Palo Alto Networks has introduced Cortex XDR 2.0 — an advancement of the industry’s only detection and response platform that runs on fully integrated endpoint, network and cloud data. As the market’s first and leading XDR product, Cortex XDR 2.0 continues to extend the category definition with the addition of third-party data for analytics and investigations, while unifying prevention, detection, investigation and response in one platform experience for unrivaled security and operational efficiency.
“With Cortex XDR, we set out to eliminate the blind spots created by disjointed products and help organizations stop the most sophisticated attacks through deep analytics and enhanced visibility. In nine months, we’ve enabled organizations to reduce alert volumes by 50X and speed investigation time by 8X, ultimately filtering out the noise and allowing analysts to focus on the most critical threats,” said Lee Klarich, chief product officer at Palo Alto Networks. “With the addition of third-party data, a unified platform experience and new endpoint security improvements in Cortex XDR 2.0, we are further enhancing the power of the Cortex XDR platform and extending its prevention, detection, investigation and response capabilities across the customer’s entire environment.”
Palo Alto Networks unveiled significant platform advancements that help organizations defend their enterprise with unrivaled data and deep analytics:
Open to third-party data: Cortex XDR’s patented behavioral analytics capabilities have been extended to logs collected from third-party firewalls, enabling detection across multi-vendor environments while integrating third-party firewall alerts into a unified incident view.
Seamless platform experience: Prevention, detection, investigation and response capabilities have been unified into a single platform, with a complete rebuild of the Traps™ management service into Cortex XDR. The new management console has end-to-end support for all capabilities previously part of Traps and Cortex XDR, spanning endpoint policy management, security events review and endpoint log analysis melded with detection, investigation and response.
AI-driven malware prevention: Cortex XDR’s new machine learning-driven local analysis engine is customized for continuous learning and prevention. Powered by the world’s most expansive training set from WildFire, the engine delivers the industry’s highest malware detection rates and includes a unique agile framework for rapid model updates to stay ahead of attackers’ evolving techniques.
New device control capability: The new Device Control module, the first in a series of new endpoint protection platform modules, will give organizations granular USB access management on the endpoint to prevent malware and data loss caused by unsanctioned devices.
“As a small team, we desperately needed a tool that filtered through all the noise to help us scale,” said Ryan Kramer, enterprise network architect for the State of North Dakota. “What we’re seeing with Cortex XDR is exactly that. It’s helping us filter out irrelevant alerts and other noise while elevating critical alerts that give us new threat intelligence we didn’t have before.”
“A major contributing factor in the speed of threat detection and response is the amount of time it takes to assemble alert and activity data from endpoint, network, cloud and other security controls, which are traditionally spread across various point products,” said Dave Gruber, senior analyst for the Enterprise Strategy Group. “An XDR approach automates this process, correlating the data in one place to give analysts immediate context to understand the scope of the attack and drive faster investigation and remediation.”
If you have an interesting article / experience / case study to share, please get in touch with us at firstname.lastname@example.org