Palo Alto Networks Cortex XDR Reviews and Ratings

Rating: 8.5 out of 10

Score

8.5 out of 10

Community insights

TrustRadius Insights for Palo Alto Networks Cortex XDR are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Business Problems Solved

Palo Alto Networks Traps is a highly regarded cybersecurity software that offers robust protection against malware, zero-day exploits, and advanced persistent threats. Its seamless integration with the Palo Alto Suite has made it a popular choice among users. The software can be easily installed and used on various devices, including laptops and virtual desktops. Users have praised Traps for its ability to detect grayware, serious malware, and exploit attempts that may be missed by other antivirus solutions like Windows Defender. One of the standout features of Traps is its ability to prevent the execution of malware without requiring a file to be downloaded, providing enhanced protection for users. This next-gen capability, coupled with its ease of use and strong protection, has prompted many customers to replace their existing antivirus solutions with Palo Alto Networks Traps.

Traps has proven itself invaluable in identifying and quarantining threats, as well as isolating future malware and preventing its spread across the network. By integrating Wildfire and host AV, Traps adds additional layers of security to hosts and aids in detecting unknown and zero-day malware. The inclusion of Traps functionality in Palo Alto Networks Cortex XDR further enhances security controls and provides deep visibility into suspicious activities and behaviors exhibited by users. Cortex XDR serves as an Endpoint Response tool that enables organizations to quickly identify and respond to events and incidents across multiple devices.

Users have reported that Palo Alto Networks Traps offers advanced anti-malware detection and prevention with a low false-positive rate, minimizing user annoyance while effectively mitigating the risk of malware attacks, zero-day attacks, and APTs. Its organization-wide deployment ensures comprehensive protection for servers, desktops, and roaming users. With Traps seamlessly integrated into the Palo Alto Suite, manual whitelisting and server updates are no longer necessary. Overall, Palo Alto Networks Traps is widely recognized for its ease of installation, seamless integration capabilities, next-gen features, and robust protection against advanced threats.

Reviews

14 Reviews

Palo Alto Networks Cortex XDR The Next-Gen Security Backbone for Modern Enterprises

Rating: 10 out of 10

Incentivized

March 10, 2026

Use Cases and Deployment Scope

Palo Alto Networks Cortex XDR is used in our organization to gain the better visibility in terms of networks, cloud, endpoint. it provide the single pane of glass visibility where user don't have to go tab by tab for multiple tool, rather than that they get the visibility from a single console. It reduce the mean time to detect and respond. Before we are facing the challenge that in a single day analyst are getting more than 500 alerts. The analyst not able to identicy which one is false positive and which one true positive this bring that a single analyst is busy on a single incident for 1-2 hour. Meanwhile the most important and priority aleert get breached. So Palo Alto Networks Cortex XDR bring the feature of case which bring same type of incidents into a single case which reduce the alert noise as well as analyst do not have to focus on a single alert rather than that they investigate a case and that investigation can solve 15 or more alerts from a single case. It also provides the RBAC which help admin to provide the necessary permission to analyst, admin, investigator etc. Previously if we have to get the visibility of application, autoruns, registry etc then we have to check individual endpoint on by one but from Palo Alto Networks Cortex XDR host insights model we get all this type of visibility from a single console. its also providing the Vulnerability management platform which help admin to get visibility of vulnerability of assets, OS even of application. It is the one solution which provides GUI based live terminal where admin can get the visibility of drive, folders, file and can also download it over from console of specific endpoint. Even we can also run python code, script and also get visibility of task manager and we can end process from task manager from Live terminal only. So we do not need to go one by one on every endpoint rather we can manage and get visibility of all this thing from a single console.

Pros

GUI based live terminal which provides visibility of task manager, Drive, folder, file. Even we can execute python code, command in PowerShell and cmd.
Incident / alert grouping into a Case. It minimize the mean time to respond. before analyst focus on every alert and some of them great breached and lasty they find its false positive. But with case they can focus on multiple alert which is grouped in a single case based on behavioural, hostname, Ip, incident type. this reduce time to respond and identify the alert whether its false positive or true positive.
Vulnerability Management - Now organization can get visibility of Vulnerability over their assets, OS, application which is running on endpoint. even they get remediation suggestion and what CVE is getting over that vulnerability.
Automatic Sandbox analysis- on every detection or prevention done by Palo Alto Networks Cortex XDR agent you will get analysis report for it over the console from the Wildfire. It provides the sandbox and analysis report so that admin or analyst can get better visibility what it can impact on their organization and how.

