We just raised a $30M Series A: Read our story

Cortex XDR by Palo Alto Networks OverviewUNIXBusinessApplication

Cortex XDR by Palo Alto Networks is the #1 ranked solution in our list of XDR Security products. It is most often compared to CrowdStrike Falcon: Cortex XDR by Palo Alto Networks vs CrowdStrike Falcon

What is Cortex XDR by Palo Alto Networks?

Cortex XDR by Palo Alto Networks is the world's first detection and response app that natively integrates network, endpoint and cloud data to stop sophisticated attacks. Cortex XDR by Palo Alto Networks accurately detects threats with behavioral analytics and reveals the root cause to speed up investigations.

Cortex XDR by Palo Alto Networks is also known as Cyvera, Cortex XDR, Palo Alto Networks Traps.

Cortex XDR by Palo Alto Networks Buyer's Guide

Download the Cortex XDR by Palo Alto Networks Buyer's Guide including reviews and more. Updated: October 2021

Cortex XDR by Palo Alto Networks Customers

CBI Health Group, University Honda, VakifBank

Cortex XDR by Palo Alto Networks Video

Archived Cortex XDR by Palo Alto Networks Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Raul Rivera
Cybersecurity Engineer at GFR Media
Real User
Improves our endpoint security posture in both performance (no scanning) and protection (NG AI/ML)

Pros and Cons

  • "The one feature of Palo Alto Networks Traps that our organization finds most valuable is the App ID service."
  • "It automatically detects security issues. It should be able to protect our network devices while operating autonomously."

What is our primary use case?

We use Palo Alto Networks Traps (Version 6) to protect our endpoints against NG malware via behavior analysis, artificial intelligence and machine learning. Both the PA Traps endpoint logs, our PA firewall traffic logs and the Wildfire sandbox are used to provide immediate threat response and feed this information to the PA Threat Intelligence cloud.

How has it helped my organization?

Palo Alto Networks Traps improves our security posture and lowers risk by providing next-gen methods to combat against modern threats on all the major platforms.

What is most valuable?

The one feature that our organization finds most valuable is being able to control the USB ports on the endpoints

What needs improvement?

The MAC agent is not as robust feature-wise as the PC version. I need to control USB ports on MAC laptops and cannot. This is a MUST so I opened a case with Palo Alto and requested this feature for an upcoming update.

I would like to see more automation and self-healing for incidents that can be easily classified as malware.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

No issues

What do I think about the scalability of the solution?

Palo Alto Networks Traps features excellent protection, cost and scalability. We are a small group of 4 employees and have 2 people dedicated to deployment and monitoring of 1400+ endpoints.

How are customer service and technical support?

Palo Alto Network's technical support is excellent. 

Which solution did I use previously and why did I switch?

Since we were a Fortinet shop, we previously used the FortiClient endpoint agent. We switched to Palo alto FWs and endpoint protection because it is a more mature product with advanced next-gen capabilities not available from the Fortinet solution.

How was the initial setup?

The initial setup was done by a Palo Alto certified service provider.

What was our ROI?

This product pays for itself with only one ransomware denial!

What's my experience with pricing, setup cost, and licensing?

Our license runs on a monthly basis with a recurring monthly charge. If you want additional options like secure remote access with policies, that requires an additional cost. 

Palo Alto Networks Traps does not apply secure remote access to devices without policies, which we are implementing. If you want to apply more policies, like an anti-virus program, anti-malware, or configurations for using a VPN on remote connections, that would also be an additional cost. We're not doing that.

Which other solutions did I evaluate?

Cylance, Carbon Black, Crowdstrike, Microsoft Windows Defender ATP, Sophos, SentinelONE

What other advice do I have?

On a scale from 1-10, I would rate Palo Alto Networks Traps with an eight. It is great, but I have some issues with the cost of the product license.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Augusto Jose Garcia
SOC Analyst at a tech services company with 201-500 employees
Real User
Valuable firewall and IPS features and has good integration with other products

What is most valuable?

The integration with other products, the firewall, and the IPS are good features.

What needs improvement?

The solution needs better reports. I think they should let the customer go in and customize the reports.  It could also use better graphics and more information.

For how long have I used the solution?

I've been using the solution for four months.

What do I think about the stability of the solution?

The stability of the solution is very good. We have about 100 users on it right now, and we use it twice a week.

How are customer service and technical support?

Technical support has been very good.

What other advice do I have?

I recommend using this solution and I would rate the solution an eight out of 10.

What is most valuable?

The integration with other products, the firewall, and the IPS are good features.

What needs improvement?

The solution needs better reports. I think they should let the customer go in and customize the reports. 

It could also use better graphics and more information.

For how long have I used the solution?

I've been using the solution for four months.

What do I think about the stability of the solution?

The stability of the solution is very good. We have about 100 users on it right now, and we use it twice a week.

How are customer service and technical support?

Technical support has been very good.

What other advice do I have?

I recommend using this solution and I would rate the solution an eight out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,029 professionals have used our research since 2012.
MQ
Security Consultant at a tech services company with 51-200 employees
Reseller
Great security protection modules and is a very stable solution

Pros and Cons

  • "It's very stable. I've never experienced downtime for the ASM console or ASM core."
  • "In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are the big company, so they can improve the UI a little bit. The UI, the reports, the log system can all be improved."

What is most valuable?

I've found the security protection modules there, have been the most valuable.

What needs improvement?

I started using it from 4.1, but it didn't change that much. Some features and some fixes have been added to 4.2, but not that much. They need to improve reporting, the end-point reporting. They could also enhance their notification statuses. In the current version, you will see some threat alerts, or if anything is executable, but you will not see behavioral analysis. You will see what was being blocked, and that's it. If Traps logs something, you will get a notification. Otherwise, you have to generate the dump file and investigate on your own.

In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are a big company, so they can surely improve the UI a little bit. The UI, the reports, the log system can all be improved. But overall, when we speak about security and protection, they are one of the top providers.

For how long have I used the solution?

I've been using the solution for six months.

What do I think about the stability of the solution?

It's very stable. I've never experienced downtime for the ASM console or ASM core. But we experienced this for the database, and it was not clear in Trap's interface. So, Trap's server stopped working, stopped getting jobs, stopped the enforcing policies because the database was full. We did not get any alert for that, so you will not see any alert on the ESM console that says that your database is about to fill up. It was not reachable and there was no warning or indication for this. You have to go to some tools internally and check in the command line, to see. You will see some errors for the DB, and you will realize that it's a DB issue. I've never experienced any issue with the Traps itself, but with the database.

What do I think about the scalability of the solution?

It's very easy to scale if you have file availability. If it's more clear, we can do high availability, but it's a bit tricky. We deployed this for 4,000 endpoints, and it was very easy. Two ASM core servers were enough to deploy it for 4,000 plus endpoints. These are enterprises, not SMBs. They're government institutions.

How are customer service and technical support?

I would not say that technical support is bad, but it's not that good. It could be better.

Basically, they don't provide customer support tools just to investigate the logs. From a reseller or authorized center for Palo Alto, I can't get that much information from the logs because it's a bit complicated. If they have support tools, for example, to analyze the logs as they have for the Palo Alto firewall. They don't have for this for Traps. They need to have some tools to analyze the logs. We can generate something called tech support files from Traps, but it's useless. Nothing's there. You will not get that much from the tech support file.

But for the firewall, if we get the tech support file and upload it to somewhere they have some tools, we can get many useful logs and alerts. For Traps, this is not possible.

How was the initial setup?

The initial setup was straightforward. They are using MySQL database, and I think it's a disadvantage because you need to buy a license for MySQL also to deploy it. They don't have this concept of file availability between DS and core servers.

What about the implementation team?

We are a reseller. We are implementing it on customer premises for our clients.

What other advice do I have?

The main advice I can share is to watch out for your database and make sure to give it enough resources. That's it.

I would rate this solution eight out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
TF
Consultant at a mining and metals company with 51-200 employees
Consultant
Offers a complete overview of all our PCs and it's very easy to handle and use the interface

Pros and Cons

  • "We have a complete overview of all our PCs and it's very easy to handle and to use the interface. It has a lot of benefits for us."
  • "Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats."

What is most valuable?

We have a complete overview of all our PCs and it's very easy to handle and to use the interface. It has a lot of benefits for us.

What needs improvement?

The one area which should improve is not on the user side but on the product itself. Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats. For example, if you had something that was not detected by the former solution, and you install Palo Alto, you will have some difficulty removing the virus with the Palo Alto tool. It would be helpful if they had a tool for removing a virus or threat in these cases.

For how long have I used the solution?

I've been using the solution for two years.

What do I think about the stability of the solution?

The solution is very stable. We have about 350 licenses across all our PCs, and of course, only administrators are allowed to plug in.

What do I think about the scalability of the solution?

Scalability is not an easy question. For us, Palo Alto traps is running on a good environment, so if we have a plan to expand we just adjust the environment and from the Palo Alto side, it is not a problem at all. The only thing I have to do is update the license file and it should work. But in the case of a bigger expansion, you have to separate the servers. For us, it is not a problem at all if we decide to scale Palo Alto traps.

How are customer service and technical support?

Support response was very fast. I'm satisfied with the support.

How was the initial setup?

If you have been educated in Palo Alto, the initial setup is very easy. Without an education it depends. It can be difficult, it depends on the knowledge of the installer.

What other advice do I have?

We use the on-prem version, not the cloud version of Palo Alto.

We use it daily but we have logs. Normally, if we have an incident in detection from a wire system, there's more effort. But typically it would take about ten minutes in order to check the logs and it's not complex at all. But if you have some threats or viruses then, of course, maintenance takes longer.

In terms of advice, I'd say it depends on the usage of the PCs. For us to use in the main production, Palo Alto benefited us. It was easy to install and performance of the traps themselves are very good. In most cases, you don't have to worry about the performance of the PC at all. Palo Alto Traps takes up very few resources.

I would rate this solution 9 out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SH
Manager Information Technology at Avendus Capital Pvt. Ltd
Real User
Blocks malicious files, but managing the product should be easier

Pros and Cons

  • "It blocks malicious files. It prevents attacks. It doesn't require many updates, it's a very light application."
  • "Managing the product should be easier."

What is our primary use case?

So far, we have only done a PoC of Palo Alto Traps. We deployed Traps on a few devices and then did the PoC. I also attend a workshop for Palo Alto Traps. I learned how it works and how it can block malicious files, etc.

What is most valuable?

