2018-12-12T10:13:00Z

What needs improvement with Cortex XDR by Palo Alto Networks?

Julia Miller - PeerSpot reviewer
  • 0
  • 3071
PeerSpot user
54

54 Answers

AS
Reseller
Top 20
2023-12-01T14:27:50Z
Dec 1, 2023

The product's pricing needs improvement. They could provide more discounts. Additionally, the dashboard and control panel could be enhanced.

Search for a product comparison
Mirko Minuzzo - PeerSpot reviewer
Real User
Top 5Leaderboard
2023-12-01T10:58:00Z
Dec 1, 2023

It is an enterprise-level solution. Its price could be less expensive.

Lissette Acurio - PeerSpot reviewer
Reseller
Top 5
2023-08-18T15:39:05Z
Aug 18, 2023

It is a complex solution to implement.

BibinMathew - PeerSpot reviewer
Real User
Top 10
2023-05-05T12:16:34Z
May 5, 2023

We have implemented a product that blocks USB usage and also provides device control for our company. Currently, we are monitoring all USB drives and ports but we would like to improve our device control capabilities. Although we are using this feature, we allow specific systems and USB devices. For example, we enable certain users to use external hard drives but we may disable them if necessary. However, due to the nature of our organization, we do not have a dedicated department for this task.

EA
Real User
Top 20
2023-05-04T09:21:00Z
May 4, 2023

There are many areas that could use improvement. One thing that is important to keep in mind is that times change, and we need to be adaptable to what happens. Ultimately, we want to see positive results and improvements. In the next release, I would add dashboards that allow everyone to see what's happening, not just the security team. Users can view the data and see what's happening. Also, I think the Data Lake from Cortex XDR should be public, not private.

AC
Real User
Top 5
2023-04-11T11:28:05Z
Apr 11, 2023

The playbooks could be improved to include more functionalities or actions.

Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
IS
Real User
Top 5
2023-02-02T21:36:10Z
Feb 2, 2023

I don't like that they have different types of licenses. For example, if users select a license, they think they will have all the platforms they need to improve their network or security. But after some time, Palo Alto Networks changed their licensing, and some of the features that, for example, were free at the beginning now have a cost. I think the integration can be improved. For example, a lot of tools are just integrated through APIs.

Kamil Fahmi - PeerSpot reviewer
Real User
Top 10
2023-01-16T17:15:26Z
Jan 16, 2023

Cortex XDR by Palo Alto Networks could improve by adding a sandbox feature to better compete with their competitors which have it.

EhabAli - PeerSpot reviewer
Real User
Top 5
2022-12-12T15:43:23Z
Dec 12, 2022

The price could be a little lower.

AA
Real User
Top 20
2022-10-26T08:24:25Z
Oct 26, 2022

Cortex XDR by Palo Alto Networks could improve by offering remote management. It would be useful to look at the client's issue to fix it.

Dennis Ngetich - PeerSpot reviewer
Reseller
Top 10
2022-08-08T13:33:29Z
Aug 8, 2022

Cortex XDR by Palo Alto Networks can improve mobile integration to allow access to the console.

MA
Real User
Top 20
2022-06-28T15:48:36Z
Jun 28, 2022

I'd like the solution to provide URL filtering and web-based prevention. We'd like to block web pages at a high level. We would also like to have advanced tech protection and email scanning.

Kelvin Choy - PeerSpot reviewer
Real User
Top 5
2022-06-21T06:05:00Z
Jun 21, 2022

I have run into some detection issues with Cortex XDR. If they had pulse rate detection, it would be better. The whole state IPS should be better. It needs to be better at detection of internal attacks.

Ahmed Sief - PeerSpot reviewer
Real User
Top 10
2022-06-07T07:19:37Z
Jun 7, 2022

They need to do definition updates. Instead of the version, they just put an update on the portal, and each time we need to upgrade it. Sometimes it's hard to upgrade the offsite clients. Sometimes the internet that they are using is not that stable. It gives us a hard time. Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded. It would be ideal if the updates would happen like Symantec updates or other antivirus solutions. The upgrade needs to deploy directly to the users.

Rustam-Rustamli - PeerSpot reviewer
Real User
Top 20
2022-05-12T06:57:51Z
May 12, 2022

There are still a few gaps with this solution. For example, real-time, on-demand antivirus is not there. If you're looking for compliance XDR is somewhat lacking. There is also no recovery feature; if some endpoint is under attack there must be the possibility of recovering it or restoring it to a normal state. That is currently lacking in XDR.

