Palo Alto Networks Cortex XSOAR Review

User-friendly and robust with good technical support

What is our primary use case?

I primarily pitch and sell this solution to our customers. We do product assessments and consult with customers for the most part.

Clients can use it for automation. 

What is most valuable?

The solution has very good integration capabilities. It's really the best at integration. Inside every integration, there are certain commands which we can call upon, which makes it very useful as a product.

The automation is excellent. 

The product is very robust.

With this solution, we can do dynamic remediation.

It's a product that is constantly upgrading and improving.

It's a user-friendly solution.

Technical support is very helpful and responsive.

What needs improvement?

We'd like to be able to add as many integrations as possible. We would like more options for our clients. 

A few times, I have noticed some bugs. That may be due to the fact that they are consistently upgrading the product. With new releases, a few bugs might get through.

The solution is expensive. They should work to make it less costly for the customer.

For how long have I used the solution?

I've been working with the solution for the past five years or so at this point. It's been a while. 

What do I think about the stability of the solution?

There are a few bugs here and there when new releases happen. We've used it from version four all the way to version six and have dealt with a few bugs, however, that is expected. That's always some in any products. It's fine for us.

Mostly, the stability is okay. The integration keeps on triggering every time. It has jobs that are learning all the time. It's based on completely API integrations. As long as there is compatibility, the solution is pretty available. It is always ready to go.

What do I think about the scalability of the solution?

We haven't tried to scale, however, as per the technical documents which I have read, it should be understood by the customer before it is deployed. It all depends on how many integrations or how many triggering points a company has. You need to have an idea of the scope. Remediation can take a minute or two, however, it will still be possible. There isn't too much of a concern for scaling right now.

We have one or two customers using the solution for their own purposes. We are consulting with two more customers. We do plan to increase usage in the future. 

How are customer service and technical support?

We've dealt with technical support in the past. They're 100% responsive and they have a lot of channels in which to talk to them. You can always get a hold of them and they are very knowledgeable. We are quite satisfied with their level of support.

How was the initial setup?

Initially, we found the implementation to be a bit difficult. However, now we have done it quite a few times for clients, and we find it to be very straightforward and simple. You get used to the process. You learn how to do it. It's simple.

What about the implementation team?

We implement the solution for our clients as consultants. 

What's my experience with pricing, setup cost, and licensing?

The licensing is paid on a yearly basis. It is quite expensive. 

When Palo Alto bought the solution, the pricing increased by 1.5 times. There's been a 50% increase, which is a lot. 

What other advice do I have?

We are a partner for Palo Alto. I have been certified with them. I did certifications around their certificates when they were Demisto, however, right now, we are Palo Alto partners.

It's not a SIEM product, however, it's a next-gen automation platform for SIEM SOC services.

I'd advise companies considering the solution to assess the existing environment before they go ahead and choose something. This solution is basically built for a vast organization or a medium and big organization. Smaller organizations have other options which are available to them that might be more appropriate. 

Companies should assess the product before it's brought on, as the cost is high. Businesses need to check their budget around that, and whether it will be flexible or not. 

It's also important to have a proper engineering and design team to implement that product.

I'd rate the solution at a nine out of ten overall.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Which version of this solution are you currently using?

**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
More Palo Alto Networks Cortex XSOAR reviews from users
Find out what your peers are saying about Palo Alto Networks, Splunk, IBM and others in Security Orchestration Automation and Response (SOAR). Updated: July 2021.
522,946 professionals have used our research since 2012.
Add a Comment
ITCS user