Cortex XDR (formerly Traps) replaces traditional antivirus with multi-method prevention, a proprietary combination of malware and exploit prevention methods that protect users and endpoints from known and unknown threats.
N/A
Trend Micro Cloud One - Application Security
Score 8.8 out of 10
N/A
Trend Micro Cloud One – Application Security delivers an embedded security framework for web applications and containerized web apps, including Kubernetes and serverless functions to protect their microservices applications in traditional, cloud, or Kubernetes environments. The vendor states their Application Security is the only fully automated, cloud runtime protection solution for Ruby and Python that does not require any changes to the web application code.
In a scenario where EDR is a requirement or necessity XDR performs well with or without a SIEM. There are millions of events and logs to parse through and XDR is capable of handling the large load. On top of the large data that is being parsed, features such as Live Terminal, File Retrieval, OS support, and general Metrics, the tool has room to grow and provide a lot for a Security team or organization. Incident Response is a great example of how XDR can shine
Scenarios where it's well suited - 1) AWS cloud environments where application security and ZTN is a must. 2) One-stop-shop for centralized discovery of apps/workloads. 3) Custom reporting client needs. 4) CI/CD pipeline - easy to design DevOps cycles.
We encountered some glitch in a certain version of the agent. When we deployed newer version, the policy set on the previous version was white-listed/overwritten.
Moving to encrypted based connection (communication between agent to server) is troublesome, coz we need to uninstall the agent first.
Need to have a more flexible reports/dashboard where we can customize it
We feed Traps log to our SIEM, however the information sent to the SIEM was not complete, but we need to investigate more probably some faults are on us
Cortex XDR does a very good job of blocking suspicious and threatening items. However, as with all software of this nature, it will sometimes block known-good items. The difficulty is in manually whitelisting these known-good items. The interface to whitelist is confusing even for a seasoned IT professional and has been the single most frustrating experience of using Cortex XDR
The support we receive from Palo Alto is one of the best aspects of Traps. It is very easy to recommend their support. It seems much easier to connect directly with someone with a deep understanding of the product rather than other companies where you basically have to make an airtight case that it is some kind of non-standard issue that can't be solved with existing documentation. Palo Alto digs deep and helps with advanced troubleshooting to get things working.
Traps provided us with a cloud-based platform that made our lives a lot simpler. Nothing like Traps exists in the market and I've never used anything like it. Others, on the other hand, were a lot slower to respond. Malwarebytes and other enterprise-level malware software are also available, but they do not fall under the same heading.
1) flexible customer support and PoV assistance as compared to other vendors 2) Quick TAT turnaround, and easy sampling - Automation features are smooth to use and leverage 3) Our client was interested in this solution since they heard it from one of their other partners from USA - So, this solution was already a step ahead, we just had to pick it up and get used to it