Easy to use and good for managed threat hunting and incident response
Pros and Cons
"Cortex XDR can integrate the firewalls and determine the tendencies of the attacks. It's a new generation antivirus, with protection endpoints and detection response. It is very easy to use and everybody can operate the solution."
"It is not easy to sell Cortex XDR, not because it isn't a good tool. Its marketing needs to be improved."
What is our primary use case?
My customer wanted to use EDR. We worked with the POC to demonstrate the antivirus and how it has more features for detecting threats.
How has it helped my organization?
It makes it easier and faster to investigate problems and incidents.
What is most valuable?
The most valuable features are that it can integrate the firewalls and determine the tendencies of the attacks.
It investigates problems and incidents quickly. Cortex is good at reducing alerts and for having a custom barrier. It's a new generation antivirus, with protection endpoints and detection response.
Cortex detects and shows what the problem is and how to resolve the problem or incident. Cortex is very easy to use and everybody can operate the solution.
It has tools for threat hunting and it has very good incident response features.
What needs improvement?
It is not easy to sell Cortex XDR, not because it isn't a good tool. Its marketing needs to be improved.
For how long have I used the solution?
I've been using it for a year.
How was the initial setup?
Setting it up is very simple.
What's my experience with pricing, setup cost, and licensing?
It has a higher cost than other solutions, like CrowdStrike or Microsoft’s EDR tools, but it reduces the cost of our operations because it’s a new generation antivirus tool.
What other advice do I have?
I'm rating this solution a ten out of ten because it is very good for managed threat hunting and incident response. It is the best XDR solution. It's better than other tools because it uses enterprise architecture. Everybody will find that this solution is easy to use.
Which deployment model are you using for this solution?
Disclosure: I am a real user, and this review is based on my own experience and opinions.