Cortex XDR- Extended Detection and Response

CORTEX XDR

Palo Alto Networks
named a Leader by
Gartner® for Cortex XDR.

Recognized for ability to execute and completeness of vision.

Get the report

Read the blog

Break free from legacy endpoint solutions.

With the Cortex® platform offer for endpoint security.

AI and automation:
The future of SecOps.

Come see where security operations are headed next.

Watch on demand

Unbiased Testing. Unbeatable Results.

ONLY Cortex Delivers 100% Protection and Detection in MITRE Engenuity

Watch on demand

Evaluations Dashboard

The Resilient SOC

Essential Reading for CISOs

Explore

Why Cortex XDR

Stop attacks with full visibility and analytics

Proven endpoint protection

Block advanced malware, exploits and fileless attacks with the industry’s most comprehensive endpoint security stack. Our lightweight agent stops threats with Behavioral Threat Protection, AI and cloud-based analysis.

Laser-accurate detection

Pinpoint evasive threats with patented behavioral analytics. Cortex XDR uses machine learning to profile behavior and detect anomalies indicative of attack. Analytics lets you spot adversaries attempting to blend in with legitimate users.

Lightning-fast investigation and response

Investigate threats quickly by getting a complete picture of each attack with incident management. You can view the root cause of any alert with a single click and swiftly stop attacks across your environment.

Sit back, relax and let Cortex XDR protect you

COMPLETE ENDPOINT SECURITY
Safeguard your endpoints with NGAV, host firewall, disk encryption and USB device control.
ML-DRIVEN THREAT DETECTION
Find hidden threats like insider abuse, credential attacks, malware and exfiltration using behavioral analytics.
INCIDENT MANAGEMENT
Cut investigation time with intelligent alert grouping. Incident scoring lets you focus on the threats that matter.
AUTOMATED ROOT CAUSE ANALYSIS
Swiftly verify threats by reviewing the root cause, sequence of events, intelligence and investigative details all in one place.
DEEP FORENSICS
Conduct deep internal and regulatory investigations, even if endpoints are not connected to the network.
FLEXIBLE RESPONSE
Block fast-moving attacks, isolate endpoints, execute scripts and sweep across your entire environment to contain threats in real time.
EXTENDED THREAT HUNTING
Conduct more granular and advanced threat hunting operations in your security environment using extended data collection and analysis.

Simplify SecOps with one platform for detection and response across all data

Cortex XDR delivers enterprise-wide protection by analyzing data from any source to stop sophisticated attacks.

Eliminate blind spots with complete visibility
Simplify security operations to cut mean time to respond (MTTR)
Harness the scale of the cloud for AI and analytics
Lower costs by consolidating tools and improving SOC efficiency

Read the datasheet

Deeper visibility to enable advanced threat hunting

Take a proactive stance against advanced threats. The eXtended Threat Hunting (XTH) Data Module enhances visibility and data collection by Cortex XDR. This empowers SecOps to prevent and detect threats faster — and with more precision.

Unlock additional analytics and machine learning detectors.
Sharpen the ability to identify, prevent and block complex attacks.
Proactively hunt with advanced analytics and behavioral models.
Identify causality links between attacker actions and affected entities.

Read the solution brief

Best-in-class coverage for stealthy identity threats

Protect your organization without slowing down the business. The new advanced Identity Threat Detection and Response Module from Cortex XSIAM and XDR® provides best-in-class coverage for stealthy identity threat vectors, including compromised accounts and insider threats.

Make decisions faster with enhanced views of your organization’s risk posture
Gain forensic-level visibility into the asset to easily uncover hidden threats
Automate and customize the continuous analysis of user and host activities
Swiftly triage and investigate alerts with precise profile information

Read the solution brief

Tested. Reviewed. Proven.

Exceptional test results and praise from analysts and customers make it easy to trust Cortex XDR.

Understand the results

GigaOm Radar for Extended Detection and Response

Get the GigaOm report

98%
Overall passive response for the EPR test scenarios
100%
Cumulative response across all three phases

See the report

Drive better security outcomes

Accelerate threat response, streamline operations and increase SOC productivity with Cortex XDR.

8x
faster investigations
Learn more
98%
reduction in alerts
Learn more
44%
lower cost
Get the ROI paper

Break the attack lifecycle

HermeticWiper

SolarStorm

Drops the malicious file

Disables volume shadow copy

Modifies the registry

Extracts EaseUS drivers

Enumerates files and corrupts partition information

Blocked with Local Analysis, Yara rules, Behavioral Threat Protection and WildFireBlocked with Behavioral Threat ProtectionDetected with AnalyticsBlocked with Behavioral Threat ProtectionBlocked with Behavioral Threat Protection

Cortex XDR stops the most advanced threats, including Russia-Ukraine cyber activity and the SolarWinds supply chain attack as well as Log4Shell, SpringShell, and PrintNightmare vulnerability exploits. For an interactive demo, see the Log4j incident response simulation.

See how Cortex XDR beats the competition

Two powerful offerings. Comprehensive protection.

CORTEX XDR PREVENT

CORTEX XDR PRO

Next-Generation Antivirus Block malware, ransomware, exploits and fileless attacks

Endpoint Protection Safeguard endpoints with device control, firewall and disk encryption

Detection and Response Pinpoint attacks with AI-driven analytics and coordinate response

–

Managed Detection and Response Let Unit 42 experts work for you 24/7 to detect and respond to threats

–

Optional

Host Insights Find vulnerabilities and sweep across endpoints to eradicate threats

–

Optional

Forensics Investigate incidents swiftly with comprehensive forensics evidence

–

Optional

eXtended Threat Hunting Deep endpoint telemetry to support advanced threat hunting operations

–

Optional

CORTEX XDR PREVENT
Next-Generation AntivirusBlock malware, ransomware, exploits and fileless attacks
Endpoint ProtectionSafeguard endpoints with device control, firewall and disk encryption
Detection and ResponsePinpoint attacks with AI-driven analytics and coordinate response	–
Managed Detection and Response Let Unit 42 experts work for you 24/7 to detect and respond to threats	–
Host InsightsFind vulnerabilities and sweep across endpoints to eradicate threats	–
ForensicsInvestigate incidents swiftly with comprehensive forensics evidence	–
eXtended Threat HuntingDeep endpoint telemetry to support advanced threat hunting operations	–

CORTEX XDR PRO
Next-Generation AntivirusBlock malware, ransomware, exploits and fileless attacks
Endpoint ProtectionSafeguard endpoints with device control, firewall and disk encryption
Detection and ResponsePinpoint attacks with AI-driven analytics and coordinate response
Managed Detection and Response Let Unit 42 experts work for you 24/7 to detect and respond to threats	Optional
Host InsightsFind vulnerabilities and sweep across endpoints to eradicate threats	Optional
ForensicsInvestigate incidents swiftly with comprehensive forensics evidence	Optional
eXtended Threat HuntingDeep endpoint telemetry to support advanced threat hunting operations	Optional

Unrivaled innovation to outpace attackers

Swipe for More

Maximize ROI by boosting SOC efficiency

Eliminate siloed tools for a more efficient SOC
Reduce setup, tuning and operating costs with cloud-delivered services and out-of-the-box detection
Cut the cost of attacks with better protection and faster response