We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The entirety of our network infrastructure is Cisco and the most valuable feature is the integration."
"One of the best features of AMP is its cloud feature. It doesn't matter where the device is in regards to whether it's inside or outside of your network environment, especially right now when everybody's remote and taken their laptops home. You don't have to be VPNed into the environment for AMP to work. AMP will work anywhere in the world, as long as it has an Internet connection. You get protection and reporting with it. No matter where the device is, AMP has still got coverage on it and is protecting it. You still have the ability to manage and remediate things. The cloud feature is the magic bullet. This is what makes the solution a valuable tool as far as I'm concerned."
"The visibility and insight this solution gives you into threats is pretty granular. It has constant monitoring. You can get onto the device trajectory to look at a threat, but you can also see what happened prior to the threat. You can see what happened after the threat. You can see what other applications were incorporated into the execution of the threat. For example, you have the event, but you see that the event was launched by Google Chrome, which was launched by something else. Then, after the event, something else was launched by whatever the threat was. Therefore, it gives you great detail, a timeline, and continuity of events leading up to whatever the incident is, and then, after. This helps you understand and nail down what the threat is and how to fix it."
"The most valuable feature is signature-based malware detection."
"It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it."
"It is a very stable program."
"Among the most valuable features are the exclusions. And on the scalability side, we can integrate well with the SIEM orchestration engine and a number of applications that are proprietary or open source."
"The ability to detonate a particular problem in a sandbox environment and understand what the effects are, is helpful. We're trying, for example, to determine, when people send information in, if an attachment is legitimate or not. You just have to open it. If you can do that in a secure sandbox environment, that's an invaluable feature. What you would do otherwise would be very risky and tedious."
"It can automatically correlate events and logs, which is very helpful for an IT administrator. It can correlate different kinds of malware activities over a network, agent, or host system. You do not need to do it manually. It is a good feature. It is also a user-friendly solution. We have deployed it on the cloud because our space does not provide any flexibility for on-premises deployment, but Palo Alto has added some flexibility to install it on-premises. It must be like the same Cortex XDR agent for all the VPN services, web filtering services, and everything else."
"The integrations are out-of-the-box, as are the playbooks."
"The interface is easy to use and it is more up to date than our previous solution."
"The most valuable for us is the correlation feature."
"The dashboard is customizable."
"Threat identification and detection are the most valuable features of this solution."
"The management capabilities, allow an IT organization to get quite a good picture of attempted cyber attacks."
"The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly. The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that."
"Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"It is stable and scalable."
"It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"Ability to get forensics details and also memory exfiltration."
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"The one challenge that I see is the use of multiple endpoint protection platforms. For instance, we have AMP, but we also have Microsoft Windows Defender, System Center Endpoint Protection, and Microsoft Malware Protection Engine deployed. So, we have a bunch of different things that do the same thing. What winds up happening is, e.g., if I get an alert for a potential incident or malware and want to pull the file, I'll go to fetch the file to analyze it. But, one of these other programs has already gotten it, so the file has already been quarantined by another endpoint protection system. AMP doesn't realize that and the file fetch fails, then you're left wondering what's going on."
"In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through."
"I would like to see integration with Cisco Analytics."
"We have had some problems with updates not playing nice with our environment. This is important, because if there is a new version, we need to test it thoroughly before it goes into production. We cannot just say, "There's a new version. It's not going to give us any problems." With the complexity of the solution using multiple engines for multiple tasks, it can sometimes cause performance issues on our endpoints. Therefore, we need to test it before we deploy. That takes one to three days before we can be certain that the new version plays nice with our environment."
"The technical support is very slow."
"...the greatest value of all, would be to make the security into a single pane of glass. Whilst these products are largely integrated from a Talos perspective, they're not integrated from a portal perspective. For example, we have to look at an Umbrella portal and a separate AMP portal. We also have to look at a separate portal for the firewalls. If I could wave a magic wand and have one thing, I would put all the Cisco products into one, simple management portal."
"I would recommend that the solution offer more availability in terms of the product portfolio and integration with third-party products."
"The connector updates are very easily done now, and that's improving. Previously, the connector had an issue, where almost every time it needed to be updated, it required a machine reboot. This was always a bit of an inconvenience and a bug. Because with a lot of software now, you don't need to do that and shouldn't need to be rebooting all the time."
"It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control. Currently, Cortex is good in terms of the security of the endpoints, but it is not as good as other vendors in terms of the management of the endpoint."
"It would be good to have a better way to search for a file within the UI."
"In an upcoming release, the solution could improve by proving hard disk encryption. If it could support this it would be a complete solution."
