See our response to COVID-19
Future-Proofed Security Operations

Future-Proofed Security Operations

Stop modern attacks with the industry’s first extended detection and response platform that spans your endpoint, network and cloud data. Welcome to the future of EDR.

Cortex XDR™ tiers
See comparison
XDR Prevent XDR Pro
Schedule a demo Contact a representative
USE CASES

  • Next-generation antivirus

    Block malware, exploits and fileless attacks with the industry’s most comprehensive endpoint security stack. Our lightweight agent stops threats by combining AI-driven local and cloud-based analysis.

    Learn more

  • Get an edge on attackers with patented behavioral analytics. Using machine learning, Cortex XDR continuously profiles endpoint, network and user behavior to uncover the stealthiest attacks.

    Learn more

  • Swiftly block malware, isolate endpoints, execute scripts or sweep across your entire environment to contain threats. Cortex XDR offers flexible response options that span your entire infrastructure.

    Learn more

One platform for all SOC needs

Get holistic prevention, detection and response.
See 10 must-haves
A scalable, cloud architecture

Enterprise-wide visibility

Find every threat and eliminate blind spots by integrating data from across your environment.

Powerful endpoint protection

Safeguard endpoint data and address compliance requirements with host firewall, disk encryption and USB device control.

Automated root cause analysis

Analyze alerts from any source with a single click to instantly understand the root cause and sequence of events.

Incident management

Investigate at lightning speed by intelligently grouping related alerts into incidents to get a complete picture of each attack.

Managed Threat Hunting

Get with industry’s first threat hunting service that operates on endpoint, network and cloud data to uncover every threat.

Break down security silos

Boost security efficacy with integrated defenses

Avoid swivel-chair syndrome. Stop more attacks and simplify operations with extended detection and response.
Get the datasheet

Drive better security outcomes

Accelerate threat response, streamline operations and increase SOC productivity.
Get the datasheet
  • Faster Investigations
    88%
  • Reduction in alerts
    98%
  • Lower cost
    44%
XDR Explained

Rewire security operations

Rewire security operations

Cortex XDR integrates data from across your digital domain and accelerates investigations so you can stop attacks before the damage is done.

Watch now

AI-driven security

Outpace adversaries with the power of machine learning.

Get the datasheet

  • Behavioral analytics

    Accurately detect evasive threats by profiling user and endpoint behavior as well as identifying anomalies indicative of attacks.

  • AI-based malware analysis

    Examine files with an adaptive local analysis engine that’s always learning to counter new attack techniques.

  • Cloud native machine learning

    Harness community-sourced data to identify adversaries’ latest tactics and improve detection accuracy.

Get the datasheet

Superior detection powered by rich data

Cortex XDR spans key data sources to uncover modern attacks

Network data

  • Palo Alto Networks NGFW
  • Cisco ASA and FirePower
  • Check Point Firewall
  • Fortinet Fortigate

Endpoint data

  • Cortex XDR agent
  • Windows event logs
  • Pathfinder data collector
  • GlobalProtect™ events from NGFW logs

Cloud and authentication data

  • Cortex XDR for VM and containers
  • Prisma™ Access
  • VM-Series NGFW
  • Azure Active Directory
  • Okta
  • PingOne
Case Study
San Jose Water

San Jose Water simplifies investigation and response

Problem

Before Cortex XDR, San Jose Water was drowning in alerts – the SecOps team manually reviewed 900 to 1,200 alerts a day. They needed a solution that would simplify triage and investigations to speed up incident response times and eliminate alert fatigue.

Solution

“Not only did Cortex XDR reduce the number of incidents we had to look at, but the time taken to act on those incidents was also reduced … The X in XDR, for me, is the extension of my team.”

– Peter Fletcher, Dir. of Security, San Jose Water

  • Cortex XDR
  • NGFW
  • Panorama
  • WildFire
  • Prisma Access
Watch case study video
Case Study
Ada County

Reducing response times from hours to minutes with Cortex XDR

Problem

Facing growing cyberthreats, Ada County wanted greater visibility.

Solution

“With Cortex XDR … we are able to be a lot more proactive instead of reactive. I would get 400 or 500 alerts a day. Now I'm down to maybe seven or eight … We're not spending six hours on incident response, we're spending 10 minutes.”

– Bret Lopeman, Sr. Security Engineer, Ada County

  • Cortex XDR
  • NGFW
  • Panorama
  • WildFire
  • AutoFocus
Hear from Ada County
Case Study
State of North Dakota

The State of North Dakota focuses on the threats that matter

Problem

With a senate mandate to protect city and county governments as well as primary, secondary and higher education, the security team for the State of North Dakota realized they needed to implement more scalable and effective security.

Solution

“We desperately needed automation and to have a tool that filtered through all the noise. Cortex is doing exactly that. We’re seeing the noise going away, and we’re getting to the important alerts that we hadn't seen previously."

– Ryan Kramer, Enterprise Network Architect, State of North Dakota

  • Cortex XDR
  • NGFW
  • Panorama
  • WildFire
  • Prisma Cloud
  • AutoFocus
Watch video

Additional services and partners

Managed Detection and Response

Relieve the day-to-day burden of security operations and achieve 24/7 coverage, from alert management to incident response.

Learn more

Managed Threat Hunting

Get the industry’s first threat hunting service that operates across integrated endpoint, network and cloud data to uncover adversaries anywhere in your environment.

Learn more

Incident Response

Minimize the impact of a data breach with targeted incident response services and a team of experts who can help you recover quickly.

