Read Cortex XDR - Analytics new features for May 2019 to see what's new with Cortex XDR - Analytics. Find details of the new features and useful resources to up-to-date technical documentation. Got Questions? Get Answers on LIVEcommunity.
The month of May brings quite a few new features for Cortex XDR - Analytics.
Here's a list of what's new for you in this release:
Mobile Endpoint Coverage Through GlobalProtect and GlobalProtect Cloud Service
The Cortex XDR™ – Analytics app can now detect threats on mobile endpoints that roam outside of your firewall-protected environment by examining GlobalProtect™ and GlobalProtect cloud service VPN traffic. After you identify the IP address pools of your mobile user, the app analyzes user VPN traffic and creates a Mobile VPN device type based on the username-associated traffic. The app raises the same alerts, as with a firewall-only deployment, and associates the alerts to a Mobile VPN device type.
New DNS Tunneling Alert
When the Cortex XDR – Analytics app detects unusual DNS queries or responses, the app can now raise the DNS Tunneling alert. DNS queries are a common function of internet traffic, but DNS traffic can also be used for communication between malware and a command-and-control server or used to exfiltrate data from your network.
New Alert for Returning Rare IP Access
Cortex XDR – Analytics can now raise the Recurring Rare IP Access alert when it identifies activity that is consistent with command and control activity. To identify this type of activity, the app analyzes recurring connections to external hosts to determine whether those connections are anomalous for endpoints within your network. The app can detect this behavior using either firewall or endpoint activity logs. For higher detection accuracy, you can also enable Enhanced Application logs on your firewalls.
Alerts for Endpoint Behavior
If you use Traps to monitor endpoint activity, Cortex XDR – Analytics can now raise the following alerts based on uncommon or rare endpoint behavior: