Cortex XDR Highlights

Cortex XDR delivers the industry’s first XDR solution that provides protection, detection, and response by analyzing data from the Cortex endpoint and your third-party data sources to counter threat landscape risks. Cortex XDR includes simplified automation actions to make security analysts more efficient in their investigation processes.

  • Full visibility across network, Cortex endpoint, cloud, third party and identity sources, not just endpoint
  • Reduced mean time to detect (MTTD) and mean time to respond (MTTR)
  • Out-of-the-box identity-focused threat detection for initial access tactics, techniques, and procedures (TTPs) and available add-on for advanced identity-based threat detection analytics, like insider threats
  • Leading MITRE ATT&CK Round 4 Evaluation results with a 97% detection rate
  • True data science driven detections using machine learning algorithms to reduce noise and improve efficacy for hard to detect threats
  • Scale to enterprise needs using the power of the cloud with no on-premises solution requirements
  • Unified endpoint agent included that delivers NGAV, EDR, host firewall, device control, disk encryption with add-ons for forensic collection and host insights for vulnerabilities and artifacts



Security Challenges Addressed by Cortex XDR

  • Cortex XDR breaks down security solution silos by delivering an endpoint agent, a threat detection analytics engine, automation for endpoint and notifications, identity threat detection, forensic capabilities and support to ingest third party data.
  • A lack of current and integrated threat intelligence in security technologies is a significant challenge most organizations contend with. Cortex XDR continuously integrates curated Unit 42® and Cortex threat research, relieving clients of an extraordinary threat intelligence and detection engineering burden.
  • Cortex XDR solves the challenge of missing both known and unknown threats, as proven by third-party testing, yet keeps the signal to noise ratio low to reduce false positives and unburden security analysts from chasing false flags.
  • It is widely accepted that disparate and poorly integrated solutions are expensive and not reducing risk to an acceptable level. Cortex XDR delivers increased ROI over narrowly focused EDR solutions and bloated SIEM solutions that put more burden on the client to manage it and get less detection efficacy.
  • EDR focused and not-XDR solutions lack identity-based threat detection organizations are increasingly concerned with. Cortex XDR addresses insider threats, lateral movement, anomalous user and entity behavior with the Identity Threat Detection and Response (ITDR) module.


  XDR Prevent XDR Pro per Endpoint XDR Pro per Gigabyte
Next-Generation Antivirus
Block malware, ransomware, exploits and fileless attacks.
 
Endpoint Protection
Safeguard endpoints with device control, firewall and disk encryption
 
Detection and Response
Pinpoint attacks with AI-driven analytics and coordinate response
 
Managed Detection and Response
Let Unit 42 experts work for you 24/7 to detect and respond to threats
 
Managed Threat Hunting
Let Unit 42 experts work for you 24/7 to discover advanced threats
 
Host Insights
Find vulnerabilities and sweep across endpoints to eradicate threats
   
Forensics Investigation
Incidents swiftly with comprehensive forensics evidence
   
Third Party Security Events
Send security events from other data sources
 
Third Party Security Logs
Send raw logs from other data sources
   
Network Traffic Analysis
Syslog, Kafka, DB, CSV file, FTP, NetFlow, Windows events, Pathfinder
   
Prisma and PANW IoT Security
Unify cloud and/or control system environments with XDR
   
Integrations
Threat intelligence solutions, Slack, send syslog
Security Analytics
Apply machine learning and UEBA detections to security data
 
Identity Threat Detection and Response (ITDR Module)
Uncover hard to detect threats like insiders, lateral movement, credential compromise
   
eXtended Threat Hunting Data (XTHD Module)
Collect rich data at the endpoint to support deep threat hunting operations in an environment