Palp alto TRAP XDR cortex

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Palp alto TRAP XDR cortex

L0 Member

Is it safe to install paloalto cortex XDR solution?

If we install in our premises then our client machine data may get compromised if cortex scan for  malware on cloud. Then what is the use of proxy broker server. I want my data must be safe and it should on premises only. If my data my ip will be save on cloud then how i will be secured. What is the architecture of cortex? what is the function of this proxy server?

1 REPLY 1

L4 Transporter

Hi @paloalto_mpd

answering your questions. 

Yes it is safe to install cortex xdr 

You can install xdr in VMs, and on premise endpoints, kubernetes.... so you can have your cloud also protected. If I understood you properly

For the architecture check this doc:

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-...

Basically our xdr tenant in the cloud receives all kind of logs from agents (installed in different platforms as mentioned above), and also network logs, 3rd-party ... you name it. In our cloud tenant we do process them with the analytics engine correlating and stitching all together to be more accurate in our detections and at the same time enriching your alerts and incidents with all the mentioned logs. So we do not just give alerts, we also provide the context in which those alerts and incidents happened saving thousands of hours to the analysts that have the majority of the work already done by xdr (but of course not all the job, there are still a bit if human intelligence to be added from the security analysts).

About the Broker VM, it has several funcionts: 

  1. Can act as a proxy for your isolated endpoints communicating them with the  tenant in the cloud
  2. Be the satellite (kind of redhat term) to distribute your agent and content updates
  3. Can buffer your logs coming from your infrastructure and on the way to the tenant in case of internet outage so you dont lose security events that can spot your real incidents. 

Hope this helped. Please feel free to click on like or recommend if this was helpful for you.

KR,

Luis  

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!