  • It blocks malicious files. 
  • It prevents attacks.
  • It doesn't require many updates, it's a very light application.

What needs improvement?

Managing the product should be easier.

What do I think about the stability of the solution?

The stability is good but I did face one issue that I want to point out. I don't know about the new version but in the old version, sometimes not all your devices are showing properly. Sometimes they show as "inactive."

What do I think about the scalability of the solution?

Scalability is good. You can install it on any number of devices that you are licensed for.

How are customer service and technical support?

Technical support is good but people need better knowledge of that particular product. I don't think it's well-known in India. 

If we asked someone about using Traps they would ask, "What is Traps?" Compared to other products like Symantec and Trend Micro, Traps is not well-known endpoint protection. The engineers also don't know much about it, so Palo Alto needs to promote knowledge of this product.

I go through the vendor for support first. If the vendor doesn't resolve the issue then they log the case with Palo Alto. We haven't had any incidents that had to go to Palo Alto. Everything has been resolved by the vendor so I don't know about the direct support of Palo Alto, except that the Palo Alto firewall is a very stable brand. There's no issue.

Which solution did I use previously and why did I switch?

We are using Symantec now. We were thinking of purchasing Palo Alto but because the EDR part was not there at the time, we went with Symantec which has the EDR solution. EDR is essential for our project. I think it has been announced that EDR is part of Traps now.

How was the initial setup?

The initial setup was very simple. We finished the deployment within one day.

For our implementation strategy, it's cloud-based, so we installed the PoC license on the cloud and then started deploying the agent software on my laptop and mobile devices, and then we did the PoC.

What's my experience with pricing, setup cost, and licensing?

We did not negotiate the price because the solution did not fulfill our requirements. But the price was fine. I don't know how it would compare with Symantec because I negotiated a lot with Symantec. I don't know what kind of negotiation I could have done with Palo Alto.

Which other solutions did I evaluate?

We did not check any other options. But I am going to evaluate Traps in the next year because I want to go for a Palo Alto platform, as we already have a Palo Alto firewall. If, next year, all my requirements are fulfilled, then I will definitely go for Traps.

What other advice do I have?

Palo Alto Traps is good but they need to more widely promote it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
MC
Network Manager of Cyber Defence at a government with 1,001-5,000 employees
Real User
Runs in the background and sends things directly to the cloud for sandboxing

Pros and Cons

  • "The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical."
  • "There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, is not user-friendly."

What is our primary use case?

We used it for malware detection and to detect weird DNS calls. Overall, it was for endpoint protection.

How has it helped my organization?

Many people here are surfing the web on Russian sites, Korean sites, Chinese sites, etc., and by definition, they download things that are not very nice. Whenever there was something fishy, most of the anti-virus solutions just wouldn't see it. We needed endpoint protection that would detect as soon as some code started doing funny things. Traps was very good at that.

What is most valuable?

The most valuable features are the fact that it was running in the background and it would intercept any weird stuff, and the fact that it would send things directly to the cloud for sandboxing. It's quite practical.

What needs improvement?

There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, was not user-friendly.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

The stability was quite good. We never had any issue with it at all.

What do I think about the scalability of the solution?

We had no issue with scalability. We deployed to 220 machines in one go with no problem. We had 130 users. Some people were using many machines. The users were mostly analysts. Ten to 20 of the users were IT people and the rest were doing analysis work on satellites. It was being used extensively, 100 percent in our case. Even the serves had it running. Everybody had Traps installed.

How are customer service and technical support?

The technical support from the consultant was very good. I don't remember having to talk to Palo Alto directly. I had an issue, but I talked to the consultant and then he escalated it.

Which solution did I use previously and why did I switch?

Before Traps we had no endpoint protection.

How was the initial setup?

The setup was not very intuitive to start with, but after you've done it once, it's really straightforward.

The first time I set it up, for one machine, it took about 15 minutes until I understood what was going on, starting from the ESM and using the deployment tool. But as soon as you've done it once, and you understand the ergonomics behind it, it goes fast.

In terms of the implementation strategy, we started with a limited number of machines and the machines of people from IT, who we knew would surf to weird places. Then we deployed a small sample to the people who go to China and Russia and places like that. After a while, while, we decided to go all the way and we used the ESM to deploy it on every machine.

The process from the planning phase until it was fully implemented took about three or four months.

What about the implementation team?

For the first installation we had a consultant, a Palo Alto dealer, consultant, and solution provider here in Madrid - Open3S. They're very good. Our experience with them was very positive. They're really competent. They really know what they're talking about. We were very happy with them.

The deployment required one or two people. Some days two people came, but normally, with one guy, it was okay.

What was our ROI?

It was more like insurance. You hope you're never going to use it, but you have it. It gave us some confidence in what people were doing because we know people were going to weird places on the web. With Traps, we were quite confident that if something wrong happened it would be detected and intercepted and deleted before it was spread around.

What's my experience with pricing, setup cost, and licensing?

When we first bought it, it was a bit expensive, but it was worth it. The licensing was straightforward.

Which other solutions did I evaluate?

We didn't evaluate any other options because we had Palo Alto as firewalls and we were quite satisfied with Palo Alto. So the consultant took the initiative to do a demo and we liked it. Due to the type of business we are in, it's very useful.

What other advice do I have?