Cons

Within a short time period if same time of malware is executing again and again it provides the timeline of first execution but as a analyst if we think we need all the time whether it should be in second.
Malware Title for alerts- It provides the malware name as wildfire malware rather than it can provide the exact malware name which can help analyst to identify the alert based on name only then they can go for deep analysis.
ZIP file Quarantine- Now Palo Alto Networks Cortex XDR is blocking execution of malware but it should quarantine the ZIP file also but now its quarantining the file file after extracting from Zip and when we try to execute it. No ZIP file quarantine is available now.

Likelihood to Recommend

It help organization to gain visibility over all Network, Cloud, Endpoint. Also it help to correlate the events from multiple aspects and on the basics of it it provide the visibility and incidents over console. It reduce the noise of alert so that analyst can focus on priory alert which is actual need attention and can affect organization. It map the alert and incidents with Mitre ATT&CK which gives better analysis that how the incident is behaving in our environment and what types of tactics and techniques its using. So we have a scenario that we have to use multiple product and solution for network, cloud and endpoint. If something or malware we find we have to go every tool one by one to investigate this, we are not getting the better visibility and it also taking much time. But after Palo Alto Networks Cortex XDR it make easy to correlate the data from multiple verdict and it reduce time also. now we get visibility from a single console rather going tab and tab to see and find the aspects. Even we can take action over it from the console only rather going on individual endpoints.

Verified User

Professional in Information Technology (51-200 employees)

Vetted Review

2 years of experience

Palo Alto Networks Cortex XDR a Winner (if you can overcome the management interface)

Rating: 8 out of 10

Incentivized

May 2, 2024

Use Cases and Deployment Scope

Palo Alto Networks Cortex XDR is one of several layers we use to secure our endpoint devices. Harnessing the power of AI and machine learning, Palo Alto Networks Cortex XDR quickly recognizes and stops threats that may have otherwise gone unnoticed. It also offers the ability to remotely take systems offline while still giving you some level of access to perform forensics or repairs.

Pros

Endpoint Protection
Detect and Response
Antivirus

Cons

Interface can be confusing
An "Admin Bypass" feature to proceed with a false detection would be nice
Better out-of-the-box reporting

Likelihood to Recommend

In my opinion, Palo Alto Networks Cortex XDR is best suited for an enterprise environment that has a knowledgeable IT staff. The interface can be daunting and is easy to get lost under level after level. Although, they now offer "managed detection and response," where their experts monitor and report back 24/7, which could be a great choice for smaller businesses.

Verified User

Manager in Information Technology (201-500 employees)

Vetted Review

3 years of experience

Palo Alto Cortex XDR is market leader

Rating: 9 out of 10

Incentivized

December 30, 2021

Use Cases and Deployment Scope

Palo Alto Cortex XDR has excellent features which strengthen Security for Endpoint, Cloud and Firewall that can be integrated into a single solution. It has the capability for Digital Forensics and Ransomware Protection as well.

Pros

Antivirus Protection
Ransomware Protection
Digital Forensics
Endpoint Protection
Cloud Protection

Cons

Device Control
Drive Encryption

Likelihood to Recommend

Palo Alto Cortex XDR has excellent features which strengthen Security for Endpoint, Cloud, and Firewall that can be integrated into a single solution. It has the capability for Digital Forensics and Ransomware Protection as well. All devices control should be available. Drive Encryption process also should enable instead of Policy governing only.

Raj Kumar Jha

Sr. Technical Lead in Information Technology at Incedo Inc. (1001-5000 employees)

Vetted Review

1 year of experience

View profile

Excellent Threat Hunting Capabilities And Endpoint Security Products For Next Gen

Rating: 8 out of 10

Incentivized

November 1, 2021

Use Cases and Deployment Scope

The trap was easy to install and worked well with the Palo Alto Suite overall. Upgrades are seamless because everything is in the cloud. We use traps on all of our devices, including laptops and virtual desktops. They did this to guard against malware, zero-day exploits, and APT attacks. This gives us the ability to triage/investigate right from the home page. It can disclose Gray ware and other serious malware and exploit attempts that Windows Defender misses. Palo Alto Networks Traps can also prevent the execution of malware that does not require a file to be downloaded. We’ll see in the CortexXDR product that Palo Alto Networks has added Traps functionality.

Pros

Some zero-day exploits, malicious child processes, and maliciously hashed files have been successfully blocked by it.
Analyzing and identifying unknown malicious software on workstations, servers, and mobile devices are made easier with the help of tracking file behavior.
Panorama's integration helps us detect malicious files and traps more quickly and efficiently than other products we've tried, protecting us from zero-day attacks.

