{"id":118394,"date":"2020-09-09T15:30:11","date_gmt":"2020-09-09T22:30:11","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=118394"},"modified":"2020-09-09T18:29:58","modified_gmt":"2020-09-10T01:29:58","slug":"cortex-xdr-2-5","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2020\/09\/cortex-xdr-2-5\/","title":{"rendered":"Cortex XDR 2.5: Future-Proofed Security Operations With Host Insights"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">When we launched Cortex XDR a year and a half ago, we upended a status quo of siloed security tools by introducing the industry\u2019s first extended detection and response platform. But that was only the beginning. As part of our commitment to deliver the world\u2019s best detection and response platform, we continue to listen to your needs and invest heavily in product innovation, building new features to help your security team root out advanced adversaries and simplify operations.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">We\u2019re excited to share the launch of Cortex XDR 2.5, which introduces a massive list of <\/span><span style=\"font-weight: 400;\">new host visibility and protection capabilities to help your team further bolster endpoint security and streamline operations.\u00a0<\/span><\/p>\n<figure id=\"attachment_118521\" aria-describedby=\"caption-attachment-118521\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><div style=\"max-width:100%\" data-width=\"900\"><span class=\"ar-custom\" style=\"padding-bottom:46.89%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"wp-image-118521 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/09\/Timeline.png\" alt=\"Our Rapid Pace of Innovation: The timeline shows a timeline of Cortex XDR releases, beginning with the Cortex XDR GA in Q1 2019, going up until the launch of Cortex XDR 2.5 in Q3 2020. \" width=\"900\" height=\"422\" \/><\/span><\/div><figcaption id=\"caption-attachment-118521\" class=\"wp-caption-text\">A timeline of innovation since Cortex XDR was introduced in March 2019.<\/figcaption><\/figure>\n<p>&nbsp;<\/p>\n<h2>What\u2019s New in Cortex XDR 2.5<\/h2>\n<p><span style=\"font-weight: 400;\">Over the past several months, we\u2019ve talked to security professionals like you to understand the challenges you face finding, containing and recovering from threats, and we believe we\u2019ve introduced a robust set of features to solve these challenges. Take a look \u2013 we think you\u2019ll like what you see!<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Key Features in Cortex XDR 2.5:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Host Insights module.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Asset management with rogue device discovery.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Host restore.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Closed-loop prevention.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Expanded protection for macOS endpoints.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">New Asset View and enhanced Hash View.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>Host Insights for Unprecedented Visibility and Swift Response<\/h2>\n<p><span style=\"font-weight: 400;\">Safeguarding your endpoints starts with getting a clear picture of all your endpoint settings and contents and understanding your risks. Once you\u2019ve identified a threat, you need to stop it quickly and ensure it hasn\u2019t spread to multiple <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/resources\/guides\/cortex-xdr-endpoint-protection-solution-guide\"><span style=\"font-weight: 400;\">endpoints<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">With Host Insights, an add-on module for Cortex XDR, you get all these capabilities and more. Host Insights combines vulnerability management, application and system visibility, along with a powerful Search and Destroy feature to help you identify and contain threats. Host Insights offers a holistic approach to endpoint visibility and attack containment, helping reduce your exposure to threats so you can avoid future breaches.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Host Insights is available to all Cortex XDR Pro per Endpoint customers during a Community Access period. After the Community Access period, customers will be able to purchase the Host Insights Module.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\"  class=\"alignright wp-image-118408 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/09\/Host-Insights.png\" alt=\"The Host Insights Module in Cortex XDR 2.5 includes features such as Search and Destroy, Host Inventory and Vulnerability Management. \" width=\"500\" height=\"225\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Here\u2019s\u00a0 what the Host Insights module provides:<\/span><\/p>\n<p><b>Search and Destroy <\/b><span style=\"font-weight: 400;\">enables you to instantly find and eradicate threats across all endpoints. This powerful feature indexes all the files on your managed Windows endpoints so you can sweep your entire organization to find and remove malicious files in real time. Granular settings allow you to exclude files and directories on specific hosts.\u00a0<\/span><\/p>\n<p><b>Host inventory<\/b><span style=\"font-weight: 400;\"> lets you identify security gaps and improve your defensive posture with complete visibility across key Windows host settings and files. You can view information about users, groups, applications, services, drivers, autoruns, shares, disks and system settings. By getting all your host details in one place, you can quickly identify IT and security issues in your environment.