Palo Alto Networks Cortex XDR

Palo Alto Networks Cortex XDR
Formerly Traps

Score 8.7 out of 10
Palo Alto Networks Cortex XDR

Overview

What is Palo Alto Networks Cortex XDR?

Traps replaces traditional antivirus with multi-method prevention, a proprietary combination of malware and exploit prevention methods that protect users and endpoints from known and unknown threats.
Read more

Recent Reviews

Trap that malware!

8 out of 10
February 27, 2019
Traps was purchased as a response to a virus outbreak that kept cropping up due to still infected systems popping up days or weeks after …
Continue reading
Verified User
Technician
Read all reviews

Reviewer Pros & Cons

View all pros & cons
Jeff Nichols | TrustRadius Reviewer
Jeff Nichols
Information Security Manager
Port Authority of Allegheny County (Transportation/Trucking/Railroad, 1001-5000 employees)

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Palo Alto Networks Cortex XDR, and make your voice heard!

Record a review
Return to navigation

Pricing

View all pricing
Palo Alto Networks Cortex XDR

Palo Alto Networks Cortex XDR

N/A
Unavailable

What is Palo Alto Networks Cortex XDR?

Traps replaces traditional antivirus with multi-method prevention, a proprietary combination of malware and exploit prevention methods that protect users and endpoints from known and unknown threats.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Would you like us to let the vendor know that you want pricing?

37 people want pricing too

Alternatives Pricing

CrowdStrike Falcon

CrowdStrike Falcon

$6.99
per endpoint/month (for 5-250 endpoints, billed annually)
What is CrowdStrike Falcon?

CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no performance…

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint

$2.50
per user/per month
What is Microsoft Defender for Endpoint?

Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioral based and cloud-powered next generation protection, endpoint detection…

Return to navigation

Product Details

What is Palo Alto Networks Cortex XDR?

Traps replaces traditional antivirus with multi-method prevention, a proprietary combination of malware and exploit prevention methods that protect users and endpoints from known and unknown threats.

Palo Alto Networks Cortex XDR Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

 (41)

Attribute Ratings

Reviews

(1-12 of 12)
Popular Filters
Companies can't remove reviews or game the system. Here's why
March 25, 2023

Traps/Cortex XDR Review

Jeff Nichols | TrustRadius Reviewer
Jeff Nichols
Information Security Manager
Port Authority of Allegheny County (Transportation/Trucking/Railroad, 1001-5000 employees)
Score 1 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
Traps/now Cortex XDR was being used to provide endpoint protection for our servers and desktops. Traps/Cortex XDR was being used organization wide.
Pros and Cons
  • It does nothing well
  • Traps/cortex XDR alerts on wide scale commercial apps that are clearly not malicious
  • the Cortex XDR console interface is 5 steps worse than simply bad
  • Frontline support reps are not fluent in spoken English although their written fluency is okay (at best)
Likelihood to Recommend
If I could give a zero, I would. This is a [bad] product with a bad interface. Support is awful and the product doesn't even come close to living up to the sales pitch. Avoid.
February 16, 2022

Palo Alto Networks Cortex XDR--best fit as an endpoint protection suite

DS
Darshil Sanghvi
Presales
Network Techlab (Information Technology & Services, 501-1000 employees)
Score 9 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
Palo Alto Networks Cortex XDR is used for our in-house as well as roaming users, and we have procured around 200 licenses. With Palo Alto Networks Cortex XDR, we are enabling security controls and also getting insights and deep visibility on our users' suspicious activities and behaviors and securing them from advanced attacks like file-less malware, ransomware, etc.
Pros and Cons
  • Malware prevention
  • Exploit prevention
  • EDR and XDR
  • Ransomware protection
  • Disk encryption (with Bit Locker and File Vault)
  • Device control features
  • Analytics
  • Investigation
  • Incident management
  • Forensics
  • NTA--network traffic analysis
  • UBA/UEBA--user entity behavior analysis
  • Inventory management
  • Web controls
  • DLP features
Likelihood to Recommend
Palo Alto Networks Cortex XDR is best suited for all the scenarios, except for OT or for devices that don't have internet connectivity. Especially for in-house or on-premises users, servers, roaming users, users working from home, or even users using their own devices, Palo Alto Networks Cortex XDR can be the best fit as an endpoint protection suite and even as a replacement of current AV.
December 30, 2021

