We just raised a $30M Series A: Read our story

Cortex XDR by Palo Alto Networks Alternatives and Competitors

Get our free report covering CrowdStrike, Microsoft, Broadcom, and other competitors of Cortex XDR by Palo Alto Networks. Updated: November 2021.
552,695 professionals have used our research since 2012.

Read reviews of Cortex XDR by Palo Alto Networks alternatives and competitors

MK
Dy General Manager at a real estate/law firm with 501-1,000 employees
Real User
Top 5Leaderboard
Great user experience, very little maintenance required, and easy to set up

Pros and Cons

  • "There's almost no maintenance required. It's very low if there's any at all."
  • "The solution needs to have integration with on-premises security devices and security facilities. That means all the security products, including the perimeter firewall, the DMZ."

What is our primary use case?

The solution is primarily being used at our endpoint, which includes roaming users with laptops. It is being used in all of our servers at our data center. Our security team can monitor everything centrally using the Falcon dashboard. If there is an incident, our team can actually go to the root cause of the incident to try to solve it there. 

What is most valuable?

The overall user experience is good. As of today, there have been no incidents that we've had to deal with and we've been using it for years. 

The solution has a very good graphical interface. It makes it easy to use. The central monitoring is excellent.

There's almost no maintenance required. It's very low if there's any at all.

The solution is an AI and ML-enabled tool for protecting our endpoints. We're still able to use Symantec as an endpoint as well.

What needs improvement?

The solution needs to have integration with on-premises security devices and security facilities. That means all the security products, including the perimeter firewall, the DMZ. 

I'd really like to have a complete solution. Right now most of the incidents happen on our endpoints. It is visible at the endpoint, the end server. If this can have a correlation tool that could actually give us a comprehensive dashboard, that would be useful. It could give us top-down visibility and could be from the firewall or any kind of security protection tool. It could be part of the DNS protection suite. However, that's why it's so important to have better integration capabilities.

If this endpoint is trying to get at this particular website and it is identified as DNS level protection, that also comes to this dashboard. Around 80% to 90% view of whatever it is happening with this endpoint, whatever action it is doing, can be inspected on the dashboard.

 If the endpoint is protected by CrowdStrike. I am only to access this application through a CrowdStrike protected device. 

For how long have I used the solution?

We have been using CrowdStrike as a tool now for the last three months.

What do I think about the stability of the solution?

The stability may be too early to judge, as we are still in a POC. However, when we see the product, it is very, very stable.

What do I think about the scalability of the solution?

We didn't go with the Basic version. We went with Superior. Even the insurance companies are also sold on this product. 

We find that the solution is very, very scalable as a tool and it can completely manage and protect the endpoint. It offers around 99.99% of your protection and assurance and can scale up however much you like.

We have implemented it for approximately 200 users as a POC. We are ready to have a contract with CrowdStrike and we will be implementing it for 700 users in the end, so we will scale it from the POC when we begin to officially use it.

How are customer service and technical support?

Due to the fact that we are still running a POC, we have direct access to the principal on the contract. They have given us a lot of confidence in the product and they are always available alongside the system integrator. We basically have two layers of support.

At this initial stage, if there is any troubleshooting needed, or any type of support is required, the system integrator will provide this to us. If we need to escalate to support for some reason, we have agreed to have CrowdStrike themselves look into any issues.

So far, it's been an effective system and we are satisfied with the level of support we've received.

Which solution did I use previously and why did I switch?

We were using Symantec products, which were Symantec EndPoint Four and Five. We found that the latest modules needed additional tools to protect us. There were multiple tools needed at various levels. There was complexity in increasing users on this platform. It also took a more traditional approach to security, and we were looking for something more advanced that had advanced AI and ML capability.

We evaluated CrowdStrike and we found it satisfactory in our environment. Therefore, we decided to change to it from Symantec.

How was the initial setup?

The initial setup is very, very straightforward, and very easy to use. So far, we've found it very easy to drill down to the root cause.

This is a new area and product for us, so we decided to start using it as a POC. We started in March, or the end of February, of this year, and we have done a POC for some of our users. We'll be going forward with a full implementation and increasing our usage.

In terms of maintenance, I don't find there's much of a requirement for it. It is very easy to maintain. For monitoring and reporting purpose, we have access to a dashboard. Our security can take a look at everything themselves. We also have team members that are capable of configuring this product. That will help us to reduce the requirement of manpower in the long run.

What about the implementation team?

We had a system integrator partner that assisted us with the POC.

What's my experience with pricing, setup cost, and licensing?

I'm not sure what the exact cost of the solution is.