<\/span><\/p>\n<p><b>Vulnerability Management <\/b><span style=\"font-weight: 400;\">provides you<\/span> <span style=\"font-weight: 400;\">real-time visibility into vulnerability exposure and current patch levels across all endpoints to prioritize mitigation. Cortex XDR 2.5 reveals the vulnerabilities on your Linux endpoints, with up-to-date severity information provided by the <\/span><a href=\"https:\/\/nvd.nist.gov\/vuln\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">NIST National Vulnerability Database<\/span><\/a><span style=\"font-weight: 400;\">. You can also see the Microsoft Windows Knowledge Base (KB) updates installed on your endpoints.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2>Asset Management With Comprehensive Rogue Device Discovery<\/h2>\n<p><span style=\"font-weight: 400;\">To shield your endpoints from threats, you need to know what devices are on your network at any point in\u00a0 time.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Cortex XDR has introduced a new Asset Management feature that streamlines network management and reveals potential threats by showing you all the devices in your environment, including managed and unmanaged devices. After you\u2019ve defined your network segments, Cortex XDR goes to work assembling a list of assets including the associated IP address, the host name, when the asset was observed on the network and whether it is managed by the Cortex XDR agent.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">But what really sets Cortex XDR apart from traditional solutions is that it combines proactive scans with monitoring of endpoint, network and third-party data to deliver comprehensive rogue device discovery. Cortex XDR uses a Network Mapper to scan for every endpoint on your network. It also detects hosts that evade scans by analyzing network traffic and authentication logs. As a result, you get a view of your entire environment.<\/span><\/p>\n<figure id=\"attachment_118421\" aria-describedby=\"caption-attachment-118421\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><div style=\"max-width:100%\" data-width=\"900\"><span class=\"ar-custom\" style=\"padding-bottom:30%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"wp-image-118421 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/09\/Mapper.png\" alt=\"Cortex XDR uses a Network Mapper to scan for every endpoint on your network. The graphic illustrates how this can work in concert with the NGFW. \" width=\"900\" height=\"270\" \/><\/span><\/div><figcaption id=\"caption-attachment-118421\" class=\"wp-caption-text\">Cortex XDR combines proactive scans from our Network Mapper with network monitoring to reveal all the devices in your network.<\/figcaption><\/figure>\n<p>&nbsp;<\/p>\n<h2>Host Restore for Swift Attack Recovery<\/h2>\n<p><span style=\"font-weight: 400;\">When attacks occur, you need to restore compromised hosts quickly. All too often, this means re-imaging affected endpoints. But wiping endpoints back to their original state can impact user productivity as employees attempt to recover files and reapply their personal settings. To minimize business disruption, you need a way to quickly reverse all the elements of an attack without deleting user files and data.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Cortex XDR\u2019s new host restore feature allows you to speed recovery and revert to a clean state easily. Remediation suggestions simplify response by recommending next steps and allowing you to resolve all activities identified in an incident. You can rapidly recover from an attack by removing malicious files and registry keys, as well as restoring damaged files and registry keys \u2013 without re-imaging or building custom scripts.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2>Closed-loop Prevention to Granularly Block Threats<\/h2>\n<p><span style=\"font-weight: 400;\">Once you\u2019ve developed a set of laser-accurate detection rules, you may not want to wait for your analysts to manually triage and respond to attacks.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">With Cortex XDR 2.5, you can transform granular custom detection rules into automated protections to stop complex threats.\u00a0 You can even copy and edit out-of-the-box detection policies and convert them into prevention policies, called Behavioral Threat Protection rules. Cortex XDR allows you to build laser precise prevention rules based on any endpoint behavior or attribute. Before you push prevention rules to your agents, you can gain confidence that your rules will accurately block attacks by testing rules against real-world data.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2>Expanded Protection for macOS Endpoints<\/h2>\n<p><span style=\"font-weight: 400;\">The new Cortex XDR agent 7.2 introduces end-to-end protection capabilities for macOS endpoints that lower the risk of data loss, reduce the attack surface of your endpoints, and help satisfy certain<\/span> <span style=\"font-weight: 400;\">data security<\/span> <span style=\"font-weight: 400;\">compliance requirements, such as those found in the PCI standard or regulations that call for encryption. These powerful capabilities augment existing endpoint protection for <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2020\/04\/cortex-network-visibility\/\"><span style=\"font-weight: 400;\">Windows endpoints<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">New endpoint security features for macOS include:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">A host firewall with location-based host firewall rules.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Disk encryption using FileVault.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Device control for USB-connected devices.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">DMG file analysis.