Cons

Traps, like all advanced endpoint protection, need to grow in machine learning/baseline protection.
Sometimes, exceptions were made because of legacy or custom software issues, and we encountered a bug in an older version of the agent.
Traps are best for IT environments using COTS reports/dashboards. In environments where custom software and applications are used, Traps necessitate a great deal of tweaking.

Likelihood to Recommend

Malware that doesn’t leave files behind has become widely available. Anyone who can afford to reverse this trend should purchase technology. Application whitelisting isn’t for everyone, and Palo Alto Networks Traps can help. Enterprises looking for a low-affected, next-generation solution with high protection should consider it. PAN Traps is a great product at a reasonable price, and I highly recommend it.

Mst Rahima Khatun

Marketing Product Management in Information Technology at Clopsmith (11-50 employees)

Vetted Review

1 year of experience

View profile

Endpoint Response Where It Matters

Rating: 9 out of 10

Incentivized

October 14, 2021

Use Cases and Deployment Scope

XDR is being used as an Endpoint Response tool. As an EDR we are able to identify events and logs across multiple devices. The nodes on the network display a variety of information that help analyst understand behaviors in the environment. XDR address the problem of security analysts being able to discover, detect, and respond events or incidents involving hosts on the network.

Pros

Direct Access to devices via Live Terminal which provides operations with scripting, triage, and preservation of artifacts.
Behavioral Indicators of Compromise which provides alerts on events regarding groups of hosts and their signatures.
Querying complex data sets involving a variety of devices for network connections, hashes, DNS, etc.

Cons

The UI loads a large amount of data from each windows pane requiring users to scroll or modify queries for smaller list of results. The data being presented can be overwhelming and alerting does not always indicate IOCs.
Performance on XDR tends to fluctuate when running queries and features available don't make the process of hunting any faster.
Support for the product needs improvement as the product is newer more items are revealed that require attention or resolution.

Likelihood to Recommend

In a scenario where EDR is a requirement or necessity XDR performs well with or without a SIEM. There are millions of events and logs to parse through and XDR is capable of handling the large load. On top of the large data that is being parsed, features such as Live Terminal, File Retrieval, OS support, and general Metrics, the tool has room to grow and provide a lot for a Security team or organization. Incident Response is a great example of how XDR can shine.

Verified User

Analyst in Information Technology (10,001+ employees)

Vetted Review

2 years of experience

Palo Alto Networks Cortex XDR--best fit as an endpoint protection suite

Rating: 9 out of 10

Incentivized

July 13, 2021

Use Cases and Deployment Scope

Palo Alto Networks Cortex XDR is used for our in-house as well as roaming users, and we have procured around 200 licenses. With Palo Alto Networks Cortex XDR, we are enabling security controls and also getting insights and deep visibility on our users' suspicious activities and behaviors and securing them from advanced attacks like file-less malware, ransomware, etc.

Pros

Malware prevention
Exploit prevention
EDR and XDR
Ransomware protection
Disk encryption (with Bit Locker and File Vault)
Device control features
Analytics
Investigation
Incident management
Forensics
NTA--network traffic analysis
UBA/UEBA--user entity behavior analysis

Cons

Inventory management
Web controls
DLP features

Likelihood to Recommend

Palo Alto Networks Cortex XDR is best suited for all the scenarios, except for OT or for devices that don't have internet connectivity. Especially for in-house or on-premises users, servers, roaming users, users working from home, or even users using their own devices, Palo Alto Networks Cortex XDR can be the best fit as an endpoint protection suite and even as a replacement of current AV.

Darshil Sanghvi

Presales in Information Technology at Network Techlab (501-1000 employees)

Vetted Review

3 years of experience

Review of Palo Alto Networks Traps

Rating: 10 out of 10

Incentivized

April 26, 2021

Use Cases and Deployment Scope

Palo Alto Networks Traps is used across the whole organization.

Pros

Enforce endpoint security
Anti-malware protection
Anti-virus protection

Cons

Automation and orchestration of Palo Alto Networks Traps agents either via the Endpoint Security Manager or via any automation platforms like Ansible, Python, etc.
Support of Palo Alto Networks Traps agents via REST APIs

Likelihood to Recommend

Palo Alto Networks Traps is very suited for Endpoint/Server detection and response.

Verified User

Engineer in Information Technology (501-1000 employees)

Vetted Review

8 years of experience

Traps/Cortex XDR Review

Rating: 1 out of 10

Incentivized

March 29, 2021

Use Cases and Deployment Scope

Traps/now Cortex XDR was being used to provide endpoint protection for our servers and desktops. Traps/Cortex XDR was being used organization wide.

