Palo Alto Networks is expanding its extended detection and response (XDR) solution to help organisations protect against cloud and identity-based threats.
Cortex XDR, already delivering performance in the MITRE ATT-CK evaluation, now offers security operations centre (SOC) teams even broader protections across their attack surface, the company states.
This includes, extending detection, monitoring and investigation into cloud environments, and detecting malicious user activities and insider threats through analysis of identity data.
In addition, Cortex XDR 3.0 offers security teams forensic investigation features based on the advanced tools of Palo Alto Networks’ Unit 42 Security Consulting Group, and supports ingestion and custom correlations for nearly all third-party data sources.
According to Palo Alto Networks, cybersecurity threat actors are getting faster, more organised and more sophisticated in their tactics, techniques and procedures, an as a result the features of Cortex XDR 3.0 are designed to prepare SOC teams to know and stop attacks.
The new features include:
XDR for Cloud allows SOC teams to extend detection, monitoring, and investigation into cloud environments. XDR 3.0 brings together and integrates cloud host data, traffic logs, audit logs, data from Palo Alto Networks’ Prisma Cloud product, and third-party cloud security data with non-cloud endpoint and network data sources.
This provides the best coverage for SOC teams to span on-premises and multi-cloud environments.
Cortex XDR Identity Analytics further enhances the user behaviour analytics capabilities of XDR to detect malicious user activities and insider threats by collecting and analysing an extensive set of identity data.
Cortex XDR Forensics module delivers the forensic investigation tool used by the Palo Alto Networks Unit 42 security consulting group to Cortex XDR customers.
The XDR Forensics module provides the ability to gather historical evidence such as user, file, application, browser and system activities from compromised systems to bring the full analytic potential of XDR to bear during incident response.
Cortex XDR Incident Management Interface provides security analysts with a comprehensive story of an incident in one place, including related malicious artifacts, hosts, users, and correlated alerts mapped to the MITRE ATT-CK framework.
This helps analysts handle incidents more quickly and completely.
Cortex XDR Third-Party Data Engine offers customers the ability to ingest, normalise, correlate, query, and analyse data from virtually any source.
This third-party data can be correlated with threat activity, and tagged with MITRE ATT-CK TTPs to help provide a more detailed picture of adversarial movement.
This also allows SOC teams to understand the full scope of an incident and respond more completely, the company states.
Palo Alto Networks Cortex senior vice president of products Tim Junio says, "Palo Alto Networks created the Extended Detection and Response (XDR) category in 2019 – understanding that only by integrating data from across all security sources can we detect complex threats accurately, prevent attacks automatically, and investigate them much faster.
"We’ve been innovating against that mission ever since. With our third generation XDR solution expanding to cloud and identity analytics, Cortex XDR 3.0 has taken a large step towards being the comprehensive platform for the SOC to protect endpoints, entities, assets, workloads, and critical data."