Cortex XDR by Palo Alto Networks Reviews

We're using it just to make sure that the customers, or our users, don't use any prohibited applications. We make sure that every application they use is on the allowed list. Any other application that is not only allowed is blocked until further notice. It's mainly to make sure that our organization is secure and that the software that the users are working on is secured too. This is the main reason. also to be aware and secured from any potential attack or ransomware etc.

The good thing about the product is that it's always scanning. It does real-time scanning for customers. If there's anything related to the applications that it's installed, for example, if an application needs some upgrades, or updates, or add-ons, we already have a server that is downloading this for the users, the computers. In terms of the laptops, we are not managing the laptops from the servers, since the users take the laptops with them and they are managing their laptops by themselves. There is any variability. The application gives us a notification on the Cloud so that we can handle this problem or make sure that the laptop is secured. The customers or the users don't have much experience to pick what is right and know what is wrong. It's a very, very informational application. 

The initial setup is easy.

They need to do definition updates. Instead of the version, they just put an update on the portal, and each time we need to upgrade it. Sometimes it's hard to upgrade the offsite clients. Sometimes the internet that they are using is not that stable. It gives us a hard time. Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded. 

It would be ideal if the updates would happen like Symantec updates or other antivirus solutions. The upgrade needs to deploy directly to the users.

We've been using the solution for two years. 

It's very stable. There are no errors or problems, even if there is something we need to do on the machine. Due to the configuration we already do, it's locking a lot of things that the users cannot do. Even if the administrator is working, it needs the Cortex XDR permission first. It's very stable and the configuration is easy in the portal. They are enhancing their configuration and its security constantly. 

The only thing that is giving us a hard time is they have a lot of version upgrades. I don't know if it's better to do it as update packages and make the upgrades half-year, quarter a year, or every year. It should be done more regularly.

From an administrative perspective, it'll give us less headache. Each time you need just to go to the portal and make sure that you're testing the product, the upgrade before you deploy it, and then you deploy it. And then you figure out which computer doesn't have the version, and you figure out how to install it. 

If it's a laptop on the other side, it'll take a long time, sometimes a week, to get the customer the upgrade. For installing the upgrade, we must do it. The users can't install this product by themselves. That's why it takes a while. 

The solution is scalable. We are using it for 80 or 90 people. It's a variety of different positions, from engineers to accountants. 

We're changing solutions and moving to SentinelOne. We won't be increasing usage.

They are very helpful and they respond very fast. If there's any ticket open they make sure that they fix the problem the first time. I didn't face any problems with them.

Positive

We are currently moving to SentinelOne.

It is a straightforward setup. It's not overly complex or difficult. The deployment took a maximum of two hours. 

I just installed it first on one of the testing machines and I tested the software package to see if it was still working. Then I just deployed it to the users and I made sure that it was working fine. It might take one day to deploy to the users if I test the version on the test machine first.

I handled the implementation myself. 

Corporate is responsible for licensing. I don't know anything about the pricing.

We are customers and end-users. 

We're using the latest version of the solution. 

Palo Alto is a big company. They are very good at security, so it's good if it's the first time a company is using this product. However, we are moving to SentinelOne as we are corporate. That means, if there is one branch upgraded or moved to something, we must follow. We are following our corporate instructions. If I was given the choice, I would be still using Cortex XDR as it's fulfilling my need. 

I'd rate the solution eight out of ten. The downside is each time I go to the portal and I check the versions, it's outdated. You need to upgrade each month or every forty days and it's a lot.

We use it to make sure that our antivirus is up to par. 

It used to be on-prem, but now, it's completely on the cloud. In terms of the version, we've got some old endpoints that we had to manually bring up to date, but for the most part, it's up to date.

I don't have to do much monitoring with it. I don't have to have anybody manually looking at this. It gives us reports, and it lets us know if something needs to be addressed, and we can easily address it. I've been pleased with it. It's been a really good product for us.

Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them. The hash that they use is pretty comprehensive. I like WildFire. It gives us a better idea of what is a true virus and what is a false positive.

We had a problem with getting our older endpoints up to date, but their newest updates have been really good. I've been pleased with it in terms of what our needs are. It's doing what we want it to do.

We've been using it for at least three years.

It has been stable. I have not had any issues with it.

For our use, we didn't need scalability with it. It has just been working as we needed it to work.

The only time we had to deal with their support was when we had a problem with getting our older endpoints up to date. They made the upgrades and gave us the solutions on what we needed to do, and that has been working for us. 

It was pretty straightforward, and now that it does an automatic update, I don't even have to remember to update it anymore. Once a definition expires, it automatically goes in and puts in the newest definitions, and updates all the endpoints. It is way better than what it used to be.

