Stop attacks with the power of good data
Learn the 10 Must Haves
It’s time to reset security operations. Legacy point products generate endless alerts with too little context, resulting in painfully slow investigations and missed attacks. Transforming how security teams operate requires a new approach fueled by comprehensive data and deep analytics. The Cortex XDR platform delivers a unified experience for prevention, detection, investigation and response – reimagining how you find and stop attacks while dramatically simplifying operations.
Rewire your security operations

Eliminate blind spots by integrating endpoint, network and cloud data to accurately detect attacks and simplify investigations. Cortex XDR extends your view beyond siloed point products with the addition of third-party logs and alerts from an expanding set of data sources to uncover every attack, no matter where it originates.

Stop breaches with the most comprehensive endpoint prevention stack for cutting-edge exploit, malware, ransomware and fileless attack protection. Our lightweight, cloud native agent applies industry-leading behavioral protection and AI-driven local analysis to stop attacks, all while collecting data for detection and response.

Relieve alert fatigue and reduce noise by focusing on incidents instead of alerts. With its game-changing incident view, Cortex XDR uses analytics to intelligently group related alerts into holistic incidents, giving you a head start on your investigations and reducing alert fatigue by 50x.

Get an edge over attackers with patented behavioral analytics. Cortex XDR applies deep analytics to uncover the stealthiest attacks. Using machine learning, Cortex XDR continuously profiles endpoint, network and user behavior to find anomalous activity indicative of attacks. Automated detection works all day, every day, giving you peace of mind.

Automate the most challenging pieces of an investigation. Cortex XDR allows your team to analyze alerts from any source with a single click. The patented analysis engine continuously reviews billions of security events to identify and visualize the causality chain behind every threat, making complex attacks easy to understand and act on.

Stop threats with response actions across your security infrastructure. You can quickly contain the spread of malware, restrict network activity and execute endpoint scripts through tight integration with enforcement points. The powerful Live Terminal lets you swiftly investigate and shut down attacks directly on endpoints attacks with broad, flexible response options.

Get the industry’s first threat hunting service that operates on integrated endpoint, network and cloud data. Cortex XDR Managed Threat Hunting offers round-the-clock monitoring from Unit 42 experts to uncover attacks anywhere in your organization. Our threat hunters scour your environment to discover advanced threats from state-sponsored attackers, cybercriminals, malicious insiders and complex malware. Threat Reports reveal the tools, steps and scope of attacks so you can root out adversaries quickly, while Impact Reports help you stay ahead of emerging threats.

Eliminate blind spots by integrating endpoint, network and cloud data to accurately detect attacks and simplify investigations. Cortex XDR extends your view beyond siloed point products with the addition of third-party logs and alerts from an expanding set of data sources to uncover every attack, no matter where it originates.
Stop breaches with the most comprehensive endpoint prevention stack for cutting-edge exploit, malware, ransomware and fileless attack protection. Our lightweight, cloud native agent applies industry-leading behavioral protection and AI-driven local analysis to stop attacks, all while collecting data for detection and response.
Relieve alert fatigue and reduce noise by focusing on incidents instead of alerts. With its game-changing incident view, Cortex XDR uses analytics to intelligently group related alerts into holistic incidents, giving you a head start on your investigations and reducing alert fatigue by 50x.
Get an edge over attackers with patented behavioral analytics. Cortex XDR applies deep analytics to uncover the stealthiest attacks. Using machine learning, Cortex XDR continuously profiles endpoint, network and user behavior to find anomalous activity indicative of attacks. Automated detection works all day, every day, giving you peace of mind.
Automate the most challenging pieces of an investigation. Cortex XDR allows your team to analyze alerts from any source with a single click. The patented analysis engine continuously reviews billions of security events to identify and visualize the causality chain behind every threat, making complex attacks easy to understand and act on.
Stop threats with response actions across your security infrastructure. You can quickly contain the spread of malware, restrict network activity and execute endpoint scripts through tight integration with enforcement points. The powerful Live Terminal lets you swiftly investigate and shut down attacks directly on endpoints attacks with broad, flexible response options.
Get the industry’s first threat hunting service that operates on integrated endpoint, network and cloud data. Cortex XDR Managed Threat Hunting offers round-the-clock monitoring from Unit 42 experts to uncover attacks anywhere in your organization. Our threat hunters scour your environment to discover advanced threats from state-sponsored attackers, cybercriminals, malicious insiders and complex malware. Threat Reports reveal the tools, steps and scope of attacks so you can root out adversaries quickly, while Impact Reports help you stay ahead of emerging threats.
Inside the hunt
Threat hunting best practices from cybersecurity veterans
Watch now

