Cortex XDR by Palo Alto Networks Reviews

Name: Cortex XDR by Palo Alto Networks
Brand: Palo Alto Networks
Rating: 4.2 (104 reviews)

Vendor: Palo Alto Networks

4.2 out of 5

104 reviews
95% willing to recommend

Leave a review

What is Cortex XDR by Palo Alto Networks?

Cortex XDR by Palo Alto Networks provides advanced threat detection with AI-driven endpoint protection and seamless integration, ensuring multi-layered security and automatic threat response.

Get the Cortex XDR by Palo Alto Networks Buyer's Guide and find out what your peers are saying about Cortex XDR by Palo Alto Networks, CrowdStrike Falcon, Wazuh and more!

Cortex XDR by Palo Alto Networks is the #2 ranked solution in top Ransomware Protection solutions, #2 ranked solution in top AI-Powered Cybersecurity Platforms solutions, #5 ranked solution in endpoint security software, #7 ranked solution in XDR Security products, and #8 ranked solution in EDR tools. PeerSpot users give Cortex XDR by Palo Alto Networks an average rating of 8.4 out of 10. Cortex XDR by Palo Alto Networks is most commonly compared to CrowdStrike Falcon: Cortex XDR by Palo Alto Networks vs CrowdStrike Falcon. Cortex XDR by Palo Alto Networks is popular among the large enterprise segment, accounting for 52% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 10% of all views.

Buyer's Guide

Cortex XDR by Palo Alto Networks

February 2026

Get the report

Helped 881,757 peers since 2012

Featured Cortex XDR by Palo Alto Networks reviews

ABHISHEK_SINGH

Senior Process Expert at A.P. Moller - Maersk

The most valuable aspect of Cortex XDR by Palo Alto Networks for me is its integration with AI detection, where we get to know the behavioral detection based on users, traffic patterns, and different services that we consume. It's more about user and behavior analysis with upfront detection rules and automation that we can integrate with for orchestration purposes. It's effective. We have seen multiple occasions where we were notified with the detection rule, and the SOC team engaged with us, and we took the remediation action as and when it was highlighted. The positive impacts I see from Cortex XDR by Palo Alto Networks include a complete 360-degree view of our security posture altogether, being a uniform platform where we are ingesting logs from multiple resources. We have AI detection for different levels of user behaviors, and we integrate with the firewall engines and WAF, along with the EDRs and XDR, so that we have a complete overall security view and have gained much more confidence in it.

Read full review

Surya Kumar Gedala

Final Year Student at Gitam University

The best features Cortex offers in my experience include its capability for detection and investigation, along with several types of threat intelligence management. It includes machine learning to easily analyze data and detect complex threats across endpoints, networks, or clouds. In playbooks, automation handles responding actions such as isolating endpoints or enriching IOCs, along with reducing mean time to detect and mean time to respond. I have used this for my SOC operations environment, discussing it with my college. Automation and playbooks have helped me significantly. If there is a threat, detecting it used to be a lengthy process. Now, with the advancement in technology, Cortex Xnor's playbooks predefine the workflow of the automation, such as response processes, alert triggering, and enriching the context. These automations collect relevant indicators such as hashes, IP addresses, or domains efficiently and can detect and block malicious attacks with firewalls. It is very useful for eliminating workload of human errors, speeding responses for next-generation operations. Playbooks are customizable with dynamic analysis that align with organizational policies.

Read full review

AmjadKhan1

Head of data centers at a non-profit with 10,001+ employees

The threat chain, the investigation process, and device control are the most valuable features in Cortex XDR by Palo Alto Networks. Detection is very good because malware is detected before it activates in the system, making it a very good product. Cortex XDR by Palo Alto Networks is an AI product that has no signature available inside, so everything is based on AI, machine learning, and behavior analysis, which are all very good for reducing risk in the organization.The most beneficial aspect of Cortex XDR by Palo Alto Networks was when it was first installed in the environment, where there were too many infected and compromised systems. After installing this solution, it identified, blocked, and provided the complete attack chain, which was very helpful. A previous product was not detecting anything, and after installing Cortex XDR by Palo Alto Networks, the experience has been very good.

