Palo Alto Networks Cortex XSOAR Reviews and Ratings

Rating: 1.4 out of 10

Score

1.4 out of 10

Community insights

TrustRadius Insights for Palo Alto Networks Cortex XSOAR are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Pros

Comprehensive Automation: Many users have stated that the product offers comprehensive automation capabilities for necessary operations after a security event. This feature allows users to streamline their operations and improve efficiency by automating repetitive tasks.

Wide Range of Integrations: Several reviewers have mentioned that the product provides a wide range of integrations, allowing for seamless integration with various platforms, including mobiles. This enhances the accessibility of the Management App provided by the product across different platforms.

Threat Detection and Response Enhancement: A significant number of users have praised the product's IOC enrichment feature, which enables them to enrich IP, URL, and File Hashes. By enhancing threat detection effectiveness, this feature aids in proactive threat detection and response.

Reviews

8 Reviews

Best SOAR in the market

Rating: 9 out of 10

Incentivized

April 26, 2022

Use Cases and Deployment Scope

Palo Alto Networks helps us a lot. It collects all the data in one place and the security analytics can be performed on that and which will save a lot of time. Some security tasks can be automated and thus productivity of staff is increased. Integration are also available. CyberSecurity incident can be catched in one platform itself. The IOC enrichment features is also helpful.

Pros

Taking preemptive actions by blocking IP
Track of the incident occurrence
Integrations with different products
Automation

Cons

Better documentation can be more helpful
UI interface can be improved

Likelihood to Recommend

Palo Alto Networks Cortex XSOAR (formerly Demisto) can be used by small scale industry who wants to ensure the security as well as to save time. Palo Alto provides many ready to use functionality which can directly implemented into the production. Custom playbooks can be written for detecting and taking action for various phishing attacks.

Verified User

Engineer in Engineering (201-500 employees)

Vetted Review

1 year of experience

Fast and effective responses against cyber threats from the internet.

Rating: 10 out of 10

Incentivized

April 25, 2022

Use Cases and Deployment Scope

We have been using the Palo Alto Networks Cortex XSOAR solution for over 1 year with the main mission of automating and seeking the orchestration of our security processes and integrating the other tools and systems that we use in our data network in order to simplify and obtain the complete and faster view of our entire IT environment. Automated phishing protection functionality has dramatically reduced security incidents that occur via email and also creates a data enrichment process to review security incidents and findings from reports.

Pros

Automation with immediate security responses.
Comprehensive phishing protection and increased email protection.
Analysis and reporting feature.
Intuitive and easy-to-view panels.
Alerts by email and sms of incidents for the administration.
Centralized monitoring.

Cons

Some reports are not generated automatically
The documentation still has some flaws.

Likelihood to Recommend

It has been perfect for us and we recommend it to anyone looking for a solution to improve incident management, response and automation, and overall incident and security reporting. We have a threat management solution with incident reports and incident response triggers against malware, phishing, and network security breaches on our systems and servers. We recommend the use of granular reports that can be used in analysis and strategic meetings for decision making. The solution helps you understand patterns of incidents and attempts at possible vulnerabilities.

Verified User

Analyst in Information Technology (51-200 employees)

Vetted Review

1 year of experience

A Super SOC with just 2 persons and much embedded technology

Rating: 9 out of 10

Incentivized

April 22, 2022

Use Cases and Deployment Scope

We currently have several security tools and services in the company and all these tools and services generate records of activities and events handled. With the volume of information generated today, it is impossible for a human being to keep analyzing these records/logs because surely some event will be lost due to analysis fatigue or the difficulty of correlating events from one tool with another. We also needed a technology that would allow automation of controls to be applied in response to any incident detected.

Pros

automates necessary operations after a security event
Lots of integrations available
Management App that works in any plaforms include mobiles

Cons

console responsiveness
better integration with third-party threat intelligence solutions
better integration with SAML authentication

Likelihood to Recommend

Well Suited. Environments with lots of security tools which need to correlate the events. Companies with a few security persons in the team. Security teams that decided to use external threat intel to correlate e detect security incidents. Less Appropriated. Companies that don't have any other Palo Alto Networks solution.

