Ended: Cortex Education Services Training and Credentialing Opportunities

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Ended: Cortex Education Services Training and Credentialing Opportunities

Community Team Member

 

Education Services Training and Credentialing Opportunities for All Things Cortex

 

Ask your questions from October 14 through October 26 as the Education Services Team experts will be available in a Q&A session for an opportunity to learn, join in, ask questions, and meet our experts! The Ask Me Anything (AMA) Event is focused on Education Services Training and Credentialing Opportunities for Cortex.

 

Ask questions from Thursday, October 14 to Tuesday, October 26, 2021. 

 

Come back on October 27 from 8 a.m. to 10 a.m. PT  to join the event as our experts answer your questions!  

 

To participate in this event, please use the Reply button below to ask your questions.

 

Please be sure to click Like if a post is helpful to you and to "Accept as Solution" to let everyone know that the answer to your question hits the mark!

 

Want to learn more details about the event? Check out this article.

 

Thanks for reading!
9 accepted solutions

Accepted Solutions


@OmarDweik wrote:

i have two question

What the Different between Cortex  and other EDR with Antivirus Definition ?

 

What is Content Update ?


One of the single most important differences between Cortex XDR and traditional static/dynamic definitional list protection (i.e. traditional antivirus) is that Cortex XDR provides behavioral analysis on top of WildFire’s file verdict. Contemporary malware, such as MiniDuke, utilize a customized backdoor for each target, written in assembler. Each target receives a unique dropper so traditional methods of analyzing a file based upon others having previously uploaded the same file will be bypassed entirely since every target is unique. In addition to traditional WildFire file verdicts, Cortex XDR uses Behavioral Threat Prevention and Behavioral Indicators of Compromise to detect the sort of activity overwhelmingly used to compromise systems rather than just specific SHA256 hashes or file names.

 

Content Updates come in the form of new Behavioral Indicator of Compromise rules, new hash updates, agent policy updates and more. An example of a very valuable content update was when Palo Alto pushed out content updates specifically for SolarStorm and the recent Microsoft Exchange compromise.

View solution in original post


@OtakarKlier wrote:

Hello,

What are some of the training offerings for those with limited/no training budget who are trying to get into cyber?

Regards,


Palo Alto Networks Cybersecurity Academy has a number of free resources available, and with the use of a Beacon account, there are a number of free Digital Learning resources as well.

View solution in original post


@agalindo wrote:

Are there any upcoming discounts for certifications?


Palo Alto Networks employees receive two free vouchers each year for  Pearson certificates. Additionally, there are many certification discounts available from time to time on company emails, and on the Palo Alto Networks LiveCommunity website.

View solution in original post


@S.Cantwell wrote:

What are the requirements to invited to the XDR201 for CPSP partners?

Is there a chance increase the number of XDR201 classes?

How do we test out of the 201 (meaning, we have many years of experience) that we can earn the associated micro-credentials.

 


  • In order to be invited to the XDR201 you need to have passed the XDR101 first.

  • The number of class offerings is based on the demand. If the classes are all full with a waitlist we will offer additional classes, there are 3 201 XDR classes in between Nov 15-Dec 3. So if you are interested please sign up!

  • We do not offer a method to test out of the XDR201 class prior to taking the Micro-Credential.

View solution in original post

=================

One of the single most important differences between Cortex XDR and traditional static/dynamic definitional list protection (i.e.

traditional antivirus) is that Cortex XDR provides behavioral analysis on top of WildFire’s file verdict. Contemporary malware, such as MiniDuke, utilize a customized backdoor for each target, written in assembler. Each target receives a unique dropper so traditional methods of analyzing a file based upon others having previously uploaded the same file will be bypassed entirely since every target is unique. In addition to traditional WildFire file verdicts, Cortex XDR uses Behavioral Threat Prevention and Behavioral Indicators of Compromise to detect the sort of activity overwhelmingly used to compromise systems rather than just specific SHA256 hashes or file names.

 

My Response...

 

The Other EDR Vendor they have behavior and legacy With Sandbox verdict so it is more protection.

 

==================

Content Updates come in the form of new Behavioral Indicator of Compromise rules, new hash updates, agent policy updates and more. An example of a very valuable content update was when Palo Alto pushed out content updates specifically for SolarStorm and the recent Microsoft Exchange compromise.

 

My response:

Still not clear, as Palo alto they said we don't have update like other vendor (legacy AV) and based to your definition we can consider Content Update same other Antivirus Definition .

 

By the way at what level Content Update Applicable to Cortex XDR Layers

Prevention,Rule,Analysis & Response or data

 
HxH

View solution in original post


@OmarDweik wrote: The Other EDR Vendor they have behavior and legacy With Sandbox verdict so it is more protection.

