cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Who Me Too'd this solution


@OmarDweik wrote:

i have two question

What the Different between Cortex  and other EDR with Antivirus Definition ?

 

What is Content Update ?


One of the single most important differences between Cortex XDR and traditional static/dynamic definitional list protection (i.e. traditional antivirus) is that Cortex XDR provides behavioral analysis on top of WildFire’s file verdict. Contemporary malware, such as MiniDuke, utilize a customized backdoor for each target, written in assembler. Each target receives a unique dropper so traditional methods of analyzing a file based upon others having previously uploaded the same file will be bypassed entirely since every target is unique. In addition to traditional WildFire file verdicts, Cortex XDR uses Behavioral Threat Prevention and Behavioral Indicators of Compromise to detect the sort of activity overwhelmingly used to compromise systems rather than just specific SHA256 hashes or file names.

 

Content Updates come in the form of new Behavioral Indicator of Compromise rules, new hash updates, agent policy updates and more. An example of a very valuable content update was when Palo Alto pushed out content updates specifically for SolarStorm and the recent Microsoft Exchange compromise.

View solution in original post

Who Me Too'd this solution