PM
Real User
2022-03-16T12:38:21Z
Mar 16, 2022

In terms of areas of improvement, we have not completed our review of the product. We're also looking at other products. So, it's a little bit hard to tell what could be different because we have not completed the review of this product, but based on our experience so far, its implementation is quite complex. In terms of new features, we don't have any functions or features that we would like to add at the moment.

GA
Reseller
2022-02-11T13:57:59Z
Feb 11, 2022

In general, the price could be more competitive.

DP
Real User
2022-01-20T10:23:15Z
Jan 20, 2022

This product could be simpler to use. For example, the onboarding process and getting it started could be improved. The technical support is in need of improvement.

AG
MSP
2021-12-22T17:22:00Z
Dec 22, 2021

It is not easy to sell Cortex XDR, not because it isn't a good tool. Its marketing needs to be improved.

RV
Real User
2021-11-24T20:05:21Z
Nov 24, 2021

We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky. The tool should have the ability to test an environment to see what percentage it is secure against threats, such as ransomware. This would allow for adjustments to be made to the network for more security. We don't have the capability to test the networks daily there should be a parameter in order to report on the healthy of the network for security vulnerabilities.

SA
Real User
2021-11-02T18:30:56Z
Nov 2, 2021

The solution should offer more dashboards and they should be better customized. The case number of items should be addressed. I have found the interface of Azure to be more simple and customizable than that of the solution.

AA
Real User
2021-11-02T18:27:00Z
Nov 2, 2021

The product's impact on system performance is horrible, adding a lot of delays for users.

HS
Reseller
2021-09-03T16:10:43Z
Sep 3, 2021

It should support more mobile operating systems. That is one of the cons of their infrastructure right now.

AC
Real User
2021-07-30T09:54:52Z
Jul 30, 2021

The solution could improve by providing better integration with their own products and others.

AA
Real User
2021-07-23T05:07:37Z
Jul 23, 2021

Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms.

TS
Real User
Top 20
2021-07-06T18:47:00Z
Jul 6, 2021

In an upcoming release, the solution could improve by proving hard disk encryption. If it could support this it would be a complete solution.

WA
Real User
2021-06-30T17:51:45Z
Jun 30, 2021

It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue. So, making exceptions would be easier and would probably be better for logging. It would be nice if it were easier to use and if there were some free training hours. As for additional features, I would suggest having mobile access to the console, perhaps through a mobile app for the console.

KF
Real User
2021-04-05T18:32:14Z
Apr 5, 2021

For working with the solution, you only really need a web browser, however, we've found that working on Chrome, for example, is horrible. Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well.

PV
Real User
2021-03-24T11:04:37Z
Mar 24, 2021

The installation should be easier and the Palo Alto pre-sales and sales should teams have more information on the product because they don't know what they are selling. They don't know the features of the products they sell. For example, Cortex XDR includes Cortex XDR Prevent, Cortex XDR Pro, and Cortex XDR Pro per TB. They don't know the real differences between Cortex XDR Pro and Cortex XDR Pro per TB. Sometimes, they will tell you about features for one edition that belong to another edition. They don't seem to know what features belong to what edition.

MJ
Real User
2021-02-22T21:12:58Z
Feb 22, 2021

I would like to see some sort of attachment scanning included. Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access. I want a plugin for email attachment scanning and email body scanning.

RP
Reseller
2021-01-27T06:34:21Z
Jan 27, 2021

It would be good to have a better way to search for a file within the UI. Like in SentinelOne, you can search for an arbitrary file, and in Cortex XDR, you can't. You can do it with an addendum license, but I think we could all benefit from getting it with the standard license. Because if you want to do threat hunting with this product, you have to search for files now and not wait to get a license.

KS
Real User
2021-01-23T07:10:12Z
Jan 23, 2021

It'll help if customization was easier. It would be better than how it's now if it came out of the box using their stock set up to get it up-and-running. Then you go in, and you add more restrictive things to make it better.

JW
Reseller
2021-01-07T19:20:58Z
Jan 7, 2021

A little bit more automation would be nice.

RN
Real User
2020-12-08T16:15:48Z
Dec 8, 2020

There are a lot of logs generated and an engineer has to go through all of the events to find out exactly what the bottleneck is. We do need to collect the events but this can be time-consuming. Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer. A better pricing plan would make this product more competitive.