Make sure you have a proper inventory of all the applications running. That's something we should have done to start with. We intended to do so but because we're using very strange applications to deal with satellite imagery, and it was giving us some issues. For somebody who's using the standard Microsoft Office, it's really straightforward. But if you have exotic applications, then make sure you test it before you deploy it. You will have issues.

To maintain it, the only thing you have to do is download the latest updates and install them. After that, the only maintenance you need is checking the logs every day to see what has been sent to the cloud for sandboxing and then move to the culprit machine to see what happened. It's difficult to say how many people are required for this. As soon as you get something exotic on the machine, this can take an hour, but that's not related to Traps. Traps is just telling you there's something exotic. After that, it's the time you spend doing all the malware and other analyses. As far as Traps is concerned as such, it doesn't require much maintenance. It's something you set and forget.

I would give Traps a nine out of ten. I think it's a very good application. It detected stuff that other things wouldn't detect. I'm very positive about it and was extremely satisfied with it. We had it for the reason I noted earlier. It has been replaced by something else, but I had a very good experience with it. Had we been in a Microsoft Office business - the normal applications - we never would have moved. But the people in charge of the system went to Microsoft Defender.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
AK
Information Technology Manager at a hospitality company with 10,001+ employees
Real User
You can see the value for your money and sleep peacefully at night, not worrying about ransomware attacks

Pros and Cons

  • "After deploying Traps, we saw the performance of the network improve by 65 to 70 percent."
  • "Traps is quite a stable product. Once it was properly deployed and configured, you have nothing to be worried about."
  • "There are some default policies which sometimes affect our applications and cause them to run around. In the hotel industry, we use a different type of data versus Oracle and SQL. By default, there are some policies which stop us from running properly. Because of this, the support level is also not that strong. We have to wait to get a results."

What is our primary use case?

I used the product at my previous company until November 2018.

How has it helped my organization?

After deploying Traps, we saw the performance of the network improve by 65 to 70 percent. There was a drop in the latency rate over the application, when accessed via our users. We received feedback from users that usually when they were downloading a bunch of things or browsing the Internet, ad popups would spring up which are a gateway to bring viruses and stick in temp files. This improved a lot because Traps occasionally gives an alert to them to be careful, such as don't go on play on this site and download malicious things. The overall performance of the entire organization was improved because of this.

When I was monitoring Traps, during the period after we deployed it fully on our organization, there was around 125 users on it. We could see in a whole day that there was around 10 to 15 threats which kept popping up. Because I work in the hotel industry, we have a lot of emails which come through worldwide. They are for reservations and booking. Out of those 50 emails, five to six emails are malicious emails which have the extension of .exe files or other encrypted files. They could have had macros enabled in those files as well. Traps would alert us to these malicious files.

The network was infected when we were using Traps. One of the reservation computer was infected with ransomware. It was detected by the Traps. In Traps, it shows up that they investigated the file which was in a zip format. We uncompressed it to view the file and saw Traps detected this infection. It does analysis of all the files to an in-depth level, which was helpful for us to detect and avoid that infection being spread around.

What is most valuable?

A majority of its features are very good, well-designed, and programmed. Most of the machine learning has features where we took a deep analysis on kernel level scanning. It has shown that if in case of anything happens, like first-level operation fails or it went to the next level that it will protect the machine. You can see the artificial intelligence working on it. 

What needs improvement?

There are some default policies which sometimes affect our applications and cause them to run around. In the hotel industry, we use a different type of data versus Oracle and SQL. By default, there are some policies which stop us from running properly. Because of this, the support level is also not that strong. We have to wait to get a results. 

Originally, we wanted to uninstall Traps because we could not run our operations because Traps, by default, had blocked applications and files. This is still a thing, as we still have to give flexibility to certain policies which are pre-defined in the Traps application.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Traps is quite a stable product. Once it was properly deployed and configured, you have nothing to be worried about.

When the product was updated, I also worked on the latest version.

What do I think about the scalability of the solution?

It is scalable. 

We had 150 end users. The end users ranged from the manager level to the supervisor level. These users include salespeople who carry their laptops when travel out of the country on business trips.

How are customer service and technical support?

In this region, I find there are not many good engineers available for Traps. The one guy who specializes in the work functionality, if any issue comes up, might not be available in the country. Therefore, it's a challenging to get the specialized person who knows how to troubleshoot and get the fix. Otherwise, we have to wait for at least 24 hours to get support and results. If an issue comes up because of a new version which we deployed and updated has any changes, we need support immediately, not in 24 hours. For example, we don't know  what changes were made to which parameters, what we need to disable or activate, and if they blocked any of the applications, then our operation will get stuck.

Which solution did I use previously and why did I switch?

We were the victim of ransomware. Prior to that we were using an antivirus application from Sophos, which was not able to detect that ransomware engine which encrypted our servers and client machine. So, it was a disaster, and we started looking for another solution which could perform better and give us zero-day threat alerts. I researched which would be the better solution and came across Traps. We ran version 3.5 for a period of one month, where we tested it against malware, viruses, etc. The performance of the Traps has proven itself to work very well in detection.

How was the initial setup?

The initial setup is very straightforward. 

The deployment took five minutes to be fully functional and configured. It was just one simple utility which we had to install on the computers. It was not a complex thing once we had it installed. We created a whitelist policy for whatever applications were there. This was a one-time job to streamline the access levels to be allowed. Once the one-time job was done, it gets pushed out to the entire organization. 

