Palo Alto Networks offers an XDR platform called Cortex XDR, packaged as two main versions. Cortex XDR Prevent provides protection for endpoints, and Cortex XDR Pro adds capabilities for networks, cloud resources, and third-party products. The basic functionalities of Cortex XDR include an app for tracking visibility and a data lake for logging. Advanced capabilities feature an analytics engine, next-generation firewalls, agents, and alerts.
In this article, you will learn:
Palo Alto’s Cortex XDR is an extended detection and response platform that monitors and manages cloud, network, and endpoint events and data. Cortex XDR combines features for incident prevention, detection, analysis, and response into a centralized platform.
There are two available versions of Palo Alto’s Cortex XDR security:
Both versions include alert retention for 30 days and optional extended data retention. The Pro version also includes XDR data retention for both endpoint and network data for 30 days.
Check out our guide about XDR security solutions, which compares the top 10 XDR solutions offered by leading vendors, including Palo Alto, Cisco, Microsoft, McAfee, and more.
The Cortex XDR architecture varies slightly between the product versions but includes several standard components. Both editions rely on the Cortex Data Lake and are designed to correlate your log data across your devices.
Basic platform components include:
Advanced platform components include:
Cortex XDR provides several key capabilities, designed to secure an organization’s networks and devices.
Safeguard assets with endpoint protection
Cortex XDR provides endpoint protection against malware, fileless attacks, ransomware, and exploits. Any downloaded files are examined by an analysis engine with AI capabilities.
Additionally, behavioral analyses help identify and stop malicious data transfers or processes. Organizations can also integrate with Palo Alto Networks WildFire malware prevention service for increased security and protection.
Securely manage USB devices
Cortex XDR includes Device Control, a feature designed to monitor and secure USB access to devices. The feature is agentless. It enables organizations to restrict device usage according to endpoint, type, vendor, or Active Directory identities. Device control also enables organizations to limit read and write permissions according to USB device ID.
Protect endpoint data with host firewall and disk encryption
Firewalls and disk encryption protect endpoints from malicious traffic and reduce the damage done if attackers bypass firewalls. The Cortex XDR firewall provides controls for inbound and outbound communications.
Disk encryption can be directly integrated with BitLocker and organizations can encrypt and decrypt data on endpoint devices. Firewall and encryption settings are managed from the UI console.
Hunt for threats
The Cortex XDR Pro version includes optional features for managed threat hunting and features for manual hunting. Threat hunting can help uncover insider threats, targeted attacks, and hidden malware. It requires carefully searching through system and event data to identify suspicious or malicious activity.
The manual features included in Cortex XDR enable organizations to use flexible search features to identify a range of indicators of compromise (IOCs) or behavioral indicators of compromise (BIOCs). IOCs or BIOCs are threat signatures, hashes, addresses, or metadata used to identify known threats.
Managed options provide 24/7 support with dedicated threat hunting experts. These hunters search through an organization’s data and provide detailed threat reports on their findings.
Natively integrate with Cortex XSOAR
Cortex XSOAR (security orchestration, automation, and response) is a solution that can be integrated into Cortex XDR. SOAR solutions are designed to enable automated responses to, typically low-level threats, and can help significantly speed response time.
The Cortex XSOAR solution enables organizations to define automation playbooks for incident response. These playbooks can be used to define actions across 370 third-party tools. Playbooks can also ingest incident data, access alerts, and update Cortex XDR incident fields.
Cynet 360 is an autonomous breach protection platform that works in three levels, providing XDR, SOAR, and 24/7 MDR in one unified solution. Cynet natively integrates these three services into an end to end, fully-automated breach protection.
Cynet’s XDR layer includes the following capabilities:
Cynet 360 can be deployed across thousands of endpoints in less than two hours. It can be immediately used to uncover advanced threats and then perform automatic or manual remediation, disrupt malicious activity and minimize damage caused by attacks.
Get a free trial of Cynet 360 and experience the world’s only integrated XDR, SOAR and MDR solution.