DS
Reseller
2020-11-24T00:53:45Z
Nov 24, 2020

It is not a suitable solution if you are looking for a single product with multiple features such as DLP, encryption, rollback, etc. this is good as an endpoint protection to prevent malware, exploits, zero days, ransomware, botnet etc. For features like Host DLP or encryption or patch management, or any such features which are available in basic anti-virus, you cannot expect it in Palo Alto Network's Cortex XDR solution. rest, all features work as expected, without any lagg or slowness observed in the system.

it_user1237689 - PeerSpot reviewer
Real User
2020-10-22T14:34:13Z
Oct 22, 2020

The solution should enhance the ADR and reporting. As of right now, they are giving reports, which are okay, however, there are other ways to get better reporting. That is an area where I already requested that Palo Alto work on. In reporting they should have a customizable dashboard due to the fact that C-level people don't like reporting to the IT department. They prefer to have a real-time dashboard. That kind of dashboard needs to have various customizations. They should extend the solution for URL filtering, as other endpoint security products are doing that already. Nowadays, users are working from home and therefore we have plenty of traffic back through the data center just for URL filtering security. If that functionality could be there in the endpoint, then we would be happy. It would ensure users working from home couldn't access malicious websites.

MG
Real User
2020-10-19T09:33:32Z
Oct 19, 2020

Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want.

AB
Real User
2020-10-13T07:21:37Z
Oct 13, 2020

I would like to see them include NDR (Network Detection Response). Then it would work well with SIEM Response. Also, if they could make an on-premises version we would definitely go with Cortes. At this time, they are not offering an on-premises solution.

FT
Real User
2020-08-30T08:33:28Z
Aug 30, 2020

As an improvement, I would like to see enhanced connection speeds. On China's side, we need to set up a local server for the definition updates, and the performance has not been very good for the company when directly connected to the internet. We are a little disappointed with that.

AA
Real User
2020-07-19T08:15:00Z
Jul 19, 2020

It's my understanding that this solution is at end-of-life. It's hard to use as a product. It's not easy or straightforward. Especially when I deal with a government sector or other sensitive industries. They do not accept that it's so easy to share metadata outside their organization. They prefer on-prem even if it is not as powerful due to the fact that they perceive it as being more secure. The solution can never really be an on-premises solution based simply on the way it is set up. It needs metadata to run and improve. Having an on-premises solution would cut it off from making improvements. The deployment is pretty hard. Competitors like Trend Micro or Symantec have features on their console that make them easier to use. This solution does not offer items that would increase its usability. Before I moved to technical sales, I handled implementation, and I remember it being very difficult. They need to improve this aspect. The solution provides a lot of false positives. The average amount of false positives you get is 5%. It would be great if this could be lowered.

MJ
Real User
2020-07-09T06:27:01Z
Jul 9, 2020

The solution eats memory of the computer, unlike anything I've ever seen. It eats more memory than Chrome. I have a lot of users that are eating my memory each hour every day and it's causing us problems. We have to go and buy more memory for each computer. When you have a lot of computers like we do, is not a very good situation. Some of the computers are only using 4 GB of memory, so if you put aside the differences, most only have some Chrome, some internet, and Office and that's it. And yet, the memory is getting eaten. If someone catches something like malware, or something else, I want to know if the file was spread to other machines and what the target was. I want to be able to get ahead of the spread. This solution doesn't do enough to protect us against these types of vulnerabilities or to give us much information about the spread. The tool really does need some more reverse engineering features. There's an overall lack of features. The initial setup could use improvement. Currently, I must go to each machine and deploy everything manually. We are in 2020, not in 1980. It seems like such a dated way of doing large deployments.

MS
Real User
2020-06-21T08:08:11Z
Jun 21, 2020

There are some third-party solutions that are difficult to integrate with, which is something that can be improved.

CB
Real User
Top 10
2019-11-12T20:23:00Z
Nov 12, 2019

The dashboard is the area that needs to improve so that we can have the ability to drill down without having to go elsewhere to verify results.

Mohammad Qaw - PeerSpot reviewer
MSP
2019-07-16T05:40:00Z
Jul 16, 2019

I started using it from 4.1, but it didn't change that much. Some features and some fixes have been added to 4.2, but not that much. They need to improve reporting, the end-point reporting. They could also enhance their notification statuses. In the current version, you will see some threat alerts, or if anything is executable, but you will not see behavioral analysis. You will see what was being blocked, and that's it. If Traps logs something, you will get a notification. Otherwise, you have to generate the dump file and investigate on your own. In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are a big company, so they can surely improve the UI a little bit. The UI, the reports, the log system can all be improved. But overall, when we speak about security and protection, they are one of the top providers.

it_user1009236 - PeerSpot reviewer
Real User
2019-07-09T05:26:00Z
Jul 9, 2019

The solution needs better reports. I think they should let the customer go in and customize the reports. It could also use better graphics and more information.