During the PoC stage, we discussed with the engineer how we wanted it because we had an Active Directory and all the user accounts were connected to the directory. We deployed the data from Traps onto one of the server, then data to the Active Directory. From there, we pushed all the agents to all the users, then we took the file and deployed it. Whenever the users login, it gets deployed and installed. The deployment went very well and was properly executed.

What about the implementation team?

The deployment was done by two engineer from Palo Alto and me. They assured me by installing in two to three machines. There were very simple steps to follow, like three to four steps, for the installation. Afterwards, they took care of deploying Traps for all the users.

The admin has been responsible for maintaining it.

What was our ROI?

The return on investment is from the user side because we have seen the performance of it increase the delivery time of the product if we are using too many web-based and on-premise applications. In indirect ways, we saw the return of investment in terms of performance and user satisfaction increase.

What's my experience with pricing, setup cost, and licensing?

It is cost-effective compared to similar solutions. It fits for the small businesses through to the big businesses.

Which other solutions did I evaluate?

I have worked with different product lines: McAfee, ESET Endpoint Security, and Sophos. However, I find the Traps to be much better in comparison to all the other competitors available in the market. 

I did PoCs on products called Cylance and CrowdStrike. Although, I consider these products and they were also good, when it come to cost and budgetary factors, Traps has been proven to be better than the other two products. It is quite cost-effective and delivers all the entire solution which we require.

What other advice do I have?

Overall, Traps is a very good application when you compare endpoint security solutions available in the market. You can see your value for your money. You can see the results and sleep peacefully. You don't have to worry about a ransomware attack. Traps is very well-designed. It also does good things with deep machine learning. If it finds any malicious activity, it will alert you.

Based on our feedback and recommendations, our sister companies had been looking forward to replacing their current solution with the Traps.

My current company is in the process of evaluating the solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Omar Sánchez (Mr.Tech)
Information Security Advisor, CISO & CIO, Docutek Services at Docutek Services
Consultant
Top 20Leaderboard
You can quickly locate exceptions and can configure process exceptions

Pros and Cons

  • "If the user leaves our premises or network, Palo Alto Traps will still be on that endpoint and will still apply our policies."
  • "Traps doesn't work with McAfee. You need to remove McAfee to install Traps. This is very common, and its nothing that should be an issue. Some antivirus engines recognize Traps as an threat component, so maybe they need to shake hands somewhere."

What is our primary use case?

The primary use case is endpoint security. The product is my main endpoint, IP, and threat management.

How has it helped my organization?

In organizations where they don't implement a NAC, this product helps stop threats at the endpoint level. Everything goes through the endpoint. By the time you get something to a server, you are compromised at your perimeter, and you might be compromised at your ID or main control. With a third-party, you need a NAC, so you can put on something like McAfee or you need authorization so the organization can scan your computer, then you can connect to the network.

We can't do that for a daily operation. We can't just have personnel waiting for someone to connect, and say, "We need to scan your computer before you go into our network." We don't have time for that." So, you need to implement a NAC. However, if you don't implement a NAC from day one of your business, it is very complicated to do it after many years because the NAC is not like a security software. You have to go server by server and do an assessment. Meanwhile, you need to protect your organization. So, you can use tools like Traps to manage your security, even stopping the threat at the last contact. 

For organizations which do not have a NAC implemented, there has to be some type of endpoint security, and it needs to be tough, like Traps. With Traps, you can search events, manage them quickly, and locate any half exceptions. Trap's traffic is encrypted. 

We like the features where you can quickly locate exceptions and can configure process exceptions. You are building your own defense. Therefore, you are not only relying on Palo Alto, but you are applying day-to-day operations of configured language that a tool can understand.

What is most valuable?

If the user leaves our premises or network, Palo Alto Traps will still be on that endpoint and will still apply our policies. For example, if you take that endpoint out of our network, go to a Starbucks with a company laptop, then connect to our our virtualized gateway. That local endpoint will still have our network policies.

I'm so used to IPS IDS endpoint security that I don't see anything else that catches my attention other than it's working fine. It's a very good tool. It's the best one that we have.

It has Android support.

What needs improvement?

There are some limitations on the Traps agents. Traps for Windows has limitations and Traps for Linux too. Traps doesn't work with McAfee. You need to remove McAfee to install Traps. This is very common, and its nothing that should be an issue. Some antivirus engines recognize Traps as an threat component, so maybe they need to shake hands somewhere.

With Windows 7 and Windows 8 64-bit, when you want to install Traps, because its Windows, it will crash. They need a little more flexibility with antivirus engines.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

You can grow as much as you want.

We have four users: a cybersecurity analyst, two infrastructure security personnel, and a security administrator.

How are customer service and technical support?

The technical support is very good.

Which solution did I use previously and why did I switch?

We were previously using Malwarebytes and McAfee. We are still using them along with Traps.

How was the initial setup?

The initial setup was straightforward, after we had to remove McAfee first.

The deployment took a couple of weeks. We centralized all our perimeter firewalls first, then we started deploying the agent.

We needed two personnel for deployment and maintenance: an infrastructure security person and a security administrator.

What about the implementation team?

Our third-party installer was very efficient.

What was our ROI?