Palo Alto Cortex XDR is market leader

Raj Kumar Jha | TrustRadius Reviewer
Raj Kumar Jha
Sr. Technical Lead
Incedo Inc. (Information Technology & Services, 1001-5000 employees)
Score 9 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
Palo Alto Cortex XDR has excellent features which strengthen Security for Endpoint, Cloud and Firewall that can be integrated into a single solution. It has the capability for Digital Forensics and Ransomware Protection as well.
Pros and Cons
  • Antivirus Protection
  • Ransomware Protection
  • Digital Forensics
  • Endpoint Protection
  • Cloud Protection
  • Device Control
  • Drive Encryption
Likelihood to Recommend
Palo Alto Cortex XDR has excellent features which strengthen Security for Endpoint, Cloud, and Firewall that can be integrated into a single solution. It has the capability for Digital Forensics and Ransomware Protection as well. All devices control should be available. Drive Encryption process also should enable instead of Policy governing only.
November 01, 2021

Excellent Threat Hunting Capabilities And Endpoint Security Products For Next Gen

Mst Rahima Khatun | TrustRadius Reviewer
Mst Rahima Khatun
Marketing Product Management
Clopsmith (Information Technology & Services, 11-50 employees)
Score 8 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
The trap was easy to install and worked well with the Palo Alto Suite overall. Upgrades are seamless because everything is in the cloud. We use traps on all of our devices, including laptops and virtual desktops. They did this to guard against malware, zero-day exploits, and APT attacks. This gives us the ability to triage/investigate right from the home page. It can disclose Gray ware and other serious malware and exploit attempts that Windows Defender misses. Palo Alto Networks Traps can also prevent the execution of malware that does not require a file to be downloaded. We’ll see in the CortexXDR product that Palo Alto Networks has added Traps functionality.
Pros and Cons
  • Some zero-day exploits, malicious child processes, and maliciously hashed files have been successfully blocked by it.
  • Analyzing and identifying unknown malicious software on workstations, servers, and mobile devices are made easier with the help of tracking file behavior.
  • Panorama's integration helps us detect malicious files and traps more quickly and efficiently than other products we've tried, protecting us from zero-day attacks.
  • Traps, like all advanced endpoint protection, need to grow in machine learning/baseline protection.
  • Sometimes, exceptions were made because of legacy or custom software issues, and we encountered a bug in an older version of the agent.
  • Traps are best for IT environments using COTS reports/dashboards. In environments where custom software and applications are used, Traps necessitate a great deal of tweaking.
Likelihood to Recommend
Malware that doesn’t leave files behind has become widely available. Anyone who can afford to reverse this trend should purchase technology. Application whitelisting isn’t for everyone, and Palo Alto Networks Traps can help. Enterprises looking for a low-affected, next-generation solution with high protection should consider it. PAN Traps is a great product at a reasonable price, and I highly recommend it.
October 14, 2021

Endpoint Response Where It Matters

Verified User
Analyst in Information Technology
Hospital & Health Care Company, 10,001+ employees
Score 9 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
XDR is being used as an Endpoint Response tool. As an EDR we are able to identify events and logs across multiple devices. The nodes on the network display a variety of information that help analyst understand behaviors in the environment. XDR address the problem of security analysts being able to discover, detect, and respond events or incidents involving hosts on the network.
Pros and Cons
  • Direct Access to devices via Live Terminal which provides operations with scripting, triage, and preservation of artifacts.
  • Behavioral Indicators of Compromise which provides alerts on events regarding groups of hosts and their signatures.
  • Querying complex data sets involving a variety of devices for network connections, hashes, DNS, etc.
  • The UI loads a large amount of data from each windows pane requiring users to scroll or modify queries for smaller list of results. The data being presented can be overwhelming and alerting does not always indicate IOCs.
  • Performance on XDR tends to fluctuate when running queries and features available don't make the process of hunting any faster.
  • Support for the product needs improvement as the product is newer more items are revealed that require attention or resolution.
Likelihood to Recommend
In a scenario where EDR is a requirement or necessity XDR performs well with or without a SIEM. There are millions of events and logs to parse through and XDR is capable of handling the large load. On top of the large data that is being parsed, features such as Live Terminal, File Retrieval, OS support, and general Metrics, the tool has room to grow and provide a lot for a Security team or organization. Incident Response is a great example of how XDR can shine.
April 26, 2021

