Palo Alto Networks has announced Cortex XDR 3.0, expanding its pioneering extended detection and response (XDR) solution to cloud- and identity-based threats to give organisations the holistic analytics needed to protect against increasingly sophisticated cyberattacks.
The third generation of Cortex XDR now offers security operations center (SOC) teams even broader protections across their attack surface. By extending detection, monitoring and investigation into cloud environments, and detecting malicious user activities and insider threats through analysis of identity data, SOC teams benefit from security analytics across endpoint, network, cloud and identity for organization-wide detection and response — critical in an era of increasingly interrelated attacks.
In addition, Cortex XDR 3.0 offers security teams forensic investigation features based on the advanced proprietary tools of Palo Alto Networks’ world-class Unit 42 Security Consulting group, and supports ingestion and custom correlations for virtually all third-party data sources.
“Palo Alto Networks created the extended detection and response (XDR) category in 2019 — understanding that only by integrating data from across all security sources can we detect complex threats accurately, prevent attacks automatically, and investigate them much faster. We’ve been innovating against that mission ever since,” said Tim Junio, senior vice president of products, Cortex at Palo Alto Networks. “With our third-generation XDR solution expanding to cloud and identity analytics, Cortex XDR 3.0 has taken a large step towards being the most comprehensive platform for the SOC to protect endpoints, entities, assets, workloads, and critical data.”
As cybersecurity threat actors get faster, more organized and more sophisticated in their tactics, techniques and procedures, the new features of Cortex XDR 3.0 prepare SOC teams to extend detection, monitoring and investigation into cloud environments. XDR 3.0 brings together and integrates cloud host data, traffic logs, audit logs, data from Palo Alto Networks’ Prisma Cloud product, and third-party cloud security data with non-cloud endpoint and network data sources. This provides the best coverage for SOC teams to span on-premises and multicloud environments.
Discussion about this post