What advice do you have for others considering Cortex Cloud by Palo Alto Networks?

I did not use the AI and automation features of Cortex Cloud by Palo Alto Networks at the forefront initially. What I use it for is to ask questions and get answers. I conduct my research on upcoming threats and vulnerabilities and straight away ask the AI whether I am vulnerable to a specific CVE or whether a particular threat is valid for my environment. From last quarter itself, I started exploring the AI feature. My experience is that it is very, very good because I don't need to dig deep into the asset inventory to look for vulnerabilities. I just need to ask the AI by giving the CVE number and asking whether I am vulnerable to it, and it will show me what assets are involved that have this vulnerability. I have not worked on runtime security with Cortex Cloud by Palo Alto Networks. In most cases, I work on CSPM, which is Cloud Security Posture Management, and application security. However, my team works on runtime security as well. Last year, they started this module and integrated it into Cortex Cloud. As I talked with my team, they shared their experience that it reduces the MTTR for attacks, which is actually the Mean Time To Detect. This is because Palo Alto Networks has around 10,000 plus detectors. Because of these capabilities, it detects runtime attacks very quickly and reduces the MTTD.

From the features perspective, anomaly detection and behavioral threat protection features are all present in the product, and they work very well. MITRE confirms this because Palo Alto achieves 100% detection and reaction without any modification of the software or patching. AI is one of the main engines inside the system. AI is very present in all Palo Alto solutions, so there is nothing new from this point of view. Palo Alto was probably the first to invest significantly in AI when others did not even understand what AI meant. Palo Alto always mentions MITRE, which provides 100% detection and reaction with the default configuration from the software factory. I believe any other discussion is trivial. You have a cloud instance, and then you have to install the endpoint agents in your infrastructure where needed. Cortex Cloud by Palo Alto Networks is in a cloud managed by Palo Alto. I remember that it is probably on Google Cloud. Whether it is easy to answer depends on how you configure it. From what my colleagues tell me, in general it works well. Automations due to AI mean that sometimes you do not need to do anything, and in other cases you have evidence of an issue and then you need to analyze. The requirement is very variable. These tools help a lot because in general in cloud there are many parameters to consider, and having something that provides you prioritization is very helpful. This is especially true when you have dozens of thousands of issues to manage because you are using open-source software and do not know where to start. The solution itself is very good. Considering the limitations due to licensing and other factors, if we talk about Cortex Cloud by Palo Alto Networks specifically, it is a different product because the licensing has improved significantly. Cortex Cloud by Palo Alto Networks has the possibility to integrate other solutions by Palo Alto and firewalls. This makes it a framework, whereas Wiz, for example, is standalone software doing only that one thing. If you need to integrate other pillars of the customer, it becomes difficult; you cannot do it with this solution. If I consider Cortex XDR, the rating would probably be lower because the commercial licensing for Cortex XDR is still too weak. My overall review rating for this solution is nine out of ten.

Regarding AI features, I do not know anything about the AI features on Cortex Cloud by Palo Alto Networks that I am aware of. In evaluating detection coverage in a MITRE ATT&CK evaluation regarding protection, I think Cortex Cloud by Palo Alto Networks has a larger threat protection landscape than its competitors, making it probably a strong solution in its market. In terms of effectiveness, the behavioral threat protection and anomaly detection features in Cortex Cloud by Palo Alto Networks have received no complaints from the customers I have put it through, so I think the answer to that question is strong. Cloud Security Ops Dashboard does impact cloud security posture monitoring, as it provides strong visibility, making it a lot easier to view, and I think it reduces the time spent navigating the solution. Regarding improvements in incident close rates with the adoption of the product, I am not certain. I did not have visibility into the close rates beforehand, so I cannot say what improvements it has brought in. Regarding AI features in the product and potential new features needed, I would not know how to differentiate between a product that presents findings based on what it has seen versus one that uses AI, but from my understanding, I have not potentially used those features yet. It could be using a different engine powered by AI, and I would not recognize it, but it is hard for me to answer that question clearly. I would rate this solution a nine overall.

Cortex Cloud by Palo Alto Networks integrates effectively with standard vendors, supporting all major cloud providers and allowing for ingestion of third-party threat intel. Although we do not utilize this feature as we rely on Palo Alto's Unit 42 for our threat intelligence needs, the integration capabilities with tools such as ServiceNow and email solutions are quite seamless. The time spent on incident investigations has drastically reduced after adopting Cortex Cloud by Palo Alto Networks, as we moved from no solutions to an all-encompassing one. The tool has significantly decreased resolution times, although some complex incidents still require lengthy investigations due to their nature. The Cloud Security Ops dashboard of Cortex Cloud by Palo Alto Networks provides an excellent overview of our security posture, enabling us to track trends and prioritize incident handling. It facilitates quick assessments of vulnerabilities, though manual judgment remains essential. I am unsure about the impact of the unified data setup in Cortex Cloud by Palo Alto Networks on my security intelligence efforts, as I do not recall activating it in our environment. I would rate Cortex Cloud by Palo Alto Networks a seven out of ten overall.

We help our clients with this product and are closely working with them on these products.We are partners of Palo Alto Networks and sell the solution. From switching from IBM to Palo Alto Networks, I am not certain if I noticed a change in mean time to response, such as MTTR, since implementing Palo Alto Networks. It is easier, but I cannot specify by how much. Overall, I rate Cortex Cloud by Palo Alto Networks as an eight out of ten. I think that it could improve on price, as I know that the Google solution has the best price, and this is one of the conditions. My overall rating for this product is eight.

I'm currently moving to Palo Alto in CyberSafe. I'm totally with Cortex Cloud by Palo Alto Networks solution. I'm working with technology of Palo Alto, and the company is making a change in terms of investment in this positioning. We have developed a good partnership with Palo Alto at the moment. We are one of the three main partners here in Portugal. We have changed our strategy accordingly. At the moment, the feedback we have is that Cortex Cloud by Palo Alto Networks covers the needs of our clients. We have no issues related to this service because although it's a service being developed, I think this is version two of Cortex Cloud by Palo Alto Networks. Cortex Cloud by Palo Alto Networks has a really high price. This product is for very mature companies. We are talking about insurance companies and banking companies who need compliance. This is for a mature market, not for small or medium enterprises. The pricing for a bank or big companies is acceptable, and I understand that. It's the platformization that Palo Alto and others are doing, consolidating everything into one platform. You have several solutions and they are centralizing it. That's why Cortex, Prisma was the initial name of this solution, and it's now Cortex. We are exclusively selling Cortex Cloud by Palo Alto Networks. I'm both a reseller and integrator. I would give Cortex Cloud by Palo Alto Networks a nine out of ten. I have never seen anything like it for cloud protection from any vendor. My final rating for Cortex Cloud by Palo Alto Networks is nine.

Overall, Cortex Cloud by Palo Alto Networks is a technically strong product, and I rate it ten out of ten. I recommend it due to its strengths in security management.