Endpoint/Device Security, Channel partners, Content

Palo Alto Networks XDR Gains Forensics, Identity Access

Share
Credit: Palo Alto Networks

Palo Alto Networks has introduced Cortex XDR 3.0, a new version of its extended detection and response solution, the cybersecurity company says.

Cortex XDR 3.0's new features include:

  • XDR for Cloud: Provides extended detection, monitoring and investigation for cloud environments.
  • Forensics: Retrieves user, file, application, browser and system activities and other historical evidence from compromised systems.
  • Identity Analytics: Collects and analyzes identity data to detect malicious user activities and insider threats.
  • Incident Management Interface: Provides malicious artifacts, hosts, users and correlated alerts mapped to the MITRE ATT&CK framework.
  • Third-Party Data Engine: Ingests, normalizes, correlates, queries and analyzes third-party data with threat activity and tags it with MITRE ATT&CK techniques, tools and protocols (TTPs).

Cortex XDR 3.0 will become available globally in August 2021.

Palo Alto Networks: XDR Positioning and MSSP Considerations

Cortex XDR applies analytics to endpoint, network and cloud data, Palo Alto Networks stated. In doing so, Cortex XDR eliminates security blind spots and stops cyberattacks.

In addition, Cortex XDR empowers organizations to secure their data in accordance with compliance requirements, Palo Alto Networks noted. It has been shown to help organizations speed up threat investigations by 88 percent and reduce their security alerts by 98 percent.

No doubt, the XDR (eXtended detection and response) market is in rapid growth mode -- though MSSPs and MSPs should carefully scrutinize vendor claims. Much like the early days of cloud computing, scores of cyber companies are either launching XDR products or repositioning existing solutions to include the XDR moniker.

Among the questions MSPs and MSSPs should ask: Who is responsible for the "response" portion of XDR -- the end-customer, the partner, the technology vendor or a combination of those organizations?

Palo Alto Networks Hires MSP Partner Advocate

Meanwhile, Palo Alto Networks in August 2021 hired former Barracuda Networks CEO BJ Jenkins as its president. Jenkins is a well-known MSP partner advocate. During his time leading Barracuda Networks, he pivoted the company's channel strategy to focus on MSPs and recurring revenue partner strategies.

It's unclear if Jenkins will apply that MSP partner know-how at Palo Alto Networks. The company has a partner program, but also is building its own consulting and services organization to support end-customers.

Still, there are signs of partner progress. For example, Palo Alto Networks in July 2021 announced a partnership with Deloitte, a Top 250 MSSP. Palo Alto Networks and Deloitte together will deliver zero trust and multi-cloud security solutions to enterprise and government organizations.

Organizations use Palo Alto Networks solutions to protect their cloud environments, networks and mobile devices. Palo Alto Networks provides these solutions to more than 82,000 customers globally.

Additional insights from Joe Panettieri.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.