Cortex XDR by Palo Alto Networks Review

You can see the value for your money and sleep peacefully at night, not worrying about ransomware attacks

What is our primary use case?

I used the product at my previous company until November 2018.

How has it helped my organization?

After deploying Traps, we saw the performance of the network improve by 65 to 70 percent. There was a drop in the latency rate over the application, when accessed via our users. We received feedback from users that usually when they were downloading a bunch of things or browsing the Internet, ad popups would spring up which are a gateway to bring viruses and stick in temp files. This improved a lot because Traps occasionally gives an alert to them to be careful, such as don't go on play on this site and download malicious things. The overall performance of the entire organization was improved because of this.

When I was monitoring Traps, during the period after we deployed it fully on our organization, there was around 125 users on it. We could see in a whole day that there was around 10 to 15 threats which kept popping up. Because I work in the hotel industry, we have a lot of emails which come through worldwide. They are for reservations and booking. Out of those 50 emails, five to six emails are malicious emails which have the extension of .exe files or other encrypted files. They could have had macros enabled in those files as well. Traps would alert us to these malicious files.

The network was infected when we were using Traps. One of the reservation computer was infected with ransomware. It was detected by the Traps. In Traps, it shows up that they investigated the file which was in a zip format. We uncompressed it to view the file and saw Traps detected this infection. It does analysis of all the files to an in-depth level, which was helpful for us to detect and avoid that infection being spread around.

What is most valuable?

A majority of its features are very good, well-designed, and programmed. Most of the machine learning has features where we took a deep analysis on kernel level scanning. It has shown that if in case of anything happens, like first-level operation fails or it went to the next level that it will protect the machine. You can see the artificial intelligence working on it. 

What needs improvement?

There are some default policies which sometimes affect our applications and cause them to run around. In the hotel industry, we use a different type of data versus Oracle and SQL. By default, there are some policies which stop us from running properly. Because of this, the support level is also not that strong. We have to wait to get a results. 

Originally, we wanted to uninstall Traps because we could not run our operations because Traps, by default, had blocked applications and files. This is still a thing, as we still have to give flexibility to certain policies which are pre-defined in the Traps application.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Traps is quite a stable product. Once it was properly deployed and configured, you have nothing to be worried about.

When the product was updated, I also worked on the latest version.

What do I think about the scalability of the solution?

It is scalable. 

We had 150 end users. The end users ranged from the manager level to the supervisor level. These users include salespeople who carry their laptops when travel out of the country on business trips.

How are customer service and technical support?

In this region, I find there are not many good engineers available for Traps. The one guy who specializes in the work functionality, if any issue comes up, might not be available in the country. Therefore, it's a challenging to get the specialized person who knows how to troubleshoot and get the fix. Otherwise, we have to wait for at least 24 hours to get support and results. If an issue comes up because of a new version which we deployed and updated has any changes, we need support immediately, not in 24 hours. For example, we don't know  what changes were made to which parameters, what we need to disable or activate, and if they blocked any of the applications, then our operation will get stuck.

Which solution did I use previously and why did I switch?

We were the victim of ransomware. Prior to that we were using an antivirus application from Sophos, which was not able to detect that ransomware engine which encrypted our servers and client machine. So, it was a disaster, and we started looking for another solution which could perform better and give us zero-day threat alerts. I researched which would be the better solution and came across Traps. We ran version 3.5 for a period of one month, where we tested it against malware, viruses, etc. The performance of the Traps has proven itself to work very well in detection.

How was the initial setup?

The initial setup is very straightforward. 

The deployment took five minutes to be fully functional and configured. It was just one simple utility which we had to install on the computers. It was not a complex thing once we had it installed. We created a whitelist policy for whatever applications were there. This was a one-time job to streamline the access levels to be allowed. Once the one-time job was done, it gets pushed out to the entire organization. 

During the PoC stage, we discussed with the engineer how we wanted it because we had an Active Directory and all the user accounts were connected to the directory. We deployed the data from Traps onto one of the server, then data to the Active Directory. From there, we pushed all the agents to all the users, then we took the file and deployed it. Whenever the users login, it gets deployed and installed. The deployment went very well and was properly executed.

What about the implementation team?

The deployment was done by two engineer from Palo Alto and me. They assured me by installing in two to three machines. There were very simple steps to follow, like three to four steps, for the installation. Afterwards, they took care of deploying Traps for all the users.

The admin has been responsible for maintaining it.

What was our ROI?

The return on investment is from the user side because we have seen the performance of it increase the delivery time of the product if we are using too many web-based and on-premise applications. In indirect ways, we saw the return of investment in terms of performance and user satisfaction increase.

What's my experience with pricing, setup cost, and licensing?

It is cost-effective compared to similar solutions. It fits for the small businesses through to the big businesses.

Which other solutions did I evaluate?

I have worked with different product lines: McAfee, ESET Endpoint Security, and Sophos. However, I find the Traps to be much better in comparison to all the other competitors available in the market. 

I did PoCs on products called Cylance and CrowdStrike. Although, I consider these products and they were also good, when it come to cost and budgetary factors, Traps has been proven to be better than the other two products. It is quite cost-effective and delivers all the entire solution which we require.

What other advice do I have?

Overall, Traps is a very good application when you compare endpoint security solutions available in the market. You can see your value for your money. You can see the results and sleep peacefully. You don't have to worry about a ransomware attack. Traps is very well-designed. It also does good things with deep machine learning. If it finds any malicious activity, it will alert you.

Based on our feedback and recommendations, our sister companies had been looking forward to replacing their current solution with the Traps.

My current company is in the process of evaluating the solution.

Which version of this solution are you currently using?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Cortex XDR by Palo Alto Networks reviews from users
...who work at a Comms Service Provider
...who compared it with CrowdStrike Falcon
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
523,372 professionals have used our research since 2012.
Add a Comment
ITCS user