- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-27-2021 09:09 AM
@OmarDweik wrote:
i have two question
What the Different between Cortex and other EDR with Antivirus Definition ?
What is Content Update ?
One of the single most important differences between Cortex XDR and traditional static/dynamic definitional list protection (i.e. traditional antivirus) is that Cortex XDR provides behavioral analysis on top of WildFire’s file verdict. Contemporary malware, such as MiniDuke, utilize a customized backdoor for each target, written in assembler. Each target receives a unique dropper so traditional methods of analyzing a file based upon others having previously uploaded the same file will be bypassed entirely since every target is unique. In addition to traditional WildFire file verdicts, Cortex XDR uses Behavioral Threat Prevention and Behavioral Indicators of Compromise to detect the sort of activity overwhelmingly used to compromise systems rather than just specific SHA256 hashes or file names.
Content Updates come in the form of new Behavioral Indicator of Compromise rules, new hash updates, agent policy updates and more. An example of a very valuable content update was when Palo Alto pushed out content updates specifically for SolarStorm and the recent Microsoft Exchange compromise.