CORTEX XDR - Exclusive Networks · Security teams face a dizzying array of threats, from ransomware...
Transcript of CORTEX XDR - Exclusive Networks · Security teams face a dizzying array of threats, from ransomware...
Palo Alto Networks | Cortex XDR | White Paper 1
CORTEX XDRBreaking the Security Silos for Detection and Response
Security teams face a dizzying array of threats, from ransomware and cyberespionagetofilelessattacksanddamagingdatabreaches.However,thebiggestheadacheformanysecurityanalystsisnottheendlessnumberofrisksthatdominatenewsheadlinesbutthefrustrating,repetitivetaskstheymustperformeverydayastheytriageincidentsandattempttowhittledownanend-lessbacklogofalerts. Thispaperdescribesthethorniestchallengessecurityanalystsconfront,includingadelugeofalertsandcomplexinvestigationprocessesthatcanoverwhelmeventhemostmaturesecurityoperationscenters.ItthenproposesaframeworktotackleeverystageofsecurityoperationswithCortexXDR™fordetectionandresponse.Asthespectersofmalware,targetedattacks,andinsiderabusecontinuallyescalate,toolslikeCortexXDRcanbeyoursecretweapontoeliminatethreatsandsimplifyoperations.
Palo Alto Networks | Cortex XDR | White Paper 2
Analysts Under SiegeSecurityteamstodayfacetwodauntingchallenges:acontinualbarrageofattacksandanendlessseaofalerts.Securityteamsknowthreatactorscanlaunchanunlimitednumberofattacks,consequence-free,untilonesucceeds.Toreducethepossibilityofanintrusion,teamstypicallydeploymultiplelayersofsecurity,butthesetoolsgenerateamassivenumberofalerts—174,000alertsperweekonaverage.1
Tokeepupwithallthesealerts,analystsoftenoperateinfirefightingmode,attemptingtotriageasmanyalertsaspossibleeveryday.Becausethesealertsoftenlackessentialcontextneededforinvestigations,analystsareforcedtowastevaluabletimechasingdownadditionaldetails.Overwhelmedbyinaccurateandincompletealerts,securityteamscanonlyreview12,000alertsperweek,2leaving93%ofalertsignoredandincreasingbusinessrisk.
Event overload
Overlooked threats
Skills shortage
174,000 alerts per week
93% of alerts are ignored
1.8M job openings by 2023
Narrowly focused tools
Manual data collection
Ineffective incident response
40+ security tools usedby SOC
Network, endpoint,or cloud
MTTI 197 days(mean timeto identify)
MTTC 69 days(mean timeto contain)
Siloed security tools
Alerts
Figure 1: A security analyst’s many burdens
Looking for Threats in All the Wrong PlacesTherisingtideofattackshasconvincedorganizationsofallsizestoembracedetectionandresponse.Toaddressthisnew-founddemand,theITsecurityindustryhasintroducedaslewofsiloedtools,suchasendpointdetectionandresponse(EDR),networktrafficanalysis(NTA),anduserandentitybehavioranalytics(UEBA).However,thesetoolsprovideanarrowviewofactivityandrequireyearsofspecialistexperiencetooperate.
Organizationsareleftwithtwounappealingchoices:deployajumbleofdisconnecteddetectionandresponseproductsorrelysolelyonexistingpreventionproductstoidentifyhard-to-detectthreatsinrealtime.
Organizationsthatchoosetoprovisionsiloedtoolswillbeburdenedwiththecostsofdeployingandmaintainingnewnetworksensorsandendpointagentseverywhere.Ontheotherhand,organizationsthatdependontheirpreventiontoolsfordetectionwilllikelyoverlookstealthyattacks,suchashighlyevasivemalware,maliciousinsiders,ortargetedattacks.Thisisbecauseadvancedattacksoftendonotincorporatetraditionalindicatorsofcompromise(IoCs),suchasattacksignaturesormaliciousdomains.Theonlywaytodetectthesethreatsistoexamineactivity—notjustalerts—overtimeandacrossdatasourceswithmachinelearningandanalytics.
