Security leaders are dealing with an increasingly complex threat landscape, resulting in more questions about risk posture and the need to maintain continuous security monitoring of the enterprise. We are pleased to announce the release of Cortex XDR 3.7 that introduces new security modules to counter adversary tactics, high availability event collection, and new ways to interact with security data in Cortex XDR.
Security Modules
Internet Information Services (IIS) is a widely used web services application offered by Microsoft. Unfortunately, it is also highly targeted by threat actors to gain and maintain access to your environment.
Identifying those malicious actions taken against your IIS applications, like the installing of web shells to maintain persistence and provide a gateway into your environment, are critical to protecting against threats targeting IIS servers. Now, Cortex XDR 3.7 offers IIS Protection with new threat detection content to help with just that issue.
Identity Threat Module Enhancements
Understanding accurate and detailed enterprise risk posture is a challenge for every organization. Often, security solutions don’t give enough information to allow you to understand and manage risks efficiently.
But, with more granular and enterprise risk views, including improved peer scoring breakdown, a deeper understanding of the current host risk score, and a global host scores view for better risk management of your assets, you can understand and manage risks more efficiently. Cortex XDR 3.7 delivers deeper insights into threats and the ability to respond more effectively with our asset role enrichments for alerts, incidents, and XQL searches in the Identity Threat Module (ITM).
High Availability Cluster for Broker VMs
No SecOps programs can afford downtime in event collection, because it creates blind spots and increases risk. Adding redundancy to environments eliminates the single node as a point of failure in multiple scenarios, and hardens overall security.
Cortex XDR architecture leverages a virtual machine communication broker called Broker VM to collect non-Cortex endpoint agent events, giving you the ability to meet continuous security monitoring requirements. Cortex XDR 3.7 now includes a Broker VM HA Cluster, which is designed to provide redundancy to help avoid downtime in multiple scenarios, such as failed host hardware, provides high availability and load balancing, and allows streamlined maintenance and upgrades.
Salesforce.com Data Collector
One of the most popular and successful SaaS applications is Salesforce.com (SFDC), and because of the sensitive data it contains, it requires comprehensive and continuous security monitoring. With the new native Salesforce.com integration, Cortex XDR can now ingest Salesforce Audit Trail and Security Monitoring events to give your organization visibility into user activity. This includes events such as login history and security events, that are critical for effective monitoring and discovering misuse or authorized access to sensitive data.
Dashboard Drilldowns
Having the right data available and easy ways to slice, display and search it are critical to SecOps operators. Cortex XDR 3.7 provides new Dashboard drilldown features that provide users with interactive data insights when clicking on data points, table rows, or other visualization elements. Drilldowns can link to an XQL search, a custom URL, other dashboards, or a report. You can create drilldowns in XQL widgets to improve efficiency and get to the data points you need for faster investigation and response.
Conclusion
Security teams have too many tools, so they have to pivot from console to console to investigate alerts. Despite all these tools, attacks still get through. You can solve these challenges and successfully stop attacks with help from Cortex XDR.
We continue to innovate and improve it to deliver the best protection to you and enable your security teams to be successful. You can find needles in the haystack with help from identity and behavioral analytics and machine learning in the new Cortex XDR IIS Module. You can discover the root cause of any alert to simplify investigations, and make decisions faster and with confidence with more detailed risk scoring. You can be confident you have visibility into what is occurring in your environment with Cortex XDR.
Learn more about the newest features now available across the Cortex Portfolio below and sign up for our newsletter to stay up to date on the latest innovations from Cortex.