TF
Consultant
2019-06-24T12:13:00Z
Jun 24, 2019

The one area which should improve is not on the user side but on the product itself. Currently, if you use Palo Alto endpoint protection as the only solution it's very complicated to remove pre-existing threats. For example, if you had something that was not detected by the former solution, and you install Palo Alto, you will have some difficulty removing the virus with the Palo Alto tool. It would be helpful if they had a tool for removing a virus or threat in these cases.

RR
Real User
2019-04-17T08:37:00Z
Apr 17, 2019

The MAC agent is not as robust feature-wise as the PC version. I need to control USB ports on MAC laptops and cannot. This is a MUST so I opened a case with Palo Alto and requested this feature for an upcoming update. I would like to see more automation and self-healing for incidents that can be easily classified as malware.

MC
Real User
2019-02-11T08:11:00Z
Feb 11, 2019

There are some false positives. What our guys would have liked is that it would have been easier to manipulate as soon as they found a false positive that they knew was a false positive. How to do so was not obvious. Some people complained about it. The interface, the ESM, was not user-friendly.

AK
Real User
2019-02-07T12:28:00Z
Feb 7, 2019

There are some default policies which sometimes affect our applications and cause them to run around. In the hotel industry, we use a different type of data versus Oracle and SQL. By default, there are some policies which stop us from running properly. Because of this, the support level is also not that strong. We have to wait to get a results. Originally, we wanted to uninstall Traps because we could not run our operations because Traps, by default, had blocked applications and files. This is still a thing, as we still have to give flexibility to certain policies which are pre-defined in the Traps application.

SH
Real User
2019-02-07T12:28:00Z
Feb 7, 2019

Managing the product should be easier.

OS
Consultant
2019-02-07T12:28:00Z
Feb 7, 2019

There are some limitations on the Traps agents. Traps for Windows has limitations and Traps for Linux too. Traps doesn't work with McAfee. You need to remove McAfee to install Traps. This is very common, and its nothing that should be an issue. Some antivirus engines recognize Traps as an threat component, so maybe they need to shake hands somewhere. With Windows 7 and Windows 8 64-bit, when you want to install Traps, because its Windows, it will crash. They need a little more flexibility with antivirus engines.

LT
Real User
2019-01-17T10:53:00Z
Jan 17, 2019

With cloud integration, there were several improvements made: * Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files. It was unable to retrieve new file verdicts. It was using a thing called "local analysis" to determine if something was a malicious file or not. There was no dynamic analysis. With the cloud implementation, we now have connectivity to the server at any moment, as long as we have an internet connection. * A new user interface, which is a lot easier to use. Making it similar to managing a firewall. * Additional OS support.

RH
Real User
2019-01-10T08:22:00Z
Jan 10, 2019

Going from version 4 to version 5, they had a major change in their user interface. Version 5 is now all cloud managed, while it has a very intuitive, useful interface, it doesn't have all the features that were in the version 4 interface. For example, we lost being able to automatically trigger upgrades, like creating manual groups to upgrade with. It doesn't currently have the ability to use the Active Directory to create groups.

JN
Real User
2018-12-12T10:13:00Z
Dec 12, 2018

The application whitelisting/blacklisting feature is based purely on path and filenames. Changing a filename can bypass it easily. The uninstall admin password for the client is passed in clear text during install. There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration. This is ridiculous for an enterprise product. Traps 5.0 does not integrate with Palo Alto's Panorama product, which was a big selling point of Traps 4.0. Traps 5.0 has no ability to send an email to alert of detections. Instead customers have to jump through hoops to use Palo Alto's log management service to forward logs into a 3rd party SIEM and then build your alerts from there. No EDR functionality, though this is supposedly coming.

Cortex XDR by Palo Alto Networks is the first threat detection and response software to combine both visibility across all types of data as well as autonomous machine learning analytics. Threat detection very often requires analysts to divide their attention among many different data streams. This platform unifies a vast variety of data flows, which allows analysts to assess threats from a single location. Users can now maintain a level of visibility that other threat detection programs...
Download Cortex XDR by Palo Alto Networks ReportRead more