Future-Proofed Security Operations

Future-Proofed Security Operations

Stop modern attacks with the industry’s first extended detection and response platform that spans your endpoint, network and cloud data. Welcome to the future of EDR.

Cortex XDR™ tiers
See comparison
XDR Prevent XDR Pro

USE CASES
  • Next-generation antivirus

    Block malware, exploits and fileless attacks with the industry’s most comprehensive endpoint security stack. Our lightweight agent stops threats by combining AI-driven local and cloud-based analysis.

    Learn more
  • Get an edge on attackers with patented behavioral analytics. Using machine learning, Cortex XDR continuously profiles endpoint, network and user behavior to uncover the stealthiest attacks.

    Learn more
  • Swiftly block malware, isolate endpoints, execute scripts or sweep across your entire environment to contain threats. Cortex XDR offers flexible response options that span your entire infrastructure.

    Learn more

One platform for all SOC needs

Get holistic prevention, detection and response.
See 10 must-haves
A scalable, cloud architecture

Enterprise-wide visibility

Find every threat and eliminate blind spots by integrating data from across your environment.

Powerful endpoint protection

Safeguard endpoint data and address compliance requirements with host firewall, disk encryption and USB device control.

Automated root cause analysis

Analyze alerts from any source with a single click to instantly understand the root cause and sequence of events.

Incident management

Investigate at lightning speed by intelligently grouping related alerts into incidents to get a complete picture of each attack.

Managed Threat Hunting

Get with industry’s first threat hunting service that operates on endpoint, network and cloud data to uncover every threat.


Break down security silos

Boost security efficacy with integrated defenses

Avoid swivel-chair syndrome. Stop more attacks and simplify operations with extended detection and response.

Drive better security outcomes

Accelerate threat response, streamline operations and increase SOC productivity.
Get the datasheet
  • Faster Investigations
    88%
  • Reduction in alerts
    98%
  • Lower cost
    44%


XDR Explained

Rewire security operations

Rewire security operations

Cortex XDR integrates data from across your digital domain and accelerates investigations so you can stop attacks before the damage is done.

AI-driven security

Outpace adversaries with the power of machine learning.

Get the datasheet
  • Behavioral analytics

    Accurately detect evasive threats by profiling user and endpoint behavior as well as identifying anomalies indicative of attacks.

  • AI-based malware analysis

    Examine files with an adaptive local analysis engine that’s always learning to counter new attack techniques.

  • Cloud native machine learning

    Harness community-sourced data to identify adversaries’ latest tactics and improve detection accuracy.

Get the datasheet

Superior detection powered by rich data

Cortex XDR spans key data sources to uncover modern attacks

Network data

  • Palo Alto Networks NGFW
  • Cisco ASA and FirePower
  • Check Point Firewall
  • Fortinet Fortigate

Endpoint data

  • Cortex XDR agent
  • Windows event logs
  • Pathfinder data collector
  • GlobalProtect™ events from NGFW logs

Cloud and authentication data

  • Cortex XDR for VM and containers
  • Prisma™ Access
  • VM-Series NGFW
  • Azure Active Directory
  • Okta
  • PingOne

Case Study
San Jose Water

San Jose Water simplifies investigation and response

Problem

Before Cortex XDR, San Jose Water was drowning in alerts – the SecOps team manually reviewed 900 to 1,200 alerts a day. They needed a solution that would simplify triage and investigations to speed up incident response times and eliminate alert fatigue.

Solution

“Not only did Cortex XDR reduce the number of incidents we had to look at, but the time taken to act on those incidents was also reduced … The X in XDR, for me, is the extension of my team.”

– Peter Fletcher, Dir. of Security, San Jose Water

  • Cortex XDR
  • NGFW
  • Panorama
  • WildFire
  • Prisma Access
Watch case study video
Case Study
Ada County

Reducing response times from hours to minutes with Cortex XDR

Problem

Facing growing cyberthreats, Ada County wanted greater visibility.

Solution

“With Cortex XDR … we are able to be a lot more proactive instead of reactive. I would get 400 or 500 alerts a day. Now I'm down to maybe seven or eight … We're not spending six hours on incident response, we're spending 10 minutes.”

– Bret Lopeman, Sr. Security Engineer, Ada County

  • Cortex XDR
  • NGFW
  • Panorama
  • WildFire
  • AutoFocus
Hear from Ada County
Case Study
State of North Dakota

The State of North Dakota focuses on the threats that matter

Problem

With a senate mandate to protect city and county governments as well as primary, secondary and higher education, the security team for the State of North Dakota realized they needed to implement more scalable and effective security.

Solution

“We desperately needed automation and to have a tool that filtered through all the noise. Cortex is doing exactly that. We’re seeing the noise going away, and we’re getting to the important alerts that we hadn't seen previously."

