Cortex XDR

Additional features

100% detection in MITRE ATT&CK® Enterprise Evaluations

Demonstrates a high level of effectiveness in real-world attack scenarios.

AI-powered endpoint security

Utilizes artificial intelligence to enhance protection capabilities.

Behavioral Threat Protection

Stops threats by analyzing and identifying malicious behavior patterns.

Cloud-based analysis

Leverages cloud resources for advanced threat analysis and intelligence.

Patented behavioral analytics

Employs unique analytical techniques to pinpoint evasive threats.

Machine learning for behavior profiling and anomaly detection

Learns normal behavior to identify deviations indicative of an attack.

Incident management

Provides a structured process and tools for handling security incidents from detection to resolution.

Root cause analysis

Identifies the underlying cause of an alert to understand the attack's origin.

NGAV (Next-Generation Antivirus)

Advanced antivirus capabilities to block malware, ransomware, and fileless attacks.

Host firewall

Controls network traffic at the endpoint level to prevent unauthorized access.

Disk encryption

Protects sensitive data on endpoints by encrypting the hard drive.

USB device control

Manages the use of USB devices to prevent data leakage or malware introduction.

ML-Driven Threat Detection

Uses machine learning algorithms to identify and detect threats.

Automated Root Cause Analysis

Automatically determines the origin and path of a security incident.

Deep Forensics

Provides comprehensive forensic data for detailed investigation of security events.

Flexible Response

Offers a range of response actions that can be tailored to the specific threat.

Enterprise-wide protection by analyzing data from any source

Extends protection beyond endpoints by analyzing data from various security layers.

Complete visibility

Offers a holistic view of the security landscape to identify potential threats.

Simplified security operations

Streamlines workflows and reduces the complexity of managing security.

Cloud-based AI and analytics

Utilizes the scalability and power of the cloud for advanced security analysis.

eXtended Threat Hunting (XTH) Data Module for enhanced visibility and data collection

Provides deeper telemetry for proactive threat hunting activities.

Additional analytics and machine learning detectors (as part of XTH)

Enhances threat detection capabilities with more advanced analytics.

Advanced analytics and behavioral models for proactive hunting (as part of XTH)

Enables security teams to actively search for and identify potential threats.

Identification of causality links between attacker actions and affected entities (as part of XTH)

Helps understand the relationships between attacker activities and their impact.

Identity Threat Detection and Response Module for identity threat vectors

Specifically focuses on detecting and responding to threats related to user identities.

Enhanced views of organizational risk posture (as part of Identity Threat Detection and Response)

Provides a better understanding of the overall security risk related to identities.

Forensic-level visibility into assets (as part of Identity Threat Detection and Response)

Offers detailed forensic information about assets involved in identity-related threats.

Automated and customizable continuous analysis of user and host activities (as part of Identity Threat Detection and Response)

Continuously monitors user and host behavior for suspicious activity.

Precise profile information for alert triage and investigation (as part of Identity Threat Detection and Response)

Provides detailed context for faster and more accurate alert handling.

Managed Detection and Response (optional)

A 24/7 service provided by Unit 42 experts to detect and respond to threats on your behalf.

Managed Threat Hunting (optional)

A proactive service that continuously searches for unknown threats and vulnerabilities in your environment.

Incident Response (optional)

An elite service to help organizations stop ongoing attacks and prevent future ones.

Cyber Risk Management Services (optional)

Services to assess and test your security controls against relevant threats.

CORTEX XDR PREVENT

Focuses on preventing threats with NGAV, endpoint protection, and basic detection and response.

Next-Generation Antivirus (Block malware, ransomware, exploits, and fileless attacks)

Prevents known and unknown malware from executing on endpoints.

Endpoint Protection (Safeguard endpoints with device control, firewall, and disk encryption)

Provides core endpoint security measures.

Detection and Response (Pinpoint attacks with AI-driven analytics and coordinate response)

Detects malicious activity and enables basic response actions.

CORTEX XDR PRO

Includes all features of Cortex XDR Prevent and offers more advanced capabilities and optional modules.

Managed Detection and Response (Optional)

Extends the capabilities of Cortex XDR with expert-led monitoring and response.

Identity Threat Detection and Response (Optional)

Adds specific features for detecting and responding to identity-based threats.

Host Insights (Optional)

Find vulnerabilities and sweep across endpoints to eradicate threats: Enables proactive identification and remediation of vulnerabilities.

Forensics (Optional)

Investigate incidents swiftly with comprehensive forensics evidence: Provides in-depth forensic capabilities for thorough investigation.

eXtended Threat Hunting (Optional)

Deep endpoint telemetry to support advanced threat hunting operations (Wildfire analysis included; additional feeds optional): Offers advanced data for sophisticated threat hunting.

Wildfire analysis included in both offerings; additional feeds optional in Pro

Provides analysis of unknown files in a sandbox environment to identify malicious behavior.