Cortex XDR extended to third-party data sources with a new unified platform
experience for best-in-class prevention, detection, investigation and response


SANTA CLARA, Calif., Nov. 13, 2019 — Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, today introduced Cortex XDR™ 2.0 — an advancement of the industry’s only detection and response platform that runs on fully integrated endpoint, network and cloud data. As the market’s first and leading XDR product, Cortex XDR 2.0 continues to extend the category definition with the addition of third-party data for analytics and investigations, while unifying prevention, detection, investigation and response in one platform experience for unrivaled security and operational efficiency.

"With Cortex XDR, we set out to eliminate the blind spots created by disjointed products and help organizations stop the most sophisticated attacks through deep analytics and enhanced visibility. In nine months, we've enabled organizations to reduce alert volumes by 50X and speed investigation time by 8X, ultimately filtering out the noise and allowing analysts to focus on the most critical threats," said Lee Klarich, chief product officer at Palo Alto Networks. "With the addition of third-party data, a unified platform experience and new endpoint security improvements in Cortex XDR 2.0, we are further enhancing the power of the Cortex XDR platform and extending its prevention, detection, investigation and response capabilities across the customer's entire environment."

Palo Alto Networks unveiled significant platform advancements that help organizations defend their enterprise with unrivaled data and deep analytics:

  • Open to third-party data: Cortex XDR's patented behavioral analytics capabilities have been extended to logs collected from third-party firewalls, enabling detection across multi-vendor environments while integrating third-party firewall alerts into a unified incident view.
  • Seamless platform experience: Prevention, detection, investigation and response capabilities have been unified into a single platform, with a complete rebuild of the Traps™ management service into Cortex XDR. The new management console has end-to-end support for all capabilities previously part of Traps and Cortex XDR, spanning endpoint policy management, security events review and endpoint log analysis melded with detection, investigation and response.
  • AI-driven malware prevention: Cortex XDR's new machine learning-driven local analysis engine is customized for continuous learning and prevention. Powered by the world’s most expansive training set from WildFire®, the engine delivers the industry's highest malware detection rates and includes a unique agile framework for rapid model updates to stay ahead of attackers' evolving techniques.
  • New device control capability: The new Device Control module, the first in a series of new endpoint protection platform modules, will give organizations granular USB access management on the endpoint to prevent malware and data loss caused by unsanctioned devices.


Customer and Analyst Quotes 

  • "As a small team, we desperately needed a tool that filtered through all the noise to help us scale,” said Ryan Kramer, enterprise network architect for the State of North Dakota. "What we're seeing with Cortex XDR is exactly that. It’s helping us filter out irrelevant alerts and other noise while elevating critical alerts that give us new threat intelligence we didn’t have before."
  • "A major contributing factor in the speed of threat detection and response is the amount of time it takes to assemble alert and activity data from endpoint, network, cloud and other security controls, which are traditionally spread across various point products,” said Dave Gruber, senior analyst for the Enterprise Strategy Group. "An XDR approach automates this process, correlating the data in one place to give analysts immediate context to understand the scope of the attack and drive faster investigation and remediation."

Cortex™ is the industry’s most comprehensive product suite for security operations, empowering enterprises with best-in-class detection, investigation, automation and response capabilities. To learn how to move security operations forward, please join us for a live discussion on December 10, 2019.



Cortex XDR 2.0 will be available in December. Cortex XDR third-party logs and alert ingestion are available for select third-party products now. For more information, please visit

About Palo Alto Networks

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit


Palo Alto Networks, Cortex, Cortex XDR, Traps, WildFire and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.


Media Contact

Eddy Rivera
Senior Public Relations Manager, Palo Alto Networks
Office: 408-837-7773 Ext. 202850