# Cortex XDR | Palo Alto Networks [symphony-23-web-speakers-background-1920x1080\_v4.mp4](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortex/symphony-23-web-speakers-background-1920x1080_v4.mp4) ![](https://296194292-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLoAqAoOfr7XVUQw7Gff8%2Fuploads%2Fgit-blob-8c21b941c7a7b401ffac416658dd6786498d8562%2F1-Hero-CloudIdentity-White-1920x1080.jpg?alt=media) Why Cortex XDR ## Stop attacks with full visibility and analytics ### Proven endpoint protection Block advanced malware, exploits and fileless attacks with the industry’s most comprehensive endpoint security stack. Our lightweight agent stops threats with Behavioral Threat Protection, AI and cloud-based analysis. ### Laser-accurate detection Pinpoint evasive threats with patented behavioral analytics. Cortex XDR uses machine learning to profile behavior and detect anomalies indicative of attack. Analytics lets you spot adversaries attempting to blend in with legitimate users. ### Lightning-fast investigation and response Investigate threats quickly by getting a complete picture of each attack with incident management. You can view the root cause of any alert with a single click and swiftly stop attacks across your environment. ## MITRE Engenuity ATT\&CK® Evaluations Dashboard See our stellar results from the past five years. [Explore now](https://www.paloaltonetworks.com/mitre-results) ## Simplify SecOps with one platform for detection and response across all data Cortex XDR delivers enterprise-wide protection by analyzing data from any source to stop sophisticated attacks. * Eliminate blind spots with complete visibility * Simplify security operations to cut mean time to respond (MTTR) * Harness the scale of the cloud for AI and analytics * Lower costs by consolidating tools and improving SOC efficiency [Read the datasheet](https://www.paloaltonetworks.com/engage/cortex-extended-detection-and-response/cortex-xdr-datasheet) [6-simplify-secops-animated-video.mp4](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortex/redesign/xdr-product/6-simplify-secops-animated-video.mp4) ## Sit back, relax and let Cortex XDR protect you * Safeguard your endpoints with NGAV, host firewall, disk encryption and USB device control. [**COMPLETE ENDPOINT SECURITY**](https://www.paloaltonetworks.com/cortex/endpoint-protection) [endpointscreen.mp4](https://www.paloaltonetworks.com/content/dam/pan/en_US/northstar/cortex-xdr/endpointscreen.mp4) [endpointscreen.mp4](https://www.paloaltonetworks.com/content/dam/pan/en_US/northstar/cortex-xdr/endpointscreen.mp4) ## Simplify SecOps with one platform for detection and response across all data Cortex XDR delivers enterprise-wide protection by analyzing data from any source to stop sophisticated attacks. * Eliminate blind spots with complete visibility * Simplify security operations to cut mean time to respond (MTTR) * Harness the scale of the cloud for AI and analytics * Lower costs by consolidating tools and improving SOC efficiency [Read the datasheet](https://www.paloaltonetworks.com/engage/cortex-extended-detection-and-response/cortex-xdr-datasheet) [6-simplify-secops-animated-video.mp4](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cortex/redesign/xdr-product/6-simplify-secops-animated-video.mp4) ### Deeper visibility to enable advanced threat hunting Take a proactive stance against advanced threats. The eXtended Threat Hunting (XTH) Data Module enhances visibility and data collection by Cortex XDR. This empowers SecOps to prevent and detect threats faster — and with more precision. * Unlock additional analytics and machine learning detectors. * Sharpen the ability to identify, prevent and block complex attacks. * Proactively hunt with advanced analytics and behavioral models. * Identify causality links between attacker actions and affected entities. [Read the solution brief](https://www.paloaltonetworks.com/resources/techbriefs/cortex-xdr-extended-threat-hunting-data-module) ### Best-in-class coverage for stealthy identity threats Protect your organization without slowing down the business. The new advanced Identity Threat Detection and Response Module from Cortex XSIAM and XDR® provides best-in-class coverage for stealthy