 

Sandboxing is different from Cortex XDR's in-line capabilities. Sandboxing, while important, can be identified by advanced malware that send WMI queries, perform other environment checks, or check which processes are running to see if they are operating within a sandbox.

On the other hand, Cortex XDR intercepts processes and prevents exploits by implementing roadblocks at each stage of the process, thus preventing behavioral threats by observing patterns throughout the entire process cycle. Malware can't evade this check like it can evade sandboxing (by remaining dormant), making Cortex XDR's protection more complete than traditional antivirus and sandboxing techniques. Case in point, the SolarStorm compromise performed a sandboxing check and went dormant for two weeks following the initial access and execution phase. This process successfully by-passed sandboxing attempts in traditional EDR platforms.  

Sandboxing also adds unnecessary performance impact and user operation disruption when compared to the in-line protection provided by Cortex XDR. Competitors that have bet on sandboxing technology have had that problem since the beginning when compared to Cortex XDR. 

Finally, XDR leverages sandbox technology by way of WildFire. While not native in XDR agents, this once more improves performance impact while providing better protection. This usage of WildFire sandboxing allows XDR to both prevent the activity locally while detonating in a sandboxing in the cloud to identify what the malware would have done on the endpoint, effectively giving Cortex XDR the best of both worlds.

View solution in original post


@OmarDweik wrote:

- Can i delay Cortex 3.0 Services During Startup?

- there is Early Anti Malware Lunching features?

- can i control bandwidth With VM Broker?

 



Hi Omar! 

Q: Can i delay Cortex 3.0 Services During Startup?
A: Yes. There are multiple ways to do this, depending on the platform and the need. VDI machines have a dedicated setting for delayed startup, this is part of the new VDI flow introduced in 7.2 (Windows only), it works automatically to ensure the best performance but can also be tuned with the help of Support teams should there be issues. Services startup can be controlled also for regular XDR Agents for Windows (cloud or not), by leveraging the OS native services control capabilities, but keep in mind that the drivers start earlier and are in limbo until cyserver is started, therefore unexpected behaviour might occur especially if there are security events at boot while the service is not running yet. It is not advisable to play with this. Other OSes like macOS and linux have similar native capabilities.


Q: there is Early Anti Malware Lunching features?
A: Yes, there is, we use a driver called ‘telam’ to register cyserver as a Windows Protected Process on modern versions of Windows.


Q: can i control bandwidth With VM Broker?

A: What bandwidth are you referring to? Bandwidth consumed due to installer downloads, CU downloads, Agent heartbeats, Broker upgrades, etc. Depending on which one you mean XDR may or may not have bandwidth control capabilities. However, all bandwidth control capabilities are handled by XDR, not the Broker VMs.


Thanks!

View solution in original post


@OtakarKlier wrote:

Hello,

How is Cortex better/different than other XDR products on the market? Why should a company switch from their current product to Cortex?

Regards,


  • Cortex offers a single panel solution that integrates with endpoints, Wildfire, firewalls, security appliances, and other alert sources to provide intelligent alert correlations that are relevant to the environment. It utilizes cloud based machine learning to profile and call out anomalies and prevent behavioral threats. The endpoint agent prevents exploits by employing roadblocks at each stage of the attempt and works in conjunction with Wildfire to detonate malware before it can compromise the endpoint. 
  • This is what they say about us:
    • “Cortex XDR accurately detects threats with behavioral analytics and reveals the root cause to speed up investigations. Tight integration with enforcement points accelerates containment, enabling users to stop attacks before the damage is done.” TrustRadius 2021 products reviews
    • “Speed of deployment. Ability to review an incidents and see where a users traffic originated from. Ability to detonate potential contaminations in wildfire's sandbox and see what the attack attempted to do. PANs services and support teams who are immediately responsive and proactive Future services and automations we can integrate into - vulnerability management, IoT, SOAR, Prisma SaaS, etc.” Gartner 2020 Market reviews
  • The switch to Cortex can save an Enterprise money, time, and build a better security platform.

View solution in original post


@nhussaini wrote:

How do education services trainings differ from live community trainings? 



Hi Naresa!

We are not clear what resources you refer to exactly. In general, material found on Live comes in the form of blog posts, articles, white papers, "additional resources" of this kind. Whereas Education Services training offerings (e.g., EDU-260, EDU-261, ...) are full-blown courses, each with a different curriculum and set of objectives, they are delivered either in live classes with an instructor or through our online learning platforms. I hope it helps.

Thanks!

View solution in original post

20 REPLIES 20

L4 Transporter

What training and certification offerings do you have for Cortex?

