[PANW![PANW](https://www.paloaltonetworks.com/content/dam/pan/en_US/microsite/xsoar-safe/images/pan-logo.svg)](https://www.paloaltonetworks.com) [Cortex![Cortex](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/cortex-logo-light.svg)](https://www.paloaltonetworks.com/cortex?ts=markdown) # 10 Must Haves for Detection and Response Top capabilities to protect your organization against sophisticated attacks [Get a demo](#must-have-contact-form) INTRODUCTION ## The State of Security Operations Today To keep up with escalating threats, security teams have deployed countless tools, but they still lack the data and analytics needed to find all threats. Today's siloed tools force analysts to pivot from console to console to verify threats, resulting in missed attacks. ![The State of Security Operations Today](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortex/redesign/ten-must-have/the-state-of-security-operations-today-min.jpeg) *** ** * ** *** ## 10 Must Haves for Detection and Response 01 ## Visibility Across Data Sources To reduce the risk of a successful attack, you need a holistic approach to detection and response that eliminates blind spots, increases accuracy, and streamlines investigations. Video text Video text Cortex XDR is the industry's first extended detection and response platform that integrates data from any source to stop sophisticated attacks. ### 02 ## Best-in-Class Attack Prevention To shield your endpoints, you need ironclad protection that blocks known and unknown malware, fileless attacks and exploits. ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortex/redesign/endp-protect/Cortex-prevention-techniques-revised-outline.svg) ### PRE-EXECUTION ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/northstar/cortex/use-cases/gear.svg) #### Reconnaissance Protection Prevents vulnerability profiling used by exploit kits ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/northstar/cortex/use-cases/thumb-print.svg) #### Technique-based Exploit Prevention Blocks exploit techniques used to manipulate good applications ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/northstar/cortex/use-cases/gear.svg) #### Kernel Protection Protects against exploits targeting/ originating from the kernel ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/northstar/cortex/use-cases/intelligence.svg) #### Threat Intelligence Prevents known threats with intel gathered from Wildfire ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/northstar/cortex/use-cases/thumb-print.svg) #### AI-Driven Local Analysis Prevents unknown threats ### CLOUD ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/northstar/cortex/use-cases/gear.svg) #### Cloud-based Analysis Detects advanced unknown threats ### POST-EXECUTION ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/northstar/cortex/use-cases/malicious.svg) #### Malicious Process Prevention Stops script-based threats ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/northstar/cortex/use-cases/intelligence.svg) #### Ransomware Protection Blocks ransomware ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/northstar/cortex/use-cases/thumb-print.svg) #### Behavioral Threat Protection Stops attacks by analyzing chains of endpoint events Cortex XDR provides everything you need for threat prevention, detection and response with a single, cloud-native agent. It safeguards your endpoints with battle-tested and [proven](https://www.paloaltonetworks.com/cortex/cortex-xdr-industry-validation?ts=markdown) next-gen antivirus. [See Endpoint Overview](https://www.paloaltonetworks.com/resources/whitepapers/cortex-xdr-endpoint-protection-overview?ts=markdown) *** ** * ** *** *** ** * ** *** ![Simplified Investigations](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortex/redesign/ten-must-have/root-cause-analysis.png) 03 ## Simplified Investigations Today's siloed security tools **[generate endless alerts](https://www.paloaltonetworks.com/resources/infographics/cortex-forrester-2020?ts=markdown)** with limited context. To reduce response times, security tools must provide a complete picture of incidents with rich investigative details. Cortex XDR simplifies investigations by automatically revealing the root cause, sequence of events, and threat intelligence details of alerts from any source. See Cortex XDRClose Cortex XDR ![faster investigations](https://www.paloaltonetworks.com/content/dam/pan/en_US/microsite/cortex/images/faster-investigations.svg) 88 % reduction in investigation time with Cortex XDR by revealing the root cause of alerts from any source. ![alert reduction](https://www.paloaltonetworks.com/content/dam/pan/en_US/microsite/cortex/images/alert-reduction.svg) 98 % alert reduction due to intelligent alert grouping and deduplication using Cortex XDR. *** ** * ** *** 04 ## Analytics and Machine Learning You need a comprehensive set of machine learning and analytics techniques to stay ahead of rapidly evolving threats. ### Cortex XDR provides * AI-driven local analysis to block malware * Behavioral analytics to detect intrusions and active attacks * Global analytics to improve detection accuracy and coverage Analytics and Machine Learning Analytics and Machine Learning 05 ## Coordinated Response Your team needs integrated and flexible response options to shut down attacks quickly. Play video Play video Cortex XDR lets your security team instantly stop the spread of malware, isolate endpoints, run scripts, and even restore endpoints without reimaging devices. With Search and Destroy, you can even sweep across all endpoints in real time to find and delete malware. 