Review of Palo Alto Networks Traps

Verified User
Engineer in Information Technology
Oil & Energy Company, 501-1000 employees
Score 10 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
Palo Alto Networks Traps is used across the whole organization.
Pros and Cons
  • Enforce endpoint security
  • Anti-malware protection
  • Anti-virus protection
  • Automation and orchestration of Palo Alto Networks Traps agents either via the Endpoint Security Manager or via any automation platforms like Ansible, Python, etc.
  • Support of Palo Alto Networks Traps agents via REST APIs
Likelihood to Recommend
Palo Alto Networks Traps is very suited for Endpoint/Server detection and response.
April 22, 2020

Traps is advanced malware protection without the hassle.

Verified User
Analyst in Information Technology
Higher Education Company, 1001-5000 employees
Score 9 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
It is important to note that the functionality of Palo Alto Network Traps is being subsumed into the larger CortexXDR product. Traps has been a good way for our organization to implement advanced anti-malware detection and prevention with a low false-positive rate and a minimum of user annoyance. It is able to catch things that are missed by Windows Defender, both grayware and more serious malware, and exploit attempts. Palo Alto Network Traps can even prevent file-less malware from running.
Pros and Cons
  • Malware detection without existing signatures
  • Test detonation of unknown files in the cloud and locally
  • Prevention of threats that traditional AV can't block
  • Deployment of the agent via SCCM can have downstream consequences.
  • The agent installer occasionally has issues, especially if it is being used for a manual upgrade.
  • Kernel permissions issues on Mac may require user interaction (true for most AV).
Likelihood to Recommend
Normal levels of antivirus are basically good enough at the free tier. But they won't stop the sorts of threats that are becoming increasingly common online. Even if one isn't the target of an APT, file-less malware is becoming commoditized and anyone who can afford it should implement a technology to stop it. Folks who aren't ready for full-on application whitelisting (including scripts) will find Palo Alto Network Traps a great fit with the relative ease of configuration and low user annoyance rate.
Support Rating
10
The support we receive from Palo Alto is one of the best aspects of Traps. It is very easy to recommend their support. It seems much easier to connect directly with someone with a deep understanding of the product rather than other companies where you basically have to make an airtight case that it is some kind of non-standard issue that can't be solved with existing documentation. Palo Alto digs deep and helps with advanced troubleshooting to get things working.
February 26, 2020

Traps will trap malware

Verified User
Manager in Information Technology
Banking Company, 5001-10,000 employees
Score 10 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
Traps are used by all of the endpoints (notebook & VDI) in our organization. This is done to mitigate the risk from malware attack, zero day attack and APT. Previously we utilized a typical anti-virus agent for protection from known malware. However since Q1 last year and based on the threat trends, we discovered it's not enough just to rely on the known malware/traditional anti-virus solution.
Pros and Cons
  • Able to block malicious child-process run on the endpoint
  • Able to block executed files which hashes are malicious
  • Able to block process that employs malicious behaviour
  • Proven to be able to block zero-day exploits
  • We encountered some glitch in a certain version of the agent. When we deployed newer version, the policy set on the previous version was white-listed/overwritten.
  • Moving to encrypted based connection (communication between agent to server) is troublesome, coz we need to uninstall the agent first.
  • Need to have a more flexible reports/dashboard where we can customize it
  • We feed Traps log to our SIEM, however the information sent to the SIEM was not complete, but we need to investigate more probably some faults are on us
Likelihood to Recommend
If protection from known and unknown malware or suspicious process / files are the target, than Traps will address that. It has been proven by us numerous times that Traps are able to block malicious behaviours being run in the files, as well it can prevent zero-day exploits from hitting our organization.
Support Rating
10
The team that supports us are tremendous, they have helped us in upgrading the versions. The upgrade didn’t go on smoothly however their support to fix the issues are great. And lots of help from them to advice us on better use the Traps. Exceptional supports have been given to us by the team.
February 19, 2020

