* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/)
* Introducing Cortex XDR

# Introducing Cortex XDR

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2019%2F02%2Fintroducing-cortex-xdr-new-wave-detection-response%2F)  
[](https://twitter.com/share?text=Introducing+Cortex+XDR&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2019%2F02%2Fintroducing-cortex-xdr-new-wave-detection-response%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2019%2F02%2Fintroducing-cortex-xdr-new-wave-detection-response%2F&title=Introducing+Cortex+XDR&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2019/02/introducing-cortex-xdr-new-wave-detection-response/&ts=markdown)  
\[\](mailto:?subject=Introducing Cortex XDR)  
Link copied  
By [Mitchell Bezzina](https://www.paloaltonetworks.com/blog/author/mitchell-bezzina/?ts=markdown "Posts by Mitchell Bezzina")  
Feb 26, 2019  
4 minutes  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)  
[Cortex](https://www.paloaltonetworks.com/blog/tag/cortex/?ts=markdown)  
[Cortex XDR](https://www.paloaltonetworks.com/blog/tag/cortex-xdr/?ts=markdown)  
[Traps](https://www.paloaltonetworks.com/blog/tag/traps/?ts=markdown)

This post is also available in: [简体中文 (Chinese (Simplified))](https://www.paloaltonetworks.com/blog/2019/04/introducing-cortex-xdr-cn/?lang=zh-hans "Switch to Chinese (Simplified)(简体中文)") [繁體中文 (Chinese (Traditional))](https://www.paloaltonetworks.com/blog/2019/04/introducing-cortex-tw/?lang=zh-hant "Switch to Chinese (Traditional)(繁體中文)") [Nederlands (Dutch)](https://www.paloaltonetworks.com/blog/2019/04/introductie-van-cortex-xdr-nl/?lang=nl "Switch to Dutch(Nederlands)") [Français (French)](https://www.paloaltonetworks.com/blog/2019/04/introducing-cortex-xdr-fr/?lang=fr "Switch to French(Français)") [Deutsch (German)](https://www.paloaltonetworks.com/blog/2019/04/introducing-cortex-xdr-de/?lang=de "Switch to German(Deutsch)") [Italiano (Italian)](https://www.paloaltonetworks.com/blog/2019/04/introducing-cortex-xdr-it/?lang=it "Switch to Italian(Italiano)") [日本語 (Japanese)](https://www.paloaltonetworks.com/blog/2019/04/introducing-cortex-jp/?lang=ja "Switch to Japanese(日本語)") [한국어 (Korean)](https://www.paloaltonetworks.com/blog/2019/04/introducing-cortex-kr/?lang=ko "Switch to Korean(한국어)") [Español (Spanish)](https://www.paloaltonetworks.com/blog/2019/04/introducing-cortex-xdr-es/?lang=es "Switch to Spanish(Español)") [Türkçe (Turkish)](https://www.paloaltonetworks.com/blog/2019/04/introducing-cortex-xdr-tr/?lang=tr "Switch to Turkish(Türkçe)")

Earlier today [we announced three cutting-edge innovations](https://www.paloaltonetworks.com/company/press/2019/palo-alto-networks-introduces-cortex-the-industrys-only-open-and-integrated-ai-based-continuous-security-platform?ts=markdown) that will challenge the status quo across the security industry. One of these innovations is [Cortex XDR,](https://www.paloaltonetworks.com/products/xdr?ts=markdown)a cloud-delivered app that empowers security teams to not only detect and stop sophisticated attacks but adapt defenses to allow constant improvement and the prevention of future successful cyberattacks.

Cortex XDR is the first app available on [Cortex](https://www.paloaltonetworks.com/products/cortex?ts=markdown), the industry's only open and integrated AI-based continuous security platform. Cortex XDR is the industry's first detection and response product that breaks the data silos that have segregated cybersecurity teams and slowed down incident response processes over the past twenty years. By natively correlating rich network, endpoint and cloud data at the point of storage, Cortex XDR uses analytics and real machine learning to improve every stage of security operations from detection to alert triage of highly evasive attacks.

