Cortex XDR by Palo Alto Networks Review

You can quickly locate exceptions and can configure process exceptions

What is our primary use case?

The primary use case is endpoint security. The product is my main endpoint, IP, and threat management.

How has it helped my organization?

In organizations where they don't implement a NAC, this product helps stop threats at the endpoint level. Everything goes through the endpoint. By the time you get something to a server, you are compromised at your perimeter, and you might be compromised at your ID or main control. With a third-party, you need a NAC, so you can put on something like McAfee or you need authorization so the organization can scan your computer, then you can connect to the network.

We can't do that for a daily operation. We can't just have personnel waiting for someone to connect, and say, "We need to scan your computer before you go into our network." We don't have time for that." So, you need to implement a NAC. However, if you don't implement a NAC from day one of your business, it is very complicated to do it after many years because the NAC is not like a security software. You have to go server by server and do an assessment. Meanwhile, you need to protect your organization. So, you can use tools like Traps to manage your security, even stopping the threat at the last contact. 

For organizations which do not have a NAC implemented, there has to be some type of endpoint security, and it needs to be tough, like Traps. With Traps, you can search events, manage them quickly, and locate any half exceptions. Trap's traffic is encrypted. 

We like the features where you can quickly locate exceptions and can configure process exceptions. You are building your own defense. Therefore, you are not only relying on Palo Alto, but you are applying day-to-day operations of configured language that a tool can understand.

What is most valuable?

If the user leaves our premises or network, Palo Alto Traps will still be on that endpoint and will still apply our policies. For example, if you take that endpoint out of our network, go to a Starbucks with a company laptop, then connect to our our virtualized gateway. That local endpoint will still have our network policies.

I'm so used to IPS IDS endpoint security that I don't see anything else that catches my attention other than it's working fine. It's a very good tool. It's the best one that we have.

It has Android support.

What needs improvement?

There are some limitations on the Traps agents. Traps for Windows has limitations and Traps for Linux too. Traps doesn't work with McAfee. You need to remove McAfee to install Traps. This is very common, and its nothing that should be an issue. Some antivirus engines recognize Traps as an threat component, so maybe they need to shake hands somewhere.

With Windows 7 and Windows 8 64-bit, when you want to install Traps, because its Windows, it will crash. They need a little more flexibility with antivirus engines.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

You can grow as much as you want.

We have four users: a cybersecurity analyst, two infrastructure security personnel, and a security administrator.

How are customer service and technical support?

The technical support is very good.

Which solution did I use previously and why did I switch?

We were previously using Malwarebytes and McAfee. We are still using them along with Traps.

How was the initial setup?

The initial setup was straightforward, after we had to remove McAfee first.

The deployment took a couple of weeks. We centralized all our perimeter firewalls first, then we started deploying the agent.

We needed two personnel for deployment and maintenance: an infrastructure security person and a security administrator.

What about the implementation team?

Our third-party installer was very efficient.

What was our ROI?

Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance. Security teams will spend less time and effort managing and mitigating breaches. They will be able to avoid having to activate their organization’s incident response team.

What's my experience with pricing, setup cost, and licensing?

It is "expensive" and flexible.

Which other solutions did I evaluate?

We evaluated the following other large endpoint security companies: Kaspersky Endpoint Security, CrowdStrike Falcon Endpoint Protection, Symantec Endpoint Protection, and McAfee Endpoint Security.

If you have Malwarebytes and you want to control a malware that you have on your computer, Malwarebytes will quarantine that malware. However, it depends how infected you got.

What other advice do I have?

Test normal behavior of the Traps agents (injection and policy) and confirm that there has been no change in the user experience.

Which version of this solution are you currently using?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Cortex XDR by Palo Alto Networks reviews from users
...who work at a Comms Service Provider
...who compared it with CrowdStrike Falcon
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
523,431 professionals have used our research since 2012.
Add a Comment
ITCS user