Manual Investigations Increase Attacker Dwell TimesDetectingattacksisonlyhalfthebattle.Analystsmustalsoinvestigatealertsandassessthe“who,what,when,why,andhow”detailstodeterminewhatactiontotake.Unfortunately,manyoftoday’ssecuritytoolsonlypresenthigh-levelalertswithlimiteduser,endpoint,network,application,andthreatintelligenceinformation.
Thesehigh-levelalertsrarelyprovideallthecontextneededforinvestigationandresponse.Asaresult,analystsmustpivotfromconsoletoconsoleandmanuallypiecetogetherdatatogetaclearunderstandingofanattack.Toinvestigateanetworkalert,forexample,ananalystmayneedtoperformpainstakinganalysisandcorrelationtoidentifytheendpoint,networkactivity,anduserassociatedwitheachincident.Withtoday’scomplexandsiloedtools,onlyspecializedexpertscannavigatethelabyrinthrequiredforinvestigations.
1.“TheStateofSOARReport,2018,”Demisto,September2018, https://go.demisto.com/the-state-of-soar-report-2018.2.Ibid.
Palo Alto Networks | Cortex XDR | White Paper 3
Withthesethreeintegratedcapabilitiescoordinatedacrossallyourcriticalassets,includingyournetwork,endpoints,andclouds,you’llbeabletodefeatincreasinglysophisticatedthreats.
Cortex XDR Detection and ResponseCortexXDRistheworld’sfirstcloud-baseddetectionandresponseappthatnativelyintegratesnetwork,endpoint,andclouddatatostopsophisticatedattacks.CortexXDRhasbeendesignedfromthegrounduptohelporganizationslikeyourssecureyourdigitalassetsanduserswhilesimplifyingoperations.Usingbehavioralanalytics,itidentifiesunknownandhighlyevasivethreatstargetingyournetwork.MachinelearningandAImodelsuncoverthreatsfromanysource,includingmanagedandunmanageddevices.
Sincethesetoolsrarelyworktogether,analystscannoteasilycoordinateresponseacrossalltheirenforcementpoints.Insteadofinstantlyblockinganattack,theymustsubmitaticketoraskotherteammemberstoupdatesecuritypolicies,whichmighttakedaysorweeks.It’snotsurprising,then,thattheaveragetimeittakesorganizationstoidentifyabreach,andthentocontainit,hasincreasedto197and69days,respectively.3
Facedwithashortageofcybersecurityprofessionals—whichindustryanalystsexpecttoreach1.8millionunfilledpositionsby20224—teamsneedtobreakdownsecuritysilosandsimplifyincidentresponse,ortheywillstruggletopreventsuccessfulcyberattacks.
What Is NeededAnewapproachisrequiredtosolvetoday’ssecurityoperationschallenges—onethatwilleaseeverystageofsecurityoperations,fromdetectionandthreathuntingtotriage,investigation,andresponse.Thisnewapproachrequiresthefollowingthreeintegratedcapabilities,workingtogethertolowerriskandsimplifyoperations.
• Great threat prevention:Greatpreventionallowsyoutostopeverythingyoucan—themorethan99%ofattacksthatcanbeblockedautomaticallyinrealornear-realtime—withoutmanualverification.Youneedconsistent,coordinatedpreventionacrossallyourdigitalassets.
• AI and machine learning:Withthegrowingamountofdatabeingcol-lected,youranalystsshouldn’tbeforcedtomanuallyanalyzeorcorrelatedatatoidentifythreats.Youneedmachinelearningandanalyticstolearntheuniquecharacteristicsofyourorganizationandformabaselineofexpectedbehaviortodetectsophisticatedattacks.
• Automation:Toquicklyconfirmattacks,analystsneedactionablealertswithrichinvestigativedetails.Theyshouldalsobeableunderstandtherootcauseofattackseasilywithoutneedingyearsofexperience.