Cortex XDR tiers

CortexXDR Prevent

CortexXDR Pro

Data sources

Get extended visibility across data sources

Endpoint

Endpoint, network, cloud, and third-party products

Endpoint protection

Stop malware, exploits and fileless attacks

Device control

Prevent data loss and USB-based malware infections

Disk encryption

Directly Manage BitLocker from the Cortex XDR console

Host firewall

Reduce the attack surface on Windows endpoints

Behavioral analytics

Detect emerging attacks with patented analytics and machine learning

Rule-based detection

Find threats with out-of-the-box and custom rules

Accelerated investigation

Benefit from root cause analysis and data stitching for 8x faster investigations

Managed threat hunting

Let Unit 42 experts uncover the most complex threats across endpoint, network and cloud

Optional

Unified incident engine

Reduce alert fatigue 50x by intelligently grouping alerts

Endpoint alerts

All alert sources

Integrated response

Contain threats with multiple, flexible response options

Endpoint alerts

Endpoint and network

Threat intelligence feed

Enrich investigations with rich context from tens of thousands of customers

Optional

Optional

Alert retention

30 days

30 days

XDR data retention

Endpoint & network 30 days

Extended data retention

Optional

Optional



What our customers have to say

State of North Dakota "We desperately needed to do automation and to have a tool that filtered through all the noise. Cortex is doing exactly that. We’re seeing the noise going away, and we’re getting to the important alerts that we hadn't seen previously."

Ryan Kramer, Enterprise Network Architect, State of North Dakota

Hear from the state of North Dakota
Cherwell Software “Once we got Cortex XDR in, we had the relief of knowing we were seeing real viable data, information we could react to, information we could act on, and what the endpoints were doing. There was this tremendous relief that now we could be ahead of the situation."

Greg Biegen, Director of Information Security, Cherwell Software

Hear from Cherwell Software
The San Jose Water Company The San Jose Water security operations team was manually working through 900 - 1,200 alerts daily. They needed a solution that would enable them to quickly look in a single location and identify the critical items to investigate immediately.
“Not only did Cortex XDR reduce the number of incidents we had to look at, but the time taken to act on those incidents was also reduced…The X in XDR, for me, is the extension of my team.”

Peter Fletcher, Director of Cyber Security, San Jose Water Company
Hear from the San Jose Water Company
Ada County “With Cortex XDR… we are able to be a lot more proactive instead of reactive. I would get 400 or 500 alerts a day. Now I'm down to maybe seven or eight...We're not spending six hours on incident response, we're spending 10 minutes.”

Bret Lopeman, Senior Security Engineer, Ada County
Hear from Ada County
City of Williamsburg "We were feeding information into a security information and event management system, but it was disjointed. Palo Alto Networks told us about Cortex XDR, and seeing how all security events go into a single data lake and Cortex XDR stitches everything together in one place for us, we were pretty much sold after the first demo."

Mark Barham, Director of IT, City of Williamsburg
Read more about the City of Williamsburg

Forrester MITRE ATT&CK® Evaluation Guide
Get an objective analysis of the security marketplace’s major EDR technologies.
Get the guide
Test-drive it for yourself
See how Cortex XDR accelerates investigation and threat hunting in this online hands-on workshop.
We provide you access to professionals
Live community Connect, share and get the latest on our products and ecosytem on our Live community portal.
Knowledge base Knowledge Base helps with common questions. Explore a wealth of knowledge at your fingertips.
Support The Support Center allows you to register & manage your assets, and create or manage your cases.