Adversaries move fast — and now, so can you. Cortex Cloud 1.2 introduces a wave of innovations to help security teams respond faster, reduce blind spots, and act with greater precision. New capabilities in external attack surface management, file integrity monitoring, data security, and application risk visibility advance a single goal: to unify cloud security across code, infrastructure, data, and runtime.
Let’s look at the highlights.
Discover Your Unknown Attack Surface
Most CNAPP solutions only protect the assets already known to security teams. But attackers target what you can’t see — unmanaged, forgotten, or misconfigured resources outside traditional visibility. These blind spots create a growing attack surface that’s easy to exploit and hard to track without external discovery.
Cortex Cloud 1.2 introduces Cloud Attack Surface Management (ASM) to uncover what other CNAPPs miss. Powered by Cortex Xpanse, ASM continuously scans the public internet to identify exposed assets, external services, and shadow applications across AWS, Azure, and GCP. With over 800 built-in rules, ASM flags expose vulnerabilities, misconfigurations and risk signals, giving teams a real view of their external exposure.
Security teams can quickly map their organization's internet-facing footprint, enrich findings with contextual insights, and triage what matters most.
Natively integrated into Cortex Cloud, ASM brings external attack surface management into the CNAPP workflow, eliminating cloud blind spots that legacy tools leave behind.
Stop File Attacks on Cloud Workloads
Security teams often lack visibility when critical system files are tampered with, making it easy for stealthy attacks to go undetected. Without the ability to track file changes, malicious actors can make unauthorized changes or compromise workloads without triggering alerts.
Cortex Cloud 1.2 introduces File Integrity Monitoring (FIM) through the Cortex XDR agent, giving teams real-time detection of unauthorized changes to critical files and directories across Linux, Windows and Kubernetes environments. Every tracked file is monitored continuously, and the moment a suspicious change is made, the activity is flagged.
FIM alerts are enriched with runtime context, which makes an assessment of severity easier and enables teams to respond before escalation. All event history is recorded to support audit trails and compliance reporting. With both built-in and custom policies, teams can tailor monitoring to their environment.
By adding real-time file monitoring to Cortex Cloud’s runtime protection, organizations can detect and respond to stealthy attacks, stopping potential breaches before they spread.
Secure Sensitive Data in Microsoft 365
Data security doesn’t stop at your cloud infrastructure. As more sensitive content moves into collaboration platforms like Microsoft 365, organizations need better ways to identify exposure risks and secure high-value data.
Cortex Cloud now extends its Data Security Posture Management (DSPM) capabilities to Microsoft SharePoint and OneDrive. This gives security teams deeper visibility into sensitive files stored and shared across the Microsoft 365 ecosystem.
With DSPM for Microsoft 365, teams can detect data misconfigurations, such as files shared with external domains or overly broad internal access. Built-in classification policies help surface regulated or confidential data that may be at risk. These insights can be used to guide cleanup efforts, enforce data handling policies and reduce the likelihood of accidental exposure or insider misuse.
In addition, DSPM supports ingestion and monitoring of Microsoft Purview Information Protection (MPIP aka MIP) label usage across all onboarded environments, helping codify data context and sensitivity across the organization.
As collaboration accelerates, DSPM makes it easier to keep your data secure without slowing down the business. Cortex Cloud uniquely secures sensitive data across IaaS, DBaaS and SaaS environments, giving teams comprehensive visibility across the entire cloud data layer.
Expand AppSec Visibility
Modern application development relies on a growing number of tools across the engineering ecosystem—from version control to CI/CD systems. But security findings from these tools often remain siloed, making it difficult for teams to understand how code issues connect to real-world application risks.
Cortex Cloud 1.2 now ingests third-party AppSec scanner telemetry to consolidate and enrich code-related findings across your development ecosystem. Native integrations, as well as support for SARIF file ingestion, make it easy to centralize results from existing tools. Findings are automatically correlated with context from version control systems, IDEs, pipelines, build systems, and runtime activity—giving teams the insight needed to prioritize what matters and remediate faster.
Additionally, this release enhances Cortex Cloud’s software supply chain security by expanding visibility across a wider range of assets, including VCS repositories and CI/CD pipelines, and by introducing compliance reporting capabilities for industry benchmarks like CIS and OWASP CI/CD.
By showing how code-level issues relate to development and deployment workflows, Cortex Cloud makes it easier to unify code security context and secure the software supply chain.
Learn More
We covered just a few highlights here, but Cortex Cloud 1.2 introduces more than 20 exciting enhancements designed to strengthen your cloud-native security posture. You can find the full list of updates in our posture management and runtime security release notes.
And if you haven’t seen Cortex Cloud in action, allow us to give you a customized demo.