Mean time to contain (MTTC) a breach has increased to
Mean time to identify (MTTI)a breach has increased to
197 days
69 days
Great prevention AI & machine learning Automationto stop everything you can to detect sophisticated attacks to accelerate investigations
Across network, endpoint, and cloud data
Figure 2: Critical integrated capabilities
3.“2018CostofaDataBreachStudy,”PonemonInstitute,July2018, https://www.ibm.com/downloads/cas/861MNWN2.4.“2017GlobalInformationSecurityWorkforceStudy,”(ISC)2,2017, https://iamcybersafe.org/wp-content/uploads/2017/06/europe-gisws-report.pdf.
Palo Alto Networks | Cortex XDR | White Paper 4
CortexXDRhelpsyouaccelerateinvestigationsbyprovidingacompletepictureofeachalert.Itstitchesdifferenttypesofdatatogetherandrevealstherootcauseandtimelineofalerts,allowinganalystsofallexperiencelevelstoperformtriage.Tightintegrationwithenforcementpointsletsyourespondtothreatsquicklyandapplytheknowledgegainedfrominvestigationstodetectsimilarattacksinthefuture.
WithCortexXDR,youcanuseyourexistingPaloAltoNetworksnetwork,endpoint,andcloudsecurityassensorsandenforcementpoints,eliminatingtheneedtodeploynewsoftwareorhardware.Youonlyneedonedatasource—suchasPaloAltoNetworksnext-generationfirewallsorTraps™,ourendpointprotectionandresponseservice—withCortexXDR,butyouwouldneedmultipledatasourcestorealizethebenefitsofdatastitchingandanalysis.Youcanavoidprovisioningcumbersomeloginfrastructureon-premisesbystoringallyourdatainCortexDataLake,ascalableandsecurecloud-baseddatarepository.
Endpoints ServersCampus
Cortex Data Lake
Cortex XDR
Branch Mobile users
TR
TRTR TR
GPcloud
service
Log and activity dataLog and activity data
Cloud Data Center
TR VM-Series
Figure 3: Analysis of data from multiple sources by Cortex XDR
Cortex XDR Protects You at Every Stage of Security OperationsAttackerscontinuallyinnovate.Tooutpacethem,securityteamsmustimplementarepeatableprocesstoproactivelyblockattackswithbest-in-classpreventionandtodiscoverandstopactivethreats.CortexXDRgivesyouthetoolstoaccomplishfouriterativesteps:
1.Prevent
2.Automaticallydetect
3.Rapidlyinvestigate
4.Respond and adapt
Thisframeworkprovideseverythingyouneedtosecureyourorganizationtodayandinthefuture.
Achieve Closed-Loop Prevention, Detection, and Response with Cortex XDR
Prevent Known and Unknown Threats While Gaining Complete VisibilityIroncladsecuritystartswithgreatprevention.Tothisend,allCortexXDRsubscriptionsincludeTrapsforendpointprotectionandresponse,offeringyouthebestendpointsecurityavailable.Trapsisalightweightagentthatautomaticallyblocksmalware,exploits,andfilelessattackswhilesimultaneouslycollectingeventdataforCortexXDR.
Palo Alto Networks | Cortex XDR | White Paper 5
Combiningmultiplemethodsofprevention,Trapsstandsapartinitsabilitytoprotectendpoints.Trapsthwartsmalwareinfectionsbyblockingtheexploitsusedbyattackerstocompromiseendpointsandinstallmalware.Trapsprotectshostsbyidentifyingexploittechniques—notjustexploitsignatures—soitcanstopzero-daythreats.Inaddition,itidentifiessequencesofbehavioruniquetomalwareandransomwarewithitspowerfulBehavioralThreatProtectionengine.TrapsintegrateswithPaloAltoNetworksWildFire®,ourmalwarepreventionservice,toanalyzesuspiciousfilesinthecloudandcoordinateprotectionacrossallPaloAltoNetworkssecurityproducts.
