Palo Alto Networks has rolled out a major update to its Cortex extended detection and response solution, bringing it to version 3.0 and expanding to include support for additional cloud platforms and the capability to surface potential threats by analyzing identity data, according to Security Boulevard.
In addition, Cortex XDR 3.0 now features forensic investigation tools that users can integrate with various third-party data sources for collection of historical evidence on compromised systems.
The solution can now also now aggregate cloud host data, audit logs and traffic logs directly from the cloud including the Prisma Cloud security platform, said Tim Junio, Palo Alto Networks' senior vice president of products.
Junio says identities have essentially become the perimeter, representing a critical source of security data amid the rise of remote workforce, making it essential to be able to quickly detect anomalous behavior through identity. After detection, users may then use an incident management interface through Cortex XDR to track malicious users, artifacts, hosts and alerts through a procedure that is mapped to the MITRE ATT&CK framework.