We just raised a $30M Series A: Read our story

Cortex XDR by Palo Alto Networks Room for Improvement


It would be good if they could make an exception for applications. Sometimes, it can be a bit of a challenge to make exceptions for certain applications that have been used as rogue. So, making exceptions would be easier and would probably be better for logging.

It would be nice if it were easier to use and if there were some free training hours.

As for additional features, I would suggest having mobile access to the console, perhaps through a mobile app for the console.

View full review »
Network Designer at a computer software company with 1,001-5,000 employees

The solution should enhance the ADR and reporting. As of right now, they are giving reports, which are okay, however, there are other ways to get better reporting. That is an area where I already requested that Palo Alto work on.

In reporting they should have a customizable dashboard due to the fact that C-level people don't like reporting to the IT department. They prefer to have a real-time dashboard. That kind of dashboard needs to have various customizations. 

They should extend the solution for URL filtering, as other endpoint security products are doing that already. Nowadays, users are working from home and therefore we have plenty of traffic back through the data center just for URL filtering security. If that functionality could be there in the endpoint, then we would be happy. It would ensure users working from home couldn't access malicious websites. 

View full review »
Senior Information Security Architect at a tech services company with 201-500 employees

It's my understanding that this solution is at end-of-life.

It's hard to use as a product. It's not easy or straightforward. Especially when I deal with a government sector or other sensitive industries. They do not accept that it's so easy to share metadata outside their organization. They prefer on-prem even if it is not as powerful due to the fact that they perceive it as being more secure.

The solution can never really be an on-premises solution based simply on the way it is set up. It needs metadata to run and improve. Having an on-premises solution would cut it off from making improvements.

The deployment is pretty hard. Competitors like Trend Micro or Symantec have features on their console that make them easier to use. This solution does not offer items that would increase its usability.

Before I moved to technical sales, I handled implementation, and I remember it being very difficult. They need to improve this aspect.

The solution provides a lot of false positives. The average amount of false positives you get is 5%. It would be great if this could be lowered.

View full review »
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,695 professionals have used our research since 2012.
Vice President / Chief Technology Officer at Sinnott Wolach Technology Group

A little bit more automation would be nice.

View full review »
CIO/CTO at a manufacturing company with 501-1,000 employees

The solution eats memory of the computer, unlike anything I've ever seen. It eats more memory than Chrome. 

I have a lot of users that are eating my memory each hour every day and it's causing us problems. We have to go and buy more memory for each computer. When you have a lot of computers like we do, is not a very good situation.

Some of the computers are only using 4 GB of memory, so if you put aside the differences, most only have some Chrome, some internet, and Office and that's it. And yet, the memory is getting eaten.

If someone catches something like malware, or something else, I want to know if the file was spread to other machines and what the target was. I want to be able to get ahead of the spread. This solution doesn't do enough to protect us against these types of vulnerabilities or to give us much information about the spread. The tool really does need some more reverse engineering features.

There's an overall lack of features.

The initial setup could use improvement. Currently, I must go to each machine and deploy everything manually. We are in 2020, not in 1980. It seems like such a dated way of doing large deployments.

View full review »
Consultant at a tech services company with 501-1,000 employees

It is not a suitable solution if you are looking for a single product with multiple features such as DLP, encryption, rollback, etc.
this is good as an endpoint protection to prevent malware, exploits, zero days, ransomware, botnet etc. For features like Host DLP or encryption or patch management, or any such features which are available in basic anti-virus, you cannot expect it in Palo Alto Network's Cortex XDR solution. rest, all features work as expected, without any lagg or slowness observed in the system.

View full review »
Cybersecurity Incident Response Analyst at a computer software company with 5,001-10,000 employees

The downside to the solution is that there are a large number of false positives. There are a whole lot of different things for business automated actions, and it's hard to sort through all that. Without some assistance and suppression of false positives from Palo Alto or some event triaging that you might have enabled on your SIEM, you'll continue to get the high number of false positives. It's related more to the lack of capability to easily identify and suppress false positives before they're presented to you. There needs to be a function for suppressing false positives for types of machines and not necessarily for the actual groups.

View full review »
Lead Security Engineer at ESKA

For working with the solution, you only really need a web browser, however, we've found that working on Chrome, for example, is horrible.

Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well.

View full review »
System Manager at a consumer goods company with 10,001+ employees

As an improvement, I would like to see enhanced connection speeds. On China's side, we need to set up a local server for the definition updates, and the performance has not been very good for the company when directly connected to the internet. We are a little disappointed with that.  