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2>New Asset View and Enhanced Hash View for Fast-tracked Investigations<\/h2>\n<p><span style=\"font-weight: 400;\">You need rich investigative details at your fingertips to quickly analyze and respond to threats. To augment Host Insights, we\u2019ve introduced a new Asset View that displays the related incidents and information about a specific host, including services, users, groups, shares and more. Armed with this knowledge, your analysts can quickly determine if a host is compromised and review all the activity involving the host to assess the scope of an attack.<\/span><\/p>\n<figure id=\"attachment_118434\" aria-describedby=\"caption-attachment-118434\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><div style=\"max-width:100%\" data-width=\"900\"><span class=\"ar-custom\" style=\"padding-bottom:56.33%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"wp-image-118434 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/09\/Services1.png\" alt=\"The screenshot shows an example of the new Asset View in Cortex XDR 2.5.\" width=\"900\" height=\"507\" \/><\/span><\/div><figcaption id=\"caption-attachment-118434\" class=\"wp-caption-text\">The Asset View reveals host and incident information to help you expedite investigations.<\/figcaption><\/figure>\n<p><span style=\"font-weight: 400;\">We have also updated the Hash View to provide 360-degree visibility into files, while maintaining a consistent format with our IP View and Asset View displays.<\/span><\/p>\n<figure id=\"attachment_118447\" aria-describedby=\"caption-attachment-118447\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><div style=\"max-width:100%\" data-width=\"900\"><span class=\"ar-custom\" style=\"padding-bottom:56.22%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"wp-image-118447 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/09\/Cluster-Data.jpg\" alt=\"The screenshot shows an example of the enhanced Hash View in Cortex XDR 2.5.\" width=\"900\" height=\"506\" \/><\/span><\/div><figcaption id=\"caption-attachment-118447\" class=\"wp-caption-text\">The Hash View shows essential threat intelligence, incident and process information in one consolidated view.<\/figcaption><\/figure>\n<p><span style=\"font-weight: 400;\">\u2026But wait, there\u2019s more. We\u2019ve also added:<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Web shell exploit protection for Linux.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Cryptomining protection for Linux.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">\u201cAgentless\u201d EDR that deploys a non-persistent data collector for up to two weeks to endpoints that have triggered an alert.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Enhanced analytics with more flexible alert exceptions, improved alert accuracy and a shorter baselining period before analytics alerts are triggered.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b><span style=\"font-weight: 400;\">Management and usability enhancements to improve investigations.<\/span><\/b><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">For a complete list of new features in Cortex XDR 2.5, see the\u00a0<\/span><a href=\"https:\/\/docs.paloaltonetworks.com\/cortex\/cortex-xdr\/cortex-xdr-release-notes\/release-information\/features-introduced\/features-introduced-in-2020.html#iddb59f5e7-aac3-4e46-a08d-ab6f7a304416\"><span style=\"font-weight: 400;\">Cortex XDR release notes<\/span><\/a><span style=\"font-weight: 400;\">. See<\/span><a href=\"https:\/\/docs.paloaltonetworks.com\/cortex\/cortex-xdr\/cortex-xdr-pro-admin\/cortex-xdr-overview\/cortex-xdr-licenses\"> <span style=\"font-weight: 400;\">Cortex XDR licenses<\/span><\/a><span style=\"font-weight: 400;\"> to find out which features are available with Cortex XDR Prevent, Cortex XDR Pro per Endpoint and Cortex XDR Pro per TB.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If you want to see Cortex XDR 2.5 in action, sign up for our Sept. 29 webinar,<\/span><span style=\"font-weight: 400;\"> \u201c<\/span><a href=\"https:\/\/register.paloaltonetworks.com\/cortexxdr25future-proofedsecurityoperationswebinar\"><span style=\"font-weight: 400;\">Cortex XDR 2.5: Future-Proofed Security Operations<\/span><\/a><span style=\"font-weight: 400;\">.\u201d <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cortex XDR 2.5 introduces new host visibility and protection capabilities to further bolster endpoint security and streamline operations.<\/p>\n","protected":false},"author":370,"featured_media":111998,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6770],"tags":[6737,532,5810,7218],"coauthors":[3907],"class_list":["post-118394","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-the-future","tag-cortex-xdr","tag-endpoint","tag-endpoint-detection-and-response","tag-security-operations","sec_ops_category-news-and-events","sec_ops_category-product-features"],"jetpack_featured_media_url":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/05\/MTH-summit-facebook-blank-1200x630-1.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/118394","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/370"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=118394"}],"version-history":[{"count":11,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/118394\/revisions"}],"predecessor-version":[{"id":118534,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/118394\/revisions\/118534"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/111998"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=118394"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=118394"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=118394"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=118394"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}