About pbishop

@OmarDweik wrote:  The Other EDR Vendor they have behavior and legacy With Sandbox verdict so it is more protection.   Sandboxing is different from Cortex XDR's in-line capabilities. Sandboxing, while important, can be identified by advanced malware that send WMI queries, perform other environment checks, or check which processes are running to see if they are operating within a sandbox. On the other hand, Cortex XDR intercepts processes and prevents exploits by implementing roadblocks at each stage of the process, thus preventing behavioral threats by observing patterns throughout the entire process cycle. Malware can't evade this check like it can evade sandboxing (by remaining dormant), making Cortex XDR's protection more complete than traditional antivirus and sandboxing techniques. Case in point, the SolarStorm compromise performed a sandboxing check and went dormant for two weeks following the initial access and execution phase. This process successfully by-passed sandboxing attempts in traditional EDR platforms.   Sandboxing also adds unnecessary performance impact and user operation disruption when compared to the in-line protection provided by Cortex XDR. Competitors that have bet on sandboxing technology have had that problem since the beginning when compared to Cortex XDR.  Finally, XDR leverages sandbox technology by way of WildFire. While not native in XDR agents, this once more improves performance impact while providing better protection. This usage of WildFire sandboxing allows XDR to both prevent the activity locally while detonating in a sandboxing in the cloud to identify what the malware would have done on the endpoint, effectively giving Cortex XDR the best of both worlds. ... View more

@agalindo wrote: Are there any upcoming discounts for certifications? Palo Alto Networks employees receive two free vouchers each year for  Pearson certificates. Additionally, there are many certification discounts available from time to time on company emails, and on the Palo Alto Networks LiveCommunity website. ... View more

@OtakarKlier wrote: Hello, What are some of the training offerings for those with limited/no training budget who are trying to get into cyber? Regards, Palo Alto Networks Cybersecurity Academy has a number of free resources available, and with the use of a Beacon account, there are a number of free Digital Learning resources as well. ... View more

@OmarDweik wrote: i have two question What the Different between Cortex  and other EDR with Antivirus Definition ?   What is Content Update ? One of the single most important differences between Cortex XDR and traditional static/dynamic definitional list protection (i.e. traditional antivirus) is that Cortex XDR provides behavioral analysis on top of WildFire’s file verdict. Contemporary malware, such as MiniDuke, utilize a customized backdoor for each target, written in assembler. Each target receives a unique dropper so traditional methods of analyzing a file based upon others having previously uploaded the same file will be bypassed entirely since every target is unique. In addition to traditional WildFire file verdicts, Cortex XDR uses Behavioral Threat Prevention and Behavioral Indicators of Compromise to detect the sort of activity overwhelmingly used to compromise systems rather than just specific SHA256 hashes or file names.   Content Updates come in the form of new Behavioral Indicator of Compromise rules, new hash updates, agent policy updates and more. An example of a very valuable content update was when Palo Alto pushed out content updates specifically for SolarStorm and the recent Microsoft Exchange compromise. ... View more