L1 Bithead

i have two question

What the Different between Cortex  and other EDR with Antivirus Definition ?

 

What is Content Update ?

HxH

L4 Transporter

How do education services trainings differ from live community trainings? 

Cyber Elite
Cyber Elite

What are the requirements to invited to the XDR201 for CPSP partners?

Is there a chance increase the number of XDR201 classes?

How do we test out of the 201 (meaning, we have many years of experience) that we can earn the associated micro-credentials.

 

Help the community: Like helpful comments and mark solutions

Cyber Elite
Cyber Elite

Hello,

What are some of the training offerings for those with limited/no training budget who are trying to get into cyber?

Regards,

Cyber Elite
Cyber Elite

Hello,

How is Cortex better/different than other XDR products on the market? Why should a company switch from their current product to Cortex?

Regards,

L4 Transporter

Are there any upcoming discounts for certifications?

Any Answer

HxH


@OmarDweik wrote:

i have two question

What the Different between Cortex  and other EDR with Antivirus Definition ?

 

What is Content Update ?


One of the single most important differences between Cortex XDR and traditional static/dynamic definitional list protection (i.e. traditional antivirus) is that Cortex XDR provides behavioral analysis on top of WildFire’s file verdict. Contemporary malware, such as MiniDuke, utilize a customized backdoor for each target, written in assembler. Each target receives a unique dropper so traditional methods of analyzing a file based upon others having previously uploaded the same file will be bypassed entirely since every target is unique. In addition to traditional WildFire file verdicts, Cortex XDR uses Behavioral Threat Prevention and Behavioral Indicators of Compromise to detect the sort of activity overwhelmingly used to compromise systems rather than just specific SHA256 hashes or file names.

 

Content Updates come in the form of new Behavioral Indicator of Compromise rules, new hash updates, agent policy updates and more. An example of a very valuable content update was when Palo Alto pushed out content updates specifically for SolarStorm and the recent Microsoft Exchange compromise.


@OtakarKlier wrote:

Hello,

What are some of the training offerings for those with limited/no training budget who are trying to get into cyber?

Regards,


Palo Alto Networks Cybersecurity Academy has a number of free resources available, and with the use of a Beacon account, there are a number of free Digital Learning resources as well.


@agalindo wrote:

Are there any upcoming discounts for certifications?


Palo Alto Networks employees receive two free vouchers each year for  Pearson certificates. Additionally, there are many certification discounts available from time to time on company emails, and on the Palo Alto Networks LiveCommunity website.


@S.Cantwell wrote:

What are the requirements to invited to the XDR201 for CPSP partners?

Is there a chance increase the number of XDR201 classes?

How do we test out of the 201 (meaning, we have many years of experience) that we can earn the associated micro-credentials.

 


  • In order to be invited to the XDR201 you need to have passed the XDR101 first.

  • The number of class offerings is based on the demand. If the classes are all full with a waitlist we will offer additional classes, there are 3 201 XDR classes in between Nov 15-Dec 3. So if you are interested please sign up!

  • We do not offer a method to test out of the XDR201 class prior to taking the Micro-Credential.

=================

One of the single most important differences between Cortex XDR and traditional static/dynamic definitional list protection (i.e.

traditional antivirus) is that Cortex XDR provides behavioral analysis on top of WildFire’s file verdict. Contemporary malware, such as MiniDuke, utilize a customized backdoor for each target, written in assembler. Each target receives a unique dropper so traditional methods of analyzing a file based upon others having previously uploaded the same file will be bypassed entirely since every target is unique. In addition to traditional WildFire file verdicts, Cortex XDR uses Behavioral Threat Prevention and Behavioral Indicators of Compromise to detect the sort of activity overwhelmingly used to compromise systems rather than just specific SHA256 hashes or file names.

 

My Response...

 

The Other EDR Vendor they have behavior and legacy With Sandbox verdict so it is more protection.

 

==================

Content Updates come in the form of new Behavioral Indicator of Compromise rules, new hash updates, agent policy updates and more. An example of a very valuable content update was when Palo Alto pushed out content updates specifically for SolarStorm and the recent Microsoft Exchange compromise.

 

My response:

Still not clear, as Palo alto they said we don't have update like other vendor (legacy AV) and based to your definition we can consider Content Update same other Antivirus Definition .

 

By the way at what level Content Update Applicable to Cortex XDR Layers

Prevention,Rule,Analysis & Response or data

 
HxH

L1 Bithead

- Can i delay Cortex 3.0 Services During Startup?

- there is Early Anti Malware Lunching features?

- can i control bandwidth With VM Broker?

 

HxH
  • 9 accepted solutions
  • 21194 Views
  • 20 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!