Raphael Soares

CTO (Chief Technical Officer) in Professional Services at Trust Control Segurança em Tecnologia da Informação ltda (11-50 employees)

Vetted Review

3 years of experience

Very good SOAR solution

Rating: 8 out of 10

Incentivized

April 20, 2022

Use Cases and Deployment Scope

●Standardize

and

scale processes: Demisto playbooks help you codify

and enforce a process that’s common across your security team. These playbooks

can be fully automated, fully manual, or any combination of the two, with each

scenario having its own advantages for increased efficiencies.

●Lower response times with automation: Demisto

can automate thousands of actions across your security products, handing back

time to you for investigation and decision-making. This automation can be for

alert ingestion, data gathering, response actions, and updating info back in

the point products.

●Coordinate actions across security

products: You

now have a process-centric view of how to respond to a particular incident

that’s not tied to any one security product. All security products have their

purpose, but playbooks provide you with an abstract view of the ‘process’ and make

it easier to replace one product with another whenever you need to.

Pros

Standardize and scale processes
Lower response times with automation
Coordinate actions across security products

Cons

PLAYBOOK generation
Using other languages in marketplace
Scripting documentation

Likelihood to Recommend

XSOAR is well suited for phishing detection and response. Phishing alerts are as much of a

problem today as they were decades ago. This is because:

●Attackers

Can leverage automation to launch high-quantity phishing attacks with the click

of a button.

●Spear

Phishing attacks are sophisticated and sometimes indistinguishable from real

emails, resulting in compromise through human error.

●Security

Teams aren’t able to follow set processes while responding to phishing alerts.

They must coordinate across email inboxes, threat intel, NGFW, ticketing, and

other tools. Each tool has different consoles, data conventions, and contexts,

making it difficult for security teams to fill in the gaps while minimizing

errors. XSOAR is less suited for analyzing traffic.

Verified User

Engineer in Engineering (1001-5000 employees)

Vetted Review

2 years of experience

XSOAR Review

Rating: 8 out of 10

Incentivized

April 20, 2022

Use Cases and Deployment Scope

I use XSOAR to analyze CyberSecurity incidents in one convenient platform.

Pros

Integration with other vendor tools.
Customizing and automating has pretty much no limit.
Support is fast and helpful.

Cons

Better documentation e.g. indicators and how to property automate them.

Likelihood to Recommend

XSOAR is well suited for cybersecurity teams to automate and integrate various incidents into one platform. The tool is highly customizable and can be integrated with pretty much any known 3rd party security tool. The marketplace has a lot of free integrations that can be used in many scenarios.

Verified User

Employee in Information Technology (10,001+ employees)

Vetted Review

1 year of experience

Cortex XSOAR observations from a Security Analyst's standpoint after 3 years of use

Rating: 9 out of 10

Incentivized

April 12, 2022

Use Cases and Deployment Scope

This product is being used as the SOAR platform for automation. Automating the repetitive security alerts is the main goal currently served by XSOAR. Also for documentation and escalation of sensitive cases within the team and in the extended information security team, we use it on a daily basis. It also helps analysts with required IOC enrichments, which is quite helpful and a time saver.

Pros

IOC enrichment for IP, URL, File Hashes
Automating workflows for notifications to the concerned team and decision-making for repetitive alerts/issues based on the playbook
Taking remediation action like blocking the IP, URL by the custom-made XSOAR commands
Providing the timeline of an incident, which helps in AAR activities

Cons

The XSOAR bot creates a lot of noise on the summary page of any XSOAR incident. Although the filter is available to reduce the view, by default this should not be visible cluttering the whole scenario.
The interface has too much data on a single pane. I would love to have many buttons to just click and do stuff.
Also, I would love to have search areas more interactive and easier to navigate.

Likelihood to Recommend

Well suited: In situations where the task is more repetitive and you are getting a lot of false-positive detections [what we get 95% of the time], XSOAR can take the burden and handle those repetitive false positives without causing any headache for analysts. Additionally, if you have a list of teams to notify on occasion for a particular type of incident and if the type of incidents you get is dynamic then XSOAR can help you by assigning appropriate "roles" to appropriate escalation points and associating your incident to the exact role to create an MS Teams, Slack, or email notification for the concerned team.

