List of Palo Alto Cortex XDR Customers
Palo Alto Networks
3000 Tannery Way,
Santa Clara, 95054, CA,
United States
Santa Clara, 95054, CA,
United States
1 408-753-4000
Professional Services
15289
$8.0B
Since 2010, our global team of researchers has been studying Palo Alto Cortex XDR customers around the world, aggregating massive amounts of data points that form the basis of our forecast assumptions and perhaps the rise and fall of certain vendors and their products on a quarterly basis.
Each quarter our research team identifies companies that have purchased Palo Alto Cortex XDR for Extended Detection and Response (XDR) from public (Press Releases, Customer References, Testimonials, Case Studies and Success Stories) and proprietary sources, including the customer size, industry, location, implementation status, partner involvement, LOB Key Stakeholders and related IT decision-makers contact details.
Companies using Palo Alto Cortex XDR for Extended Detection and Response (XDR) include: RaceTrac, a United States based Retail organisation with 10082 employees and revenues of $19.72 billion, SA Department for Education, a Australia based Government organisation with 32935 employees and revenues of $3.09 billion, Relo Group, a Japan based Professional Services organisation with 4297 employees and revenues of $1.19 billion, B&B HOTELS Italia, a Italy based Leisure and Hospitality organisation with 1000 employees and revenues of $212.0 million, Southern Nevada Health District, a United States based Government organisation with 800 employees and revenues of $180.0 million and many others.
Contact us if you need a completed and verified list of companies using Palo Alto Cortex XDR, including the breakdown by industry (21 Verticals), Geography (Region, Country, State, City), Company Size (Revenue, Employees, Asset) and related IT Decision Makers, Key Stakeholders, business and technology executives responsible for the software purchases.
The Palo Alto Cortex XDR customer wins are being incorporated in our Enterprise Applications Buyer Insight and Technographics Customer Database which has over 100 data fields that detail company usage of software systems and their digital transformation initiatives. Apps Run The World wants to become your No. 1 technographic data source!
Apply Filters For Customers
| Logo | Customer | Industry | Empl. | Revenue | Country | Vendor | Application | Category | When | SI | Insight |
|---|---|---|---|---|---|---|---|---|---|---|---|
 |
B&B HOTELS Italia | Leisure and Hospitality | 1000 | $212M | Italy | Palo Alto Networks | Palo Alto Cortex XDR | Extended Detection and Response (XDR) | 2020 | n/a |
In 2020, B&B HOTELS Italia deployed Palo Alto Cortex XDR as the core endpoint detection and response platform. The deployment established an Extended Detection and Response (XDR) capability to centralize telemetry, detection, and response across the company IT estate in Italy, driven by the internal security and systems team including a System Administrator and Cyber Security Engineer based in Milan.
Configuration work concentrated on agent deployment to Windows and Linux endpoints, integration with Active Directory for host and user context, and instrumentation of VMware vSphere for hypervisor visibility. Palo Alto Cortex XDR was configured for behavioral analytics, custom detection rules, centralized alert triage, automated containment actions, and local forensic data capture to support incident investigations and root cause analysis, using centralized console policies to standardize endpoint hardening.
The implementation integrated Cortex XDR with existing network and security telemetry, including Fortinet firewall and SD-WAN logs, IPsec VPN monitoring, and Zscaler cloud proxy for internet traffic context. Events and alerts were forwarded to the organization’s log centralization and SIEM systems and correlated with vulnerability scan data from Qualys and identity signals from OKTA SSO/MFA to enrich detections, while aligning response workflows with backup and recovery procedures leveraging Veeam and Azure DR.
Governance emphasized alignment with NIST and ISO 27001 audit requirements, incorporation of vulnerability management and red team findings into detection rule sets, and formalized incident response and forensic playbooks. Deployment governance used standardized policies, phased agent rollout, and defined escalation pathways into the cyber operations team for incident handling and root cause analysis, with ongoing responsibilities for endpoint and network hardening, continuous monitoring, and audit evidence preparation.
|
 |
Better Home & Finance Holding Company | Banking and Financial Services | 1250 | $120M | United States | Palo Alto Networks | Palo Alto Cortex XDR | Extended Detection and Response (XDR) | 2020 | n/a |
In 2020, Better Home & Finance Holding Company deployed Palo Alto Cortex XDR as part of a consolidation strategy that unified network, cloud, endpoint, and security operations under Palo Alto Networks platforms. The deployment positioned Palo Alto Cortex XDR within an Extended Detection and Response (XDR) architecture alongside Next-Generation Firewalls, Prisma Access, Prisma Cloud, Cortex XSOAR, and Unit 42 Managed Detection and Response service to create a single vendor security fabric for the organization.
Implementation focused on SecOps automation and cross-domain visibility. Palo Alto Cortex XDR was configured to centralize threat detection and response across endpoint telemetry and broader telemetry sources, while Cortex XSOAR was implemented to enrich alerts, triage incidents, and automate playbooks. During a four-week evaluation, Cortex XDR detected custom red team malware, and Cortex XSOAR enabled automation of approximately 90 percent of routine responses, reducing manual investigation load on the SOC.
