Cortex XDR Highlights
Cortex XDR delivers the industry’s first XDR solution that provides protection, detection, and response by analyzing data from the Cortex endpoint and your third-party data sources to counter threat landscape risks. Cortex XDR includes simplified automation actions to make security analysts more efficient in their investigation processes.
- Full visibility across network, Cortex endpoint, cloud, third party and identity sources, not just endpoint
- Reduced mean time to detect (MTTD) and mean time to respond (MTTR)
- Out-of-the-box identity-focused threat detection for initial access tactics, techniques, and procedures (TTPs) and available add-on for advanced identity-based threat detection analytics, like insider threats
- Leading MITRE ATT&CK Round 4 Evaluation results with a 97% detection rate
- True data science driven detections using machine learning algorithms to reduce noise and improve efficacy for hard to detect threats
- Scale to enterprise needs using the power of the cloud with no on-premises solution requirements
- Unified endpoint agent included that delivers NGAV, EDR, host firewall, device control, disk encryption with add-ons for forensic collection and host insights for vulnerabilities and artifacts
Security Challenges Addressed by Cortex XDR
- Cortex XDR breaks down security solution silos by delivering an endpoint agent, a threat detection analytics engine, automation for endpoint and notifications, identity threat detection, forensic capabilities and support to ingest third party data.
- A lack of current and integrated threat intelligence in security technologies is a significant challenge most organizations contend with. Cortex XDR continuously integrates curated Unit 42® and Cortex threat research, relieving clients of an extraordinary threat intelligence and detection engineering burden.
- Cortex XDR solves the challenge of missing both known and unknown threats, as proven by third-party testing, yet keeps the signal to noise ratio low to reduce false positives and unburden security analysts from chasing false flags.
- It is widely accepted that disparate and poorly integrated solutions are expensive and not reducing risk to an acceptable level. Cortex XDR delivers increased ROI over narrowly focused EDR solutions and bloated SIEM solutions that put more burden on the client to manage it and get less detection efficacy.
- EDR focused and not-XDR solutions lack identity-based threat detection organizations are increasingly concerned with. Cortex XDR addresses insider threats, lateral movement, anomalous user and entity behavior with the Identity Threat Detection and Response (ITDR) module.
| XDR Prevent | XDR Pro per Endpoint | XDR Pro per Gigabyte | |
|---|---|---|---|
|
Next-Generation Antivirus Block malware, ransomware, exploits and fileless attacks. |
|
|
|
|
Endpoint Protection Safeguard endpoints with device control, firewall and disk encryption |
|
|
|
|
Detection and Response Pinpoint attacks with AI-driven analytics and coordinate response |
|
|
|
|
Managed Detection and Response Let Unit 42 experts work for you 24/7 to detect and respond to threats |
|
|
|
|
Managed Threat Hunting Let Unit 42 experts work for you 24/7 to discover advanced threats |
|
|
|
|
Host Insights Find vulnerabilities and sweep across endpoints to eradicate threats |
|
||
|
Forensics Investigation Incidents swiftly with comprehensive forensics evidence |
|
||
|
Third Party Security Events Send security events from other data sources |
|
|
|
|
Third Party Security Logs Send raw logs from other data sources |
|
||
|
Network Traffic Analysis Syslog, Kafka, DB, CSV file, FTP, NetFlow, Windows events, Pathfinder |
|
||
|
Prisma and PANW IoT Security Unify cloud and/or control system environments with XDR |
|
||
|
Integrations Threat intelligence solutions, Slack, send syslog |
|
|
|
|
Security Analytics Apply machine learning and UEBA detections to security data |
|
|
|
|
Identity Threat Detection and Response (ITDR Module) Uncover hard to detect threats like insiders, lateral movement, credential compromise |
|
||
|
eXtended Threat Hunting Data (XTHD Module) Collect rich data at the endpoint to support deep threat hunting operations in an environment |
|