Introducing Cortex XDR

Mitchell Bezzina


This post is also available in: 简体中文 (Chinese (Simplified)) 繁體中文 (Chinese (Traditional)) Français (French) Deutsch (German) 日本語 (Japanese) 한국어 (Korean) Nederlands (Dutch) Türkçe (Turkish) Español (Spanish) Italiano (Italian)

Earlier today we announced three cutting-edge innovations that will challenge the status quo across the security industry. One of these innovations is Cortex XDR, a cloud-delivered app that empowers security teams to not only detect and stop sophisticated attacks but adapt defenses to allow constant improvement and the prevention of future successful cyberattacks.

Cortex XDR is the first app available on Cortex, the industry’s only open and integrated AI-based continuous security platform. Cortex XDR is the industry’s first detection and response product that breaks the data silos that have segregated cybersecurity teams and slowed down incident response processes over the past twenty years. By natively correlating rich network, endpoint and cloud data at the point of storage, Cortex XDR uses analytics and real machine learning to improve every stage of security operations from detection to alert triage of highly evasive attacks.

Why not run the easy route and come out with another endpoint detection and response (EDR) product or network traffic analysis (NTA) point product? The challenges for today’s security teams are complex, and as a vendor, we look at the holistic picture to make things easier for our customers. Organizations face a severe cybersecurity skills shortage. The 2018 (ISC)² Cybersecurity Workforce Study estimates that there are nearly 3 million unfilled roles globally today. Specialists in network analysis, computer forensics or cloud management are particularly hard to come by. Security teams need a way to improve productivity and reduce complexity in their core purpose: identify, investigate and mitigate threats.

Cortex XDR redefines detection and response by force-multiplying a security team and optimizing every stage of security operations. With Cortex XDR, data from different sources is stitched together during ingestion, correlated and analyzed. Machine learning is applied to profile behavior and detect unseen attacks, while automation provides the root cause and a complete picture of any potential threats. A powerful query engine provides the basis for threat hunting, and custom rules ensure knowledge gained can be applied to ease future investigations or detect similar threats in the future.

Cortex XDR uniquely offers:

  • Automated Detection: Cortex XDR discovers malware, targeted attacks and insider threats by analyzing rich data with machine learning. Behavioral analytics automatically detects threat with a great degree of accuracy, while customizable detection rules allow security teams to defend attacker tactics and techniques that require human intervention.
  • Accelerated Investigations: Your security analysts can – with a single click – understand the root cause and timeline of events for any security alert. Context is applied to network, endpoint and cloud activity, simplifying complex analysis to reduce alert fatigue and speed up investigations.
  • Adaptive Response: Because Cortex XDR tightly integrates with enforcement points, you can instantly coordinate response. Knowledge gained from investigations can be applied forward, updating the customizable detection rules to protect against future threats or add context for investigations.
  • Easy, Cloud-based Deployment: As a cloud-based app, Cortex XDR overcomes the management and scaling challenges of on-premises detection and response. Cortex XDR analyzes network, endpoint and cloud data stored in the Cortex Data Lake, providing an operationally efficient way to store the large volumes of data needed for behavioral analytics, while leveraging your existing security investments as sensors and enforcement points.
  • A Foundation for Future Growth: While Cortex XDR has expanded detection and response across network, endpoint and cloud data within a single product, it can also operate on a single data source. Customers can start with endpoint data from the included Traps agents, effectively competing with other EDR tools, or start with network data and compete with other NTA tools. However, you can expand and integrate other data sources as requirements grow.
  • Traps 6.0, the most advanced malware and exploit prevention, now protects endpoints across the complete spectrum of threats with the addition of behavioral threat protection. Unlike traditional antivirus that only analyzes a single process at a time and depends on prior threat knowledge, Traps now detects and stops attack activity by monitoring for malicious sequences of events across processes and terminating attacks when detected. Additional enhancements include expanded protection for Linux containers, Linux ELF malware protection,  and rich data collection for Cortex XDR. Cortex XDR will include Traps, offering a single, lightweight agent to block endpoint threats and collect data for detection and response. Traps can also be purchased separately for ironclad endpoint protection.

 

For more information, join us for a Cortex XDR live online event on:

    • March 19th at 10AM PDT for the Americas
    • March 21st at 11AM SGT and 5PM SGT for APJ
    • March 27th at 11AM GMT for EMEA

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.