Palo Alto Networks launched Cortex XDR for Cloud 3.0, which automates threat detection and investigation across endpoint, network, cloud, and identity, from a single console.

The third-generation version offers even broader protections by detecting malicious user activities and insider threats through the analysis of identity data.

In addition, Cortex XDR 3.0 offers security teams forensic investigation features based on the advanced proprietary tools of Palo Alto Networks’ Unit 42 Security Consulting group.

“With our third-generation XDR solution expanding to cloud and identity analytics, Cortex XDR 3.0 has taken a large step towards being the most comprehensive platform for the SOC to protect endpoints, entities, assets, workloads, and critical data,” said Tim Junio, the senior vice president of products, Cortex at Palo Alto Networks. 

XDR 3.0 brings together and integrates cloud host data, traffic logs, audit logs, and data from Palo Alto Networks’ Prisma Cloud product. 

The new features include:

  • Cortex XDR Identity Analytics which further enhances the user behavior analytics capabilities of XDR to detect malicious activities and insider threats by collecting and analyzing an extensive set of identity data.
  • Cortex XDR Forensics which provides the ability to gather historical evidence such as user, file, application, browser, and other activities from compromised systems to bring the full analytic potential of XDR to bear during incident response.
  • Cortex XDR Incident Management Interface which provides security analysts with a comprehensive story of an incident in one place, including related malicious artifacts, hosts, users, and correlated alerts mapped to the MITRE ATT&CK framework. 
  • Cortex XDR Third-Party Data Engine offers customers the ability to ingest, normalize, correlate, query and analyze data from virtually any source.