"In reporting they should have a customizable dashboard due to the fact that C-level people don't like reporting to the IT department. They prefer to have a real-time dashboard. That kind of dashboard needs to have various customizations."
"Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well."
"I would like to see them include NDR (Network Detection Response)."
"The solution could improve by providing better integration with their own products and others."
"Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"The SIEM could be improved."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"Detections could be improved."
"There is also the Cisco annual subscription plus my management time in terms of what I do with the Cisco product. I spend a minimal amount of time on it though, just rolling out updates as they need them and monitoring the console a couple of times a day to ensure nothing is out of control. Cost-wise, we are quite happy with it."
"In our case, it is a straightforward annual payment through our Enterprise Agreement."
"The visibility that we have into the endpoint and the forensics that we're able to collect give us value for the price. This is not an overly expensive solution, considering all the things that are provided. You get great performance and value for the cost."
"Licensing fees are on a yearly basis and I am happy with the pricing."
"We have a license for 3,000 users and if we get up to 3,100 users, it doesn't stop working, but on the next renewal date you're supposed to go in there and add that extra 100 licenses. It's really good that they let you grow and expand and then pay for it. Sometimes, with other products, you overuse a license and they just don't work."
"There are a couple of different consumption models: Pay up front, or if you have an enterprise agreement, you can do a monthly thing. Check your licensing possibilities and see what's best for your organization."
"The Enterprise Agreement is like an all-you-can-eat buffet of Cisco products. In that vein, it was very affordable."
"The pricing and licensing are reasonable. The cost of AMP for Endpoints is inline with all the other software that has a monthly endpoint cost. It might be a little bit higher than other antivirus type products, but we're only talking about a dollar a month per user. I don't see that cost as being an issue if it's going to give us the confidence and security that we're looking for. We have had a lot of success and happiness with what we're using, so there's no point in changing."
"If one wishes to work with another team or large number of users at a future point, he must purchase a license for them."
"The pricing is okay, although direct support can be expensive."
"Every customer has to pay for a license because it doesn't work with what you get from a managed services provider."
"The price is on the higher side, but it's okay."
"The price of the solution is high for the license and in general."
"We pay about $50,000 USD per year for a bundle that includes Cortex XDR."
"This is an expensive solution."
"It's about $55 per license on a yearly basis."
"There are no issues with the pricing."
Advanced Malware Protection (AMP) is subscription-based, managed through a web-based management console, and deployed on a variety of platforms that protects endpoints, network, email and web Traffic. AMP key features include the following: Global threat intelligence to proactively defend against known and emerging threats, Advanced sandboxing that performs automated static and dynamic analysis of files against more than 700 behavioral indicators, Point-in-time malware detection and blocking in real time and Continuous analysis and retrospective security regardless of the file's disposition and Continuous analysis and retrospective security.
Cortex XDR by Palo Alto Networks is the world's first detection and response app that natively integrates network, endpoint and cloud data to stop sophisticated attacks. Cortex XDR by Palo Alto Networks accurately detects threats with behavioral analytics and reveals the root cause to speed up investigations.
Advanced attacks can take just minutes, if not seconds, to compromise the endpoints. First-generation endpoint detection and response (EDR) tools simply cannot keep pace. They require manual triage and responses that are not only too slow for fast moving threats but they also generate a huge volume of indicators that burden already overstretched security teams. Further, legacy EDR tools drive up the cost of security operations and can slow processes, negatively impacting business.
FortiEDR delivers advanced, real-time threat protection for endpoints both pre- and post-infection. It proactively reduces the attack surface, prevents malware infection, detects and defuses potential threats in real time, and can automate response and remediation procedures with customizable playbooks. FortiEDR helps organizations stop breaches in real-time automatically and efficiently, without overwhelming security teams with a slew of false alarms or disrupting business operations.
Cortex XDR by Palo Alto Networks is ranked 6th in Endpoint Protection for Business (EPP) with 28 reviews while Fortinet FortiEDR is ranked 9th in Endpoint Detection and Response (EDR) with 5 reviews. Cortex XDR by Palo Alto Networks is rated 8.2, while Fortinet FortiEDR is rated 7.8. The top reviewer of Cortex XDR by Palo Alto Networks writes "Has a centralized console and does predictive analysis of malware". On the other hand, the top reviewer of Fortinet FortiEDR writes "Straightforward, easy to maintain, and works as per our expectations". Cortex XDR by Palo Alto Networks is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Symantec End-User Endpoint Security and SentinelOne, whereas Fortinet FortiEDR is most compared with Fortinet FortiClient, SentinelOne, CrowdStrike Falcon, Microsoft Defender for Endpoint and Kaspersky Endpoint Detection and Response.
We monitor all Endpoint Protection for Business (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.