06 ## A Flexible Suite of Endpoint Protection Features You need an easy way to identify and prioritize endpoint risks, reduce your attack surface, and stop data loss. ![Vulnerability Assessment](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortex/redesign/ten-must-have/Development-VA.svg) Vulnerability Assessment Get real-time visibility into vulnerability exposure and current patch levels across all your endpoints. ![Host firewall](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortex/redesign/ten-must-have/Development-host-firewall.svg) Host firewall Centrally manage inbound and outbound communications on your endpoints from the Cortex XDR management console. ![Disk encryption](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortex/redesign/ten-must-have/Development-disk-encryption.svg) Disk Encryption Apply encryption or decryption policies on your endpoints and view lists of all encrypted drives. ![Device Control](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortex/redesign/ten-must-have/Development-device-control.svg) Device Control Monitor and granularly control USB access to protect your endpoints from data loss and malware. 07 ## Independent Testing and Industry Validation When choosing a detection and response solution, you should always review third-party testing, analyst validation and customer testimonials. Cortex XDR, the industry's first extended detection and response platform, has achieved exceptional test results and garnered praise from analysts and customers. With the best combined detection and protection in the [MITRE ATT\&CK evaluation](https://www.paloaltonetworks.com/cortex/cortex-xdr/mitre?ts=markdown), a "Strategic Leader" rating from AV-Comparatives, and a Leader in [The Forrester Wave™: Endpoint Security SaaS Q2 2021](https://start.paloaltonetworks.com/forrester-ess-wave.html) customers can trust Cortex XDR. [Cortex XDR Industry Validation](https://www.paloaltonetworks.com/cortex/cortex-xdr-industry-validation?ts=markdown) ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortex/redesign/ten-must-have/16x9_Chart_New.png) *** ** * ** *** 08 ## Autonomous Security Operations Manual processes slow down incident response and increase the cost of security operations. Play video Play video *** ** * ** *** 09 ## Rapid Pace of Innovation To outpace fast-moving adversaries, you should look for vendors that continuously strengthen or expand their products' capabilities. ![Rapid Pace of Innovation](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortex/redesign/ten-must-have/rapid-pace-of-innovation-min.png) [Release Notes](https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-release-notes/release-information)[Cortex XDR 3.0 Blog](https://www.paloaltonetworks.com/blog/2021/08/third-generation-xdr-has-arrived?ts=markdown) ![Unparalleled Value and Return on Investment](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortex/redesign/ten-must-have/unparalleled.jpg) 10 ## Unparalleled Value and Return on Investment When selecting a key element of your security infrastructure, you want to make sure it will provide demonstrable value. Cortex XDR does just this by. * Leveraging your existing security tools as sensors for detection and response. * Eliminating on-premises log servers with cloud deployment. * Simplifying operations with data stitching, alert grouping and root cause analysis. **XDR lowers total cost of ownership 44%** , on average, compared to traditional siloed tools. [Get the Whitepaper](https://www.paloaltonetworks.com/resources/whitepapers/maximize-the-roi-of-detection-and-response?ts=markdown) ![Reviews and Testimonials](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortex/redesign/ten-must-have/reviews-and-testimonials.png) Cortex XDR ## Reviews and Testimonials Find out what third-party testers, analysts and customers have to say. [See Industry Validation](https://www.paloaltonetworks.com/cortex/cortex-xdr-industry-validation?ts=markdown) {#must-have-contact-form} ![Test-drive Cortex XDR](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortex/redesign/ten-must-have/test-drive-cortex-xdr-min.jpeg) Not only did Cortex XDR reduce the number of incidents we had to look at, but the time taken to act on those incidents was also reduced... The X in XDR, for me, is the extension of my team. **Peter Fletcher,** Director of Cyber Security, San Jose Water Company ## Live XDR Demo Fill out the form below to see Cortex XDR in action. First Name \* Last Name \* Email \* Company \* Job Level \*Job Level Job Function/Focus Area \*Job Function/Focus Area Phone \* Country \*Country Department \* StateState ProvinceProvince Zip Code \* recaptcha Email me exclusive invites, research, offers, and news By submitting this form, you agree to our [Terms](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown). View our [Privacy Statement.](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) Submit #### THANK YOU! A Palo Alto Networks specialist will reach out to you shortly. We look forward to connecting with you! {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language