Endpoint Response Where It Matters
October 14, 2021

Endpoint Response Where It Matters

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with Palo Alto Networks Cortex XDR

XDR is being used as an Endpoint Response tool. As an EDR we are able to identify events and logs across multiple devices. The nodes on the network display a variety of information that help analyst understand behaviors in the environment. XDR address the problem of security analysts being able to discover, detect, and respond events or incidents involving hosts on the network.
  • Direct Access to devices via Live Terminal which provides operations with scripting, triage, and preservation of artifacts.
  • Behavioral Indicators of Compromise which provides alerts on events regarding groups of hosts and their signatures.
  • Querying complex data sets involving a variety of devices for network connections, hashes, DNS, etc.
  • The UI loads a large amount of data from each windows pane requiring users to scroll or modify queries for smaller list of results. The data being presented can be overwhelming and alerting does not always indicate IOCs.
  • Performance on XDR tends to fluctuate when running queries and features available don't make the process of hunting any faster.
  • Support for the product needs improvement as the product is newer more items are revealed that require attention or resolution.
  • Device Isolation is a wonderful addition to positive impact the business when doing Incident Response which is the highest value in the product.
  • Support at time impacts the business negatively in the short term ROI, but long term goals are a work in progress and attainable.
  • Consolidating many features into one product can save a larger sum of investing into this security tool without a huge performance cut back.
XDR is a solid tool against other security suites. Since XDR goes beyond a EDR tool it's possible to say it can be a replacement for other EndPoint Tools. Although there is a lack of sandboxing binaries the capabilities to customize and tune the tool are vast. XDR is considered a Next Gen product and along with it's Incident Response Features and integration Palo Alto XDR was selected for these reasons and it's ability to work well across many devices.

Do you think Palo Alto Networks Cortex XDR delivers good value for the price?

Not sure

Are you happy with Palo Alto Networks Cortex XDR's feature set?


Did Palo Alto Networks Cortex XDR live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Palo Alto Networks Cortex XDR go as expected?


Would you buy Palo Alto Networks Cortex XDR again?


In a scenario where EDR is a requirement or necessity XDR performs well with or without a SIEM. There are millions of events and logs to parse through and XDR is capable of handling the large load. On top of the large data that is being parsed, features such as Live Terminal, File Retrieval, OS support, and general Metrics, the tool has room to grow and provide a lot for a Security team or organization. Incident Response is a great example of how XDR can shine.

Palo Alto Networks Cortex XDR Feature Ratings