Read full review

Cortex XDR by Palo Alto Networks mindshare

Product category:

As of February 2026, the mindshare of Cortex XDR by Palo Alto Networks in the Extended Detection and Response (XDR) category stands at 4.8%, down from 5.7% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Extended Detection and Response (XDR) Market Share Distribution
Product	Market Share (%)
Cortex XDR by Palo Alto Networks	4.8%
CrowdStrike Falcon	10.1%
Wazuh	7.2%
Other	77.9%

Extended Detection and Response (XDR)

PeerResearch reports based on Cortex XDR by Palo Alto Networks reviews

Type	Title	Date
Category	Extended Detection and Response (XDR)	Feb 10, 2026	Download
Product	Reviews, tips, and advice from real users	Feb 10, 2026	Download
Comparison	Cortex XDR by Palo Alto Networks vs CrowdStrike Falcon	Feb 10, 2026	Download
Comparison	Cortex XDR by Palo Alto Networks vs TrendAI Vision One	Feb 10, 2026	Download
Comparison	Cortex XDR by Palo Alto Networks vs SentinelOne Singularity Complete	Feb 10, 2026	Download

Valuable Features

Cortex XDR by Palo Alto Networks provides advanced threat detection through AI and machine learning, integrating seamlessly with firewalls and networks. It offers behavior-based detection, incident investigation, and automated responses, enhancing cybersecurity management. It features a user-friendly interface and centralizes data processing for efficient threat analysis. The multi-layered protection and policy management, alongside real-time scanning and customizable playbooks, ensure robust security, reducing manual workload for security analysts and improving their efficiency.

"Cortex XDR by Palo Alto Networks has helped lighten the load of our security analysts because it was the major tool that we were using and the one we utilized most."
"I generally believe that Cortex XDR by Palo Alto Networks is probably the best in the market right now."
"The main benefit of using Cortex XDR by Palo Alto Networks while employing Palo Alto Firewall at the internet edge is that it improves security on our endpoint devices, integrating seamlessly with Palo Alto Firewalls to deliver comprehensive network, analyst, and security details all in a single dashboard, which allows us to manage everything from our network devices."

Room for Improvement

Cortex XDR by Palo Alto Networks faces challenges with its interface, reporting, and integration capabilities. Users suggest enhancements in system performance, false positive reduction, and feature parity across operating systems. The difficulty in setup and endpoint management, along with high resource consumption, further disrupts user experience. Cost and licensing complexities deter wider adoption, while the absence of key integrations and features like DLP and NDR limits its competitive edge. Pricing concerns and the lack of on-premises options limit its appeal in certain regions.

"I have seen lagging with Cortex XDR by Palo Alto Networks. There was one time when we faced a threat actor trying to gain access to our system. When our team utilized the tool, we were all on the same dashboard and we faced a lag issue at that time of around five minutes, which was quite significant."
"The main issue I could point out is the offline agents and the way that it is missing."
"If Palo Alto reduces the pricing slightly for their products, it would make them more scalable in markets such as India and globally for cybersecurity."

ROI

Cortex XDR by Palo Alto Networks provides strong security, preventing malware infections and offering peace of mind against ransomware. Users experience increased performance and satisfaction due to reduced administrative effort and OPEX savings from fewer malware incidents. The tool's rich telemetry data aids in threat identification and offers cost-saving compliance features. It delivers financial benefits by reducing total ownership costs and being more economical than competitors like Microsoft Defender XDR.

Pricing

Cortex XDR by Palo Alto Networks has mixed reviews on pricing. Several users find it expensive compared to competitors like Microsoft Defender and Sophos, though some see it as fairly priced and cost-effective considering its capabilities. Pricing is flexible, with options to scale licenses based on needs. Licensing typically follows an annual basis, and costs can vary depending on the number of users and specific features required. Setup costs are higher than some alternatives.

"The tool's price is moderate."
"Compared to CrowdStrike, Cortex XDR is an expensive solution."
"The cost depends on your chosen license type, like Pro or other licenses."

Popular Use Cases

Cortex XDR by Palo Alto Networks is utilized mainly for endpoint protection, anti-malware, and anti-exploit purposes. Users employ it for threat management and endpoint detection, integrating it with firewalls for comprehensive visibility. The platform provides behavior-based threat detection utilizing artificial intelligence, offering advanced features like ransomware mitigation and endpoint isolation. Many organizations implement Cortex XDR for security correlation, leveraging its capabilities in cloud environments for enhanced security and compliance.

