2 min Security

Palo Alto Networks launches version 2 of Cortex XDR

Palo Alto Networks launches version 2 of Cortex XDR

Palo Alto Networks has launched the second version of its detection and response platform, Cortex XDR. This version has been extended towards data sources from third parties.

Cortex XDR is a detection and response app that natively integrates into network, endpoint and cloud data to prevent advanced attacks. The solution detects threats based on behavioral analytics.

In nine months, the company says that it has enabled organisations to reduce the number of alerts by fifty times and speed up investigations by eight times, according to Lee Klarich, chief product officer at Palo Alto Networks. Klarich says that this eliminates noise and allows analysts to focus on the most critical threats. Cortrex XDR 2.0 contains several updates that further expand the platform.

“With the addition of third-party data, a unified platform experience, and new endpoint security enhancements in Cortex XDR 2.0, we are further enhancing the power of the Cortex XDR platform and expanding the prevention, detection, research and response capabilities across the customers’ entire environment,” said Klarich.

Cortex XDR 2.0

Cortex XDR 2.0 has therefore been opened up for third-party data, enabling detection in a multi-vendor solution environment. All alerts are merged into a single overview of incidents.

In addition, there is a new platform on which prevention, detection, investigation and response capabilities are combined. The new console has end-to-end support for all possibilities that were previously part of Traps and Cortex XDR.

The new version also features a machine learning-driven local analysis engine that is adapted for continuous learning and prevention. The engine is controlled by a WildFire training set.

New modules

Finally, there is a new Device Control module, which provides organisations with detailed USB access control on endpoints, to prevent malware or data loss from other devices.

According to Palo Alto Networks, this is the first in a series of new endpoint protection platform modules. What the other modules are and when they appear, is still unknown.