View full review »
Lead Consultant at a tech services company with 1-10 employees

There are a lot of logs generated and an engineer has to go through all of the events to find out exactly what the bottleneck is. We do need to collect the events but this can be time-consuming. Being able to filter the events to see those that are related to the actual alert would save time spent by the engineer.

A better pricing plan would make this product more competitive.

View full review »
Senior Security Consultant at a tech services company with 201-500 employees

I would like to see some sort of attachment scanning included.

Data privacy is a matter of concern. You have to be careful with data privacy, it can be sensitive and Cortex can have most of your access.

I want a plugin for email attachment scanning and email body scanning.

View full review »
Network and Cybersecurity Consultant at a tech services company with 11-50 employees

It would be good to have a better way to search for a file within the UI. Like in SentinelOne, you can search for an arbitrary file, and in Cortex XDR, you can't. You can do it with an addendum license, but I think we could all benefit from getting it with the standard license. Because if you want to do threat hunting with this product, you have to search for files now and not wait to get a license.

View full review »
Assistant Superintendent with 51-200 employees

Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want.

View full review »
Digital Business Solutions Manager at Bahrain Telecommunication Company BSC (Batelco)

It would be better if they could educate the customers more. Some sort of seminars and roadshows will help educate the customers and show what the product can do. The price could be better. It would also help if they had a team for deployment and support.

View full review »
CyberSecurity Consultant at a tech services company with 51-200 employees

The solution should offer more dashboards and they should be better customized. The case number of items should be addressed. 

I have found the interface of Azure to be more simple and customizable than that of the solution. 

View full review »
Sr. Technology Architect at Incedo Inc.

There are some third-party solutions that are difficult to integrate with, which is something that can be improved.

View full review »
Sales Engineer at a security firm with 51-200 employees

The installation should be easier and the Palo Alto pre-sales and sales should teams have more information on the product because they don't know what they are selling.

They don't know the features of the products they sell.

For example, Cortex XDR includes Cortex XDR Prevent, Cortex XDR Pro, and Cortex XDR Pro per TB. They don't know the real differences between Cortex XDR Pro and Cortex XDR Pro per TB.

Sometimes, they will tell you about features for one edition that belong to another edition. They don't seem to know what features belong to what edition.

View full review »
IT Director at a energy/utilities company with 1,001-5,000 employees

I would like to see them include NDR (Network Detection Response). Then it would work well with SIEM Response. Also, if they could make an on-premises version we would definitely go with Cortes. At this time, they are not offering an on-premises solution.

View full review »
IT manager at a computer software company with 11-50 employees

It should support more mobile operating systems. That is one of the cons of their infrastructure right now.

View full review »
Pre-sales engineer at a tech services company with 51-200 employees

It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control. Currently, Cortex is good in terms of the security of the endpoints, but it is not as good as other vendors in terms of the management of the endpoint.

View full review »
Security Engineer at a tech services company with 11-50 employees

It'll help if customization was easier. It would be better than how it's now if it came out of the box using their stock set up to get it up-and-running. Then you go in, and you add more restrictive things to make it better.

View full review »
Security consultant at a tech services company with 1,001-5,000 employees

In an upcoming release, the solution could improve by proving hard disk encryption. If it could support this it would be a complete solution.

View full review »
General manager at MOL-IT India Pvt. Ltd.

The solution could improve by providing better integration with their own products and others.

View full review »
EMEA IT Infrastructure Manager at a consumer goods company with 5,001-10,000 employees

The product's impact on system performance is horrible, adding a lot of delays for users. 

View full review »
Relationship Manager at a financial services firm with 5,001-10,000 employees

Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms.

View full review »
Ingeniero de Soporte at a tech services company with 11-50 employees

The configuration could be simplified.

I would like to see better protection, specifically to protect email applications.

View full review »
Assistant PhD at Stefan Cel Mare University of Suceava

I would like the Panorama module included. It's another solution that is provided by Palo Alto and we are interested in that.

I would like to see some additional features related to email protection included.

View full review »
Director of Cloud Security at a comms service provider with 51-200 employees

In terms of what could be improved in Cortex XDR, definitely the host insights module. The ability to kind of take a look at what applications are running on the endpoint is a new feature, but there is a lot of room for improvement there in terms of versioning and so forth.

Additionally, the dashboard could use some significant improvement, just making it more useful with more information. It has a limited amount of information right now. It is customizable, but I'd love to see a better out-of-box dashboard.

View full review »
Learn what your peers think about Cortex XDR by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,695 professionals have used our research since 2012.