Cortex XDR by Palo Alto Networks Review

Runs in the background and sends things directly to the cloud for sandboxing

What is our primary use case?

We used it for malware detection and to detect weird DNS calls. Overall, it was for endpoint protection.

How has it helped my organization?

Many people here are surfing the web on Russian sites, Korean sites, Chinese sites, etc., and by definition, they download things that are not very nice. Whenever there was something fishy, most of the anti-virus solutions just wouldn't see it. We needed endpoint protection that would detect as soon as some code started doing funny things. Traps was very good at that.

What is most valuable?

The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical.

What needs improvement?

There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, was not user-friendly.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

The stability was quite good. We never had any issue with it at all.

What do I think about the scalability of the solution?

We had no issue with scalability. We deployed to 220 machines in one go with no problem. We had 130 users. Some people were using many machines. The users were mostly analysts. Ten to 20 of the users were IT people and the rest were doing analysis work on satellites. It was being used extensively, 100 percent in our case. Even the serves had it running. Everybody had Traps installed.

How are customer service and technical support?

The technical support from the consultant was very good. I don't remember having to talk to Palo Alto directly. I had an issue, but I talked to the consultant and then he escalated it.

Which solution did I use previously and why did I switch?

Before Traps we had no endpoint protection.

How was the initial setup?

The setup was not very intuitive to start with, but after you've done it once, it's really straightforward.

The first time I set it up, for one machine, it took about 15 minutes until I understood what was going on, starting from the ESM and using the deployment tool. But as soon as you've done it once, and you understand the ergonomics behind it, it goes fast.

In terms of the implementation strategy, we started with a limited number of machines and the machines of people from IT, who we knew would surf to weird places. Then we deployed a small sample to the people who go to China and Russia and places like that. After a while, while, we decided to go all the way and we used the ESM to deploy it on every machine.

The process from the planning phase until it was fully implemented took about three or four months.

What about the implementation team?

For the first installation we had a consultant, a Palo Alto dealer, consultant, and solution provider here in Madrid - Open3S. They're very good. Our experience with them was very positive. They're really competent. They really know what they're talking about. We were very happy with them.

The deployment required one or two people. Some days two people came, but normally, with one guy, it was okay.

What was our ROI?

It was more like insurance. You hope you're never going to use it, but you have it. It gave us some confidence in what people were doing because we know people were going to weird places on the web. With Traps, we were quite confident that if something wrong happened it would be detected and intercepted and deleted before it was spread around.

What's my experience with pricing, setup cost, and licensing?

When we first bought it, it was a bit expensive, but it was worth it. The licensing was straightforward.

Which other solutions did I evaluate?

We didn't evaluate any other options because we had Palo Alto as firewalls and we were quite satisfied with Palo Alto. So the consultant took the initiative to do a demo and we liked it. Due to the type of business we are in, it's very useful.

What other advice do I have?

Make sure you have a proper inventory of all the applications running. That's something we should have done to start with. We intended to do so but because we're using very strange applications to deal with satellite imagery, and it was giving us some issues. For somebody who's using the standard Microsoft Office, it's really straightforward. But if you have exotic applications, then make sure you test it before you deploy it. You will have issues.

To maintain it, the only thing you have to do is download the latest updates and install them. After that, the only maintenance you need is checking the logs every day to see what has been sent to the cloud for sandboxing and then move to the culprit machine to see what happened. It's difficult to say how many people are required for this. As soon as you get something exotic on the machine, this can take an hour, but that's not related to Traps. Traps is just telling you there's something exotic. After that, it's the time you spend doing all the malware and other analyses. As far as Traps is concerned as such, it doesn't require much maintenance. It's something you set and forget.

I would give Traps a nine out of ten. I think it's a very good application. It detected stuff that other things wouldn't detect. I'm very positive about it and was extremely satisfied with it. We had it for the reason I noted earlier. It has been replaced by something else, but I had a very good experience with it. Had we been in a Microsoft Office business - the normal applications - we never would have moved. But the people in charge of the system went to Microsoft Defender.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Cortex XDR by Palo Alto Networks reviews from users
...who work at a Healthcare Company
...who compared it with Cisco AMP for Endpoints
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
513,091 professionals have used our research since 2012.
Add a Comment
ITCS user