Item: Palo Alto Networks Cortex XDR
Rating: 10
Author: Verified User

Use Cases and Deployment Scope

Traps are used by all of the endpoints (notebook & VDI) in our organization. This is done to mitigate the risk from malware attack, zero day attack and APT. Previously we utilized a typical anti-virus agent for protection from known malware. However since Q1 last year and based on the threat trends, we discovered it's not enough just to rely on the known malware/traditional anti-virus solution.

Pros and Cons

Able to block malicious child-process run on the endpoint
Able to block executed files which hashes are malicious
Able to block process that employs malicious behaviour
Proven to be able to block zero-day exploits

We encountered some glitch in a certain version of the agent. When we deployed newer version, the policy set on the previous version was white-listed/overwritten.
Moving to encrypted based connection (communication between agent to server) is troublesome, coz we need to uninstall the agent first.
Need to have a more flexible reports/dashboard where we can customize it
We feed Traps log to our SIEM, however the information sent to the SIEM was not complete, but we need to investigate more probably some faults are on us

Return on Investment

No ransomware has sucessfully impact our endpoints, this has saved us hundreds if not millions of dollars lost
Users are now more aware of what files/processes that are malicious are being run, this give a good education on to the users
the cost of implementation is relatively average, compares to competitor

Alternatives Considered

McAfee and Symantec Advanced Threat Protection

At that time, we could not find other solutions that could compete with Traps. Most of the solutions presented to us are traditional anti-virus. While traps do not rely on the signature of malware but more on the suspicious behaviour or method used. This gave Traps a lot of advantage that we fine could address our needs. Even now, we are reviewing to replace completely the traditional anti virus.

Support Rating

The team that supports us are tremendous, they have helped us in upgrading the versions. The upgrade didn’t go on smoothly however their support to fix the issues are great. And lots of help from them to advice us on better use the Traps. Exceptional supports have been given to us by the team.

Key Insights

Do you think Palo Alto Networks Cortex XDR delivers good value for the price?

Yes

Are you happy with Palo Alto Networks Cortex XDR's feature set?

Yes

Did Palo Alto Networks Cortex XDR live up to sales and marketing promises?

Yes

Did implementation of Palo Alto Networks Cortex XDR go as expected?

Yes

Would you buy Palo Alto Networks Cortex XDR again?

Yes

Other Software Used

McAfee Email Gateway (Discontinued), McAfee Enterprise Security Manager, Sophos Secure Email Gateways

Likelihood to Recommend

If protection from known and unknown malware or suspicious process / files are the target, than Traps will address that. It has been proven by us numerous times that Traps are able to block malicious behaviours being run in the files, as well it can prevent zero-day exploits from hitting our organization.

Traps will trap malware

Overall Satisfaction with Palo Alto Networks Traps