Learn more
LEARN MORE

Explore Cortex XDR resources

DATASHEET

Cortex XDR Datasheet

Check out the datasheet to learn the key features and benefits of the industry’s first extended detection and response platform.
DIGITAL ASSET

10 Must-Haves for Detection and Response

Learn what features to look for when evaluating detection and response solutions.

EDUCATION

Threat Hunting and Investigations Hands-On Workshop

Boost your skills by learning how to hunt down adversaries, quickly investigate incidents and eliminate threats.

WHITE PAPER

Cortex XDR: Breaking the Silos of Detection and Response

Learn the key features for detection and response and how Cortex XDR uniquely delivers them to safeguard your organization.

WHITE PAPER

Maximize the ROI of Detection and Response

Find out how you can improve your return on investment and lower the cost of detection and response.

GUIDE

The Ultimate Guide to the MITRE ATT&CK Evaluation

See the rankings of the top detection and response vendors, and find out how to take your threat detection to the next level.

Features and specifications

  • Delivery Model

    Cloud-native application

  • Data Retention

    30-day to unlimited data storage

  • Next-Generation Antivirus

    Malware, ransomware and fileless attack prevention
    Behavioral Threat Protection
    AI-based local analysis engine
    Integration with the cloud-based WildFire® malware prevention service
    Child process protection
    Credential theft protection
    Exploit prevention by exploit technique
    Customizable prevention rules
    Scheduled and on-demand malware scanning

  • Endpoint Protection

    Device control for USB device management
    Host firewall
    Disk encryption

  • Detection and Investigation

    Integration of network, endpoint, cloud and authentication data from Palo Alto Networks and third-party sources
    Root cause analysis of alerts
    Third-party alert and log ingestion
    Timeline analysis of alerts
    Machine learning-based behavioral analytics
    Unified incident engine
    Custom rules to detect tactics, techniques and procedures
    Dashboards and reporting
    Vulnerability management - included with Host Insights
    Host inventory - included with Host Insights
    Asset management with rogue device discovery
    Detection of targeted attacks, malicious insiders and risky user behavior
    Malware and fileless attack detection
    Endpoint detection and response (EDR)
    Network detection and response (NDR) and user behavior analytics (UBA)

  • Threat Hunting

    Threat hunting through native search or a query builder tool
    IOC-based searches
    Threat intelligence integration
    Managed Threat Hunting service

  • Response and Recovery Features

    Public APIs for response and data collection
    Live Terminal for direct endpoint access
    Network isolation, quarantine, process termination, file deletion, file block list
    Endpoint script execution
    Remediation suggestions with host restore
    Search and Destroy - included with Host Insights
    Native integration with Cortex XSOAR for security orchestration, automation and response (SOAR)

  • Operating System Support

    The Cortex XDR agent supports multiple endpoints across Windows®, macOS®, Linux, Chrome® OS, and Android® operating systems. For a complete list of system requirements and supported operating systems, see the Palo Alto Networks Compatibility Matrix.

    Cortex XDR Pathfinder minimum requirements: 2 CPU cores, 8 GB RAM, 128 GB thin-provisioned storage, VMware ESXi™ V5.1 or higher, or Microsoft Hyper-V® 6.3.96 or higher hypervisor.
GET A DEMO

See Cortex in action

See firsthand how you can automate and streamline your security operations.

Talk to a Specialist

Get started with SOC Transformation

Download your toolkit to get curated articles, case studies, demos and reports to help you transform your SOC.

Popular Resources

Legal Notices

Popular Links

Report a Vulnerability

Cortex XDR tiers


Cortex XDR Prevent
Cortex XDR Pro

Data sources

Get extended visibility

Endpoint

Data sources

Get extended visibility

Endpoint, network, cloud and third-party products

Endpoint protection

Stop malware, exploits and fileless attacks

Endpoint protection

Stop malware, exploits and fileless attacks

Device control

Prevent data loss and USB-based malware infections

Device control

Prevent data loss and USB-based malware infections

Disk encryption

Manage BitLocker or FileVault from the Cortex XDR console

Disk encryption

Manage BitLocker or FileVault from the Cortex XDR console

Host firewall

Reduce the attack surface on Windows and macOS endpoints

Host firewall

Reduce the attack surface on Windows and macOS endpoints

Managed Threat Hunting

Uncover the most complex threats across endpoint and network with Unit 42 experts

Managed Threat Hunting

Uncover the most complex threats across endpoint and network with Unit 42 experts

Optional

Host Insights

Monitor host inventory, find vulnerabilities and sweep across endpoints to eradicate threats

Host Insights

Monitor host inventory, find vulnerabilities and sweep across endpoints to eradicate threats

Optional

Behavioral analytics

Detect emerging attacks with patented analytics and machine learning

Behavioral analytics

Detect emerging attacks with patented analytics and machine learning

Rule-based detection

Find threats with out-of-the-box and custom rules

Rule-based detection

Find threats with out-of-the-box and custom rules

Incident management

Reduce alert fatigue 98% by intelligently grouping alerts

Endpoint alerts

Incident management

Reduce alert fatigue 98% by intelligently grouping alerts

All alert sources

Integrated response

Contain threats with multiple, flexible response options

Endpoint only

Integrated response

Contain threats with multiple, flexible response options

Endpoint, network & cloud

Threat intelligence feed

Enrich investigations with rich context from tens of thousands of customers

Optional

Threat intelligence feed

Enrich investigations with rich context from tens of thousands of customers

Optional

Alert retention

30 days

Alert retention

30 days

XDR data retention

XDR data retention

Endpoint and network, 30 days

Extended data retention

Optional

Extended data retention

Optional