Cortex XDR

XDR for endpoint security is a game changer.

製品を使ってみた感想： It has brought a security posture enhancement. Important audit related demands were fulfilled by querying on XDR dataset. It is accurate with work/policy assigned.

良いポイント:

I am an administrator off this tool and it is a powerful tool with good capabilities. Seamless integration with other sensors, log ingestion and log stitching gives a brief story of an incident. It has remediation suggestions based on AI. XDR analytics and Behavioral detection feels promising to foil up ZERO day attack. We can also configure Co-relation rules. XQL provided by palo alto can be used to query the whole dataset and covers data that are not covered in UI.

改善してほしい点:

Costing is on heavy side, each feature has add-on license cost. UI takes time to understand. Policy structure is a bit rigid.

A double defense for threat: Cortex XDR

製品を使ってみた感想： Cortex Xdr is a comprehensive security solutions which help in improving the security posture of the organizations. It comes with advanced threat detection which help security team to focus on high priority incidents rather than wasting time on low severity incidents. Its friendly interface and customizable dashboard provides the clear visualization of incidents and easy to recognize the incidents. It can be integrated with soar as well as siem which allow security team to investigate. It has automated response which help in taking the action on incidents before the attack happen.

良いポイント:

Cortex XDR is an extended version of XDR. The best thing in Cortex XDr is it has integrated threat detection which help in combining the endpoint, network, and even cloud data. It allow the comprehensive visibility and also provide the threat detection across the environment. It comes with automated response capabilities which make easier for security team to responds to threats quickly and efficiency. It has customizations dashboard as per the need of organizations and user. The best thing is it can be integrated with other security solutions like SIEM, SOAR. The best thing is support of Cortex, they provide the imidate reponse on High ticket and for medium they take 1-2 hr.

改善してほしい点:

We face some challenges while configuring it, but with a proper security team we can achieve it. Its hard for the non technical guy or fresher to use it but with a proper training they can achieve it. Sometimes we face issues like false positive alerts, which can be decrease by proper investigation of incidents by security teams. It has limited integrations with third party tools. Sometimes it block the external devices even adding in excepptional but it can be solved by support team.

Difficult to get setup

良いポイント:

Quick intrusion/threat detection, silent background running

改善してほしい点:

Extremely difficult to roll out to company, was blocking company wide software such as 7-zip, was blocking Skype for Business messages, took forever to troubleshoot and properly roll out and install. In addition, the software does not have a great UI, it appears very serious and unnecessarily serious when detecting small threats

Cortext XDR - Great Endpoint Protection and so much more.

良いポイント:

Cortex made our network more secure. When we swapped from our previous anti-virus platform to Cortex XDR we started seeing things that had slipped past our old AV platform and was causing issues in our network. Cortex made it easy to locate and clean these machines and if needed it made it easy to isolate them until they were cleaned and approved to be put back on our network.

改善してほしい点:

The biggest con for our team, being part of a public school system, is the cost. The cost of this platform compared to traditional anti-virus/endpoint protection platforms such as Avast, Symantec, etc. is very significant and we had to get a trial of this setup and running as a proof of concept to justify the cost difference to our board and county commission in order to get the money to purchase this product but it has definatley been worth it.

Cortex XDR Review

製品を使ってみた感想： Cortex is a solid product. We haven't had any major complaints from the user community. We haven't had to unblock any major products that were perceived as spam at this point. Many other products tended to block updates to products due to the executable file not being recognized by their database. We haven' had that issue with Cortex.

良いポイント:

Our team is responsible for the deployment of Cortex into our Mac and PC environment. The agent was very easy to distribute utilizing our Deployment Software tool. The dashboards provide an excellent view into what is active and reporting back to the tool. We haven't had any major whitelist issues between the tool and endpoints.

改善してほしい点:

I would like to see the scan on demand option as an easy one-click process for end users so they can be pro-active.