WF
EXELocal analysis to
stop known malwareMachine learning to
prevent new malwareBehavioral threat
protection foradvanced malware
WildFire to detectunknown malware
Attack blocked, endpoint safe
User attempts toopen executable file
WildFire feeds known threat information back to Traps
Multiple methods of prevention improve accuracy and coverage
TR
Figure 4: Automatically preventing malware, exploits, and fileless attacks
InadditiontoTraps,PaloAltoNetworksprovidesacompleteportfolioofsecurityofferingsthatpreventattacksbycombiningthelatestbreakthroughsinsecurity,automation,andanalytics.CortexXDRintegrateswiththeseworld-leadingtechnologies,includingourphysicalandvirtualizednext-generationfirewalls,andGlobalProtect™cloudservice,enablingyoutopreventadvancedattackswhilealsocollectingdatafordetectionandresponse.
Automatically Detect Attacks with Behavioral Analytics and AI CortexXDRuncoversstealthyattacksusinganalyticsandmachinelearning,allowingyourteamtofocusonthethreatsthatmatter.CortexXDRstartsbyanalyzingrichdatagatheredacrossthePaloAltoNetworksplatform,providingyoucompletevisibilityandeliminatingblindspots.Itstitchestogetherdatacollectedfromyournetwork,endpoints,andcloudassetstoaccuratelydetectattacksandsimplifyinvestigations.
Figure 5: Automatic discovery of anomalies indicative of malware, targeted attacks, and insider abuse
Palo Alto Networks | Cortex XDR | White Paper 6
CortexXDRtracksmorethan1,000dimensionsofbehavior,includingattributesthatarenearlyimpossibletoascertainfromtraditionalthreatlogsorhigh-levelnetworkflowdata.Itthenprofilesuseranddevicebehaviorbytakingadvantageof:
• Unsupervised machine learning:CortexXDRbaselinesuseranddevicebehavior,performspeergroupanalysis,andclustersdevicesintorelevantgroupsofbehavior.Basedontheseprofiles,CortexXDRdetectsanomaliescomparedtopastbehaviorandpeerbehaviortodetectmaliciousactivity,suchasmalwarebehavior,commandandcontrol,lateralmovement,andexfiltration.
• Supervised machine learning:CortexXDRmonitorsmultiplecharacteristicsofnetworktraffictoclassifyeachdevicebytype,suchasaWindows®computer,anAppleiPhone®,amailserver,oravulnerabilityscanner.CortexXDRalsolearnswhichusersareITadministratorsornormalusers.Withsupervisedmachinelearning,CortexXDRrecognizesdeviationsfromexpectedbehaviorbasedonthetypeofuserordevice,reducingfalsepositives.
CortexXDRusesapre-computedetectionarchitecturetomaximizespeed,efficiency,andaccuracy.Thepre-computeframeworkprocessesthedatastoredinCortexDataLaketocalculatethevaluesitneedsformachinelearning.Itsdetectionalgorithmsanalyzetheseprecalculatedvalues,ratherthanrawdata,tofindattacksmorequicklyandincorporatemultipleinputsinitsdetectionalgorithmstodetectattackswithprecision.
Endpoint
Attack detection algorithms
Malware Lateralmovement Exfiltration
Currentbehavior
Timeprofile
Peerprofile
Entityprofile
• User activity• Device activity
• Past user activity• Past device activity
• Peer profile of user and device activity
• Device Type: workstation, server, server type• User type: admin standard user
Profiling engine
Endpoint
Network
Cloud
DataCommand
and control
Byexaminingrichnetwork,endpoint,andclouddata,buildingbehavioralprofiles,andanalyzingtheseprofileswithabroadsetofdetectionalgorithms,CortexXDRcanpinpointstealthyattackswithunparalleledprecision.
