TrustRadius: an HG Insights company

Palo Alto Networks Cortex XSOAR

Score7.1 out of 10

20 Reviews and Ratings

Get a Demo

What is Palo Alto Networks Cortex XSOAR?

Cortex XSOAR, formerly Demisto and now from Palo Alto Networks since it was acquired in March 2019, provides orchestration to enable security teams to ingest alerts across sources and execute standardized, automatable playbooks for accelerated incident response. Its playbooks are powered by hundreds of integrations and thousands of security actions, striking the right balance between rapid machine execution and nuanced human oversight.

Categories & Use Cases

Reviews

What users are saying about Palo Alto Networks Cortex XSOAR.
View all reviews

A Super SOC with just 2 persons and much embedded technology

Incentivized
Raphael Soares
CTO (Chief Technical Officer) in Professional Services at Trust Control Segurança em Tecnologia da Informação ltda (11-50 employees employees)

Use Cases and Deployment Scope

We currently have several security tools and services in the company and all these tools and services generate records of activities and events handled. With the volume of information generated today, it is impossible for a human being to keep analyzing these records/logs because surely some event will be lost due to analysis fatigue or the difficulty of correlating events from one tool with another. We also needed a technology that would allow automation of controls to be applied in response to any incident detected.

Pros

  • automates necessary operations after a security event
  • Lots of integrations available
  • Management App that works in any plaforms include mobiles

Cons

  • console responsiveness
  • better integration with third-party threat intelligence solutions
  • better integration with SAML authentication

Most Important Features

  • Threat Intelligence Management
  • Network Security Automation
  • Incident Case Management

Return on Investment

  • Today all logs created by my security solutions are analised and correlated
  • Just 2 security persons get treat all security alerts
  • The visibility about our secure posture is much more clear today

Alternatives Considered

FortiSOAR (formerly Cybersponse) and Rapid7 InsightConnect

Other Software Used

Palo Alto Networks Next-Generation Firewalls - PA Series, Palo Alto Networks Cortex XDR (Traps), Palo Alto Networks Prisma Cloud, Palo Alto Networks WildFire

Cortex XSOAR observations from a Security Analyst's standpoint after 3 years of use

Sarthak Chand
Information Security Manager in Information Technology at Synchrony Financial (10,001+ employees employees)

Use Cases and Deployment Scope

This product is being used as the SOAR platform for automation. Automating the repetitive security alerts is the main goal currently served by XSOAR. Also for documentation and escalation of sensitive cases within the team and in the extended information security team, we use it on a daily basis. It also helps analysts with required IOC enrichments, which is quite helpful and a time saver.

Pros

  • IOC enrichment for IP, URL, File Hashes
  • Automating workflows for notifications to the concerned team and decision-making for repetitive alerts/issues based on the playbook
  • Taking remediation action like blocking the IP, URL by the custom-made XSOAR commands
  • Providing the timeline of an incident, which helps in AAR activities

Cons

  • The XSOAR bot creates a lot of noise on the summary page of any XSOAR incident. Although the filter is available to reduce the view, by default this should not be visible cluttering the whole scenario.
  • The interface has too much data on a single pane. I would love to have many buttons to just click and do stuff.
  • Also, I would love to have search areas more interactive and easier to navigate.

Most Important Features

  • The automation achieved by the playbook model of problem-solving for handling different alerts from SIEM
  • Notification to the concerned teams based on the role during the escalation of any SIEM alert
  • Secure and restricted documentation of security events and collaboration with different teams, evidence gathering, and evidence annotation in the Evidence Board
  • Taking containment actions for detected IOC and infected machines

Return on Investment

  • Reduces man-hours spent on handling false-positive repetitive alerts, daily 40% of analysts' time saved during a 24 hour period. In the initial stage, it was 75% of analysts' time saved due to the new environment, less maturity, and a lot of un-finetuned alerts.
  • Single pane for notification, collaboration, and action (to some extent) which is a major time saver compared to the conventional method of meeting invites and emails back-and-forth.
  • Secure documentation of business-critical incidents with a need-to-know basis of access according to each role.

