Palo Alt Cortex XDR Prevent - 30-Day Alerts Retention & Standard Success - PAN-XDR-PRVT
- Provides protection for endpoints and includes device control, disk encryption, and host firewall features
- This Cortex XDR license for one endpoint protects a network from threats
- Includes Standard Success
- Manufacturer Part #: PAN-XDR-PRVT
For Pricing, request a quote.
Palo Altos Cortex XDR is an extended detection and response platform that monitors and manages cloud, network, and endpoint events and data. Cortex XDR combines features for incident prevention, detection, analysis, and response into a centralized platform.
There are two available versions of Palo Altos Cortex XDR security:
Cortex XDR Preventprovides protection for endpoints and includes device control, disk encryption, and host firewall features. It also includes an incident engine, integrated response capabilities, and an optional threat intelligence feed.
Cortex XDR Proprovides the same protections as Prevent but for endpoints, networks, cloud resources, and third-party products. It also includes features for behavior analytics, rule-based detection, accelerated investigation, and optional managed threat hunting.
Both versions include alert retention for 30 days and optional extended data retention. The Pro version also includes XDR data retention for both endpoint and network data for 30 days.
Cortex XDR Key CapabilitiesCortex XDR provides several key capabilities, designed to secure an organizations networks and devices.
Safeguard assets with endpoint protection
Cortex XDR provides endpoint protection against malware, fileless attacks, ransomware, and exploits. Any downloaded files are examined by an analysis engine with AI capabilities.
Additionally, behavioral analyses help identify and stop malicious data transfers or processes. Organizations can also integrate with Palo Alto Networks WildFire malware prevention service for increased security and protection.
Securely manage USB devices
Cortex XDR includes Device Control, a feature designed to monitor and secure USB access to devices. The feature is agentless. It enables organizations to restrict device usage according to endpoint, type, vendor, or Active Directory identities. Device control also enables organizations to limit read and write permissions according to USB device ID.
Protect endpoint data with host firewall and disk encryption
Firewalls and disk encryption protect endpoints from malicious traffic and reduce the damage done if attackers bypass firewalls. The Cortex XDR firewall provides controls for inbound and outbound communications.
Disk encryption can be directly integrated with BitLocker and organizations can encrypt and decrypt data on endpoint devices. Firewall and encryption settings are managed from the UI console.
Hunt for threats
The Cortex XDR Pro version includes optional features for managed threat hunting and features for manual hunting. Threat hunting can help uncover insider threats, targeted attacks, and hidden malware. It requires carefully searching through system and event data to identify suspicious or malicious activity.
The manual features included in Cortex XDR enable organizations to use flexible search features to identify a range of indicators of compromise (IOCs) or behavioral indicators of compromise (BIOCs). IOCs or BIOCs are threat signatures, hashes, addresses, or metadata used to identify known threats.
Managed options provide 24/7 support with dedicated threat hunting experts. These hunters search through an organizations data and provide detailed threat reports on their findings.
Natively integrate with Cortex XSOAR
Cortex XSOAR (security orchestration, automation, and response) is a solution that can be integrated into Cortex XDR. SOAR solutions are designed to enable automated responses to, typically low-level threats, and can help significantly speed response time.
The Cortex XSOAR solution enables organizations to define automation playbooks for incident response. These playbooks can be used to define actions across 370 third-party tools. Playbooks can also ingest incident data, access alerts, and update Cortex XDR incident fields.
|Cortex XDR Prevent||Cortex XDR Pro|
|Data Sources: Collect comprehensive data for extended visibility||Endpoint||Endpoint, network, cloud and third-party data sources|
|Next-Generation Antivirus: Block malware, ransomware, exploits and fileless attacks||œ||œ|
|Endpoint Protection: Secure your endpoints with device control, host firewall, and disk encryption||œ||œ|
|Detection and Response: Pinpoint attacks with AI-driven analytics and coordinate response||-||œ|
|Managed Threat Hunting: Uncover the most complex threats across your XDR data with Unit 42 experts||-||Optional|
|Host Insights: Monitor host inventory, find vulnerabilities and sweep across endpoints to eradicate threats||-||Optional|
|Threat Intelligence: Enrich investigations with in-depth context from a global community of customers||Optional||Optional|
|Services: Safeguard your organization with incident response and proactive services||Optional||Optional|
|Product Name||Palo Alt Cortex XDR Prevent - 30-Day Alerts Retention & Standard Success|
|Manufacturer||Palo Alto Networks|
|Data Sheet||View Sheet|