Cortex XDR by Palo Alto Networks Reviews

This product is part of a package that makes up our security solution.

The interface is easy to use and it is more up to date than our previous solution.

Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want.

We have been using this product for about four months.

We think that this product will help us grow. We think that it meets our needs currently, and we can grow with it over time. There 12 people in the IT department who currently manage it. 

The support is excellent. We had a couple of issues that we had to call for and I would say that they are highly rated.

Our older solution was from Fortinet. It was out of date and more difficult to use. The IT staff say that the Palo Alto product is better.

The initial setup was straightforward.

We worked with a reseller. They came in, we told them what we wanted to do and they set it up to our spec. The person who came in and helped support us was highly skilled and it worked seamlessly.

We pay about $50,000 USD per year for a bundle that includes Cortex XDR.

We evaluated Palo Alto and Trend Micro, and we opted for the Palo Alto Cortex XDR.

I don't use this product on a daily basis but we like what we have so far and I would definitely recommend it to other users.

My advice is to make sure that you have a good implementor and that the reseller you're purchasing from gives you a highly-qualified engineer.

Overall, we are happy with this product but that said, nothing does everything that you want.

I would rate this solution a nine out of ten.

Our primary use case is anti-malware and anti-exploit.

Traditional anti-virus is signature-based, whereas Traps is behavior-based. Therefore, it doesn't necessarily whitelist things, it looks for anything with bad behavior. Thus, we've had a significant increase in blocking with a decrease in false positives, because it's looking at how the files work, not just a list of files that it's been told to look for.

The anti-exploit is impenetrable. We chose Traps because it is the only product that we were not able to get anything past.

Going from version 4 to version 5, they had a major change in their user interface. Version 5 is now all cloud managed, while it has a very intuitive, useful interface, it doesn't have all the features that were in the version 4 interface. For example, we lost being able to automatically trigger upgrades, like creating manual groups to upgrade with. It doesn't currently have the ability to use the Active Directory to create groups. 

It's fairly stable. They do have bugs which come up every once in a while, but they're usually good about getting them taken care of within a release.

It is definitely scalable.

Primarily, it is just being used by myself. The help desk also uses it. There are probably a total of around ten users.

We've deployed it to about 1500 endpoints so far. There is a possibility that we may expand our usage, but not in the foreseeable future. We are at pretty much at 100 percent deployment at this point.

I would describe Palo Alto's technical support as audio waterboarding. They have the worst support, as a company, that I have ever worked with, as they are difficult to get a hold of and keep on the phone. They don't know what they are talking about when you get them on the phone. They don't like to respond to messages when you send them to them. They like to "research problems" for weeks on end, then pass you off to somebody else.

We were previously using Sophos for antivirus, and are still using Sophos for antivirus, but we're using Traps to augment it.

The initial setup was pretty straightforward on version 4, but on version 5, it is almost idiot-proof.

The initial deployment of getting the servers and everything up took about a week, but getting everything deployed was somewhere closer to six weeks.

We implemented it in-house. We incrementally did some systems to make sure that it wouldn't block anything that it shouldn't. After that, we used Active Directory to push it to everything else.

Very little staff is required for deployment and maintenance, as Traps is self-maintaining.

I feel that we have seen ROI. There have been a number of blocked, bad files that could have gotten through, but were stopped by Traps.

The pricing seems fair, and I do like the licensing model. You use wherever they are, and it is elastic. So, if you have 1100 computers today, you can license that. Therefore, as long as you're below your licensing cap, you're fine.

We looked at Palo Alto vs Sophos, which has a anti-malware system called Intercept X, but it did quite literally nothing. We thought about Symantec, but we didn't end up testing them against Traps.

The implementation is fairly straightforward and easy. With version 5, everything is now on the cloud. It is easy to work with and use. I would use mobile device management (MDM) or Active Directory (AD) to push the file everywhere when installing it, as it will auto go from there. The management is pretty low. Thus, it will be set it, and for the most part, you can forget it.

