Palo Alto Networks Cortex XDR offers powerful data-stitching, machine learning and simplified investigation capabilities. Learn about a unified user interface for Endpoint protection and Cortex XDR with AI-driven malware prevention and a new device control module.
At the annual Ignite Europe conference today, Chief Product Officer Lee Klarich announced the next evolution of the industry's first XDR product—Cortex XDR 2.0.
When Cortex XDR was first introduced earlier this year, it created a new category of tools, providing threat detection and response across siloed data sources. Now, with Cortex XDR 2.0, you will have even more visibility into security operations, including new endpoint features, a unified user interface that includes Endpoint and Cortex XDR, and the ability to inject third-party data and alerts.
Diagram showing how Cortex integrates with other Palo Alto Networks products.
Diagram showing how Cortex XDR and Cortex Data Lake integrate with Palo Alto Networks products as well as Third Party Data.
What's New in Cortex XDR 2.0?
Third-Party Data Ingestion*
Every organization has a multi-vendor security landscape that sometimes includes more than one type of firewall. By ingesting third-party firewall logs, Cortex XDR 2.0 is now delivering on its vision of comprehensive behavioral analytics that extends to all network data. In addition to firewall logs, Cortex XDR 2.0 has the ability to ingest a wide range of network alerts into our unique incident view, stitching together all alert types to reveal the root cause of a single incident.
This means you don’t have to be an exclusive Palo Alto Networks shop to take advantage of the Cortex XDR powerful data-stitching, machine learning, and simplified investigation capabilities across your entire network.
A Unified User Interface for Endpoint Protection and Cortex XDR*
Management and UI capabilities for prevention, detection, investigation and response have been unified into a single platform, with a complete rebuild of the Traps management service into Cortex XDR. The new management console has end-to-end support for all capabilities that were previously part of either Traps or Cortex XDR, integrating endpoint policy management, security events review, and endpoint log analysis with detection, investigation and response.
Powerful New Endpoint Protection Capabilities*
AI-driven malware prevention on the endpoint Our revamped local analysis engine can deliver a verdict right on the endpoint, without requiring any internet connectivity. Based on a comprehensive curated data set and a state-of-the-art machine learning framework, the Cortex XDR local analysis engine is built for continuous learning and prevention. Powered by WildFire, which boosts the world’s most expansive training set, the engine includes a unique agile framework for rapid model updates for all endpoints to stay ahead of attackers’ evolving techniques.
A new device control module This is one of the top endpoint features that our customers have been asking for. The new Device Control capability, first in a series of new EPP modules that will be released in the coming months, will give organizations granular USB access management on the endpoint to prevent malware and data loss caused by unsanctioned devices. You may not ever be able to stop users from plugging in strange USB sticks they find in the parking lot, but now you can prevent the rubber-ducky-type attack and control whether people can copy data out to USB devices.