Service and Support

Cortex XDR by Palo Alto Networks customer service varies. Some users praise excellent support, citing quick responses and knowledgeable staff. Others highlight challenges, describing difficulties with responsiveness and expertise, particularly in specific regions and with specific products. While some find tech support efficient and beneficial, others express concerns about communication barriers and issue resolution speed. The premium support plan often receives higher marks for rapid assistance and effective issue handling. Technical support experiences range widely, with both commendations and criticisms.

Deployment

Users found Cortex XDR by Palo Alto Networks straightforward to set up, especially in its cloud-based version. Some noted the setup required around an hour to a few days, depending on infrastructure size and complexity. Professional expertise eases the process, though even those without prior knowledge managed with some initial difficulty. Features can be activated gradually. The administrative effort, particularly creating profiles and policies, is essential but manageable.

Scalability

Cortex XDR by Palo Alto Networks demonstrates strong scalability. Organizations find it easy to deploy across numerous endpoints, benefiting from cloud-based management. Users highlight the ability to grow usage effortlessly by adjusting licenses without needing to change infrastructure. The tool's architecture efficiently handles large data volumes, supporting enterprises of various sizes. Feedback consistently rates scalability positively, underscoring its suitability for both mid-sized businesses and large corporations.

Stability

Cortex XDR by Palo Alto Networks demonstrates high stability, with users reporting minimal issues. Early versions had bugs, and occasional database or version upgrade concerns were noted, but improvements have addressed these. Cortex XDR runs reliably without major downtime and manages vulnerabilities effectively. While some minor sync delays occur under high data loads, the platform remains responsive. Most users rate its stability highly, indicating efficient and consistent performance.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Cortex XDR by Palo Alto Networks Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	41
Midsize Enterprise	20
Large Enterprise	39

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	691
Midsize Enterprise	374
Large Enterprise	1139

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

10%

Financial Services Firm

10%

Manufacturing Company

Comms Service Provider

Government

Retailer

University

Healthcare Company

Educational Organization

Outsourcing Company

Energy/Utilities Company

Performing Arts

Media Company

Real Estate/Law Firm

Construction Company

Non Profit

Insurance Company

Wholesaler/Distributor

Hospitality Company

Marketing Services Firm

Transportation Company

Legal Firm

Recreational Facilities/Services Company

Pharma/Biotech Company

Logistics Company

Recruiting/Hr Firm

Consumer Goods Company

Compare Cortex XDR by Palo Alto Networks with alternative products

Learn more about Cortex XDR by Palo Alto Networks

Cortex XDR is designed to safeguard endpoints against malware and suspicious activities. It offers advanced threat detection and response capabilities using behavioral analysis, AI, and machine learning. It seamlessly integrates with security infrastructures, providing endpoint security, firewall integration, and enhanced visibility in both cloud-based and on-premises environments.

What are the key features of Cortex XDR?

Advanced Threat Detection: Uses AI and machine learning for proactive threat identification.
Multi-layered Security: Combines various security measures for comprehensive protection.
Endpoint Protection: Safeguards against malware and exploits.
Behavioral Analysis: Monitors suspicious activity for early detection.
Automatic Threat Response: Automates responses to neutralize threats.

What benefits should users expect?

Ease of Use: Simplifies security management with intuitive design.
Resource Efficiency: Minimizes impact on system resources.
Integration Capabilities: Works well with existing security setups.
Reduced Analyst Workload: Automates processes to decrease manual intervention.

Organizations in diverse sectors deploy Cortex XDR to protect against malware, leveraging its advanced threat detection capabilities. Its integration with existing security infrastructures appeals to those seeking comprehensive protection in both cloud and on-premises environments, providing enhanced visibility and threat intelligence.

Cortex XDR by Palo Alto Networks was previously known as Cyvera, Cortex XDR, Palo Alto Networks Traps.