Traps pays for itself within the first 16 months of a three-year subscription. This is attributed to OPEX savings, as security teams spent less time trying to identify and isolate malware for analysis as a result of a reduction in malware incidents, false positives, and breach avoidance. Security teams will spend less time and effort managing and mitigating breaches. They will be able to avoid having to activate their organization’s incident response team.

What's my experience with pricing, setup cost, and licensing?

It is "expensive" and flexible.

Which other solutions did I evaluate?

We evaluated the following other large endpoint security companies: Kaspersky Endpoint Security, CrowdStrike Falcon Endpoint Protection, Symantec Endpoint Protection, and McAfee Endpoint Security.

If you have Malwarebytes and you want to control a malware that you have on your computer, Malwarebytes will quarantine that malware. However, it depends how infected you got.

What other advice do I have?

Test normal behavior of the Traps agents (injection and policy) and confirm that there has been no change in the user experience.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Luke Teeters
Lead IT Security Analyst at a mining and metals company with 1,001-5,000 employees
Real User
Its multi-layer approach helps my organization with anti-malware, exploit protection, and restrictions

Pros and Cons

  • "The multi-layered approach to the product gives you confidence that it will stop exploits, ransomware, worms, or viruses from compromising endpoints, essentially providing peace of mind."
  • "Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files. It was unable to retrieve new file verdicts. It was using a thing called "local analysis" to determine if something was a malicious file or not. There was no dynamic analysis."

What is our primary use case?

We use it for primary endpoint protection.

How has it helped my organization?

Its multi-layer approach helps my organization with anti-malware, exploit protection, and restrictions. A good analogy would be like peeling back an onion, getting through those layers. It gives you the confidence that it will stop exploits, ransomware, worms, or viruses from compromising endpoints, essentially providing peace of mind.

What is most valuable?

The multi-layered approach to the product is its best feature. Each layer has a different method of protecting its endpoint. 

What needs improvement?

With cloud integration, there were several improvements made:

  • Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files. It was unable to retrieve new file verdicts. It was using a thing called "local analysis" to determine if something was a malicious file or not. There was no dynamic analysis. With the cloud implementation, we now have connectivity to the server at any moment, as long as we have an internet connection.
  • A new user interface, which is a lot easier to use. Making it similar to managing a firewall.
  • Additional OS support.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

Stability has improved over the years, as there were noticeable bugs in earlier releases, such as 3.x. With the later releases, versions 4.1 through 5, they have polished the product. It has gotten much better.

When major releases come out with new features, it is a fairly simple process to upgrade these releases.

It is 100 percent utilized with every feature turned on. We leverage their product to the fullest extent.

What do I think about the scalability of the solution?

Scalability is great with servers and workstations. At a moment's notice, you can add hundreds of endpoints. With Traps 5 being on the cloud, there is no scalability risk. You're not going to overload it, as it is a cloud portal. It is their problem, not yours. If you have any issues, call support. I'm confident I can push the client out to 1000 machines, and it will still check in.

We have over 2500 people in our organization using Traps (the entire organization).

How are customer service and technical support?

The technical support has gotten better over the years. When they first started Traps, the support was overseas, and there was a language barrier being from the United States. Over the years, they have distributed that support throughout their company. Now, we will call and get someone in the United States, so there is no language barrier, which is an improvement. 

I feel like the support group has definitely improved over the years. If I call now, I'm positive I'm going to get someone who knows the product very well and is going to help me to resolve whatever issue I'm seeing. We have had weird issues, and they actually have done forensic analysis of what was going on. They have adjustments to future dynamic updates because of these issues. Thus, we have had an impact on the product by bringing them an issue, then having them correct it.

Which solution did I use previously and why did I switch?

We previously used McAfee vs Palo Alto. McAfee is a traditional antivirus. It provided little to no value. We didn't see it stop anything. It wasn't blocking anything. The management was difficult to use because of the virus definitions, where you had to sync every endpoint each day with these updates.

How was the initial setup?

I set up Traps 5 without even looking at the administrative guide. I set it up using logic. Looking at it, reading it, testing it and pushing it out. I set it up in an afternoon with a colleague of mine.

It is easy to implement. It also has dynamic updates, making it smarter. Therefore, there is not much work to be done once you get it configured and pushed out. You can manage it with a small crew of people. Because of its ease of use, businesses might require a full-time employee to manage it. 

It's just one of the tools in the toolbox, and it save us time.

They made it very easy to set up, because you just log into the portal and activate it. They have an automated process to spin up your environment in the cloud. It all happens behind the scenes. 

From a user perspective, it is a click of a button. You just put in the key that was paid for and click a button, then it runs through the setup. Then, they essentially give you a button on your portal, you click it, and it brings you to your management console. Everything is already set up. They manage the upgrades, which is another bonus when being in the cloud, because when it was on-premise, you have to care and feed the server, patch it, upgrade it, and manage the database.

It takes 10 minutes for everything to initialize, since it is a brand new environment. You get to pick your URL, and Palo Alto manages the certificates. When your endpoints connect to the URL, it's just a trusted signed public certificate authority. As long as your endpoints are patched and up-to-date, they trust that certificate. 

Palo Alto is making it easier to implement and manage. They're making it easier to upgrade. The dynamic updates came within the last year or two. Previously, you have to upgrade the actual endpoint software to get more features. 

With dynamic updates, it's an automatic process. It makes the software logic smarter. 