I don't recall what the cost was, but it wasn't really that expensive.

The only thing I would advise is to get a solution for which you don't have to do a lot of monitoring. It helps when we don't have to have an extra person to manually go through and look at each endpoint to make sure things are up to date and all definitions are up to date. 

I would rate it a nine out of ten because it's a really stable platform, and it is doing everything that I need it to do. You can always have improvement, but I'm really not sure what that improvement would be.

This solution has replaced our traditional antivirus solutions; it protects our environment and safeguards our endpoints from any malware or exploitation. We are based in Azerbaijan, I'm the CISO of the company and we are customers of Palo Alto. 

We've seen benefits because the solution includes a big data approach to cyber security. All information is collected from the network, the endpoints, and the logs and analyzed by applying a big-data approach that shows up anomalies. 

I chose this solution because they constantly add new features and are very proactive about that. To my mind, signature-based antivirus is a thing of the past. These days it's machine-learning technology and behavior-based analytics features that make us more secure. XDR feels secure because of those features.

There are still a few gaps with this solution. For example, real-time, on-demand antivirus is not there. If you're looking for compliance XDR is somewhat lacking. There is also no recovery feature; if some endpoint is under attack there must be the possibility of recovering it or restoring it to a normal state. That is currently lacking in XDR. 

I've been using this solution for about two years. 

The solution is stable. 

This solution is scalable. 

We have premium Palo Alto support and they provide good service. 

The initial setup is straightforward. 

I think any XDR technology is best for protecting an environment from cyber attacks. The visibility it provides is crucial and XDR gives us that, we can see all effect vectors. 

I rate this solution eight out of 10. 

I am an integrator. I deploy and implement solutions for our customers.

It is a simple platform to use.

The dashboard is good, it's very clean and very simple to read. The information the dashboard provides is very clear.

This solution is not complete enough to help us. We use a different platform that provides us with more information.

In my opinion, it is not a very complete program. I prefer to work with Carbon Black. It's a better solution as well as Cynet. For example, I use Cynet when I check installations, which provides me with more information. It is not easy to use for beginners, but it provides me with more information, which is lacking in Cortex. When it comes to core analysis, and security analysis, Cortex needs to provide more information. Cynet is a complete platform in my opinion.

We are ready to use a new solution called Deep Instinct. It's a new concept of the security platform. It's a very new company from the USA.

I would like to see a feature that allows you to check the endpoints included. I am currently having trouble checking the endpoints when using Cortex. Including this feature would benefit the platform's endpoints.

Cortex XDR by Palo Alto Networks is absolutely stable.

Cortex XDR by Palo Alto Networks is a scalable platform.

I am currently using QRadar in more than one enterprise, as well as Cynet, and Darktrace. We also use all of the Microsoft platforms with QRadar.

I have a team working on this solution. So I assisted a customer in deploying and implementing this solution. My colleague and I have formed a team. I am a SOC manager, my new role is that of a SOC manager. I don't use it directly, but I try to assist my colleague in working with more enterprises or customers. We have, I believe, five or six different IBM QRadar platforms.

We use several solutions and they are all good, but each one is different.

Cynet is a good platform, but helpful for my team because it is not simple to understand.

I would rate Cortex XDR by Palo Alto Networks a seven out of ten.

I primarily use Cortex XDR for endpoint security.

PALO ALTO CORTEX XDR brings visibility of all activity going in end point system and server. This helps us to investigate and take corrective action by blocking and allowing necessary services in the system. 

Alerts regarding the incidence happening in system and easy to block and allow the services and external device control.

An area for improvement is the remote connection for administrators - this is available in the current version but is limited as it's a command-based model rather than GUI-based.

I have been using Cortex XDR for around four months.

Cortex XDR is stable.

The product is really easy to scale.

Good support and services

Positive

Previously, I used McAfee Antivirus, Memory utilization very high which doesn't yet have virtualization or a dashboard. I found that product to be a little difficult, and it was not linked to a real solution, so I decided to go with Cortex XDR as it's one of the best XDR solutions for security.

The initial setup is a little complex because it requires a lot of preparation in terms of understanding each system and going through the documentation and dashboards.

I implemented with the help of one partner who did the basic configuration of our firewall. Deployment took approximately ten days.

Security of systems

This is a very costly product.

We have evaluated Cynet, Crowed Strike and Sentinel.

Cortex is the best solution for avoiding security breaches, malware attacks, and other kinds of security issues. I would rate this solution as eight out of ten.

I used the solution for investigating incidents and malware analysis.