Cortex XDR does the stitching between a number of security domains, like email security, API security, and web security. The solution does the stitching from different sources and makes a logical incident.

We can use Cortex XDR to get the entire graph of the incidents from source to destination, and we can take remedial action. We don't need to navigate different solutions and tools or use our human intelligence to correlate all the information to make the logic. Cortex XDR entirely does it, and we can take action.

Cortex XDR should have a lightweight agent, and the agent size should not be heavy. Cortex XDR’s technical support should also be improved.

Cortex XDR should provide a feature to remove or uninstall an agent directly from the console itself without the help of an IT engineer. No one wants to do a manual installation of the agent. Everyone is looking for a solution to remove the agent from the console directly.

I have been working with Cortex XDR by Palo Alto Networks for two years.

I rate Cortex XDR a ten out of ten for stability.

I rate Cortex XDR a five out of ten for scalability.

The technical support of Cortex XDR and other OEM products is not very good. Cortex XDR's technical support does not usually respond quickly.

Neutral

I rate Cortex XDR’s initial setup an eight out of ten.

Cortex XDR’s pricing is very reasonable. I rate Cortex XDR a five out of ten for pricing.

I am using the latest version of Cortex XDR by Palo Alto Networks. Cortex XDR is usually deployed in our clients’ organization on cloud. The time it takes to deploy Cortex XDR depends totally upon the organization.

The biggest drawback of Cortex XDR is that it has a heavyweight agent. Cortex XDR would be a good product if this issue could be resolved.

Overall, I rate Cortex XDR an eight out of ten.

It's mainly for protection against malware. We work very closely with a major partner of Palo Alto in the Czech Republic, and we have experience with the whole XDR solution. It's very useful for us and a very capable solution.

Clients have a big problem with phishing campaigns and phishing attacks. Cortex XDR provides some level of protection against malware spreading in the network with a wrong click of users.

Cortex XDR is a very capable solution for protecting large networks and a lot of endpoints. It's very useful because the automation is very high, and if you combine it with the features on Palo Alto firewalls, it provides very strong protection.

Its price is too high. That's a big problem for customers.

It's more focused on network communication. If a customer wants to increase the level of protection and start working with documents, it's impossible to integrate these features into the system. It's more of a communication-oriented system than a content security-oriented system.

In terms of additional features, there is very strong development. I have seen the roadmap, and we will see what happens. The roadmap looks nice, but it's still more of a network security solution than a content-security solution. The development in network security is quite strong. I'm very happy with that, but if a customer would like to implement a zero-trust security concept, it's necessary to combine this solution with other vendors. There is some part of the integration that is not so easy because you have to integrate rules and some features. It's not so automatic in network communication. You have to make some appropriate automation there, or you have to do it manually. It's time-consuming and it's also expensive.

I have been using it from the beginning. It has been more than six years.

It's a very stable solution. I would rate it a nine out of ten in terms of stability.

It's a very scalable solution. If you compare it with a SIEM solution from Palo Alto, it's very powerful. I would rate it a nine out of ten in terms of scalability. It's definitely for enterprises.

Their technical support is not bad, but sometimes, when we have some issues, the support teams from Europe or Central Europe are not able to help us. We have to escalate the issue somewhere else, such as to the US. They have a very strong support team there, but it's time-consuming. Sometimes, it takes them days or weeks to solve some tricky problems, but their support for standard issues is okay. There is a very good response, but for a technical issue, it's sometimes more difficult. I would rate their support a seven out of ten.

Neutral

I also worked a little bit with SentinelOne. Cortex XDR is very similar to the SentinelOne solution from the features point of view. It's a little bit different technology, but both solutions are very capable.

It's somewhere in the middle. It's not for beginners, but if you know what to do, it's quite easy.

It's a cloud-based solution, which sometimes is an issue for customers. In the past, it was on-prem, but Palo Alto decided to change the policy and everything is cloud-based or located in the cloud. It's not a security problem from my point of view, but a few customers feel uncomfortable with sending data to the cloud and back.

