Item: Palo Alto Networks Cortex XDR
Rating: 8
Author: Mst Rahima Khatun

Use Cases and Deployment Scope

The trap was easy to install and worked well with the Palo Alto Suite overall. Upgrades are seamless because everything is in the cloud. We use traps on all of our devices, including laptops and virtual desktops. They did this to guard against malware, zero-day exploits, and APT attacks. This gives us the ability to triage/investigate right from the home page. It can disclose Gray ware and other serious malware and exploit attempts that Windows Defender misses. Palo Alto Networks Traps can also prevent the execution of malware that does not require a file to be downloaded. We’ll see in the CortexXDR product that Palo Alto Networks has added Traps functionality.

Pros and Cons

Some zero-day exploits, malicious child processes, and maliciously hashed files have been successfully blocked by it.
Analyzing and identifying unknown malicious software on workstations, servers, and mobile devices are made easier with the help of tracking file behavior.
Panorama's integration helps us detect malicious files and traps more quickly and efficiently than other products we've tried, protecting us from zero-day attacks.

Traps, like all advanced endpoint protection, need to grow in machine learning/baseline protection.
Sometimes, exceptions were made because of legacy or custom software issues, and we encountered a bug in an older version of the agent.
Traps are best for IT environments using COTS reports/dashboards. In environments where custom software and applications are used, Traps necessitate a great deal of tweaking.

Most Important Features

Tracking file behavior and the ability to prevent the use of zero-day exploits are two of its many strengths.
Monitoring that is both cloud-based and has a low environmental impact.
Convenient console operation, as well as quick and painless setup.

Return on Investment

It's less expensive than an onsite server, but it puts more work on the endpoint security teams.
It adds an extra layer of security for our users and reduces malware outbreaks, which reduces downtime.
Faster, and Traps give us a lot of information about what processes are running on our endpoints.

Alternatives Considered

CrowdStrike Falcon Endpoint Protection, Kaspersky Endpoint Security and Symantec Advanced Threat Protection

Traps provided us with a cloud-based platform that made our lives a lot simpler. Nothing like Traps exists in the market and I've never used anything like it. Others, on the other hand, were a lot slower to respond. Malwarebytes and other enterprise-level malware software are also available, but they do not fall under the same heading.

Key Insights

Do you think Palo Alto Networks Cortex XDR delivers good value for the price?

Yes

Are you happy with Palo Alto Networks Cortex XDR's feature set?

Yes

Did Palo Alto Networks Cortex XDR live up to sales and marketing promises?

Yes

Did implementation of Palo Alto Networks Cortex XDR go as expected?

Yes

Would you buy Palo Alto Networks Cortex XDR again?

Yes

Other Software Used

Kaspersky Endpoint Security, Cisco ASA, MS SharePoint, N-able N-central (formerly Solarwinds N-Central)

Likelihood to Recommend

Malware that doesn’t leave files behind has become widely available. Anyone who can afford to reverse this trend should purchase technology. Application whitelisting isn’t for everyone, and Palo Alto Networks Traps can help. Enterprises looking for a low-affected, next-generation solution with high protection should consider it. PAN Traps is a great product at a reasonable price, and I highly recommend it.

Excellent Threat Hunting Capabilities And Endpoint Security Products For Next Gen

Overall Satisfaction with Palo Alto Networks Traps