{"id":138706,"date":"2021-08-23T05:00:46","date_gmt":"2021-08-23T12:00:46","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=138706"},"modified":"2021-08-26T08:51:14","modified_gmt":"2021-08-26T15:51:14","slug":"third-generation-xdr-has-arrived","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2021\/08\/third-generation-xdr-has-arrived\/","title":{"rendered":"The Third Generation of XDR Has Arrived!"},"content":{"rendered":"

Announcing Cortex XDR 3.0, the <\/span><\/i>third-generation XDR platform that allows security teams to identify and investigate attacks across all endpoint, network, cloud and identity sources from a single console.<\/span><\/i><\/p>\n

 <\/p>\n

When we launched Cortex XDR in 2019, it was the first XDR product in the industry. We wanted to provide a modern cloud-based platform leveraging the latest in machine learning, analytics and automation to fight the many cyber attacks businesses face every day. We were driven by the principle that you can identify and stop the most sophisticated cyber attacks <\/span>if and only if <\/b>you can integrate the right set of security data sources and analyze them in real-time. Since Cortex XDR\u2019s inception, our approach has continually proven itself to be the most effective means of preventing and detecting sophisticated cyber attacks, like <\/span>SolarStorm<\/span><\/a> and those emulated by the <\/span>MITRE ATT&CK Evaluations<\/span><\/a>.\u00a0<\/span><\/p>\n

Today, we released Cortex XDR 3.0, taking a significant step in our mission to know about and stop all cybersecurity attacks. XDR 3.0 extends the key tenets of our XDR platform to cloud environments, ensuring SOC teams can run prevention, detection and response on their cloud assets. The new platform also integrates a rich set of identity data sources and built-in analytics to address a variety of identity-based threats.\u00a0<\/span><\/p>\n

Importantly, the third generation of XDR will provide utmost flexibility to security teams by allowing them to ingest data from any third-party source and correlate with other native data sources for richer, deeper investigations.\u00a0<\/span><\/p>\n

And that\u2019s not all! We are also very excited to bring security teams a set of forensic investigation capabilities as an add-on module to XDR 3.0. This offering makes generally available the advanced tools we have been using within Palo Alto Networks\u2019 <\/span>Unit 42 Security Consulting Group<\/span><\/a>.\u00a0<\/span><\/p>\n

Read on for more details!\u00a0<\/span><\/p>\n

<\/a>New Capabilities in XDR 3.0<\/h2>\n

Cortex XDR Extends Native Analytics to Cloud Data, Enabling SOC Teams to Prevent, Detect and Respond to Threats Across Hybrid and Multi-Cloud Environments<\/b><\/p>\n

SOC threat monitoring teams rely on threat detection and response platforms for holistic visibility and investigations, but are often left in the dark when it comes to cloud security. Cortex XDR 3.0 integrates cloud telemetry (including host data, traffic logs, audit logs and data from the Palo Alto Networks Prisma Cloud solution) with non-cloud endpoint, network and identity data, delivering organization-wide threat detection and response. We\u2019ve added dozens of cloud-specific detection rules targeting common cloud-threat vectors, like cloud escape and cloud-jacking.\u00a0<\/span><\/p>\n

\"Cortex<\/span><\/div>
With Cortex XDR 3.0 you have the confidence that your cloud assets are protected, and when a threat is detected, you will have more context into the scope of the attack to ensure a more complete response.<\/span><\/i><\/figcaption><\/figure>\n

XDR 3.0 also delivers endpoint detection and response (EDR)-level protection for cloud assets, including Windows and Linux virtual machines and Kubernetes containers.<\/span><\/p>\n

These new cloud capabilities in Cortex XDR 3.0 complement our industry-leading Prisma Cloud solution. Together, they address the unique requirements of both cloud security teams requiring DevOps speed and SOC analysts requiring visibility across their entire enterprise.<\/span><\/p>\n

<\/a>Cortex XDR Expands UEBA Capabilities with Deeper Identity Analytics to Combat Malicious User Activity<\/h2>\n

Almost all cyber attacks involve compromised identities, which is why analyzing user authentication and access is critical to stopping attacks early in their lifecycle. With Cortex XDR 3.0, we are leveraging ML-based threat detectors against an extensive set of identity data sources, including Active Directory, Identity and Access Management products (including Okta, Ping and Azure AD), human resources (HR) platforms (like Workday) and SASE gateways. Our HR integration with Workday is particularly important \u2014 XDR 3.0 adds valuable context to identity-related investigations including a user\u2019s department, manager, phone number, hire date and other details tied into broader multi-dataset incident and causality views.\u00a0<\/span><\/p>\n

\"Screenshot<\/span><\/div>
With a 360-degree user view and historical risk scores, analysts can prioritize investigations on high-risk users and monitor user behavior trends over time.<\/span><\/i><\/figcaption><\/figure>\n

Cortex XDR\u2019s Third-Party Data Engine Now Delivers the Ability to Ingest, Normalize, Correlate, Query and Analyze Data from Virtually Any Source<\/b><\/strong><\/p>\n

When it comes to investigations, the more context, the better. Many customers\u2019 logging efforts run into scalability and efficiency issues, and SOC analysts often need to look into multiple consoles for an investigation to span their various security data. XDR 3.0 offers new functionality for users to:<\/span><\/p>\n