Custom RulesYoursecurityteamcanidentifythreatsuniquetoyourenvironmentwithflexiblecustomrules.TriggeringalertsagainstknownIoCs,suchasmalwarehashes,canhelpidentifyknownthreats,butattackerscaneasilyevadethesedetectiontechniques.CortexXDRprovidescustomrulesthatenableyoursecurityteamtodetectcomplexcombinationsofbehaviorstoexposespecificattackertactics,techniques,andprocedures(TTPs).Asaresult,yourteamcancloseknownsecuritygapsandgainvisibilityintopotentiallymaliciousactivitybeingperformedonthemostvaluableassets.Yourcustomrulescanidentifymisuseofsystemsandapplicationsaswellasdetectzero-dayattacksthatthwartevasiontechniques,ensuringyoucanuncoverthreatsevenifanadversarymanipulatesmalwarenames,hashes,orIPaddresses.
Youranalystscandefinerulesbasedondozensofdifferentparameters,includingprocess,file,network,orregistryinformation.Morethantwohundredpredefinedrulesdetectabroadarrayofthreatsoutofthebox,includingpersistence,tampering,privilegeescalation,andlateralmovement.
Thesedetectioncapabilitiesworkallday,everyday,providingyoupeaceofmind.
Threat Hunting and IoC SearchingThreathuntingplaysavitalroleinsecurityoperations,whetheranalystsareperforminganindependentsearchorexpandingfromaninvestigation.Withsearchqueries,yourteamcanuncoversuspiciousactivitybysearchingforspecifichosts,files,processes,registryupdates,networkconnections,andmore.Queriescanbeprecise,suchas,“Whatarethechangesmadetoaspecificfilebyaspecificprocessonahost?”oropenended,suchas“Showmealltheprocessesrunninginthedomain.”Yoursecurityteamcansearch,schedule,andsavequeriesascustomrules.
YoursecurityteamcansearchforattackbehaviorsaswellastraditionalIoCswithoutlearninganewquerylanguage.Analystscanfilterresultstoreducethenumberofeventstoreviewandrevealcovertthreats.Byincorporatingthreatintelligencewithacompletesetofnetwork,endpoint,andclouddata,yourteamcanfindpastattacksoruncoverincidentsinprogressinseconds.
Figure 6: Behavioral analytics architecture for Cortex XDR
Palo Alto Networks | Cortex XDR | White Paper 7
Rapidly Investigate AlertsToexpeditetriageandanalysisofanythreat,youranalystsneedfullinvestigativecontextattheirfingertips.CortexXDRdeliversseveralkeyfeaturesthatacceleratealerttriageandincidentresponse.Analertdashboardletsyourteamsort,filter,export,oreveninvestigatealertsfromanysourcewithasingleclick.Yourteamcaninstantlyunderstandtherootcause,reputation,andsequenceofeventsassociatedwitheachalert,loweringtheexperienceneededtoverifythreatswhileensuringfastandaccuratedecisions.
Data Inspected by Cortex XDR CortexXDRanalyzesprotocol-levelmetadataintrafficlogs,enhancedapplicationlogs,andthreatlogscollectedbyPaloAltoNetworksNGFWs,VM-SeriesvirtualizedNGFWs,andGlobalProtect™cloudservice.ItalsoexaminesendpointdatafromTraps.Bybuildingaprofilebasedonmorethan1,000dimensionsofbehavior,includingfrequencyofconnections,sourceanddestinationoftraffic,protocolsused,andmore,CortexXDRcanlearntheexpectedbehaviorofusersanddevices.CortexXDRalsomonitorsinternaltrafficaswellasoutboundtrafficfromclientsandserverstotheinternet.