Sarthak Chand

Information Security Manager in Information Technology at Synchrony Financial (10,001+ employees)

Vetted Review

3 years of experience

Cortex XSOAR - Comprehensive incident management solution

Rating: 6 out of 10

Incentivized

February 17, 2022

Use Cases and Deployment Scope

With Palo Alto Networks Cortex XSOAR (formerly Demisto) in our organization, our SOC team is seamlessly able to triage and investigate malicious traffic in our network. This is hence enhancing our network security posture. We have also created playbooks and integrated our firewalls to automate policy creation at time of any attacks are being identified.

Pros

Triage and investigation of malicious traffic
Automate firewall policy modifications and actions in playbooks using Panorama
Automate malware sample analysis

Cons

SAML is not stable, it gives a lot of issues.
Pre-defined playbooks need a lot of fine tuning
Lacks proper documentation

Likelihood to Recommend

Palo Alto Networks Cortex XSOAR (formerly Demisto) is well suited in scenarios where there is a dedicated threat hunting team working continuously for analyzing logs and alerts. This even has a lot of out-of-the-box and ready-to-use features, that makes life easy for your malware hunting team. In cases where there is no such team, or SOC deployed, it will not b much useful.

Darshil Sanghvi

Presales in Information Technology at Network Techlab (501-1000 employees)

Vetted Review

2 years of experience

Customized automation when time matters

Rating: 10 out of 10

Incentivized

November 11, 2021

Use Cases and Deployment Scope

It is currently used by our IT Security department only. We use it primarily for its automation but also to a smaller extent for secops, and logging and compliance. We also use it for HiTrust certification in that we can report what we have seen.

Pros

Automated work flows
Customization
Reporting

Cons

Creating custom workflows can be unintuitive at a small scale. Processes inside of a process.

Likelihood to Recommend

Our runbooks for a phishing email have been almost completely automated. In a manual process from reporting to resolution it would have take several hours to complete. Now, we can do a phishing email resolution with decision points in 10-15 minutes. Having this run book hooked into our other platforms and be able to manipulate that data has greatly increased the effectiveness of our small team.

Verified User

Analyst in Information Technology (10,001+ employees)

Vetted Review

2 years of experience

Loading Reviews List....

Home
,
Security Orchestration, Automation and Response (SOAR)
,
Palo Alto Networks Cortex XSOAR
,
Reviews and Ratings

Very good SOAR solution

Rating: 8 out of 10

Incentivized

April 20, 2022

Use Cases and Deployment Scope

●Standardize

and

scale processes: Demisto playbooks help you codify

and enforce a process that’s common across your security team. These playbooks

can be fully automated, fully manual, or any combination of the two, with each

scenario having its own advantages for increased efficiencies.

●Lower response times with automation: Demisto

can automate thousands of actions across your security products, handing back

time to you for investigation and decision-making. This automation can be for

alert ingestion, data gathering, response actions, and updating info back in

the point products.

●Coordinate actions across security

products: You

now have a process-centric view of how to respond to a particular incident

that’s not tied to any one security product. All security products have their

purpose, but playbooks provide you with an abstract view of the ‘process’ and make

it easier to replace one product with another whenever you need to.

Pros

Standardize and scale processes
Lower response times with automation
Coordinate actions across security products

Cons

PLAYBOOK generation
Using other languages in marketplace
Scripting documentation

Likelihood to Recommend

XSOAR is well suited for phishing detection and response. Phishing alerts are as much of a

problem today as they were decades ago. This is because:

●Attackers

Can leverage automation to launch high-quantity phishing attacks with the click

of a button.

●Spear

Phishing attacks are sophisticated and sometimes indistinguishable from real

emails, resulting in compromise through human error.

●Security

Teams aren’t able to follow set processes while responding to phishing alerts.

They must coordinate across email inboxes, threat intel, NGFW, ticketing, and

other tools. Each tool has different consoles, data conventions, and contexts,

making it difficult for security teams to fill in the gaps while minimizing

errors. XSOAR is less suited for analyzing traffic.

Verified User

Engineer in Engineering (1001-5000 employees)

Vetted Review

2 years of experience