Cortex XDR 2.0, a significant evolution of the industry’s most comprehensive platform for threat prevention, detection, investigation and response, is now available for use. In addition to the major feature upgrades that we previewed on Nov. 13, we are announcing several additional innovations that enable flexible customization of Cortex XDR, ensuring workflows that match the needs of your security analysts.
Public API and Multi-tenancy Support
Cortex XDR 2.0 supports new public APIs that will be available to all customers. Security orchestration, automation and response (SOAR) tools like Demisto can now easily be integrated to automate responses and take actions on the endpoint and across your security toolkit. With this addition, you can retrieve and update incidents, collect agent information and contain endpoint threats from the management platform of your choice.
Cortex XDR 2.0 also introduces multi-tenancy for managed detection and response (MDR) providers, enabling management across customer environments with the easy customization for specific requirements, providing an avenue for further reduction of detection and response SLAs while maintaining the highest standards for customer data privacy.
Multi-tenancy and public APIs open the door for MDR providers to bring their value-added services to customers faster than ever before, providing the most advanced managed security service offerings available on the market today.
Dashboard and Report Customization
Cortex XDR’s management console not only delivers full, unified visibility into endpoint policy management, detection, investigation and response, but it now offers drag-and-drop dashboard customization. Your security analysts can quickly assess the security status of your organization using dashboards that are easily configured to meet each individual’s specific needs. Additionally, they can now build customized graphical reports that can be scheduled or generated on-demand and tailored to different audiences such as SecOps leaders, CISOs, and executive management, keeping them in the loop on relevant information such as incident summaries and threat landscapes.
Extending Third-party Log Ingestion
In November, we added the ability for Cortex XDR to ingest Check Point firewall logs to expand the scope of our powerful behavioural analytics to detect anomalies across mixed environments. Now, we’ve further extended this industry-first capability to Cisco and Fortinet firewalls, allowing Cortex XDR to apply cutting-edge analytics across data generated by all major firewalls on the market.
Other upgrades to Cortex XDR include a unified management interface, a revamped machine learning-driven local analysis engine on the endpoint, and device control for granular USB access management. All these innovations improve a platform that has already proven to deliver best-in-class detection, a 50x reduction in alert fatigue by grouping alerts into incidents, and an 8x reduction in investigation times. Stay tuned, as we will continue to roll out new integrations and feature modules to further help you manage threats across your enterprise with speed, simplicity and confidence.
Learn all the details you need to know about Cortex XDR 2.0: Watch the 18-minute streamcast, “The Future of Endpoint Security Starts Here.”
View the original post at Palo Alto Networks.