– Ryan Kramer, Enterprise Network Architect, State of North Dakota

  • Cortex XDR
  • NGFW
  • Panorama
  • WildFire
  • Prisma Cloud
  • AutoFocus
Watch video

Features and specifications

  • Delivery Model

    Cloud-native application
  • Data Retention

    30-day to unlimited data storage
  • Next-Generation Antivirus

    Malware, ransomware and fileless attack prevention
    Behavioral Threat Protection
    AI-based local analysis engine
    Integration with the cloud-based WildFire® malware prevention service
    Child process protection
    Credential theft protection
    Exploit prevention by exploit technique
    Customizable prevention rules
    Scheduled and on-demand malware scanning
  • Endpoint Protection

    Device control for USB device management
    Host firewall
    Disk encryption
  • Detection and Investigation

    Integration of network, endpoint, cloud and authentication data from Palo Alto Networks and third-party sources
    Root cause analysis of alerts
    Third-party alert and log ingestion
    Timeline analysis of alerts
    Machine learning-based behavioral analytics
    Unified incident engine
    Custom rules to detect tactics, techniques and procedures
    Dashboards and reporting
    Vulnerability management - included with Host Insights
    Host inventory - included with Host Insights
    Asset management with rogue device discovery
    Detection of targeted attacks, malicious insiders and risky user behavior
    Malware and fileless attack detection
    Endpoint detection and response (EDR)
    Network detection and response (NDR) and user behavior analytics (UBA)
  • Threat Hunting

    Threat hunting through native search or a query builder tool
    IOC-based searches
    Threat intelligence integration
    Managed Threat Hunting service
  • Response and Recovery Features

    Public APIs for response and data collection
    Live Terminal for direct endpoint access
    Network isolation, quarantine, process termination, file deletion, file block list
    Endpoint script execution
    Remediation suggestions with host restore
    Search and Destroy - included with Host Insights
    Native integration with Cortex XSOAR for security orchestration, automation and response (SOAR)
  • Operating System Support

    The Cortex XDR agent supports multiple endpoints across Windows®, macOS®, Linux, Chrome® OS, and Android® operating systems. For a complete list of system requirements and supported operating systems, see the Palo Alto Networks Compatibility Matrix.

    Cortex XDR Pathfinder minimum requirements: 2 CPU cores, 8 GB RAM, 128 GB thin-provisioned storage, VMware ESXi™ V5.1 or higher, or Microsoft Hyper-V® 6.3.96 or higher hypervisor.
GET A DEMO

See Cortex in action

See firsthand how you can automate and streamline your security operations.

Talk to a Specialist

Get started with SOC Transformation

Download your toolkit to get curated articles, case studies, demos and reports to help you transform your SOC.


Cortex XDR tiers


Cortex XDR Prevent

Cortex XDR Pro

Data sources

Get extended visibility

Endpoint


Data sources

Get extended visibility

Endpoint, network, cloud and third-party products


Endpoint protection

Stop malware, exploits and fileless attacks


Endpoint protection

Stop malware, exploits and fileless attacks


Device control

Prevent data loss and USB-based malware infections


Device control

Prevent data loss and USB-based malware infections


Disk encryption

Manage BitLocker or FileVault from the Cortex XDR console


Disk encryption

Manage BitLocker or FileVault from the Cortex XDR console


Host firewall

Reduce the attack surface on Windows and macOS endpoints


Host firewall

Reduce the attack surface on Windows and macOS endpoints


Managed Threat Hunting

Uncover the most complex threats across endpoint and network with Unit 42 experts


Managed Threat Hunting

Uncover the most complex threats across endpoint and network with Unit 42 experts

Optional


Host Insights

Monitor host inventory, find vulnerabilities and sweep across endpoints to eradicate threats


Host Insights

Monitor host inventory, find vulnerabilities and sweep across endpoints to eradicate threats

Optional


Behavioral analytics

Detect emerging attacks with patented analytics and machine learning


Behavioral analytics

Detect emerging attacks with patented analytics and machine learning


Rule-based detection

Find threats with out-of-the-box and custom rules


Rule-based detection

Find threats with out-of-the-box and custom rules


Incident management

Reduce alert fatigue 98% by intelligently grouping alerts

Endpoint alerts


Incident management

Reduce alert fatigue 98% by intelligently grouping alerts

All alert sources


Integrated response

Contain threats with multiple, flexible response options

Endpoint only


Integrated response

Contain threats with multiple, flexible response options

Endpoint, network & cloud


Threat intelligence feed

Enrich investigations with rich context from tens of thousands of customers

Optional


Threat intelligence feed

Enrich investigations with rich context from tens of thousands of customers

Optional


Alert retention

30 days


Alert retention

30 days


XDR data retention


XDR data retention

Endpoint and network, 30 days


Extended data retention

Optional

Extended data retention

Optional