The stack was integrated with Better’s cloud estate to provide visibility and posture management, with Prisma Cloud evaluating AWS resources and enabling consistency across dozens of accounts and hundreds of servers, and plans to extend coverage into Microsoft Azure environments. Prisma Access delivered cloud-based Zero Trust Network Access to support remote and hybrid work, enabling secure access for employees within five days and scaling to cover the full staff. Unit 42 MDR operates as an extension of the internal security team, providing 24/7 monitoring and response.
Governance and operational impact centered on tightening collaboration between security and engineering teams, improving incident handling workflows, and consolidating tool management under a unified platform. Better reported improved mean time to respond and cited lower total cost compared to a multivendor approach, while Palo Alto Networks customer support and technical account engagement assisted rollout and adoption across Security, Engineering, and IT operations.
|
|
|
InnovaPuglia | Professional Services | 250 | $40M | Italy | Palo Alto Networks | Palo Alto Cortex XDR | Extended Detection and Response (XDR) | 2020 | n/a |
In 2020 InnovaPuglia deployed Palo Alto Cortex XDR as a core component of its Extended Detection and Response (XDR) tooling to support Security Operations Center monitoring and endpoint defense. The effort aligned with SOC responsibilities for public administration and large enterprise customers and emphasized continuous monitoring, network visibility, and protection of critical data.
Cortex XDR was configured to deliver endpoint protection, threat detection and correlation, forensic data capture, and threat hunting workflows, with policy tuning and alert triage built into SOC processes. Palo Alto Cortex XDR served as the primary endpoint detection and response engine, ingesting telemetry for investigation and supporting forensic analysis activities conducted by the SOC team.
The implementation integrated Cortex XDR telemetry into existing security telemetry and visibility layers, including SIEM event monitoring with FortiSIEM, network packet capture and visibility from Gigamon, and perimeter controls such as Radware balancers and WAF services. Cortex XDR workflows were operated alongside firewall and network device configurations from Palo Alto, Fortinet, and Cisco ASA, and tied into access and identity controls using FortiNAC, FortiToken, and FortiAuthenticator, as well as DNS security with Cisco Umbrella and vulnerability scanning outputs from Greenbone and Qualys.
Governance and operationalization were structured around SOC incident handling, security policy development, and alignment with AgID and the National Cybersecurity Framework, with cross-functional collaboration between network, identity, and incident response teams. Rollout and day to day operations emphasized scripted incident response playbooks, integrated alert escalation into existing SLAs, and continuous refinement of detection rules and forensic procedures to maintain endpoint and network security posture.
|
 |
Monroe County, GA | Government | 500 | $44M | United States | Palo Alto Networks | Palo Alto Cortex XDR | Extended Detection and Response (XDR) | 2022 | n/a |
In 2022 Monroe County, Georgia implemented Palo Alto Cortex XDR as the focal point of a unified enterprise-to-cloud cybersecurity platform, deploying the solution within the Extended Detection and Response (XDR) category to harden network, endpoint, and SaaS defenses. The implementation was driven by a countywide requirement to prevent ransomware and other cyberthreats from successfully exploiting the network, end user devices, or Microsoft 365 and other SaaS applications, while simplifying security operations for a small IT staff.
The technical architecture centers on Palo Alto Cortex XDR integrated with Palo Alto Networks Strata network security components and cloud services. Monroe County's deployment includes PA-820 and PA-220 Next-Generation Firewalls with Threat Prevention and URL Filtering (PAN-DB), WildFire malware prevention, Panorama network security management, Cortex Data Lake for telemetry retention, Prisma SaaS for cloud application controls, and Prisma Access for remote user inspection. Cortex XDR provides advanced endpoint protection and analytics, consolidating telemetry from network, endpoints, and cloud into a single investigative and policy control plane consistent with Extended Detection and Response (XDR) functional workflows.
Operational coverage spans more than 200 assets across dozens of county facilities including libraries and remote sites, with a single IT specialist operating the consolidated security stack. Integrations explicitly include Microsoft 365 for SaaS protection via Prisma SaaS, centralized logging and analytics in Cortex Data Lake, and policy management through Panorama, enabling User-ID and App-ID based access control. Remote user traffic is routed through Prisma Access for consistent inspection, and WildFire is used to inspect executables delivered by phishing, allowing rapid containment from the same management console that surfaces Cortex XDR alerts.
