Palo Alto adds new AI and machine learning capabilities
Cortex, Cortex XDR, Traps 6.0 apply automation to threat detection and response
Palo Alto has added three new AI and machine learning tools to its cybersecurity offering.
The first is Cortex, an AI-based continuous security platform. Palo Alto says Cortex is an evolution of the Application Framework designed to simplify security operations and improve outcomes. Deployed on a public could platform, Cortex allows security operations teams to speed the analysis of massive data sets. Cortex is enabled by the Cortex Data Lake, where customers can store and analyse large amounts of data that is normalised for AI and machine learning to find threats and orchestrate responses quickly.
Cortex XDR on the other hand is a detection, investigation and response product that natively integrates network, endpoint and cloud data. Cortex XDR is designed to uncover threats using behavioral analytics, accelerate investigations with automation, and stop attacks before damage is done through tight integration with existing enforcement points.
Third, Traps endpoint protection and response now includes a Behavioral Threat Protection engine that is designed to stop advanced threats in real time by stitching together a chain of events to identify malicious activity. Traps 6.0 acts as the primary data collection sensor for Cortex Data Lake, able to gather a comprehensive endpoint set of security data. In conjunction with Cortex XDR, customers can use Traps to extend their prevention capabilities to include detection and response across their infrastructure with a single agent.
“While detection and response are integral components of cybersecurity defense, the current model of disjointed standalone products leaves organisations with blind spots and conflicting data,” said Lee Klarich, chief product officer at Palo Alto Networks. “We believe the only way to solve this is with best-in-class prevention, combined with the ability to normalise and analyse data at scale from as many sources as possible, applying AI and machine learning to automatically detect and quickly respond to threats.”
“While endpoint and detection response tools are valuable, they give a limited view of what an attack may look like. Security teams need more sources of data so that they can find and block threats faster across what are increasingly complex enterprise environments. We believe integrating data across endpoint, network and cloud is a positive step toward better addressing these security needs,” Fernando Montenegro, senior analyst at 451 Research, added.