytics and machine learning to detect sophisticated threats.

I think sometimes Cortex XDR agent automatically stops event capturing from the device, and then even the dashboard does not get any notifications from the agent. A particular endpoint message with the events captured gets stopped, making it an area where there is a need to improve the agent's real-time monitoring.

I have been using Cortex XDR by Palo Alto Networks for around five years.

The tool is designed to scale for large enterprises and handle large volumes of data. The tool has a scalable architecture, and accessing or processing data is leveraged by the tool, making it a robust infrastructure process that allows for efficient data analysis and timely detection and response.

In my company, around 15,000 employees use the tool.

Many times, I raised requests for follow-up with the support team, but only sometimes there is a response. Palo Alto's team needs to work on its issues so that they can provide twenty-four hours and seven days of support to users.

From a deployment and integration perspective, I can say it is an easy and user-friendly tool, so I don't face any challenges with the tool.

The solution is deployed on the cloud and in the on-premises model. Mostly, the tool was in the cloud for my previous client.

One needs to look into the support and services, especially Palo Alto's support and professional services, which is an area that is not yet available. When it comes to the implementation and optimized XDR solutions, sometimes third-party integrations do not happen with XDR. When it comes to third-party integrations, a playbook in Palo Alto should be there for all the third-party tools, showing how we can implement them.

The tool is very easy and user-friendly.

I rate the tool an eight and a half out of ten.

Our company uses the solution to detect behaviors and provide difficulty remediation for malware. The solution acts like a terminal that allows for the renewal of malware directly from the terminal in any meeting room. 

We also have an IOP configuration that allows us to compare our own indicators and compromise rules. This is very efficient because anytime there is an IAP release on the web page, we can update or create a repository of different notification alerts. 

The solution is a new generation XDR that has a lot of artificial intelligence modules. 

The solution's communication methods are very effective. 

Configuring or eradicating terminals is easy. 

The server sometimes stops continuously to check things so it would be helpful to receive access updates or technical reasons. 

I have been using the solution for 18 months. 

Technical support was very responsive. You can present a critical configuration issue and they provide a solution as quickly as possible. 

The Linux agent was a little bit sketchy on our side but we got good support. 

The setup is very straightforward. 

We implemented the solution in-house and worked with one telecom rep for network permissions. 

Two of our cybersecurity engineers deployed to 4,000 endpoints in two months. We had a little bit of an issue with Linux but resolved it so all endpoints were fully operational within three months. 

The pricing is a little bit on the expensive side so is rated a seven out of ten. 

The solution is solid and measures up against other products. I rate the solution an eight out of ten. 

Our company uses the solution for endpoint protection, detection, and response. The solution has antivirus and EDR capabilities. Our SOC analysts use it to investigate incidents. We currently have 300 to 400 users with two admins for management. The solution is installed on all user laptops to protect workstations.

We also implement the solution for customers as a service. Most customers buy the solution for registry reasons and compliance standards. It gives you all the compliance points and improves how your SOC functions because it provides comprehensive visibility over the entire network and endpoints. It is called XDR because it not only looks at endpoints but also network traffic. 

The solution is offered on Palo Alto's private network. I think the underlying provider is Google Cloud, but that doesn't really matter. You are asked the region of your instance for connection such as Europe or the Middle East. 

The solution perfectly correlates with Palo Alto's Networks Firewall to perform XDR capabilities such as network traffic plus endpoint security. This is what distinguishes the solution from other products. 

From a single pane of glass, you can easily manage all of your endpoints.

The dashboard is intuitive so you can easily investigate or track incidents. 

The solution has a fair amount of integrations with certain intelligence tools or third-party products. 

The solution should force customers to integrate with network traffic to see the full benefits of XDR. If you are not integrating it or feeding in your network traffic, then you are just buying a normal antivirus which doesn't make any sense. You are paying double the price to use the antivirus feature or to say you have XDR, but in reality you are not using it. 

The solution should include an on-premises option because some customers want only on-premises. It would be hard, but good to do if possible. 

Open XDR would be beneficial in the future. Right now, the solution is Closed XDR so cannot communicate with the few new vendors in the Open XDR market. 

I have been using the solution more than two years. 

The solution used to be called Traps when it was on-premises only. It was rebranded as Cortex XDR when it became a cloud solution. 

The solution is stable so I rate stability a nine out of ten. 

The solution is very scalable. You can have 500 users and scale tomorrow to 10,000 with no extra work but just purchasing the licenses needed. 

I rate scalability a ten out of ten. 

The level of support fluctuates but on average is rated an eight out of ten. 

Positive

The setup is very easy because it is a cloud solution. You just log in and use it immediately. I rate setup a nine out of ten. 