Very often, it's an in-house implementation.

It's the most expensive solution, but features-wise, it's quite strong. It's very good for protection, so the results are very good in the case of protection. I would rate it a two out of ten in terms of pricing.

Overall, I would rate it an eight out of ten.

I primarily use Cortex XDR to protect end-users from ransomware, malware, spam, and phishing.

Cortex XDR alerts us on the dashboard when there's a threat, which allows us to restrict that user and helps secure our infrastructure.

Cortex XDR's most valuable feature is its intelligence-based dashboards.

Cortex XDR could be improved with more GUI features.

I've been using Cortex XDR for a year.

Cortex XDR is quite stable.

Cortex XDR is scalable.

Cortex XDR's technical support is really good, though their knowledge of endpoint protection could be deeper.

Positive

The initial setup was quite straightforward, and deployment took two to three days.

We used an in-house team.

Cortex XDR's pricing is ok. We pay about $20 a year for our license.

I would give Cortex XDR a rating of eight out of ten.

We use Cortex XDR as part of our security solution.

its a very good solution and single solution for entire infrastructure, give us good co-relation of incident. Single solution for Network, Endpoint, Servers. 

The most valuable for us is the correlation feature. You are able to correlate data that is coming from the firewall, network, server, and endpoints. This is one of our main requirements and makes for a good product.

It works with the data lake in an agent-based or agentless manner.

It is easy to integrate most with network devices, including firewalls, and Active Directory. We use firewalls from different vendors including Palo Alto and Check Point, and it supports them.

There are some third-party solutions that are difficult to integrate with, which is something that can be improved.

We have not experienced any issues with respect to stability at this point.

Scalability has not been a problem.

We have been in contact with technical support and are satisfied with them.

Positive

its a Straightforward

We have an in-house team for deployment and maintenance.

It replace multiple solution and due to this it will reduce the Administrative effort.

I have run a PoC with both CrowdStrike and Cortex XDR, and from my observation, I felt that Cortex was much better at meeting our requirements. It is also easier to use.

CrowdStrike was difficult when it came to integrating with other products and it does not work on mobile devices.

My advice for anybody who is considering Cortex XDR is that it is a complete solution, and has very good features. From my experience, it is one of the better ones in the market. That said, no product is 100%.

I would rate this solution a nine out of ten.

I primarily use Cortex XDR for endpoint security.

PALO ALTO CORTEX XDR brings visibility of all activity going in end point system and server. This helps us to investigate and take corrective action by blocking and allowing necessary services in the system. 

Alerts regarding the incidence happening in system and easy to block and allow the services and external device control.

An area for improvement is the remote connection for administrators - this is available in the current version but is limited as it's a command-based model rather than GUI-based.

I have been using Cortex XDR for around four months.

Cortex XDR is stable.

The product is really easy to scale.

Good support and services

Positive

Previously, I used McAfee Antivirus, Memory utilization very high which doesn't yet have virtualization or a dashboard. I found that product to be a little difficult, and it was not linked to a real solution, so I decided to go with Cortex XDR as it's one of the best XDR solutions for security.

The initial setup is a little complex because it requires a lot of preparation in terms of understanding each system and going through the documentation and dashboards.

I implemented with the help of one partner who did the basic configuration of our firewall. Deployment took approximately ten days.

Security of systems

This is a very costly product.

We have evaluated Cynet, Crowed Strike and Sentinel.

Cortex is the best solution for avoiding security breaches, malware attacks, and other kinds of security issues. I would rate this solution as eight out of ten.

We use the solution for telemetry and for its anti-virus capability.

The solution allows us to make investigations. Other XDR solutions also provide similar capabilities but for investigation, Cortex XDR is better.

The product's pricing could be better.

I have been using the tool for several years.

The solution is stable. I would rate its stability a nine out of ten. 

The product is scalable. 

The technical support team is good.

The initial setup was easy.

The tool is worth its money. 

I would rate the solution an eight out of ten.