identity threat vectors, including compromised accounts and insider threats. * Make decisions faster with enhanced views of your organization’s risk posture * Gain forensic-level visibility into the asset to easily uncover hidden threats * Automate and customize the continuous analysis of user and host activities * Swiftly triage and investigate alerts with precise profile information [Read the solution brief](https://www.paloaltonetworks.com/resources/techbriefs/identity-threat-detection-and-response-module) ## Tested. Reviewed. Proven. ### Exceptional test results and praise from analysts and customers make it easy to trust Cortex XDR. * [ONLY Cortex Delivers 100% Protection and Detection in MITRE Engenuity](https://www.paloaltonetworks.com/cortex/cortex-xdr#cortex_cortextabscomp_copy_cleanParsys_cortex-xdr_cortex_en_US_pan_content_0) * [“Leader” in the GigaOm Radar for Extended Detection and Response (XDR) 2023](https://www.paloaltonetworks.com/cortex/cortex-xdr#cortex_cortextabscomp_copy_cleanParsys_cortex-xdr_cortex_en_US_pan_content_1) * [“Strategic Leader” rating from AV-Comparatives](https://www.paloaltonetworks.com/cortex/cortex-xdr#cortex_cortextabscomp_copy_cleanParsys_cortex-xdr_cortex_en_US_pan_content_2) [Understand the results](https://www.paloaltonetworks.com/cortex/cortex-xdr/mitre) ## Drive better security outcomes Accelerate threat response, streamline operations and increase SOC productivity with Cortex XDR. * [Learn more](https://www.paloaltonetworks.com/resources/datasheets/cortex-xdr) faster investigations * 98% [Learn more](https://www.paloaltonetworks.com/resources/whitepapers/cortex-xdr) reduction in alerts * 44% [Get the ROI paper](https://www.paloaltonetworks.com/resources/whitepapers/maximize-the-roi-of-detection-and-response) lower cost ## Break the attack lifecycle HermeticWiper SolarStorm Cortex XDR stops the most advanced threats, including [Russia-Ukraine cyber activity](https://www.paloaltonetworks.com/blog/security-operations/cortex-xdr-protections-against-malware-associated-with-ukraine-and-russia-cyber-activity/) and [the SolarWinds supply chain attack](https://www.paloaltonetworks.com/blog/2020/12/solarwinds-statement-solarstorm/) as well as [Log4Shell](https://www.paloaltonetworks.com/blog/security-operations/how-cortex-xdr-blocks-log4shell-exploits-with-java-deserialization-exploit-protection/), [SpringShell](https://www.paloaltonetworks.com/blog/security-operations/cortex-xdr-springshell/), and [PrintNightmare](https://www.paloaltonetworks.com/blog/security-operations/printnightmare-prevention-update-with-cortex-xdr/) vulnerability exploits. For an interactive demo, see the [Log4j incident response simulation](https://www.paloaltonetworks.com/resources/infographics/central-command). ## See how Cortex XDR beats the competition ## Two powerful offerings. Comprehensive protection. | | CORTEX XDR PREVENT | CORTEX XDR PRO | | ----------------------------------------------------------------------------------------------------- | ------------------ | ------------------------------------------------------------------------------------ | | Next-Generation Antivirus Block malware, ransomware, exploits and fileless attacks | | | | Endpoint Protection Safeguard endpoints with device control, firewall and disk encryption | | | | Detection and Response Pinpoint attacks with AI-driven analytics and coordinate response | – | | | Managed Detection and Response Let Unit 42 experts work for you 24/7 to detect and respond to threats | – | | | Host Insights Find vulnerabilities and sweep across endpoints to eradicate threats | – | | | Forensics Investigate incidents swiftly with comprehensive forensics evidence | – | | | eXtended Threat Hunting Deep endpoint telemetry to support advanced threat hunting operations | – | | ## Unrivaled innovation to outpace attackers ## Maximize ROI by boosting SOC efficiency * Eliminate siloed tools for a more efficient SOC * Reduce setup, tuning and operating costs with cloud-delivered services and out-of-the-box detection --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://book.konstantinsecurity.com/readme/architect/siem-soc/edr/cortex-xdr-palo-alto-networks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.