Introducing Cortex XDR 2.0

Nov 13, 2019
4 minutes
... views

This post is also available in: 日本語 (Japanese)

Demonstration of Cortex XDR 2.0, from Palo Alto Networks


Today at our annual Ignite Europe conference, chief product officer Lee Klarich unveiled Cortex XDR 2.0 – the next bold evolution of the industry’s first XDR product, which launched a new category of tools delivering threat detection and response across siloed data sources.

Cortex XDR 2.0 includes groundbreaking enhancements that further fulfill the promise of XDR to increase visibility and simplify security operations, including a unified management UI, powerful new endpoint features and ingestion of third-party data and alerts.

Watch founder and CTO Nir Zuk and chief product officer Lee Klarich at the Ignite Europe conference on Nov. 13 in Barcelona. They explain how the modern security operations center must become more data-driven, and how Cortex XDR 2.0 can help.

The debut of Cortex XDR earlier this year continued our tradition of category creation, resetting the bar for detection and response with the introduction of the XDR category. In less than a year, Cortex XDR proved it can deliver the most comprehensive threat detection in the industry, reduce alert volumes by 50x and accelerate investigation times by 8x.

Since that debut, we’ve seen industry analysts, customers and even our own competitors welcoming the new category, some of them even naming products as different flavors of XDR. These signals confirm we are leading the industry in the right direction, and it’s already time to move the goalposts with the introduction of Cortex XDR 2.0.

This new release adds:

  • Third-party Data Ingestion. 

Every organization has a multi-vendor security landscape — sometimes including more than one type of firewall. By ingesting third-party firewall logs, Cortex XDR 2.0 is now delivering on its vision of comprehensive behavioral analytics that extends to all network data. In addition to firewall logs, Cortex XDR 2.0 has the ability to ingest a wide range of network alerts into our unique incident view, stitching together all alert types to reveal the root cause of a single incident. 

This all means that you don’t have to be an exclusive Palo Alto Networks shop to take advantage of Cortex XDR’s powerful data-stitching, machine learning and simplified investigation capabilities across your entire network.

  • A Unified User Interface for Endpoint Protection and XDR.

Management and UI capabilities for prevention, detection, investigation and response have been unified into a single platform, with a complete rebuild of the Traps management service into Cortex XDR. The new management console has end-to-end support for all capabilities that were previously part of either Traps or Cortex XDR, integrating endpoint policy management, security events review and endpoint log analysis with detection, investigation and response.

  • Powerful New Endpoint Protection Capabilities.

These include:

  • AI-driven malware prevention on the endpoint: Our revamped local analysis engine can deliver a verdict right on the endpoint, without requiring any internet connectivity. Based on a comprehensive curated data set and a state-of-the-art machine learning framework, the XDR local analysis engine is built for continuous learning and prevention. Powered by WildFire, which boasts the world’s most expansive training set, the engine includes a unique agile framework for rapid model updates to all endpoints to stay ahead of attackers’ evolving techniques. 
  • A new device control module: This is one of the top endpoint features that our customers have been asking for. The new Device Control capability, first in a series of new EPP modules that will be released in the coming months, will give organizations granular USB access management on the endpoint to prevent malware and data loss caused by unsanctioned devices. You may not ever be able to stop users from plugging in strange USB sticks that they find in the parking lot, but now you can prevent the rubber ducky type attack and control whether people can copy data out to USB devices.

We are delighted to share these developments, and proud to be extending the functionality of the industry’s most comprehensive prevention, detection and response platform to help you expedite investigations, uncover advanced attacks anywhere in your organization and simplify security operations.

Get ready, because Cortex XDR 2.0 will be available to customers in December. For all the additional details you need to know, watch "The Future of Endpoint Security Starts Here." 

Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.