We are a third-party integrator and implement the solution for customers. One staff person can handle an implementation. 

As a customer, you receive a link which is your tenant for login. From there, deployment time is just how long it takes to get the installer agent and put on all of your endpoints. For example, if you are a corporation that has 300 laptops, then you install the agent on each and every server. 

You will need about three hours to configure the solution and then it is up to your admins to install the agent on all endpoints. There is usually a way to automatically install agents from the Active Directory or other tools.

You need to integrate your network traffic to the XDR itself. If you have a Palo Alto Firewall, it is easy to navigate through integration. If you have FortiGate or Cisco firewalls, then you can configure the firewall to send the log to the cloud. It is sometimes hard to convince customers to send or keep their logs on the cloud. 

The solution has one subscription for endpoint protection and one subscription for detection and response. The two licenses combined give you the BRO version. 

The solution is neither inexpensive nor expensive, so I rate pricing a three out of ten. 

Nowadays, CrowdStrike, Cortex XDR, and the solution are rebranding and selling their products as XDR. Everyone hears about antivirus but now XDR is available to protect endpoints and get intelligence from the network. 

Most customers who have an XDR product only use the antivirus features. They are not correlating the network traffic with the XDR itself, so they are not getting the full benefit. 

The solution does not force you to correlate so you can use it without integrating with your network. But again, this is not how XDR is supposed to work. 

For example, if you buy a Bugatti but only drive it at 80 kilometers per hour, then you should just go and buy a Nissan. If you buy XDR but do not integrate it with your network traffic, then you just have a Nissan antivirus. 

I recommend the solution and rate it a ten out of ten. 

We use Cortex XDR by Palo Alto Networks for endpoint security. It scans for unwanted and malicious activity on endpoints and servers, creating alerts and incidents.

The most valuable features are incident creation, policy-based protection, IP whitelisting, and device encryption. These are beneficial for endpoint and server security.

There's room for improvement with Mac device installations, which can be challenging.

I have been using the tool for two years. 

About 20 people in our company use Cortex XDR by Palo Alto Networks across the country.

We've had some issues isolating endpoints and have sought support from Palo Alto for that.

The cost depends on your chosen license type, like Pro or other licenses.

I'd recommend using Cortex XDR by Palo Alto Networks for security purposes. It's good at detecting malware and is a better strategy than other antivirus solutions. I rate the overall solution a seven out of ten. 

I am a tech support engineer or an endpoint security engineer who works with Cortex XDR's team itself, looking after all the support cases related to our technical stuff, specifically malware cases.

The most valuable feature of the solution is Broker VM, which is the best functionality, as I haven't found such a feature in any other product I have worked on till now.

Some feature requests are coming up from the customers. I feel like there should be a quick improvement. There is a little gap in implementing the tool's features as the team needs to do an investigation, which would take more time than expected, leaving the customers frustrated. The product team's investigation to decide on the features to be introduced in the solution should be a little quick. When it comes to malware files, it should be a little quick because, at times, it would give a wrong result in the sense of what it might be on malware, even if it still might be a normal one. At that point in time, we need to change the tool's version, and it generally needs to be changed from our end with Java and Jira. Maybe it should be a little improved in that case.

I have been using Cortex XDR by Palo Alto Networks for two years. I am an endpoint security engineer for Cortex XDR's team. I worked with a client company as a foreign technical support engineer.

So far, I haven't found any stability issues in the tool. Right now, I am on post-maternity leave, so I left the company six or seven months ago. To date, I haven't found any stability issues with the tool. Stability-wise, I rate the solution an eight and a half out of ten.

The tool is not used in my organization because I work within the tool's XDR team related to Palo Alto. I don't have an exact count of the users because we have different customers on a larger scale.

It is a scalable solution. Scalability-wise, I rate the solution a nine out of ten.

I am not required to contact the solution's technical support since I handle the customers' tickets.

My company was involved in mass deployment. I am not involved in the deployment stuff because we work as a break-and-fix team. We generally don't go ahead with a mass deployment. For individual deployment, it is a quick and easy-to-install tool. Cortex XDR by Palo Alto Networks is not like every other antivirus product, and I think it is an easy-to-install tool. There is a team for the tool to help you out, but certain pre-requirements need to be filled. If all the pre-requirements are met, there will be no issue with the installation.

I am not sure about the tool's pricing because we are not from the accounts team. The tool's pricing is managed by the accounts department.

I recommend the tool as it is an emerging or upcoming product with a set of features. My recommendation of the tool surely depends upon the scale of the business.

The tool is easy to use. We even have an accounts team where they can help you from scratch. We have a tech support team who would definitely suggest it to you over the session, so nothing as such is required as they will definitely help the users with the tool.

I rate the tool an eight and a half or nine out of ten.