Pros

It does nothing well

Cons

Traps/cortex XDR alerts on wide scale commercial apps that are clearly not malicious
the Cortex XDR console interface is 5 steps worse than simply bad
Frontline support reps are not fluent in spoken English although their written fluency is okay (at best)

Likelihood to Recommend

If I could give a zero, I would. This is a [bad] product with a bad interface. Support is awful and the product doesn't even come close to living up to the sales pitch. Avoid.

Jeff Nichols

Information Security Manager in Information Technology at Port Authority of Allegheny County (1001-5000 employees)

Vetted Review

4 years of experience

View profile

Traps is advanced malware protection without the hassle.

Rating: 9 out of 10

Incentivized

April 22, 2020

Use Cases and Deployment Scope

It is important to note that the functionality of Palo Alto Network Traps is being subsumed into the larger CortexXDR product. Traps has been a good way for our organization to implement advanced anti-malware detection and prevention with a low false-positive rate and a minimum of user annoyance. It is able to catch things that are missed by Windows Defender, both grayware and more serious malware, and exploit attempts. Palo Alto Network Traps can even prevent file-less malware from running.

Pros

Malware detection without existing signatures
Test detonation of unknown files in the cloud and locally
Prevention of threats that traditional AV can't block

Cons

Deployment of the agent via SCCM can have downstream consequences.
The agent installer occasionally has issues, especially if it is being used for a manual upgrade.
Kernel permissions issues on Mac may require user interaction (true for most AV).

Likelihood to Recommend

Normal levels of antivirus are basically good enough at the free tier. But they won't stop the sorts of threats that are becoming increasingly common online. Even if one isn't the target of an APT, file-less malware is becoming commoditized and anyone who can afford it should implement a technology to stop it. Folks who aren't ready for full-on application whitelisting (including scripts) will find Palo Alto Network Traps a great fit with the relative ease of configuration and low user annoyance rate.

Verified User

Analyst in Information Technology (1001-5000 employees)

Vetted Review

4 years of experience

Palo Alto Network Traps make endpoint security simple

Rating: 10 out of 10

Incentivized

February 19, 2020

Use Cases and Deployment Scope

We had previously used a local server-based agent before Traps. We have a Palo Alto firewall with subscriptions to URL filtering, Wildfire, and threat prevention so the systems were separated. Traps was an incredibly easy install that integrates with the rest of the Palo Alto Suite. I no longer have to whitelist our old agent and update that server. Everything is cloud-based so updates are seamless.

Pros

Cloud-based.
Simple to install.

Cons

Email alerts when issues are found not just a daily summary report.

Likelihood to Recommend

Great for employees that have devices off-site frequently. Easy for a small IT staff to use. Integrates great with the rest of Palo Alto. Works great for Windows and Macs.

Verified User

Administrator in Information Technology (51-200 employees)

Vetted Review

1 year of experience

Loading Reviews List....

Palo Alto Networks Cortex XDR The Next-Gen Security Backbone for Modern Enterprises

Rating: 10 out of 10

Incentivized

March 10, 2026

Use Cases and Deployment Scope

Pros

GUI based live terminal which provides visibility of task manager, Drive, folder, file. Even we can execute python code, command in PowerShell and cmd.
Incident / alert grouping into a Case. It minimize the mean time to respond. before analyst focus on every alert and some of them great breached and lasty they find its false positive. But with case they can focus on multiple alert which is grouped in a single case based on behavioural, hostname, Ip, incident type. this reduce time to respond and identify the alert whether its false positive or true positive.
Vulnerability Management - Now organization can get visibility of Vulnerability over their assets, OS, application which is running on endpoint. even they get remediation suggestion and what CVE is getting over that vulnerability.
Automatic Sandbox analysis- on every detection or prevention done by Palo Alto Networks Cortex XDR agent you will get analysis report for it over the console from the Wildfire. It provides the sandbox and analysis report so that admin or analyst can get better visibility what it can impact on their organization and how.

Cons

Within a short time period if same time of malware is executing again and again it provides the timeline of first execution but as a analyst if we think we need all the time whether it should be in second.
Malware Title for alerts- It provides the malware name as wildfire malware rather than it can provide the exact malware name which can help analyst to identify the alert based on name only then they can go for deep analysis.
ZIP file Quarantine- Now Palo Alto Networks Cortex XDR is blocking execution of malware but it should quarantine the ZIP file also but now its quarantining the file file after extracting from Zip and when we try to execute it. No ZIP file quarantine is available now.

Likelihood to Recommend

Verified User

Professional in Information Technology (51-200 employees)

Vetted Review

2 years of experience