Palo Alto Networks Introduces Cortex XDR 2.0

Palo Alto Networks introduced Cortex XDR™ 2.0 — an advancement of the industry’s only detection and response platform that runs on fully integrated endpoint, network and cloud data. As the market’s first and leading XDR product, Cortex XDR 2.0 continues to extend the category definition with the addition of third-party data for analytics and investigations, while unifying prevention, detection, investigation and response in one platform experience for unrivalled security and operational efficiency.

“With Cortex XDR, we set out to eliminate the blind spots created by disjointed products and help organisations stop the most sophisticated attacks through deep analytics and enhanced visibility. In nine months, we’ve enabled organisations to reduce alert volumes by 50X and speed investigation time by 8X, ultimately filtering out the noise and allowing analysts to focus on the most critical threats,” said Lee Klarich, Chief Product Officer at Palo Alto Networks. “With the addition of third-party data, a unified platform experience and new endpoint security improvements in Cortex XDR 2.0, we are further enhancing the power of the Cortex XDR platform and extending its prevention, detection, investigation and response capabilities across the customer’s entire environment.”

Palo Alto Networks unveiled significant platform advancements that help organisations defend their enterprise with unrivalled data and deep analytics:

• Open to third-party data: Cortex XDR’s patented behavioural analytics capabilities have been extended to logs collected from third-party firewalls, enabling detection across multi-vendor environments while integrating third-party firewall alerts into a unified incident view.
• Seamless platform experience: Prevention, detection, investigation and response capabilities have been unified into a single platform, with a complete rebuild of the Traps™ management service into Cortex XDR. The new management console has end-to-end support for all capabilities previously part of Traps and Cortex XDR, spanning endpoint policy management, security events review and endpoint log analysis melded with detection, investigation and response.
• AI-driven malware prevention: Cortex XDR’s new machine learning-driven local analysis engine is customised for continuous learning and prevention. Powered by the world’s most expansive training set from WildFire, the engine delivers the industry’s highest malware detection rates and includes a unique agile framework for rapid model updates to stay ahead of attackers’ evolving techniques.
• New device control capability: The new Device Control module, the first in a series of new endpoint protection platform modules, will give organisations granular USB access management on the endpoint to prevent malware and data loss caused by unsanctioned devices.

Cortex XDR 2.0 will be available in December. Cortex XDR third-party logs and alert ingestion are available for select third-party products now.