Palo Alto Networks unveils Cortex XDR 3.0 for cloud

Palo Alto Networks has unveiled Cortex® XDR 3.0 for cloud. Third-generation XDR expands the company’s extended detection and response (XDR) solution to cloud- and identity-based threats, giving businesses the holistic analytics they need to defend against more sophisticated cyberattacks.

The third version of Cortex XDR, which already outperformed previous generations in the MITRE ATT&CK® test, now provides security operations center (SOC) teams with even more protection throughout their attack surface. By extending detection, monitoring, and investigation into cloud environments, as well as identifying malicious user activities and insider threats through identity data analysis, it is possible to detect malicious user activities and insider threats, Security analytics across endpoints, networks, clouds, and identities benefit SOC teams for organization-wide detection and response, which is crucial in an era of more interconnected assaults.

Furthermore, Cortex XDR 3.0 provides forensic investigation features based on Palo Alto Networks’ world-class Unit 42 Security Consulting group’s powerful proprietary technologies, as well as ingestion and custom correlations for practically all third-party data sources.

“Palo Alto Networks created the extended detection and response (XDR) category in 2019 — understanding that only by integrating data from across all security sources can we detect complex threats accurately, prevent attacks automatically, and investigate them much faster. We’ve been innovating against that mission ever since,” said Tim Junio, senior vice president of products, Cortex at Palo Alto Networks. “With our third-generation XDR solution expanding to cloud and identity analytics, Cortex XDR 3.0 has taken a large step towards being the most comprehensive platform for the SOC to protect endpoints, entities, assets, workloads, and critical data.”

Cortex XDR has been a top performer in the MITRE ATT&CK test for three years in a row, with the highest overall combined detection and protection rate. The new features of Cortex XDR 3.0 prepare SOC teams to know and stop assaults as cybersecurity threat actors become faster, more organised, and more sophisticated in their tactics, approaches, and procedures:

• Cortex XDR for cloud SOC teams can use cloud environments to extend detection, monitoring, and investigation. Cloud host data, traffic logs, audit logs, data from Palo Alto Networks’ industry-leading Prisma® Cloud solution, and third-party cloud security data are all combined and integrated with non-cloud endpoint and network data sources in XDR 3.0. This gives SOC teams the finest coverage across on-premises and multicloud settings.

• Cortex XDR Identity Analytics By gathering and analysing a large range of identification data, XDR’s user behaviour analytics capabilities are improved, even more, allowing it to detect malicious behaviours and insider threats.
• Cortex XDR Forensics Customers of Cortex XDR get direct access to the powerful forensic investigation technology utilised by Palo Alto Networks Unit 42 Security Consulting. The XDR Forensics module allows you to capture historical evidence from compromised systems, such as user, file, application, browser, and other activity, in order to exploit XDR’s full analytic capacity during incident response.

• Cortex XDR Incident Management Interface provides security analysts with a complete account of an incident, including linked malicious artifacts, hosts, users, and correlated alerts mapped to the MITRE ATT&CK framework, all in one spot. This enables analysts to respond to issues more swiftly and thoroughly.

• Cortex XDR Third-Party Data Engine Customers can ingest, standardize, correlate, query, and analyse data from nearly any source with this software. This third-party data can be connected with threat activity and tagged with MITRE ATT&CK tactics, techniques, and procedures to offer a more detailed picture of hostile movement. This also enables SOC teams to better understand the full scope of an issue and respond more effectively.