Governance and rollout included leveraging Palo Alto Networks Ultimate Test Drive to validate platform capabilities and Palo Alto Networks engineering support to document architecture for county commissioner approval. Policy governance was centralized, using User-ID and App-ID to align access to job requirements and URL Filtering to segment web access by department, with Cortex XDR enabling policy updates and endpoint containment without manual per-device intervention. As reported by county IT, the platform automatically blocks most external threats, prevents zero day and phishing delivered malware before impact, improves detection and response efficiency, and materially frees IT time to focus on strategic needs while reducing the risk of ransomware incidents.
|
 |
RaceTrac | Retail | 10082 | $19.7B | United States | Palo Alto Networks | Palo Alto Cortex XDR | Extended Detection and Response (XDR) | 2024 | n/a |
In 2024, RaceTrac implemented Palo Alto Cortex XDR to centralize detection and response as part of a broader security and networking platform refresh. Palo Alto Cortex XDR was deployed into RaceTrac’s security environment alongside existing Palo Alto Networks controls to align detection, telemetry and investigation workflows with the company’s modernization of 800 retail locations across 13 states, and with ongoing data center migration to the cloud. The deployment is categorized as Extended Detection and Response (XDR) and was positioned to provide unified visibility across endpoint and network telemetry.
Cortex XDR was configured to deliver centralized threat detection, behavioral analytics, alert correlation and automated response workflows consistent with Extended Detection and Response (XDR) capabilities. The implementation used Cortex Data Lake for log aggregation and long term retention to enable correlation across multiple telemetry sources and to support incident investigation and threat hunting. RaceTrac’s security team adopted Cortex XDR workflows to consolidate alerts and standardize investigation and response playbooks.
The deployment integrated Cortex XDR with RaceTrac’s Next-Generation Firewalls and with the Cortex Data Lake managed by Unit 42, enabling ingestion of firewall and cloud access logs for richer context. The platform approach also anticipates ingestion of Prisma SASE and Prisma SD-WAN telemetry to extend XDR visibility to branch stores, creating a single source of security telemetry across the retail estate. Operational coverage includes the Security team, Infrastructure organization, the NOC and Service Desk, centralizing monitoring and policy enforcement across those groups.
Governance and process changes focused on templated, centralized policy deployment and tighter network segmentation to support consistent enforcement and to prepare for Zero Trust controls. The rollout was staged with pilots and then scaled in concert with the network modernization program, while Strata Cloud Manager and centralized policy tooling were used to automate configuration and reduce manual NOC tasks. By integrating Palo Alto Cortex XDR into the broader Palo Alto platform, RaceTrac established a unified detection and response backbone and set the groundwork for planned Prisma Access adoption in 2025 to enable further Zero Trust Network Access controls.
|
 |
|
Professional Services | 4297 | $1.2B | Japan | Palo Alto Networks | Palo Alto Cortex XDR | Extended Detection and Response (XDR) | 2021 | n/a |
|
|
|
|
Government | 32935 | $3.1B | Australia | Palo Alto Networks | Palo Alto Cortex XDR | Extended Detection and Response (XDR) | 2020 | Telstra |
|
|
|
|
Government | 800 | $180M | United States | Palo Alto Networks | Palo Alto Cortex XDR | Extended Detection and Response (XDR) | 2019 | n/a |
|
Showing 1 to 8 of 8 entries
Buyer Intent: Companies Evaluating Palo Alto Cortex XDR
ARTW Buyer Intent uncovers actionable customer signals, identifying software buyers actively evaluating Palo Alto Cortex XDR. Gain ongoing access to real-time prospects and uncover hidden opportunities. Companies Actively Evaluating Palo Alto Cortex XDR for Extended Detection and Response (XDR) include:
- The University of Alabama, a United States based Education organization with 7472 Employees
- Matelec, a Lebanon based Manufacturing company with 600 Employees
- Zacco, a Sweden based Professional Services organization with 100 Employees
Discover Software Buyers actively Evaluating Enterprise Applications
| Logo | Company | Industry | Employees | Revenue | Country | Evaluated | ||
|---|---|---|---|---|---|---|---|---|
| No data found | ||||||||
FAQ - APPS RUN THE WORLD Palo Alto Cortex XDR Coverage
Palo Alto Cortex XDR is a Extended Detection and Response (XDR) solution from Palo Alto Networks.
Companies worldwide use Palo Alto Cortex XDR, from small firms to large enterprises across 21+ industries.
Organizations such as RaceTrac, SA Department for Education, Relo Group, B&B HOTELS Italia and Southern Nevada Health District are recorded users of
Palo Alto Cortex XDR for Extended Detection and Response (XDR).
Companies using Palo Alto Cortex XDR are most concentrated in Retail, Government and Professional Services, with adoption spanning over 21 industries.
Companies using Palo Alto Cortex XDR are most concentrated in United States, Australia and Japan, with adoption tracked across 195 countries worldwide. This global distribution highlights the popularity of Palo Alto Cortex XDR across Americas, EMEA, and APAC.
Companies using Palo Alto Cortex XDR range from small businesses with 0-100 employees - 0%, to mid-sized firms with 101-1,000 employees - 50%, large organizations with 1,001-10,000 employees - 25%, and global enterprises with 10,000+ employees - 25%.
Customers of Palo Alto Cortex XDR include firms across all revenue levels — from $0-100M, to $101M-$1B, $1B-$10B, and $10B+ global corporations.
Contact APPS RUN THE WORLD to access the full verified Palo Alto Cortex XDR customer database with detailed Firmographics such as industry, geography, revenue, and employee breakdowns as well as key decision makers in charge of Extended Detection and Response (XDR).