Session-Level DataPaloAltoNetworksNGFWsextractthemetadataneededtoprofileuseranddevicebehavior,including:
• SourceIP,destinationIP,sourceport,anddestinationport
• Bytessentandreceived
• Connectionduration
• Enhancedapplicationlogswithtransaction-leveldataonDNS,HTTP,DHCP,RPC,ARP,ICMP,and more
• ApplicationdetailsfromApp-ID
User DataCortexXDRanalyzesnetworktrafficandendpointdatatoextractusercontext,suchas:
• Logged-inuser
• Typicaluserofamachine
• Usercreatingtheprocessthatinitiatedthecommunication
• Usergroupandorganizationalunitfrom Directory Sync
Endpoint Data CortexXDRanalyzesallendpointactivity,including:
• Filecreation,deletion,andupdate
• Filehash
• Filepath
• Processname
• Registry change
• CLIarguments
• Hardwareevents,suchasUSB
• Eventlogmanipulation
• Trapssecurityalerts
• WildFiremalwareverdict
Host DataCortexXDRidentifiesmachinesbytracking:
• Hostname
• MACaddress
• Operatingsystem
Data Retention• Minimum30days
Figure 7: Find the root cause of any alert, including network and cloud security alerts
Palo Alto Networks | Cortex XDR | White Paper 8
Apply Knowledge Gained from InvestigationsWithCortexXDR,yourteamcanapplyknowledgefromeachinvestigationtoreduceyourattacksurfaceandstreamlinefutureinvestigations,transformingyoursecurityposturefromreactivetoproactive.
Yourteamcancreategranularcustomrulesbasedontheattacktechniquesidentifiedinpastincidents.Youcanalsousethecustomrulesavailablefordetectionascontextforfutureinvestigations.Ratherthanassigningaruletoalertonanevent,itcannotifyyouranalyststhatsomethinghasoccurredthatneedstobefactoredintoadecision.Lessexperiencedanalystscanmakeeducateddecisionsduringinvestigationsbyviewingintuitive,informationalalertsrelatedtoincidents,suchaspossibleevasion,persistence,orcredentialabuseactivity.
CortexXDRcontinuallyevolvestoanticipatethreatsandoutsmartattackers.TrapsandCortexXDRintegratewithWildFiretodistributemalwarefindingstotheindustry’slargestmalwareanalysiscommunity.PaloAltoNetworksUnit42research,theGlobalSecurityIncidentResponseTeam(GSIRT),andtheCortexXDRresearchteamupdateprotectionsbasedonacombinationofautomatedandmanualanalysisofmetricsandtelemetrydata.
Yourteamcanconclusivelyanswerthequestionsposedbyanyevent,usingtheseanalysisviews:
• Root cause analysis view:Aunique,patentedanalysisenginecontinuouslyreviewsbillionsofeventstoidentifythechainofeventsbehindeverythreat.Itvisualizestheattacksequencebacktotherootcauseandprovidesessentialdetailsabouteachelementinthesequence,makingcomplexattackseasytounderstand.Youranalystscaninstantlyseewhichendpointprocesseswereresponsiblefornetworkorcloudsecurityalertswithoutmanuallycorrelatingeventsorpivotingbetweenconsoles.
• Timeline analysis view:Aforensictimelineofallattackactivityprovidesactionabledetailforincidentinvestigations,allowingyouranalyststodeterminethescope,impact,andnextstepsinseconds.Informationalalertsimprovetimelineanalysisbyidentifyingsuspiciousbehaviorandmakingcomplexeventseasytounderstandwithoutclutteringyouralertdashboardwithlow-riskevents.
CortexXDRoffersrelieftoteamsstrugglingwithabacklogofalertsanddifficult,timeconsuminganalysis.Moreover,itsimpli-fiesalerttriageandincidentinvestigationwithintuitive,visual,context-driventools.Analysisthatusedtotakehours,days,orweekscanbeaccomplishedinsecondsorminutes—allwithlessspecializedexpertise.
Respond and Adapt to ThreatsOnceyouidentifythreats,youneedtocontainthemquickly.CortexXDRletsyoursecurityteaminstantlyeliminatenetwork,endpoint,andcloudthreatsfromoneconsole.Yourteamcanquicklystopthespreadofmalware,restrictnetworkactivitytoandfromdevices,andupdatethreatpreventionlists,suchasbaddomains,throughtightintegrationwithenforcementpoints.
