Future-Proofed Security Operations
Future-Proofed Security Operations

Stop modern attacks with the industry’s first extended detection and response platform that spans your endpoint, network and cloud data. Welcome to the future of EDR.


One platform for all SOC needs

Get holistic prevention, detection and response.
See 10 must-haves
A scalable, cloud architecture

MITRE ATT&CK Evaluations


Cortex XDR: Best Combined Protection and Visibility in MITRE Round 3 and Leader for the Third Year

Watch it Now


ML-powered threat detection
USE CASES
  • ML-powered threat detection

    Get an edge on attackers with patented behavioral analytics. Using machine learning, Cortex XDR continuously profiles endpoint, network and user behavior to uncover the stealthiest attacks.

    Learn more
  • Swiftly block malware, isolate endpoints, execute scripts or sweep across your entire environment to contain threats. Cortex XDR offers flexible response options that span your entire infrastructure.

    Learn more
  • Block malware, exploits and fileless attacks with the industry’s most comprehensive endpoint security stack. Our lightweight agent stops threats by combining AI-driven local and cloud-based analysis.

    Learn more

Enterprise-wide visibility

Find every threat and eliminate blind spots by integrating data from across your environment.

Powerful endpoint protection

Safeguard endpoint data and address compliance requirements with host firewall, disk encryption and USB device control.

Automated root cause analysis

Analyze alerts from any source with a single click to instantly understand the root cause and sequence of events.

Incident management

Investigate at lightning speed by intelligently grouping related alerts into incidents to get a complete picture of each attack.

Managed Threat Hunting

Get with industry’s first threat hunting service that operates on endpoint, network and cloud data to uncover every threat.

Ransomware protection

Stop the exploits that lead to ransomware infection, block malicious files, and identify malicious behavior to shut down attacks.


Break down security silos

Boost security efficacy with integrated defenses

Avoid swivel-chair syndrome. Stop more attacks and simplify operations with extended detection and response.

Drive better security outcomes

Accelerate threat response, streamline operations and increase SOC productivity.
Get the datasheet
  • Faster Investigations
    88%
  • Reduction in alerts
    98%
  • Lower cost
    44%
  • Faster Investigations
    88%
  • Reduction in alerts
    98%
  • Lower cost
    44%

Compare Offerings

Cortex XDR Prevent

Cortex XDR Pro

Data Sources

Collect comprehensive data for extended visibility

Endpoint

Endpoint, network, cloud and third-party data sources

Next-Generation Antivirus

Block malware, ransomware, exploits and fileless attacks

Endpoint Protection

Secure your endpoints with device control, host firewall, and disk encryption

Detection and Response

Pinpoint attacks with AI-driven analytics and coordinate response

-

Managed Threat Hunting

Uncover the most complex threats across your XDR data with Unit 42 experts

-

Optional

Host Insights

Monitor host inventory, find vulnerabilities and sweep across endpoints to eradicate threats

-

Optional

Threat Intelligence

Enrich investigations with in-depth context from a global community of customers

Optional

Optional

Services

Safeguard your organization with incident response and proactive services

Optional

Optional


XDR Explained

Think beyond the endpoint

Rewire security operations

Cortex XDR integrates data from across your digital domain and accelerates investigations so you can stop attacks before the damage is done.

Superior detection powered by rich data

Cortex XDR spans key data sources to uncover modern attacks

Network data

  • Palo Alto Networks NGFW
  • Cisco ASA and FirePower
  • Check Point Firewall
  • Fortinet Fortigate
  • Corelight Zeek

Endpoint data

  • Cortex XDR agent
  • Windows event logs
  • Pathfinder data collector
  • GlobalProtect™ events from NGFW logs

Cloud and identity data

  • Cortex XDR for VM and containers
  • Prisma™ Access
  • VM-Series NGFW
  • Azure Active Directory
  • Okta
  • PingOne and PingFederate
  • Google Cloud Platform and GKE
  • Amazon CloudWatch and AWS CloudTrail
GET A DEMO

See Cortex in action

See firsthand how you can automate and streamline your security operations.

Talk to a Specialist

Cortex XDR tiers


Cortex XDR Prevent

Cortex XDR Pro

Data sources

Get extended visibility

Endpoint


Data sources

Get extended visibility

Endpoint, network, cloud and third-party products


Endpoint protection

Stop malware, exploits and fileless attacks


Endpoint protection

Stop malware, exploits and fileless attacks


Device control

Prevent data loss and USB-based malware infections


Device control

Prevent data loss and USB-based malware infections


Disk encryption

Manage BitLocker or FileVault from the Cortex XDR console


Disk encryption

Manage BitLocker or FileVault from the Cortex XDR console


Host firewall

Reduce the attack surface on Windows and macOS endpoints


Host firewall

Reduce the attack surface on Windows and macOS endpoints


Managed Threat Hunting

Uncover the most complex threats across endpoint and network with Unit 42 experts


Managed Threat Hunting

Uncover the most complex threats across endpoint and network with Unit 42 experts

Optional


Host Insights

Monitor host inventory, find vulnerabilities and sweep across endpoints to eradicate threats


Host Insights

Monitor host inventory, find vulnerabilities and sweep across endpoints to eradicate threats

Optional


Behavioral analytics

Detect emerging attacks with patented analytics and machine learning


Behavioral analytics

Detect emerging attacks with patented analytics and machine learning


Rule-based detection

Find threats with out-of-the-box and custom rules


Rule-based detection

Find threats with out-of-the-box and custom rules


Incident management

Reduce alert fatigue 98% by intelligently grouping alerts

Endpoint alerts


Incident management

Reduce alert fatigue 98% by intelligently grouping alerts

All alert sources


Integrated response

Contain threats with multiple, flexible response options

Endpoint only


Integrated response

Contain threats with multiple, flexible response options

Endpoint, network & cloud


Threat intelligence feed

Enrich investigations with rich context from tens of thousands of customers

Optional


Threat intelligence feed

Enrich investigations with rich context from tens of thousands of customers

Optional


Alert retention

30 days


Alert retention

30 days


XDR data retention


XDR data retention

Endpoint and network, 30 days


Extended data retention

Optional

Extended data retention

Optional