Cortex XDR - Extended Detection and Response

Future-Proofed Security Operations

Future-Proofed Security Operations

Stop modern attacks with the industry’s first extended detection and response platform that spans your endpoint, network and cloud data. Welcome to the future of EDR.

Schedule a demo Download whitepaper

One platform for all SOC needs

Get holistic prevention, detection and response.

See 10 must-haves

USE CASES

ML-powered threat detection

Get an edge on attackers with patented behavioral analytics. Using machine learning, Cortex XDR continuously profiles endpoint, network and user behavior to uncover the stealthiest attacks.
Learn more
Coordinated response

Swiftly block malware, isolate endpoints, execute scripts or sweep across your entire environment to contain threats. Cortex XDR offers flexible response options that span your entire infrastructure.
Learn more
Next-generation antivirus

Block malware, exploits and fileless attacks with the industry’s most comprehensive endpoint security stack. Our lightweight agent stops threats by combining AI-driven local and cloud-based analysis.
Learn more

Enterprise-wide visibility

Find every threat and eliminate blind spots by integrating data from across your environment.

Powerful endpoint protection

Safeguard endpoint data and address compliance requirements with host firewall, disk encryption and USB device control.

Automated root cause analysis

Analyze alerts from any source with a single click to instantly understand the root cause and sequence of events.

Incident management

Investigate at lightning speed by intelligently grouping related alerts into incidents to get a complete picture of each attack.

Managed Threat Hunting

Get with industry’s first threat hunting service that operates on endpoint, network and cloud data to uncover every threat.

Break down security silos

Boost security efficacy with integrated defenses

Avoid swivel-chair syndrome. Stop more attacks and simplify operations with extended detection and response.

Download whitepaper

Drive better security outcomes

Accelerate threat response, streamline operations and increase SOC productivity.

Get the datasheet

Faster Investigations

88%
Reduction in alerts

98%
Lower cost

44%

Compare Offerings

Cortex XDR Prevent

Cortex XDR Pro

Data Sources

Collect comprehensive data for extended visibility

Endpoint

Endpoint, network, cloud and third-party data sources

Next-Generation Antivirus

Block malware, ransomware, exploits and fileless attacks

Endpoint Protection

Secure your endpoints with device control, host firewall, and disk encryption

Detection and Response

Pinpoint attacks with AI-driven analytics and coordinate response

Managed Threat Hunting

Uncover the most complex threats across your XDR data with Unit 42 experts

Optional

Host Insights

Monitor host inventory, find vulnerabilities and sweep across endpoints to eradicate threats

Optional

Threat Intelligence

Enrich investigations with in-depth context from a global community of customers

Optional

Services

Safeguard your organization with incident response and proactive services

Optional

XDR Explained

Think beyond the endpoint

Rewire security operations

Cortex XDR integrates data from across your digital domain and accelerates investigations so you can stop attacks before the damage is done.

Watch now

AI-driven security

Outpace adversaries with the power of machine learning.

Get the datasheet

Behavioral analytics

Accurately detect evasive threats by profiling user and endpoint behavior as well as identifying anomalies indicative of attacks.
AI-based malware analysis

Examine files with an adaptive local analysis engine that’s always learning to counter new attack techniques.
Cloud native machine learning

Harness community-sourced data to identify adversaries’ latest tactics and improve detection accuracy.

Get the datasheet

Superior detection powered by rich data

Cortex XDR spans key data sources to uncover modern attacks

Network data

Palo Alto Networks NGFW
Cisco ASA and FirePower
Check Point Firewall
Fortinet Fortigate
Corelight Zeek

Endpoint data

Cortex XDR agent
Windows event logs
Pathfinder data collector
GlobalProtect™ events from NGFW logs

Cloud and identity data

Cortex XDR for VM and containers
Prisma™ Access
VM-Series NGFW
Azure Active Directory
Okta
PingOne and PingFederate
Google Cloud Platform and GKE
Amazon CloudWatch and AWS CloudTrail

Case Study

San Jose Water

San Jose Water simplifies investigation and response

Problem

Before Cortex XDR, San Jose Water was drowning in alerts – the SecOps team manually reviewed 900 to 1,200 alerts a day. They needed a solution that would simplify triage and investigations to speed up incident response times and eliminate alert fatigue.

Solution

“Not only did Cortex XDR reduce the number of incidents we had to look at, but the time taken to act on those incidents was also reduced … The X in XDR, for me, is the extension of my team.”

– Peter Fletcher, Dir. of Security, San Jose Water

Cortex XDR
NGFW
Panorama
WildFire
Prisma Access

Watch case study video

Case Study

Ada County

Reducing response times from hours to minutes with Cortex XDR

Problem

Facing growing cyberthreats, Ada County wanted greater visibility.

Solution

“With Cortex XDR … we are able to be a lot more proactive instead of reactive. I would get 400 or 500 alerts a day. Now I'm down to maybe seven or eight … We're not spending six hours on incident response, we're spending 10 minutes.”

– Bret Lopeman, Sr. Security Engineer, Ada County

Cortex XDR
NGFW
Panorama
WildFire
AutoFocus

Hear from Ada County

Case Study

State of North Dakota

The State of North Dakota focuses on the threats that matter

Problem

With a senate mandate to protect city and county governments as well as primary, secondary and higher education, the security team for the State of North Dakota realized they needed to implement more scalable and effective security.