Palo Alto Network Traps make endpoint security simple

Verified User
Administrator in Information Technology
Education Management Company, 51-200 employees
Score 10 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
We had previously used a local server-based agent before Traps. We have a Palo Alto firewall with subscriptions to URL filtering, Wildfire, and threat prevention so the systems were separated. Traps was an incredibly easy install that integrates with the rest of the Palo Alto Suite. I no longer have to whitelist our old agent and update that server. Everything is cloud-based so updates are seamless.
Pros and Cons
  • Cloud-based.
  • Simple to install.
  • Email alerts when issues are found not just a daily summary report.
Likelihood to Recommend
Great for employees that have devices off-site frequently. Easy for a small IT staff to use. Integrates great with the rest of Palo Alto. Works great for Windows and Macs.
Support Rating
10
Simple, easy, and efficient
February 27, 2019

Trap that malware!

Verified User
Technician in Information Technology
Hospital & Health Care Company, 1001-5000 employees
Score 8 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
Traps was purchased as a response to a virus outbreak that kept cropping up due to still infected systems popping up days or weeks after we deemed the environment clean. It's being used across the entire organization currently and helped us identify that threat, quarantine it and also helps isolate future malware from spreading across the network.
Pros and Cons
  • Traps does a fantastic job at stopping malware before it executes
  • Traps defends against 0 day attacks better than other products we have tried
  • Traps isolates malware to that particular host better than any A/V we've tried
  • Traps doesn't seem to function as a traditional A/V very well, so it's better as another layer to your endpoint protection
  • Traps can cause issues with some legacy or custom programs, so exceptions may have to be made
  • Traps falsely identifies things as malicious at times, this is not often though
Likelihood to Recommend
Traps is a fantastic tool for malware prevention and works great alongside traditional A/V. Integration with other Palo Alto gear is also very nice, as it can tap into other products/tools for enhanced functionality. Traps is great at quarantining malicious code to a single source and stops the spread of malware that uses network shares to spread very well.
March 21, 2018

Traps is best

DeForge, Peter | TrustRadius Reviewer
DeForge, Peter
Systems Support Analyst
GW Plastics (Plastics, 1001-5000 employees)
Score 10 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
We recently replaced Kaspersky with Traps. Great next gen product! Easy to use, easy to manage and fantastic protection. It has saved us from a few users who like to on spam already and we were able to get our whitelist fleshed out in no time for those pesky one-off and in-house built apps.
Pros and Cons
  • Tracking file behavior
  • low impact monitoring
  • easy to use console
  • To be honest, at this time I don't have any suggestions for you guys. Sales team was great, tech team is great, product has been great. I like the interface.. so no complaints or suggestions yet!
Likelihood to Recommend
Great for any enterprise solution that wants a next-gen, low impact solution with great protection. If your current product is not up to snuff in any fashion, you should look into Traps. Price point is good and the product is truly outstanding in my opinion.
March 14, 2018

Traps for Enterprise is now relity

Alex Waitkus, CISSP-ISSAP, OSCP | TrustRadius Reviewer
Alex Waitkus, CISSP-ISSAP, OSCP
Security Architect
Securicon, LLC (Computer & Network Security, 51-200 employees)
Score 9 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
Traps is being used with Palo Alto Wildfire and host AV to add layers of protection to hosts to assist in finding unknown and 0 day malware. Traps is also used on servers to help provide advanced malware protection. Traps is in pilot across the server infrastructure and production for user workstations. We have evaluated several advanced endpoint protection applications and because of Wildfire integration, it was the product chosen for deployment.
Pros and Cons
  • Great tool to help analyze and identify unknown malicious software on workstations, servers, and mobile devices.
  • Integration with Panorama help to quickly and efficiently identify potential malicious files.
  • Integration with Wildfire helps to quickly deploy signatures not only to endpoints but to firewalls as well.
  • Every advanced endpoint protection, including Traps, needs to grow in the machine learning/baseline of a machine portion of their protection.
  • Palo Alto needs to work more with vendors and their updates to help reduce exclusion lists.
  • Traps is best for IT environments where COTS is used. Where homegrown software and applications are used, Traps requires a lot of customization.
Likelihood to Recommend
Traps is best for business IT environments, it integrates well with Windows workstations and servers but lacks the ability to wok well in control environments.
Return to navigation