Other Software Used

CrowdStrike Falcon Endpoint Protection, Palo Alto Networks Prisma Cloud, Akamai Kona Site Defender

Cortex XSOAR - Comprehensive incident management solution

Incentivized
Darshil Sanghvi
Presales in Information Technology at Network Techlab (501-1000 employees employees)

Use Cases and Deployment Scope

With Palo Alto Networks Cortex XSOAR (formerly Demisto) in our organization, our SOC team is seamlessly able to triage and investigate malicious traffic in our network. This is hence enhancing our network security posture. We have also created playbooks and integrated our firewalls to automate policy creation at time of any attacks are being identified.

Pros

  • Triage and investigation of malicious traffic
  • Automate firewall policy modifications and actions in playbooks using Panorama
  • Automate malware sample analysis

Cons

  • SAML is not stable, it gives a lot of issues.
  • Pre-defined playbooks need a lot of fine tuning
  • Lacks proper documentation

Most Important Features

  • Integration with Panorama for automating policies on firewall
  • Simplicity and ease of integration with applications and devices
  • Marketplace has a lot of apps supported

Return on Investment

  • Demisto has Eased malware analysis and threat hunting
  • With Demisto, it is simple to create playbooks and scripts
  • This is helped automate policy configurations on our PA firewalls through Panorama

Alternatives Considered

FortiSOAR (formerly Cybersponse) and SonicWall Analytics

Other Software Used

Palo Alto Networks Cortex XDR (Traps), Palo Alto Networks GlobalProtect Mobile Security Manager, Palo Alto Networks Prisma Access

Very good SOAR solution

Incentivized
Verified User
Engineer in Engineering (1001-5000 employees employees)

Use Cases and Deployment Scope

●Standardize and scale processes: Demisto playbooks help you codify and enforce a process that’s common across your security team. These playbooks can be fully automated, fully manual, or any combination of the two, with each scenario having its own advantages for increased efficiencies.

●Lower response times with automation: Demisto can automate thousands of actions across your security products, handing back time to you for investigation and decision-making. This automation can be for alert ingestion, data gathering, response actions, and updating info back in the point products.

●Coordinate actions across security products: You now have a process-centric view of how to respond to a particular incident that’s not tied to any one security product. All security products have their purpose, but playbooks provide you with an abstract view of the ‘process’ and make it easier to replace one product with another whenever you need to.

Pros

  • Standardize and scale processes
  • Lower response times with automation
  • Coordinate actions across security products

Cons

  • PLAYBOOK generation
  • Using other languages in marketplace
  • Scripting documentation

Most Important Features

  • Orchestration
  • Automation
  • Response

Return on Investment

  • Standardize and scale processes
  • Lower response times with automation
  • Coordinate actions across security products

Other Software Used

Palo Alto Panorama, Palo Alto Networks Cortex XDR (Traps), Palo Alto Networks GlobalProtect Mobile Security Manager

Fast and effective responses against cyber threats from the internet.

Incentivized
Verified User
Analyst in Information Technology (51-200 employees employees)

Use Cases and Deployment Scope

We have been using the Palo Alto Networks Cortex XSOAR solution for over 1 year with the main mission of automating and seeking the orchestration of our security processes and integrating the other tools and systems that we use in our data network in order to simplify and obtain the complete and faster view of our entire IT environment. Automated phishing protection functionality has dramatically reduced security incidents that occur via email and also creates a data enrichment process to review security incidents and findings from reports.

Pros

  • Automation with immediate security responses.
  • Comprehensive phishing protection and increased email protection.
  • Analysis and reporting feature.
  • Intuitive and easy-to-view panels.
  • Alerts by email and sms of incidents for the administration.
  • Centralized monitoring.

Cons

  • Some reports are not generated automatically
  • The documentation still has some flaws.

Most Important Features

  • Automation and effective management of security and phishing threats.
  • Effective and fast response against attempts and incidents.
  • Integration with a wide network of security and network systems.
  • Compatibility and management by android and IOS mobile devices.
  • Instant security alerts.

Return on Investment

  • Improved security with better response to various security incidents.
  • Fast return on investment.
  • Centralized and effective threat management.

Other Software Used

Extreme Ethernet Switches, Splunk Application Performance Monitoring (APM), Cisco Firepower 4100 Series, Sophos UTM, Barracuda Backup, TeamViewer, Forcepoint NGFW, Broadcom Ethernet Switches