Cortex XDR by Palo Alto Networks customers

CBI Health Group, University Honda, VakifBank

Product Categories

Extended Detection and Response (XDR)

Endpoint Protection Platform (EPP)

Endpoint Detection and Response (EDR)

Ransomware Protection

AI-Powered Cybersecurity Platforms

Popular Comparisons

CrowdStrike Falcon vs Cortex XDR by Palo Alto Networks

Wazuh vs Cortex XDR by Palo Alto Networks

Microsoft Defender for Endpoint vs Cortex XDR by Palo Alto Networks

Darktrace vs Cortex XDR by Palo Alto Networks

Fortinet FortiEDR vs Cortex XDR by Palo Alto Networks

SentinelOne Singularity Complete vs Cortex XDR by Palo Alto Networks

Microsoft Sentinel vs Cortex XDR by Palo Alto Networks

IBM Security QRadar vs Cortex XDR by Palo Alto Networks

HP Wolf Security vs Cortex XDR by Palo Alto Networks

Microsoft Defender XDR vs Cortex XDR by Palo Alto Networks

Varonis Platform vs Cortex XDR by Palo Alto Networks

Elastic Security vs Cortex XDR by Palo Alto Networks

Tanium vs Cortex XDR by Palo Alto Networks

WatchGuard Firebox vs Cortex XDR by Palo Alto Networks

Trellix Endpoint Security Platform vs Cortex XDR by Palo Alto Networks

See all alternatives

Cortex XDR by Palo Alto Networks Reviews Summary
Author info	Rating	Review Summary
Senior Process Expert at A.P. Moller - Maersk	4.5	I’ve found Cortex XDR highly effective for securing workloads with strong AI-driven detection, seamless integration, and improved threat visibility, though initial false positives required tuning; overall, it’s stable, scalable, and meets our evolving security needs well.
Final Year Student at Gitam University	4.5	During my internship, I found Cortex highly effective for endpoint detection and automation, with powerful playbooks and threat intelligence features. While UI and integration improvements are needed, its stability, scalability, and hybrid deployment worked seamlessly for my needs.
Head of data centers at a non-profit with 10,001+ employees	4.0	I've used Cortex XDR for over a year to detect and block threats effectively in real-time, appreciating its AI-driven analysis and smooth integration, though it's expensive; support is excellent, and it greatly improved security over our previous solution.
Chief of IT Architecture at a financial services firm with 10,001+ employees	4.0	I've found Cortex XDR by Palo Alto Networks to be robust and well-integrated for large environments, offering strong automation and detection, though it's costly, complex to deploy initially, and best suited for those heavily invested in the Palo Alto ecosystem.
Network Security Administrator at Alethe Consulting Pvt. Ltd	4.0	I've found Cortex XDR by Palo Alto Networks integrates well with our firewall, simplifies threat analysis, and reduces workload, though pricing could be more competitive; overall, it's reliable, user-friendly, and significantly improved our endpoint security experience.
Detection and Response Consultant at Inovasys	4.5	I've found Cortex XDR by Palo Alto Networks effective in detecting and mitigating advanced threats with strong real-time capabilities, easy investigation tools, minimal analyst workload, and cost efficiency, though I’ve noted no current weaknesses in the product.
IT COMMUNICATIONS AND NETWORKS at Américas BPS	5.0	I found Cortex XDR by Palo Alto Networks effective, easy to set up, and non-intrusive. It reliably detected threats, automation via playbooks worked well, and support was solid, though reaching Palo Alto directly was sometimes challenging.
Cyber Security Engineer at a media company with 201-500 employees	5.0	I've found Cortex XDR highly effective beyond antivirus, offering deep behavioral analysis and cloud-based machine learning, though managing offline agents is cumbersome. Setup is straightforward, especially with clear grouping, and I believe it’s the best solution available.

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	10.1%	97%	137 interviews Add to research
Wazuh	3.7	7.2%	81%	50 interviews Add to research

Cortex XDR by Palo Alto Networks Reviews

What is Cortex XDR by Palo Alto Networks?

Featured Cortex XDR by Palo Alto Networks reviews

Cortex XDR by Palo Alto Networks mindshare

PeerResearch reports based on Cortex XDR by Palo Alto Networks reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Cortex XDR by Palo Alto Networks with alternative products

Learn more about Cortex XDR by Palo Alto Networks

Cortex XDR by Palo Alto Networks customers

Related questions

Product Categories

Popular Comparisons