What other advice do I have?

We're a customer. We don't have a business partnership with this solution.

I'm not sure which version of the solution we're using right now. It is the latest, as far as I know. We're currently running a POC with it.

In today's environment, it's very crucial to protect a company from ransomware, and malware. We focus mainly on avoiding these types of attacks. We're always interested in the latest tools that have the latest techniques and are effective in our environment.  

On top of that. we've noticed during the pandemic, there are even more threats happening. We need to focus most of our energy on the endpoints which are basically connected to an unprotected network.

The focus on the endpoints has to be increased at this point in time to ensure we have maximum protection. We prefer to have a cloud-based product rather than an on-premise-based product to protect our data and our endpoints. Therefore, we may need to move to a cloud-based protection suite. Other companies should also consider this. Whether they choose a product like CrowdStrike, Cortex, or Cylance is up to them.

I'd rate the solution eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
MP
Senior Director, Platform Development at a tech services company with 51-200 employees
Real User
Top 10
Self-monitoring, easy to deploy, and stable

Pros and Cons

  • "The ease of deployment and the command center that they have are the most valuable. It is basically self-monitoring. It doesn't require that much tinkering after you deploy or install."
  • "It could have a 10,000-feet overview of the whole infrastructure because the software is easily installable on the whole infrastructure and not just the infrastructure, but also the workstation themselves. I would love to have a 360 view of the whole network and basically see from where a test is coming, and if there is an instance in the cloud that is actually misbehaving or if there is a workstation that is infected and stuff like that. It can also have some kind of AI to detect all those things and then cut off the connection from that machine. In Cortex, you can link the logs, reports, and all that stuff. You can also see the full picture of when it happened, and you can trace it back all the way to a file or something else. I would like to see similar functionality in Avast Business Endpoint Protection."

What is our primary use case?

We have a bunch of instances in production and Dev infrastructure. We use it to protect Linux boxes, PCs, and Macs. We are using the latest version.

How has it helped my organization?

We didn't use any similar solution before, and we did not suffer from any attacks previously. We were lucky that we did not have any attacks, and we didn't suffer from anything.

We got it more for compliance. To be compliant, you have to have endpoint protection. Now that we have this solution, we still haven't detected anything. Overall, the employee workforce is kind of at top of their game regarding phishing attacks, but again, you cannot always be a hundred percent on it. So far, we didn't have anything that Avast Business Endpoint Protection would actually catch.

What is most valuable?

The ease of deployment and the command center that they have are the most valuable. It is basically self-monitoring. It doesn't require that much tinkering after you deploy or install.

What needs improvement?

It could have a 10,000-feet overview of the whole infrastructure because the software is easily installable on the whole infrastructure and not just the infrastructure, but also the workstation themselves. I would love to have a 360 view of the whole network and basically see from where a test is coming, and if there is an instance in the cloud that is actually misbehaving or if there is a workstation that is infected and stuff like that. It can also have some kind of AI to detect all those things and then cut off the connection from that machine.

In Cortex, you can link the logs, reports, and all that stuff. You can also see the full picture of when it happened, and you can trace it back all the way to a file or something else. I would like to see similar functionality in Avast Business Endpoint Protection.

For how long have I used the solution?

I have been using it since August, that is, for about four months.

What do I think about the stability of the solution?

It is stable. There are no bugs or glitches.

What do I think about the scalability of the solution?

It is scalable. You have to purchase licenses. One thing that we have is that the instances are mostly kind of static. Once they go up, they remain for at least a year or something like that. Therefore, we didn't have a case where you have a license just hanging there. I don't know if they offer any kind of flexible amount, pool, or something like that.

It is being used throughout the company. We have 40 people. It is used to protect every personal computer and the whole production and developer infrastructure.

How are customer service and technical support?

I haven't used their technical support so far.

Which solution did I use previously and why did I switch?

I used Norton 360 previously in a different company. From a resource standpoint, it is not resource-intensive like Norton.

We actually wanted to go with Norton 360 in my current company, but we could not get hold of them, and we could not purchase. That's the worst experience that we had. We wanted to give them money, but they couldn't be reached to actually schedule.

How was the initial setup?

It was straightforward.

What's my experience with pricing, setup cost, and licensing?

It is $75 per license for a year. There are no additional costs.

What other advice do I have?

It is pretty much straightforward to set up. Installation and updates are the only two steps. If you're setting up your company from scratch in the beginning, then I would suggest to buy it and then basically get it installed on every image. For a bigger company or for each personal computer or workstation, you can install it as an image. It will then already be there, and you don't have to bother with installing it later. For your cloud infrastructure, if you have an AMI, AWS, or any kind of image, that image should be updated with that software. The only thing that you need to change is the license.

