09/23/2024 | News release | Distributed by Public on 09/23/2024 07:23
Staying ahead of today's threats requires SOC transformation fueled by AI and automation. The latest innovations for the AI-driven Cortex platform continue to deliver better, faster, and more efficient security operations designed to help analysts stop cyberattacks in real-time. Here's what's new:
XSIAM 2.4 continues to push the envelope, offering new capabilities that deliver unrivaled flexibility and control for security operations. Key highlights include:
Third-Party EDR Support
Customers can transform their SOC with the platform's advanced investigation and detection capabilities with their existing EDR tools, by ingesting raw event data from CrowdStrike, SentinelOne, and Microsoft Defender. Additionally, customers can adopt XSIAM without deploying Cortex XDR agents, easing the transition from costly, complex, and outdated SIEM and EDR tools as their legacy contracts expire.
Enhanced NGFW Integration
Teams can get full visibility across their entire infrastructure with an enhanced NGFW integration processfor comprehensive analysis of network data.Now, customers can add Palo Alto Networks NGFWs from multiple Customer Support Portal (CSP) accounts as data sources to Cortex XSIAM.
Customers with multiple CSP accounts can connect all of their accounts into a single Cortex tenant ensuring the completeness of their data and also leverage the capabilities we offer through our native connector. This feature is also available in XDR 3.12
Role-Based Access Dataset Views
This new role-based access dataset viewallows granular access control for data, ensuring least privileged access, even within a dataset. Using this new capability, administrators can now configure a dataset view to limit user access to a subset of a dataset, and grant access only to specific pre-applied filters. The same view then can be leveraged across the product - in dashboards, correlations and more.
Flexible Licensing Model for Multi-Tenant Enterprises and MSSPs
The new licensing model simplifies the on-boarding process for managed security service providers (MSSPs) and multi-tenant enterprises. Organizations can now purchase a pool of licenses and allocate them to child tenants on demand directly from the Cortex Gateway. This feature is designed to accelerate onboarding and streamline license management without needing to engage Palo Alto Networks. This feature is also available in XDR 3.12
Cortex XDR, a Leader in the 2023 Gartner Magic Quadrant for Endpoint Protection Platforms (EPP)revolutionized endpoint security by pioneering the Extended Detection and Response (XDR) category, with Cortex XDR the only offering to achieve 100% prevention and detection with NO configuration changes in the 2023 MITRE ATT&CK Evaluations.
Our latest Cortex XDR 3.12and Cortex XDR Agent 8.6continue to revolutionize the endpoint protection market with new advanced security capabilities, including improved deployment efficiency, threat prevention, and endpoint hardening. These new features are also available in XSIAM 2.4.
Cortex Xpanse, the leading Attack Surface Management (ASM) platform, takes visibility and control of your external attack surface to the next level with the Expander 2.7release:
Scanning Enhancements
Traditional ASM tools often focus on a limited range of ports, missing potential exposures.. Cortex Xpanse now scans all 65,000 ports, as well as 50+ additional protocols for the entire global IPv4 address space. Once a service is found, Xpanse continues periodic scanning until it becomes inactive, ensuring ongoing visibility into your attack surface. This expanded scanning improves detection of insecure services running on non-standard ports, such as SSH, and helps uncover hidden risks running on unusual ports.
New Usability and Feature Improvements
In addition to the new scanning enhancements, Xpanse 2.7 will provide security teams with rich data and intuitive tools to prioritize and address risks effectively, such as:
Our latest release Cortex XSOAR 8.8 focuses on providing new features and automation to enhance your experience and simplify your journey toward automating security operations.
New Multilayer Indicator/Incident Relationship Canvas
The new visual tool provides SOCs with visibility and collaboration capabilities during incident investigations and threat hunting, eliminating the need for external tools. SOC analysts and threat intel analysts can now create and share dynamic attack diagrams, visualize key security incidents, link indicators of compromise, and maintain static snapshots to streamline and centralize threat intelligence and incident investigation.
Excluding Enrichment of Indicators
New indicator enrichment controls enable analysts to gain better control over IOCs and optimize system performance. Analysts can choose to enable or disable enrichment calls, allowing you to conserve system resources when dealing with known indicators.
New Guard Rails Page
The new Guard Rails page lists performance-related errors and warnings during incident ingestion, investigation, and response, helping analysts ensure a stable environment by detecting and preventing actions that can cause major performance degradation or instability. The Guard Pails page indicates when an incident or indicator size exceeds predefined service limits and may affect performance.
Cortex XSOAR Content Packs and Integrations