If you were talking to someone whose organization is considering Cortex XDR by Palo Alto Networks, what would you say?
How would you rate it and why? Any other tips or advice?
The main advice I can share is to watch out for your database and make sure to give it enough resources. That's it. I would rate this solution eight out of 10.
I recommend using this solution and I would rate the solution an eight out of 10.
We use the on-prem version, not the cloud version of Palo Alto. We use it daily but we have logs. Normally, if we have an incident in detection from a wire system, there's more effort. But typically it would take about ten minutes in order to check the logs and it's not complex at all. But if you have some threats or viruses then, of course, maintenance takes longer. In terms of advice, I'd say it depends on the usage of the PCs. For us to use in the main production, Palo Alto benefited us. It was easy to install and performance of the traps themselves are very good. In most cases, you don't have to worry about the performance of the PC at all. Palo Alto Traps takes up very few resources. I would rate this solution 9 out of 10.
On a scale from 1-10, I would rate Palo Alto Networks Traps with an eight. It is great, but I have some issues with the cost of the product license.
Make sure you have a proper inventory of all the applications running. That's something we should have done to start with. We intended to do so but because we're using very strange applications to deal with satellite imagery, and it was giving us some issues. For somebody who's using the standard Microsoft Office, it's really straightforward. But if you have exotic applications, then make sure you test it before you deploy it. You will have issues. To maintain it, the only thing you have to do is download the latest updates and install them. After that, the only maintenance you need is checking the logs every day to see what has been sent to the cloud for sandboxing and then move to the culprit machine to see what happened. It's difficult to say how many people are required for this. As soon as you get something exotic on the machine, this can take an hour, but that's not related to Traps. Traps is just telling you there's something exotic. After that, it's the time you spend doing all the malware and other analyses. As far as Traps is concerned as such, it doesn't require much maintenance. It's something you set and forget. I would give Traps a nine out of ten. I think it's a very good application. It detected stuff that other things wouldn't detect. I'm very positive about it and was extremely satisfied with it. We had it for the reason I noted earlier. It has been replaced by something else, but I had a very good experience with it. Had we been in a Microsoft Office business - the normal applications - we never would have moved. But the people in charge of the system went to Microsoft Defender.
Test normal behavior of the Traps agents (injection and policy) and confirm that there has been no change in the user experience.
Palo Alto Traps is good but they need to more widely promote it.
Overall, Traps is a very good application when you compare endpoint security solutions available in the market. You can see your value for your money. You can see the results and sleep peacefully. You don't have to worry about a ransomware attack. Traps is very well-designed. It also does good things with deep machine learning. If it finds any malicious activity, it will alert you. Based on our feedback and recommendations, our sister companies had been looking forward to replacing their current solution with the Traps. My current company is in the process of evaluating the solution.
If ransomware were to spread throughout your company, you would not want your file shares to be encrypted nor your servers to be affected. My advice would be get Traps on your servers and on your workstations. Go with version 5 and the cloud instance, then turn on all the features that you can. Some of them come by default disabled out-of-the-box, but you want to turn on all of the features, such as local analysis, file quarantine, WildFire, malicious and grayware blocking and quarantine, restrictions (don't allow executables to run from USB drives, unless it's whitelisted). Turn on all the exploit protections with dynamic updates, and just let it just update. Since we all know the next version of Flash Player is going to have a vulnerability which no one knows about until it's discovered. Then, at that point, it could have already been out there for a while. With Traps, it could potentially determine the exploit before it's even a known vulnerability. Turn on every single feature you can without taking an impact to performance. Once it's fine-tuned and doing its thing, I have never witnessed Traps not working properly. They have put in improvements over the years. We have been using the product for over four years now (since I've been with the company). They have added support for additional operating systems, such as Android, macOS, and Linux. They used to be Windows only. They put improvements where they no longer require you to have an on-premise server, so you can host it on the cloud. Thus, when endpoints leave the environment, they can connect to a cloud host and have full connectivity to your policies. When Traps does sandbox tests, it checks the verdict against their sandbox: WildFire. Having it in the cloud is great, because then the machine doesn't have to be on a VPN or within the company walls with connectivity to an on-premise server. Therefore, having the cloud implementation was definitely an improvement. When Palo Alto acquires a technology, they implement it into Traps and make the product better. They have done this in the past, and there are cool things coming in the future from these acquisitions.
The implementation is fairly straightforward and easy. With version 5, everything is now on the cloud. It is easy to work with and use. I would use mobile device management (MDM) or Active Directory (AD) to push the file everywhere when installing it, as it will auto go from there. The management is pretty low. Thus, it will be set it, and for the most part, you can forget it.
I think Traps has the best mix of features by price in the industry. It is not flawless by any means, but Palo Alto seems committed to it and are improving it. Traps 5.0 is promising, though they have a ways to go before I'd be willing to implement it.