topic Re: HIPS and Host Firewall in Cortex XDR Discussions

HIPS and Host Firewall

MohanKumar1 — Wed, 05 Jan 2022 07:32:35 GMT

I would like to know whether Cortex XDR has Host Intrusion Prevention and Host Firewall capability. If yes, what is the difference and how to enable.

Re: HIPS and Host Firewall

Casey69 — Thu, 06 Jan 2022 03:55:32 GMT

I am looking for the same. njmcdirect

Re: HIPS and Host Firewall

bbarmanroy — Fri, 07 Jan 2022 02:41:11 GMT

@MohanKumar1 @Casey69 HIPS stands for Host Intrusion Prevention System. Cortex XDR is an EDR solution, and I assume what you're looking for is explained in detail here: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/endpoint-security-concepts/about-cortex-xdr-protection.html

Yes, XDR supports Host Firewall capabilities. You can refer to this documentation here: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/hardened-endpoint-security/host-firewall.html

Re: HIPS and Host Firewall

MohanKumar1 — Mon, 10 Jan 2022 00:59:48 GMT

@bbarmanroy
Thanks for the information. It is confirmed HIPS is not support or not the module available in Cortex XDR as an endpoint security. Or let me know if I am wrong.

Host Firewall is available in EDR.

Re: HIPS and Host Firewall

bbarmanroy — Mon, 10 Jan 2022 03:05:56 GMT

@MohanKumar1 Cortex XDR certainly covers the capabilities of a traditional HIPS, and much more. What features of HIPS are you looking for?

Re: HIPS and Host Firewall

MohanKumar1 — Mon, 10 Jan 2022 03:08:35 GMT

Does the default XDR update IPS signatures automatically. If yes, How do we check / ensure.

Re: HIPS and Host Firewall

bbarmanroy — Mon, 10 Jan 2022 03:23:25 GMT

Hi @MohanKumar1 the logical equivalent of that would be the "XDR Content Updates", commonly referred to as CU's. You can check the corresponding CU's for an agent via the Endpoint Administration page.

Ref: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/about-content-updates.html

You can modify the CU updates based on your Agent settings (see brief explanation here).

Re: HIPS and Host Firewall

MohanKumar1 — Mon, 10 Jan 2022 04:24:59 GMT

Thanks, this was the clarification I was looking.😊

Re: HIPS and Host Firewall

eluis — Mon, 10 Jan 2022 11:06:54 GMT

Hi MohanKumar1,

xdr agent can perform packet inspection in its own fw (dont take it as a full featured FW as our NGFW) in the link that my colleague @bbarmanroy sent you can see at the end of the features list the packet inspection.

Also realize that we can gather your network traffic and analyse it on the cloud not just with signatures, better than that we perform ML and detect malicious traffic from new attacks that will not be detected by standard signatured based IDS. All this signatures and intelligence is maintained by PANW, you dont need to worry about them.

Please check out these two docs:

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-architecture

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-release-notes/set-up-network-analysis-and-detection

Hope this helps also.

KR,

Luis