The solution allows us to gain remote access without the user's knowledge and take the necessary actions on the device. For investigation, we can just drop down and easily elaborate on the issues, like where the user went and what they downloaded. We can use the solution to find out everything easily.

It takes time to scan the servers and devices. Scanning the server sometimes takes two to three days. If the device is offline, the scan gets disconnected.

I have been using Cortex XDR by Palo Alto Networks for one and a half years.

Cortex XDR by Palo Alto Networks is a stable solution.

Around seven people used the solution in our organization.

Cortex XDR by Palo Alto Networks is quite an expensive solution.

I use the solution for investigation, which includes incident handling and incident alerts. There is a separate part in Cortex XDR where we can use timestamps to categorize the alert or attack type. Based on the attack criticality, we can investigate and fine-tune a lot of things. In Cortex XDR, we can get the same alert at different times. We can fine-tune using the Cortex XDR tool.

Also, we can use queries in Cortex XDR for automation, accessing the device, or scanning the device. The query part is good, but we need to spend a little time learning about the query. It's easy to understand the query.

There is a template that you can use to click and say something. If you are going to investigate, many tabs are given based on the tactics, techniques, and procedures. It is easy to understand, and we can gather basic information from there. It is easy for a new user to learn to use the solution for the first time.

Overall, I rate the solution ten out of ten.

Cortex XDR does the stitching between a number of security domains, like email security, API security, and web security. The solution does the stitching from different sources and makes a logical incident.

We can use Cortex XDR to get the entire graph of the incidents from source to destination, and we can take remedial action. We don't need to navigate different solutions and tools or use our human intelligence to correlate all the information to make the logic. Cortex XDR entirely does it, and we can take action.

Cortex XDR should have a lightweight agent, and the agent size should not be heavy. Cortex XDR’s technical support should also be improved.

Cortex XDR should provide a feature to remove or uninstall an agent directly from the console itself without the help of an IT engineer. No one wants to do a manual installation of the agent. Everyone is looking for a solution to remove the agent from the console directly.

I have been working with Cortex XDR by Palo Alto Networks for two years.

I rate Cortex XDR a ten out of ten for stability.

I rate Cortex XDR a five out of ten for scalability.

The technical support of Cortex XDR and other OEM products is not very good. Cortex XDR's technical support does not usually respond quickly.

Neutral

I rate Cortex XDR’s initial setup an eight out of ten.

Cortex XDR’s pricing is very reasonable. I rate Cortex XDR a five out of ten for pricing.

I am using the latest version of Cortex XDR by Palo Alto Networks. Cortex XDR is usually deployed in our clients’ organization on cloud. The time it takes to deploy Cortex XDR depends totally upon the organization.

The biggest drawback of Cortex XDR is that it has a heavyweight agent. Cortex XDR would be a good product if this issue could be resolved.

Overall, I rate Cortex XDR an eight out of ten.

Our clients want to correlate information they have in their network. Many engineers or companies have different tools like CMs, firewalls, VPNs, and some other things related to networks. They mentioned that after they acquired the Cortex XDR solution they have all of the information in one place. That is important because they improved the time to solve security issues.

One of the things that I enjoy the most is using policy extensions. It's like having host firewalls to control USB connections. I think it's a wonderful tool to restrict use when connecting to our computers. 

Another important tool is Home Insights. That is an add-on to the Cortex solution. I like that because we can see all the vulnerabilities in the environment and control what assets are connected to our network.

I don't like that they have different types of licenses. For example, if users select a license, they think they will have all the platforms they need to improve their network or security. But after some time, Palo Alto Networks changed their licensing, and some of the features that, for example, were free at the beginning now have a cost. I think the integration can be improved. For example, a lot of tools are just integrated through APIs.

I have worked with Cortex XDR by Palo Alto Network for about four years.

Cortex XDR by Palo Alto Network is a stable solution. I have been working with it for years, and it only went down once.

On a scale from one to ten, I would give stability a nine.

Cortex XDR by Palo Alto Network is a scalable solution.

Technical support is okay.

Positive

The initial setup is straightforward and not very complicated. I think it takes about two hours to deploy this solution. The number of personnel needed depends on the company. For example, banks usually have five cybersecurity engineers installing and maintaining this solution.

On a scale from one to ten, I would give the initial setup a seven.

I don't like that they have different types of licenses.

On a scale from one to nine, I would give licensing costs a seven.

I consider Cortex XDR by Palo Alto Network a good solution. They have good support, and they listen to customer feedback. 

On a scale from one to nine, I would give Cortex XDR by Palo Alto Network a nine.