What is our primary use case?
We are a solution provider and one of the Palo Alto products that we implement for our clients is Cortex XDR (Extended Detection and Response).
It is also known as Traps, and it is mostly used for endpoint protection. For example, when remote users want to connect to their organization using a VPN, they will be protected.
What is most valuable?
The protection offered by this product is good, as is the endpoint reporting.
Once installed, this product is easy to manage, whether it is on-premises or the cloud-based management system.
What needs improvement?
There are a lot of logs generated and an engineer has to go through all of the events to find out exactly what the bottleneck is. We do need to collect the events but this can be time-consuming. Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer.
A better pricing plan would make this product more competitive.
For how long have I used the solution?
We have been dealing with Palo Alto, including Cortex XDR for more than three years.
What do I think about the stability of the solution?
This is a stable product and it is good, but we will keep evaluating other products as we continue to offer this type of solution to our customers.
What do I think about the scalability of the solution?
Cortex XDR is a scalable solution.
How are customer service and technical support?
The technical support team is good, and we can reach them quickly and easily. However, finding a resolution might take time.
Which solution did I use previously and why did I switch?
We have used Cylance in the past, although we stopped using it about three years ago.
We are currently using K7 Endpoint Protection. Unfortunately, it is not catching anything, whether it is malware or a virus.
How was the initial setup?
When we first implemented this product, it was called Traps. However, I don't see any difference, other than the name. For new customers, it might be a bit difficult to install and set up. It takes perhaps eight hours to install.
What about the implementation team?
I deployed this product, and I was also involved with the initial POC.
Only one admin is needed for deployment and a second person should be available to work with the users.
What's my experience with pricing, setup cost, and licensing?
This is an expensive solution.
Which other solutions did I evaluate?
We are currently trying to evaluate ELK.
What other advice do I have?
Overall, this is a good product and I can recommend it to others.
I would rate this solution an eight out of ten.