Why not run the easy route and come out with another endpoint detection and response (EDR) product or network traffic analysis (NTA) point product? The challenges for today's security teams are complex, and as a vendor, we look at the holistic picture to make things easier for our customers. Organizations face a severe cybersecurity skills shortage. The 2018 (ISC)² Cybersecurity Workforce Study [estimates that there are nearly 3 million unfilled roles globally today](https://www.isc2.org/Research/Workforce-Study). Specialists in network analysis, computer forensics or cloud management are particularly hard to come by. Security teams need a way to improve productivity and reduce complexity in their core purpose: identify, investigate and mitigate threats.

Cortex XDR redefines detection and response by force-multiplying a security team and optimizing every stage of security operations. With Cortex XDR, data from different sources is stitched together during ingestion, correlated and analyzed. Machine learning is applied to profile behavior and detect unseen attacks, while automation provides the root cause and a complete picture of any potential threats. A powerful query engine provides the basis for threat hunting, and custom rules ensure knowledge gained can be applied to ease future investigations or detect similar threats in the future.

Cortex XDR uniquely offers:

* **Automated Detection:** Cortex XDR discovers malware, targeted attacks and insider threats by analyzing rich data with machine learning. Behavioral analytics automatically detects threat with a great degree of accuracy, while customizable detection rules allow security teams to defend attacker tactics and techniques that require human intervention.
* **Accelerated Investigations:** Your security analysts can -- with a single click -- understand the root cause and timeline of events for any security alert. Context is applied to network, endpoint and cloud activity, simplifying complex analysis to reduce alert fatigue and speed up investigations.
* **Adaptive Response:** Because Cortex XDR tightly integrates with enforcement points, you can instantly coordinate response. Knowledge gained from investigations can be applied forward, updating the customizable detection rules to protect against future threats or add context for investigations.
* **Easy, Cloud-based Deployment:** As a cloud-based app, Cortex XDR overcomes the management and scaling challenges of on-premises detection and response. Cortex XDR analyzes network, endpoint and cloud data stored in the Cortex Data Lake, providing an operationally efficient way to store the large volumes of data needed for behavioral analytics, while leveraging your existing security investments as sensors and enforcement points.
* **A Foundation for Future Growth:** While Cortex XDR has expanded detection and response across network, endpoint and cloud data within a single product, it can also operate on a single data source. Customers can start with endpoint data from the included Traps agents, effectively competing with other EDR tools, or start with network data and compete with other NTA tools. However, you can expand and integrate other data sources as requirements grow.
* \*\*Traps 6.0,\*\*the most advanced malware and exploit prevention, now protects endpoints across the complete spectrum of threats with the addition of behavioral threat protection. Unlike traditional antivirus that only analyzes a single process at a time and depends on prior threat knowledge, Traps now detects and stops attack activity by monitoring for malicious sequences of events across processes and terminating attacks when detected. Additional enhancements include expanded protection for Linux containers, Linux ELF malware protection, and rich data collection for Cortex XDR. Cortex XDR will include Traps, offering a single, lightweight agent to block endpoint threats and collect data for detection and response. Traps can also be purchased separately for ironclad endpoint protection.

For more information, join us for a **[Cortex XDR live online event](https://start.paloaltonetworks.com/new-era-of-detection-and-response-begins)** on:

* * March 19th at 10AM PDT for the Americas
  * March 21st at 11AM SGT and 5PM SGT for APJ
  * March 27th at 11AM GMT for EMEA

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown), [Web Security](https://www.paloaltonetworks.com/blog/category/web-security/?ts=markdown)

[#### Unit 42 Strikes Oil in MITRE Engenuity Managed Services Evaluation](https://www.paloaltonetworks.com/blog/2022/11/unit-42-mitre-managedservices-2022/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Data Expertise Is the Foundation of Good Threat Detection](https://www.paloaltonetworks.com/blog/2022/07/the-foundation-of-good-threat-detection/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### On Fire! CRN Names PAN One of the 10 Hottest XDR Security Companies](https://www.paloaltonetworks.com/blog/2022/02/one-of-the-10-hottest-xdr-security-companies/)

### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### What Is Cortex Data Lake?](https://www.paloaltonetworks.com/blog/2019/09/cortex-data-lake/)

### [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Microsoft Graph Security App Now on Cortex](https://www.paloaltonetworks.com/blog/2019/03/microsoft-graph-security-app-now-cortex/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### From ILOVEYOU to AI Defenders -- 25 Years of Email Evolution](https://www.paloaltonetworks.com/blog/security-operations/from-iloveyou-to-ai-defenders-25-years-of-email-evolution/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language