When I first set up Traps four years ago, it took a lot longer because I had to set up a server with the operating system. That takes time. I had to install the software and configure it. I had to have a database, which took time and involved other people. There was a client to deploy to endpoints. Then, there was a certificate to set up for the portal to have our endpoints to communicate with the portal over our SSL. There were a lot of steps.

What about the implementation team?

We did our implementation in-house. We required three to four people for the initial deployment: database administrator, network engineer, server administrator, and security analyst. Afterwards, it takes two people to maintain the solution, but it could be done with one person. We use two people for quality control.

For implementation strategy, if it was a new push or a build, set up your cloud portal, then do a test group, such as a pilot. Set up your policies how you would want them. From there, with your test group, you want to see if any alerts come in and what your endpoints are doing. Then, depending on your company, do a site-by-site implementation. It is integrated with Active Directory, so you can also do group implementation.

What was our ROI?

We have peace of mind knowing that ransomware isn't spreading through our environment.

The product checks a lot of boxes for compliance efforts. The value is there, because these days no one can afford to experience a breach or have a compromised endpoint. Since these would have to be reported, depending on your industry, it would look bad for the company.

What's my experience with pricing, setup cost, and licensing?

We didn't have to pay any additional fee for the cloud instance. It just came with the renewal, which was nice.

What other advice do I have?

If ransomware were to spread throughout your company, you would not want your file shares to be encrypted nor your servers to be affected. My advice would be get Traps on your servers and on your workstations. Go with version 5 and the cloud instance, then turn on all the features that you can. Some of them come by default disabled out-of-the-box, but you want to turn on all of the features, such as local analysis, file quarantine, WildFire, malicious and grayware blocking and quarantine, restrictions (don't allow executables to run from USB drives, unless it's whitelisted). Turn on all the exploit protections with dynamic updates, and just let it just update. Since we all know the next version of Flash Player is going to have a vulnerability which no one knows about until it's discovered. Then, at that point, it could have already been out there for a while.

With Traps, it could potentially determine the exploit before it's even a known vulnerability. Turn on every single feature you can without taking an impact to performance. Once it's fine-tuned and doing its thing, I have never witnessed Traps not working properly.

They have put in improvements over the years. We have been using the product for over four years now (since I've been with the company). They have added support for additional operating systems, such as Android, macOS, and Linux. They used to be Windows only. They put improvements where they no longer require you to have an on-premise server, so you can host it on the cloud. Thus, when endpoints leave the environment, they can connect to a cloud host and have full connectivity to your policies.

When Traps does sandbox tests, it checks the verdict against their sandbox: WildFire. Having it in the cloud is great, because then the machine doesn't have to be on a VPN or within the company walls with connectivity to an on-premise server. Therefore, having the cloud implementation was definitely an improvement.

When Palo Alto acquires a technology, they implement it into Traps and make the product better. They have done this in the past, and there are cool things coming in the future from these acquisitions.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Rob Haller
Security Engineer at US Acute Care Solutions
Real User
We've had a significant increase in blocking with a decrease in false positives

Pros and Cons

  • "We've had a significant increase in blocking with a decrease in false positives, because it's looking at how the files work, not just a list of files that it's been told to look for."
  • "The anti-exploit is impenetrable. We chose Traps because it is the only product that we were not able to get anything past."
  • "They have the worst support, as a company, that I have ever worked with, as they are difficult to get a hold of and keep on the phone. They don't know what they are talking about when you get them on the phone. They don't like to respond to messages when you send them to them. They like to "research problems" for weeks on end, then pass you off to somebody else."

What is our primary use case?

Our primary use case is anti-malware and anti-exploit.

How has it helped my organization?

Traditional anti-virus is signature-based, whereas Traps is behavior-based. Therefore, it doesn't necessarily whitelist things, it looks for anything with bad behavior. Thus, we've had a significant increase in blocking with a decrease in false positives, because it's looking at how the files work, not just a list of files that it's been told to look for.

What is most valuable?

The anti-exploit is impenetrable. We chose Traps because it is the only product that we were not able to get anything past.

What needs improvement?

Going from version 4 to version 5, they had a major change in their user interface. Version 5 is now all cloud managed, while it has a very intuitive, useful interface, it doesn't have all the features that were in the version 4 interface. For example, we lost being able to automatically trigger upgrades, like creating manual groups to upgrade with. It doesn't currently have the ability to use the Active Directory to create groups. 

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It's fairly stable. They do have bugs which come up every once in a while, but they're usually good about getting them taken care of within a release.

What do I think about the scalability of the solution?

It is definitely scalable.

Primarily, it is just being used by myself. The help desk also uses it. There are probably a total of around ten users.

We've deployed it to about 1500 endpoints so far. There is a possibility that we may expand our usage, but not in the foreseeable future. We are at pretty much at 100 percent deployment at this point.

How are customer service and technical support?

I would describe Palo Alto's technical support as audio waterboarding. They have the worst support, as a company, that I have ever worked with, as they are difficult to get a hold of and keep on the phone. They don't know what they are talking about when you get them on the phone. They don't like to respond to messages when you send them to them. They like to "research problems" for weeks on end, then pass you off to somebody else.

Which solution did I use previously and why did I switch?

We were previously using Sophos for antivirus, and are still using Sophos for antivirus, but we're using Traps to augment it.

How was the initial setup?