I would rate Avast Business Endpoint Protection a nine out of ten. For a ten, it should have a 360 kind of view of the whole organization or the whole infrastructure.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IG
Senior Infrastructure and Security Engineer at a manufacturing company with 51-200 employees
Real User
Allows us to lock the environment pretty tightly and protects our organization

Pros and Cons

  • "I like its protection very much. It protects and allows us to lock the environment pretty tightly. Nothing that is not approved through Carbon Black can run in the environment. There is no default. Everything goes through Carbon Black Protect, and everything has to be first approved. Every software is considered to be guilty before prove innocent."
  • "It could be a bit complicated. You have to be very familiar with Carbon Black to understand what it is doing and why it is doing. I would like to have more explanations and simplification in the user interface. It would be good to get help and see more explanations. It should tell us that a software is blocked and the reason for it. It would be good to be able to build chains in terms of what caused what, what worked, and what caused an issue. We are now moving from Carbon Black to Cortex XDR. While choosing antivirus software, we were also looking at Carbon Black because it also has an antivirus package, and it is next-generation, but we were told that Carbon Black doesn't support firewalls. We have Palo Alto firewalls. We would have chosen this solution if it supported firewalls, in particular next-generation firewalls, but unfortunately, it doesn't. Therefore, we decided on Cortex XDR because it integrates with Palo Alto firewalls."

How has it helped my organization?

It has allowed us to protect our organization from viruses. We've seen many cases when people try to install innocent application, such as a web browser or something like that, and then there are attachments that are not so innocent. Carbon Black tells about such things.

What is most valuable?

I like its protection very much. It protects and allows us to lock the environment pretty tightly. Nothing that is not approved through Carbon Black can run in the environment. There is no default. Everything goes through Carbon Black Protect, and everything has to be first approved. Every software is considered to be guilty before prove innocent.

What needs improvement?

It could be a bit complicated. You have to be very familiar with Carbon Black to understand what it is doing and why it is doing. I would like to have more explanations and simplification in the user interface. It would be good to get help and see more explanations. It should tell us that a software is blocked and the reason for it. It would be good to be able to build chains in terms of what caused what, what worked, and what caused an issue.

We are now moving from Carbon Black to Cortex XDR. While choosing antivirus software, we were also looking at Carbon Black because it also has an antivirus package, and it is next-generation, but we were told that Carbon Black doesn't support firewalls. We have Palo Alto firewalls. We would have chosen this solution if it supported firewalls, in particular next-generation firewalls, but unfortunately, it doesn't. Therefore, we decided on Cortex XDR because it integrates with Palo Alto firewalls.

For how long have I used the solution?

I have been using this solution for one and a half years. In our company, it has been used for around five years.

What do I think about the stability of the solution?

It works. I was actually very surprised about its stability. It is in a virtual environment. It works in a VMware environment for us. Sometimes, latency discrepancies are very high, but it is pretty stable.

What do I think about the scalability of the solution?

It is scalable. We have about 400 machines here, and everyone is using it. It protects 400 nodes. We have one server that serves all nodes. The number of machines is growing slowly. We had 350 machines earlier, and in one year, the number is 400.

How are customer service and technical support?

I never had a need to use the tech support. My boss, who actually implemented this product, used their technical support, and he was okay with it. 

Which solution did I use previously and why did I switch?

We have Symantec Endpoint Protection, and it has some functions similar to Carbon Black, but not all. Carbon Black is definitely better because Symantec Endpoint provides some protection as a part of their antivirus solution, but it is not as powerful as Carbon Black.

How was the initial setup?

When I joined this company, Carbon Black was already very well established. All rules and all groups were in place. The person who worked before me did a great job.

What other advice do I have?

It does everything that we need. We can configure it very strongly and lock the environment, which sometimes can create an administrative headache for us and some hassle for users because the users cannot install some of the software and have to ask us to enable the software, but it is exactly what we wanted.

I'm pretty happy with this solution, but unfortunately, at this point, we will have to stop using this solution, but this is not what we want. We are going to use Cortex XDR, but we are not sure if it is possible to work back to back with Carbon Black. Cortex initially told us that Carbon Black and Cortex XDR are not compatible, but it was just word of mouth. At the same time, Carbon Black is not on their incompatible products list. It would be good if these two are compatible because I can imagine the amount of time it would take to translate all the rules from Carbon Black to Cortex and handle all errors and other things.