Solution

“We desperately needed automation and to have a tool that filtered through all the noise. Cortex is doing exactly that. We’re seeing the noise going away, and we’re getting to the important alerts that we hadn't seen previously."

– Ryan Kramer, Enterprise Network Architect, State of North Dakota

Cortex XDR
NGFW
Panorama
WildFire
Prisma Cloud
AutoFocus

Watch video

Additional services and partners

Managed Detection and Response

Relieve the day-to-day burden of security operations and achieve 24/7 coverage, from alert management to incident response.

Learn more

Managed Threat Hunting

Get the industry’s first threat hunting service that operates across integrated endpoint, network and cloud data to uncover adversaries anywhere in your environment.

Learn more

Incident Response

Minimize the impact of a data breach with targeted incident response services and a team of experts who can help you recover quickly.

Learn more

LEARN MORE

Explore Cortex XDR resources

DATASHEET

Cortex XDR Datasheet

Check out the datasheet to learn the key features and benefits of the industry’s first extended detection and response platform.

DIGITAL ASSET

10 Must-Haves for Detection and Response

Learn what features to look for when evaluating detection and response solutions.

EDUCATION

Threat Hunting and Investigations Hands-On Workshop

Boost your skills by learning how to hunt down adversaries, quickly investigate incidents and eliminate threats.

WHITE PAPER

Cortex XDR: Breaking the Silos of Detection and Response

Learn the key features for detection and response and how Cortex XDR uniquely delivers them to safeguard your organization.

WHITE PAPER

Maximize the ROI of Detection and Response

Find out how you can improve your return on investment and lower the cost of detection and response.

GUIDE

The Ultimate Guide to the MITRE ATT&CK Evaluation

See the rankings of the top detection and response vendors, and find out how to take your threat detection to the next level.

Features and specifications

Delivery Model

Cloud-native application
Data Retention

30-day to unlimited data storage
Next-Generation Antivirus

Malware, ransomware and fileless attack prevention
Behavioral Threat Protection
AI-based local analysis engine
Integration with the cloud-based WildFire® malware prevention service
Child process protection
Credential theft protection
Exploit prevention by exploit technique
Customizable prevention rules
Scheduled and on-demand malware scanning
Endpoint Protection

Device control for USB device management
Host firewall
Disk encryption
Detection and Investigation

Integration of network, endpoint, cloud and authentication data from Palo Alto Networks and third-party sources
Root cause analysis of alerts
Third-party alert and log ingestion
Timeline analysis of alerts
Machine learning-based behavioral analytics
Unified incident engine
Incident scoring
Custom rules to detect tactics, techniques and procedures
Dashboards and reporting
Vulnerability management - included with Host Insights
Host inventory - included with Host Insights
Asset management with rogue device discovery
Detection of targeted attacks, malicious insiders and risky user behavior
Malware and fileless attack detection
Endpoint detection and response (EDR)
Network detection and response (NDR) and user behavior analytics (UBA)
Threat Hunting

Threat hunting through native search or a query builder tool
IOC-based searches
Threat intelligence integration
Managed Threat Hunting service
Response and Recovery Features

Public APIs for response and data collection
Live Terminal for direct endpoint access
Network isolation, quarantine, process termination, file deletion, file block list
Endpoint script execution
Remediation suggestions with host restore
Search and Destroy - included with Host Insights
Native integration with Cortex XSOAR for security orchestration, automation and response (SOAR)
Operating System Support

The Cortex XDR agent supports multiple endpoints across Windows^®, macOS^®, Linux, Chrome^® OS, and Android^® operating systems. For a complete list of system requirements and supported operating systems, see the Palo Alto Networks Compatibility Matrix.

Cortex XDR Pathfinder minimum requirements: 2 CPU cores, 8 GB RAM, 128 GB thin-provisioned storage, VMware ESXi™ V5.1 or higher, or Microsoft Hyper-V^® 6.3.96 or higher hypervisor.

GET A DEMO

See Cortex in action

See firsthand how you can automate and streamline your security operations.

Talk to a Specialist

Get started with SOC Transformation

Download your toolkit to get curated articles, case studies, demos and reports to help you transform your SOC.

Cortex XDR tiers

Cortex XDR Prevent

Cortex XDR Pro

Data sources

Get extended visibility

Endpoint

Data sources

Get extended visibility

Endpoint, network, cloud and third-party products

Endpoint protection

Stop malware, exploits and fileless attacks

Endpoint protection

Stop malware, exploits and fileless attacks

Device control

Prevent data loss and USB-based malware infections

Device control

Prevent data loss and USB-based malware infections

Disk encryption

Manage BitLocker or FileVault from the Cortex XDR console

Disk encryption

Manage BitLocker or FileVault from the Cortex XDR console

Host firewall

Reduce the attack surface on Windows and macOS endpoints

Host firewall

Reduce the attack surface on Windows and macOS endpoints

Managed Threat Hunting

Uncover the most complex threats across endpoint and network with Unit 42 experts

Managed Threat Hunting

Uncover the most complex threats across endpoint and network with Unit 42 experts

Optional

Host Insights

Monitor host inventory, find vulnerabilities and sweep across endpoints to eradicate threats

Host Insights

Monitor host inventory, find vulnerabilities and sweep across endpoints to eradicate threats

Optional

Behavioral analytics

Detect emerging attacks with patented analytics and machine learning

Behavioral analytics

Detect emerging attacks with patented analytics and machine learning

Rule-based detection

Find threats with out-of-the-box and custom rules