Cortex Leads New Ways to Introduce AI-powered Capabilities

Jun 26, 2023
6 minutes
... views

With AI and machine-learning at the forefront of innovation for Palo Alto Networks and Cortex, we are continuously finding new ways to improve and advance the modern SOC to revolutionize security operations. Today, we are proud to announce that Palo Alto Networks is introducing new AI-based active attack surface management capabilities within Cortex Xpanse in Expander 2.2, as well as continuous refinement of the latest releases for our Cortex XSIAM 1.5, XDR 3.7 and XSOAR 8.3 solutions.

This launch further expands the advanced capabilities of the entire Cortex Portfolio when it comes to AI and machine-learning capabilities. The latest features found in Expander 2.2 will help organizations better prioritize and remediate attack surface risks by utilizing real-world intelligence and AI-assisted workflows. Organizations can now effectively manage and shrink their overall attack surface by proactively identifying and responding to internet emergencies and detecting vulnerabilities before they become a major threat to an organization. These new active attack surface management capabilities provide security teams with advanced visibility and intelligence that is needed to make informed and powerful remediation decisions quickly and effectively.

XSIAM 1.5, this new release boosts enhanced playbook incident context, as well as more advanced automation capabilities and use cases for playbook development via the Playbook Playground. You can now also leverage the new high-availability cluster for the Broker VM – a critical data collection component – or utilize the comprehensive health monitoring of all the data sources you collect, which is available in both XSIAM 1.5 and XDR 3.7.

Learn more about the newest features now available across the Cortex Portfolio below and sign up for our newsletter to stay up to date on the latest innovations from Cortex.

What’s Next with Cortex

Cortex XSIAM 1.5

Cortex XSIAM is designed to provide a powerful data-centric foundation for the largest and most advanced environments. As data is a primary element of the Cortex XSIAM strategy, it is critical to ensure that data ingestion is highly reliable and continuously monitored, which is exactly what you’re getting with this new Cortex XSIAM 1.5 release.

  • Data Ingestion Health – Expanded data health offers security engineering visibility into significant health issues. The granular health metrics provide visibility into the data pipeline, as well as out-of-the-box health alerting capabilities. Health alerts are currently in beta.
  • Broker VM High Availability (HA) – Customers can safeguard their Broker VM deployment by creating HA Clusters that provide redundancy of specified Broker VM components in one or more clusters.
  • Playbook Incident Context – This enhances the investigation and response process, and improves incident management with cross-alert, playbook decision-making. This new feature offers to run playbooks on alerts while accessing incident-level information.
  • Playbook Playground – Allows easier playbook development without impacting production environments by running a playbook in a sandbox environment.
  • Multi-Tenancy – This supports multi-tenancy through a new parent-child deployment option to address the unique requirements of distributed organizations with multiple Cortex XSIAM tenants.

Cortex XDR 3.7

The latest Cortex XDR 3.7 release delivers new features and enhancements, including improved identity threat visibility, enhanced built-in automation tools, and bolstered endpoint protection. These new features will make it easier than ever to manage forensic investigations while reducing operational overhead. Additionally, you can now ensure streamlined Broker operations using high-availability architecture.

  • eXtended Threat Hunting (XTH) Module Delivers analytics-driven detection capabilities that empower security teams to prevent threats faster and detect effectively with more precision.
  • Broker VM High Availability (HA) Cluster Customers can safeguard their Broker VM service by creating HA Clusters that provide redundancy of specified Broker VM components in one or more clusters.
  • Identity Threat Module (ITDR) Enhancements Customers can broaden their ITDR investigative capabilities with added asset and role exposure.
  • Simplified Automation Enhancements Expands simple automation actions with forensic-related actions and configurable thresholds of additional response.
  • New Security Module for IIS Protections Improve customers’ detection and protection coverage capabilities with the new module for early detection of threats targeting IIS-based applications.

Cortex XSOAR 8.3

The new Cortex XSOAR 8 delivers all the rich automation capabilities of XSOAR, but with new and improved performance and user experience, plus cloud-native support for SaaS deployments. This latest 8.3 release is focused around enhancing the new platform, which is also relevant to other Cortex products.

  • New Platform level enhancements – Enhanced role-based access control (RBAC), user-group management and incident navigation.
  • Content Pack enhancements - Simplify and enhance existing packs focusing on Palo Alto Networks product integrations with XSOAR, XSIAM and ITDR playbooks.
  • XSOAR 8 migration - Continued focus on migration of hosted customers to XSOAR 8 SaaS, with new licensing options for SaaS customers.

Cortex Xpanse — Expander 2.2

In the new Expander 2.2 release, we’ve improved our active-risk prioritization features from our 2.1 release by adding in a new Cortex Xpanse Threat Response Center, which will allow teams to learn about the latest threats and identify the organization’s public-facing exposures. It will also help security teams manage and proactively resolve risks. Additionally, we’ve added several powerful augmentation features that automatically enrich an incident to aid analysts in the investigation and provide faster response using our newly advanced AI-powered incident investigation capabilities and playbooks.

  • Threat Response Center Improves zero-day response and prioritizes exposures that matter, using Risk Scoring and the Threat Response Center.
  • Incident Risk Scoring Security teams can now use adaptive risk scores based on threat, and exploit intelligence to better prioritize and focus efforts on the exposures most likely to be attacked.
  • Security Rating Dashboard Organizations can assess their security health and hygiene, track risk trends over time, compare their ratings with industry peers and reduce cyber insurance premiums.
  • AI-Powered Exposure Resolution Improves attack surface remediation using AI-powered playbooks, including the new Remediation Path Rules, Onboarding Configuration Wizard and Active Response Content.
  • Business Unit Management Organizations can exert more control over their distributed attack surface by transferring assets between business units.
  • Integration with Prisma Cloud – Reduces the cloud attack surface by gaining visibility into unknown and unmanaged cloud assets, using Prisma Cloud for comprehensive cloud security and central policy enforcement.

Register for our Cortex Xpanse Webinar, “Risk, Curated: Dynamically prioritize attack surface risks with the latest Xpanse” on August 30th, 2023. Learn more about the new Expander 2.1 and 2.2 features, as well as an inside look at the latest 2023 ASM Threat Report.

Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.