The initial setup was pretty straightforward on version 4, but on version 5, it is almost idiot-proof.

The initial deployment of getting the servers and everything up took about a week, but getting everything deployed was somewhere closer to six weeks.

What about the implementation team?

We implemented it in-house. We incrementally did some systems to make sure that it wouldn't block anything that it shouldn't. After that, we used Active Directory to push it to everything else.

Very little staff is required for deployment and maintenance, as Traps is self-maintaining.

What was our ROI?

I feel that we have seen ROI. There have been a number of blocked, bad files that could have gotten through, but were stopped by Traps.

What's my experience with pricing, setup cost, and licensing?

The pricing seems fair, and I do like the licensing model. You use wherever they are, and it is elastic. So, if you have 1100 computers today, you can license that. Therefore, as long as you're below your licensing cap, you're fine.

Which other solutions did I evaluate?

We looked at Palo Alto vs Sophos, which has a anti-malware system called Intercept X, but it did quite literally nothing. We thought about Symantec, but we didn't end up testing them against Traps.

What other advice do I have?

The implementation is fairly straightforward and easy. With version 5, everything is now on the cloud. It is easy to work with and use. I would use mobile device management (MDM) or Active Directory (AD) to push the file everywhere when installing it, as it will auto go from there. The management is pretty low. Thus, it will be set it, and for the most part, you can forget it.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
JN
Manager of InfoSec at Joann Fabrics
Real User
We have not had any malware successfully execute on an endpoint since deploying Traps.

Pros and Cons

  • "Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place."
  • "There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration."

What is our primary use case?

How has it helped my organization?

Traps has drastically reduced our endpoint attack surface via advanced detection capabilities, sandboxing of never before seen programs, and by drastically limiting where executables can launch in the first place. We have not had any malware successfully execute on an endpoint since deploying Traps.

What is most valuable?

Wildfire, advanced detection capabilities, and whitelist/blacklist features. These features have provided us an easy way to lock down our systems to prevent execution of unknown code and scripts and to prevent launching of code from end user writable directories.

What needs improvement?

The application whitelisting/blacklisting feature is based purely on path and filenames. Changing a filename can bypass it easily. The uninstall admin password for the client is passed in clear text during install. 

There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration. This is ridiculous for an enterprise product. 

Traps 5.0 does not integrate with Palo Alto's Panorama product, which was a big selling point of Traps 4.0. Traps 5.0 has no ability to send an email to alert of detections. Instead customers have to jump through hoops to use Palo Alto's log management service to forward logs into a 3rd party SIEM and then build your alerts from there. No EDR functionality, though this is supposedly coming.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Mostly positive. We've had some episodes early on where upgrades caused some issues with the backend database, but that seems to have cleared up. This issue would not impact the Traps 5.0 users as it is SaaS based.

What do I think about the scalability of the solution?

This software exists on every workstation and server in our company with ~10,000 people using the solution. For on-prem, we run 3 nodes and it handles the load just fine. We could always add more nodes if necessary. For the SaaS solution, that is all on Palo Alto's side.

How was the initial setup?

Setup was pretty straight forward. The product is very granular and customers can turn on features as they are ready/comfortable in order to keep the deployment simple. For organizations with a good understanding of their infrastructure, deployment should be pretty simple.

What about the implementation team?

We deployed Traps ourselves. We went big bang and deployed all features at once. We had a strong understanding of our systems and were able to provide whitelisting settings up front that made sense. There was a bit of post-deployment work to resolve things that were missed, but all things considered the deployment strategy went smoothly and was the right call.

What was our ROI?

For an endpoint security service, that is hard to state. We have not seen a malware infection since deployment.

What's my experience with pricing, setup cost, and licensing?

I feel it is fairly priced.

Which other solutions did I evaluate?

We evaluated 

What other advice do I have?

I think Traps has the best mix of features by price in the industry. It is not flawless by any means, but Palo Alto seems committed to it and are improving it. Traps 5.0 is promising, though they have a ways to go before I'd be willing to implement it.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Manuel Keller
Head of Network and Communication Department at a program development consultancy with 10,001+ employees
Consultant
The level of security I get for my endpoints and servers is extremely valuable.

What is most valuable?

The level of security I get for my endpoints and servers is extremely valuable.

How has it helped my organization?

No signature updates of the AV needed, so no old signatures. No patching, very little operational effort needed.

What needs improvement?

Performance at the endpoint is much better than with the old AV.

No signature updates needed.

Stops the attack before it is executed.

For how long have I used the solution?

Two years.

What was my experience with deployment of the solution?

No.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Customer Service:

Perfect.

Technical Support:

Real experts.

Which solution did I use previously and why did I switch?

Yes. We switched because the footprint was heavy, the protection rate decreases and the operational costs (incidence response) were high.

How was the initial setup?

Yes, it took one hour to install the back end and the rollout was done by software deployment. Project lasted four weeks .

What about the implementation team?

In-house.

What's my experience with pricing, setup cost, and licensing?

Ask your local dealer.

Which other solutions did I evaluate?

Yes.

What other advice do I have?

If you are already a Palo Alto Networks Firewall customer you can have perfect Integration between your clients/servers and your firewalls. Automated response without supporting and APIs.

Disclosure: My company has a business relationship with this vendor other than being a customer:
Buyer's Guide
Download our free Cortex XDR by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.