I would rate Carbon Black CB Defense a nine out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
AA
EMEA IT Infrastructure Manager at a consumer goods company with 5,001-10,000 employees
Real User
Top 20
Works well as part of an overall security solution and has no impact on end-users

Pros and Cons

  • "Defender has very little impact on the end-user and the agent works quite well with a minimal impact on the client and server."
  • "Cortex... has good investigation capabilities, out-of-the-box, in case there is an event that you'd like to investigate. It's quite convenient. Microsoft has those capabilities as well, but you need a bit more training on the product to get the basic information that you can get out-of-the-box with Cortex."

What is our primary use case?

We use it for endpoint security.

How has it helped my organization?

When looking at the ecosystem as a whole, security-wise, Microsoft provides a complete solution with the E5 Security suite. Microsoft has a big advantage because Defender knows how to interact with the CASB and all the other security components that you have. Overall, that makes the management of the environment much easier. It's easier to understand what's going on, to become aware of risks, and to take action.

What is most valuable?

  • Defender has very little impact on the end-user.
  • The agent works quite well with a minimal impact on the client and server.
  • It's very easy to deploy it.

For how long have I used the solution?

We did a trial of Microsoft Defender for Endpoint for about three months, and now we are in the process of rolling it out.

How was the initial setup?

We have about 4,300 users of Defender and it took two days to have it fully deployed. With Cortex it took some time. With Cortex, we had some 500 clients that we had to investigate because for some reason they did not get the agent immediately and we had to do some tweaking to get it to all the end-users.

What about the implementation team?

We used consultants for the deployment of both Cortex and Defender.

Which other solutions did I evaluate?

We gave Palo Alto Cortex XDR a try and we are now in the process of removing it and going to Microsoft Defender for Endpoint. I have experience with both of them.

Cortex has quite good management capabilities that give IT organizations quite a good picture of attempted cyber attacks. It has good investigation capabilities, out-of-the-box, in case there is an event that you'd like to investigate. It's quite convenient. Microsoft has those capabilities as well, but you need a bit more training on the product to get the basic information that you can get out-of-the-box with Cortex.

The onboarding process with Defender is much easier. In two days we were able to deploy it to our whole organization. Cortex is much more cumbersome. But the onboarding process is not the issue. A more important difference is that once you have security risks that you would like to mitigate, Cortex more easily gives you information regarding the threats. Microsoft gives you exactly the same information, but you have to know how to dig a bit more and do some manual steps that, with Cortex, are more straightforward.

The main issue that we had with Cortex, and the reason we decided to roll back and go to Defender, is that Cortex has a horrible impact on the performance of the system. For an enterprise-level organization, it kills the system. Users were complaining that when moving between emails in Outlook it would take a lot of time, creating a lot of delays and timeouts. Web browsing and every action on their computers took much more time than usual with Cortex.

What other advice do I have?

I would rate Defender a nine out of 10, while Cortex XDR is a five out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
CL
Cyber Security Consultant at a tech services company with 10,001+ employees
Real User
Top 20
Good ability to respond to zero-day and unknown threats, but automating the threat response needs improvement

Pros and Cons

  • "The most valuable feature is the ability to respond to zero-day and unknown threats."
  • "Our customers would like to see more automation with respect to how threats are handled once they have been detected."

What is our primary use case?

We are an IT company and this is one of the solutions that we implement for our customers. I am a pre-sales solution architect in charge of cybersecurity.

How has it helped my organization?

The primary use of Cylance is endpoint detection and response (EDR). This solution moves away from traditional EDR to more advanced endpoint protection.

What is most valuable?

The most valuable feature is the ability to respond to zero-day and unknown threats. This is what is most often talked about by our customers. They want to pay to protect their endpoints.

What needs improvement?

Our customers would like to see more automation with respect to how threats are handled once they have been detected.

More advanced machine learning capability would improve Cylance.

For how long have I used the solution?

I have six months of experience with Cylance.

What do I think about the stability of the solution?

Our customers use this solution on a daily basis and we haven't heard any complaints about stability.

Which solution did I use previously and why did I switch?

I have worked with solutions from several vendors. The most popular vendor for security among customers is Palo Alto, but that is for next-generation firewall solutions. The Palo Alto endpoint solution, Traps, is never talked about.

Symantec and Trend Micro have traditional endpoint protection solutions but we are focused on Cylance and recommend it. 

What other advice do I have?

I have not received much feedback but Cylance seems to be able to meet our customers' requirements for the time being.

I would rate this solution a seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Get our free report covering CrowdStrike, Microsoft, Broadcom, and other competitors of Cortex XDR by Palo Alto Networks. Updated: November 2021.
552,695 professionals have used our research since 2012.