Cortex Data Lake is an epic, scalable data infrastructure that’s capable of ingesting, learning and signaling millions of events per second. It’s the technology that powers Cortex XDR, enabling it to detect and stop threats across network, cloud and endpoints, running over a dozen machine learning algorithms.
Cortex Data Lake is the powerful backbone of the Cortex platform. The relationship between Cortex Data Lake and Cortex XDR reminds me of a joke: The president and the first lady stop at a gas station, where the first lady recognizes the owner of a gas station as an old boyfriend. The president jokes that she could have been the wife of a gas station owner, and the first lady responds, “No dear, he’d be the President of the United States!”
What can Cortex Data Lake do?
First, Cortex Data Lake ingests your Next-Generation Firewall logs, your Traps logs, and your Prisma Access logs. It ingests data with full fidelity, with over a hundred data points per network log, including metadata from WildFire, our global threat intel platform. We designed and priced the product to store all these details for future AI processing; the higher the fidelity, the more accurate your machine learning will be. No wonder we were found to deliver the broadest coverage with the fewest missed attack techniques among 10 endpoint detection and response (EDR) vendors in the recent MITRE evaluation.
What’s the point of ingesting all this data? Let’s see some of the things you can do with it:
- Real-time network traffic visibility: Later this month, we’ll launch a new version of the Explore app for network operations teams. It will enable NetOps to interact with traffic in real time, gain visibility of threats, and identify which apps are running on the network and what risks they expose.
- SOAR: With Demisto, you can orchestrate workflows on your firewall, cloud and endpoint data across your Cortex Data Lake, Splunk and other security information and event management (SIEM) instances. We hear lots of praise for this coexistence to help customers avoid forwarding huge volumes of firewall logs to their SIEMs.
- Feed the data into applications: We have 24 partner apps and counting. The Cortex team and our partner ecosystem are busy building new apps every day to simplify, integrate and improve security operations.
Happy log forwarding!