WithRemoteTerminal,responseandremediationcangobeyondinitialcontainment.Youranalystscanremotelyviewalerts,uploadtools,andinteractivelyruncommandsorscriptsusingPython®orPowerShell®forin-depthforensicinvestigations.Yourteamscanalsoterminateanddeleteprocessesinaliveenvironmentonanyhostwithfullauditingoccurringastheywork.Allthewhile,enduserscancontinuetoworkwithoutdisruptionordowntimewhilethreatsareeliminated.
Figure 8: Cortex XDR Remote Terminal Task Manager
3000 Tannery WaySanta Clara, CA 95054
Main: +1.408.753.4000Sales: +1.866.320.4788Support: +1.866.898.9087
www.paloaltonetworks.com
© 2019 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of our trademarks can be found at https://www.paloaltonetworks.com/company/trademarks.html. All other marks mentioned herein may be trademarks of their respective companies. cortex-xdr-wp-042619
The Silver Lining of Cloud DeploymentAsacloud-basedapp,CortexXDReliminatestheneedtodeployadditionalon-premisessoftwareorhardware.ItusesyourexistingPaloAltoNetworksproductsassensorsandenforcementpoints,streamliningdeploymentandmanagement.ThedatacollectedfromyourPaloAltoNetworksinfrastructureisstoredinCortexDataLake,ascalable,cloud-baseddatarepository.CortexDataLakedeliversefficientlogstoragethatscalestohandlethelargevolumeofdataneededfordetectionandresponse.YoucanquicklydeployCortexXDRandCortexDataLake,avoidingthetime-consumingprocessofsettingupnewequipment.
Byeliminatingon-premiseslogstorageandadditionalsensorsandenforcementpoints,CortexXDRofferslowtotalcostofownership.CortexXDRalsobooststheproductivityofyoursecurityoperationsteambyautomaticallydetectingattacksandacceleratinginvestigations.
ConclusionThesearethetimesthattryanalysts’souls.Tokeepupwithever-increasingthreats,organizationsdeploymoreandmoresiloedtoolsthatproduceanavalancheofincomplete,inaccuratealerts.Insteadofusingcloud-basedmachinelearningtocutthroughthenoiseandfindhard-to-detectattacks,legacysecurityinformationandeventmanagement(SIEM)productsfocusonaggregatingalertsforthreatsthatwereidentifiedandtypicallystoppedbysecurityinfrastructure.Ontheotherhand,siloeddetectionandresponsetoolsforceITstafftodeployadditionalhardwareandsoftware,buttheyonlyofferanarrowviewofthreats,creatingblindspotswhileforcinganalyststogatherandcorrelatecluesfrommultipletools.
CortexXDRprovidesyouranalyststhesecretweapontheyneedtoeradicateelusivethreatsanywhereinyourenvironmentbystitchingtogetherandanalyzingallyournetwork,endpoint,andclouddata.WithCortexXDR,youcan:
• Preventadvancedmalware,exploits,andfilelessattackswithCortexXDR,whichincludesTraps,ensuringcompletecoverageofeveryendpoint.
• Automaticallydetectstealthyattacksandanomaliesuniquetoyourorganization,usingmachinelearningandanalytics.
• Acceleratealerttriageandinvestigationstoincreasetheproductivityofallyoursecurityanalystsbyrevealingtherootcauseofanyalert.
• Quicklycontainthreatsbycoordinatingresponseacrossenforcementpoints.
• Outpaceattackerswithup-to-dateprotectionsandresearchfromWildFire,Unit42,andGSIRT,poweredbycloudscaleandagility.
WithCortexXDR,yougaincompletevisibilityacrossyournetwork,endpoint,andcloudassets,soyoucanrestassuredthatallyourusersanddataaresecure.