* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/)
* Introducing Cortex XDR 2....

# Introducing Cortex XDR 2.0

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2019%2F11%2Fcortex-announcing-cortex-xdr-2%2F)  
[](https://twitter.com/share?text=Introducing+Cortex+XDR+2.0&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2019%2F11%2Fcortex-announcing-cortex-xdr-2%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2019%2F11%2Fcortex-announcing-cortex-xdr-2%2F&title=Introducing+Cortex+XDR+2.0&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2019/11/cortex-announcing-cortex-xdr-2/&ts=markdown)  
\[\](mailto:?subject=Introducing Cortex XDR 2.0)  
Link copied  
By [Zeynep Inanoglu Ozdemir](https://www.paloaltonetworks.com/blog/author/zeynep-inanoglu-ozdemir/?ts=markdown "Posts by Zeynep Inanoglu Ozdemir")  
Nov 13, 2019  
4 minutes  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)  
[Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)  
[Cortex XDR](https://www.paloaltonetworks.com/blog/tag/cortex-xdr/?ts=markdown)  
[third-party data ingestion](https://www.paloaltonetworks.com/blog/tag/third-party-data-ingestion/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www.paloaltonetworks.com/blog/2019/12/cortex-announcing-cortex-xdr-2/?lang=ja "Switch to Japanese(日本語)")

![Demonstration of Cortex XDR 2.0, from Palo Alto Networks](https://www.paloaltonetworks.com/blog/wp-content/uploads/2019/11/image1-min.gif)

Today at our annual Ignite Europe conference, chief product officer Lee Klarich unveiled Cortex XDR 2.0 -- the next bold evolution of the industry's first XDR product, which launched a new category of tools delivering threat detection and response across siloed data sources.

Cortex XDR 2.0 includes groundbreaking enhancements that further fulfill the promise of XDR to increase visibility and simplify security operations, including a **unified management UI** , **powerful new endpoint features** and **ingestion of third-party data and alerts** .

Watch founder and CTO Nir Zuk and chief product officer Lee Klarich at the Ignite Europe conference on Nov. 13 in Barcelona. They explain how the modern security operations center must become more data-driven, and how Cortex XDR 2.0 can help.

The debut of [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) earlier this year continued our tradition of category creation, resetting the bar for detection and response with the introduction of the XDR category. In less than a year, Cortex XDR proved it can deliver [the most comprehensive threat detection](https://www.paloaltonetworks.com/detection-response/xdr/mitre?ts=markdown) in the industry, reduce alert volumes by 50x and accelerate investigation times by 8x.

Since that debut, we've seen industry analysts, customers and even our own competitors welcoming the new category, some of them even naming products as different flavors of XDR. These signals confirm we are leading the industry in the right direction, and it's already time to move the goalposts with the introduction of Cortex XDR 2.0.

This new release adds:

* **Third-party Data Ingestion.**

Every organization has a multi-vendor security landscape --- sometimes including more than one type of firewall. By ingesting third-party firewall logs, Cortex XDR 2.0 is now delivering on its vision of comprehensive behavioral analytics that extends to all network data. In addition to firewall logs, Cortex XDR 2.0 has the ability to ingest a wide range of network alerts into our unique incident view, stitching together all alert types to reveal the root cause of a single incident.

This all means that you don't have to be an exclusive Palo Alto Networks shop to take advantage of Cortex XDR's powerful data-stitching, machine learning and simplified investigation capabilities across your entire network.

* **A Unified User Interface for Endpoint Protection and XDR.**

Management and UI capabilities for prevention, detection, investigation and response have been unified into a single platform, with a complete rebuild of the Traps management service into Cortex XDR. The new management console has end-to-end support for all capabilities that were previously part of either Traps or Cortex XDR, integrating endpoint policy management, security events review and endpoint log analysis with detection, investigation and response.

* **Powerful New Endpoint Protection Capabilities.**

These include:

* **AI-driven malware prevention on the endpoint:** Our revamped local analysis engine can deliver a verdict right on the endpoint, without requiring any internet connectivity. Based on a comprehensive curated data set and a state-of-the-art machine learning framework, the XDR local analysis engine is built for continuous learning and prevention. Powered by [WildFire](https://www.paloaltonetworks.com/products/secure-the-network/wildfire?ts=markdown), which boasts the world's most expansive training set, the engine includes a unique agile framework for rapid model updates to all endpoints to stay ahead of attackers' evolving techniques.
* **A new device control module:** This is one of the top endpoint features that our customers have been asking for. The new Device Control capability, first in a series of new EPP modules that will be released in the coming months, will give organizations granular USB access management on the endpoint to prevent malware and data loss caused by unsanctioned devices. You may not ever be able to stop users from plugging in strange USB sticks that they find in the parking lot, but now you can prevent the rubber ducky type attack and control whether people can copy data out to USB devices.

We are delighted to share these developments, and proud to be extending the functionality of the industry's most comprehensive prevention, detection and response platform to help you **expedite investigations, uncover advanced attacks anywhere in your organization and simplify security operations.**

Get ready, because Cortex XDR 2.0 will be available to customers in December. For all the additional details you need to know, watch "[The Future of Endpoint Security Starts Here](https://start.paloaltonetworks.com/the-future-of-enterprise-security-starts-here)."

*** ** * ** ***

## Related Blogs

### [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Cortex XDR 2.6: Better Search for Better Threat Hunting](https://www.paloaltonetworks.com/blog/2020/11/cortex-xdr-2-6/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Moving Beyond Traditional EDR](https://www.paloaltonetworks.com/blog/2020/10/secops-beyond-traditional-edr/)

### [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Cortex XDR 2.5: Future-Proofed Security Operations With Host Insights](https://www.paloaltonetworks.com/blog/2020/09/cortex-xdr-2-5/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Call for Papers for Ignite 2020: Share Your Cybersecurity Expertise](https://www.paloaltonetworks.com/blog/2020/08/call-for-papers-ignite-2020/)

### [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown), [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Palo Alto Networks Expands Cortex, Prisma Cloud Hosting to Singapore](https://www.paloaltonetworks.com/blog/2020/07/cortex-singapore-cloud-hosting/)

### [Secure the Future](https://www.paloaltonetworks.com/blog/category/secure-the-future/?ts=markdown)

[#### Palo Alto Networks Expands Cloud Hosting Locations to the UK](https://www.paloaltonetworks.com/blog/2020/07/cortex-uk-cloud-hosting/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language