The latest innovations across the Cortex platform empower you to transform security operations, stop threats, and make your team more efficient. Here’s what’s new:
- Cortex XDR 3.13 expands upon the best-in-class threat investigation capabilities of XDR.
- Cortex XSIAM 2.5 unifies real-time and historical data to enable rapid legacy SIEM upgrades.
- Cortex XSOAR 8.9 elevates the analyst experience by making it easier than ever to create and modify automation playbooks.
- Cortex Xpanse 2.8 delivers new enhancements to attack surface coverage and operational efficiency.
Cortex XDR 3.13: Expanding Upon the Best-in-Class Threat Investigation Capabilities of XDR
The latest release strengthens defenses against advanced threats, brings immediate, actionable security insights, and delivers swift, automated threat mitigation.
- Enhanced Investigation Experience: Causality Forensics Highlights are now enriched with MITRE ATT&CK tactics, techniques and procedures (TTPs) as well as additional data points, such as URL verdicts, WildFire reports, and Threat Context. This streamlines your investigations and provides immediate, actionable insights into security alerts and the related artifacts in the causality chain.
- Integrating Forensics Data in Causality Cards: Enrich the causality card with data from forensic collections, such as OS system data, volatile and memory data, and application forensic data. This allows you to explore different layers of the investigation, simultaneously within the same workflow.
- Protection Against Security Bypass Techniques: Enhanced protection for Windows-based endpoints ensures your organization is safeguarded against malicious actors attempting to bypass Windows built-in security controls. This protects endpoints from the latest malicious tactics, empowering your team to focus on what truly matters without disruption.
- Extended File Type Coverage for Windows: Strengthen your defense against advanced threats by using Cortex XDR to analyze ASP and ASPX files on Windows servers. This allows you to detect and prevent malicious files from being written to your endpoints’ file system.
- Prisma Access Browser Integration: Integrating Prisma Access Browser data into Cortex XDR expands the attack context to include browser activity. This allows you to query Prisma Access Browser data directly within Cortex and generate detection and correlation rules.
- New MacOS Detectors: New detectors identify macOS threat activity in real-time, including stealers and malicious AppleScript. This allows security operations teams to spend less time hunting for these threats and shut them down before they cause a breach.
- Flexible Compute Unit (CU) Consumption: The new annual consumption plan allows you the flexibility to scale up during critical investigations or intensive periods and scale back during routine operations for predictable resource management.
XSIAM 2.5: Unifying Real-Time and Historical Data to Enable Rapid Legacy SIEM Upgrades
The latest release of Cortex XSIAM® delivers several improvements that enable organizations to seamlessly migrate their data from legacy SIEM solutions and deliver a superior investigation experience. Note: XSIAM 2.5 includes all features released as part of Cortex XDR 3.13 listed above.
- Accelerated Legacy SIEM Upgrades with Bulk Data Import: Streamline your upgrade to Cortex XSIAM by importing historical data into cold storage. This process simplifies data migration while ensuring secure, long-term storage. Once imported, you can easily access and search the data for various purposes, such as analysis, compliance, and audits.
- Enhanced Visibility and Auditing for Broker VM: Cortex XSIAM now provides enhanced error visibility and auditing for Broker VM applets. This enables you to quickly identify and resolve application, connectivity, and processing errors, simplifying troubleshooting and ensuring your critical workflows remain uninterrupted.
- Analytics Alert Response Playbooks: The new analytics alert response playbooks in Cortex XSIAM enable the endpoint agent to request assistance and receive decisions based on a comprehensive view of the incident, including user behavior and network events. This capability enhances the decision-making process for endpoint actions and delivers contextual awareness to improve the effectiveness of endpoint security measures.
XSOAR 8.9: Make Creating and Modifying Automation Playbooks Easier
XSOAR 8.9 brings yet another set of innovations to the analyst experience, making it easier than ever to create and modify automation playbooks:
- A New Look and Feel for Playbooks: The latest enhancements in user experience improve playbook readability and clarity through an updated look and feel.
- Collapsible playbook sections: The updated collapsible playbook sections enable users to stay focused on the relevant playbook details without distractions, allowing for easier navigation through complex playbooks and increased productivity.
- Unlimited User License for Development Tenants: With no license limit for users on development tenants, you can build, test, and refine automations at scale. This drives faster innovation, more reliable workflows, and scalable solutions as your organization grows.
- Notifications for Deprecated Content: New automated user notifications about deprecated playbooks, sub-playbooks, and scripts, ensure updated, effective, and accurate security workflows.
Xpanse 2.8: New Enhancements to Both Coverage and Operational Efficiency
Expander 2.8 builds upon our industry-leading attack surface management capabilities with new enhancements to both coverage and operational efficiency:
- Simplified Self-Service Asset Management: The new bulk asset management features enable you to proactively add/remove assets, such as IP address ranges, paid-level domains, and subdomains, across your attack surface.
- Expanded Coverage for Automated Exposure Remediation: The newly added support for Kubernetes Control Plane Component, LDAP Server, NetBIOS Name Server, NFS Rpcbind Server, Rpcbind Server, and SMB Server, enable you to save time and reduce manual work across a broader set of attack surface exposures.
- Dozens of New Attack Surface Rules and Attack Surface Tests: The new rules and tests expand detection coverage for existing and new KEV vulnerabilities. You can also discover over 100 unique OT/IoT devices, providing unmatched visibility across industrial and connected device environments.
The enhanced features and capabilities included in our February release are just the tip of the iceberg for XSIAM, Cortex XDR, Xpanse and XSOAR. To learn more about these and other innovations across the Cortex portfolio, register for Symphony ‘25 and hear from product leaders on the future of Cortex.
