The industry’s most forward-thinking analysts love Cortex XDR

2020 MITRE ATT&CK® Evaluation
The MITRE ATT&CK Evaluations emulate the real-world attack sequences of advanced persistent threat (APT) groups. The results of the 2020 MITRE ATT&CK Evaluation validated the best-in-class threat detection capabilities of Cortex XDR. No other product achieved higher attack technique coverage than Cortex XDR, with its powerful combination of automated product detection and enrichment from the Cortex XDR Managed Threat Hunting service.

In the 2020 MITRE ATT&CK APT29 Evaluation, Cortex XDR led the pack in the number of detections as well as both the specificity and accuracy of those detections compared to the 20 other products tested. Cortex XDR Managed Threat Hunting enhanced our detection capabilities, resulting in superior overall product and service coverage, with 90% of techniques detected.

NSS Labs 2020 Advanced Endpoint Protection Test
Cortex XDR was awarded a very strong overall “AA” rating in the 2020 Advanced Endpoint Protection (AEP) test by NSS Labs, a globally recognized and trusted source for independent cybersecurity guidance. No vendor in the test scored higher than an AA rating.

“The endpoint protection was capable of detecting and blocking malware and exploits when subjected to numerous evasion techniques … We found the protection against the vast majority of classic malware attacks to be excellent, as well as the protection against drive-by exploits.” – NSS Labs
Transforming Detection and Response: A SANS Review of Cortex XDR
The SANS Institute recently provided an in-depth, hands-on evaluation of Cortex XDR.

“We found Palo Alto Networks’ Cortex XDR to be an extremely powerful platform that, when deployed throughout the enterprise, offers a holistic view to an enterprise. The automatic correlation of alerts into incidents and the pure wealth of information on the screen means that analysts can quickly and confidently get to the business of defending instead of troubleshooting. However, the true power of Cortex XDR comes in the form of assisting analysts in containing, scoping and ultimately preventing attacks of a similar nature from occurring in the future.” – The SANS Institute
Ovum Report: Cortex XDR Spans Endpoint, Network, and the Cloud
Ovum profiled Cortex XDR, which automates detection of sophisticated threats, accelerates investigation and provides integrated response.

“The Cortex XDR application itself is cloud-based, leveraging machine learning and behavioral analysis techniques to identify threats across the environment and on individual assets ... With Cortex XDR the objective is for customers to simplify operations and continually reduce their attack surface, as well as to gain greater value from their existing security investments.” – Ovum
Endpoint Detection and Response Review
According to IT Central Station reviews and rankings, Palo Alto Networks is the best endpoint detection and response (EDR) vendor. In reviews of Cortex XDR, customers say: "You can see the value for your money and sleep peacefully at night, not worrying about ransomware attacks,” “Its multi-layer approach helps my organization with anti-malware, exploit protection, and restrictions,” and “[Cortex XDR] runs in the background and sends things directly to the cloud for sandboxing.”

IT Central Station is a crowdsourced knowledge platform that helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias.

XDR Category Validation

Gartner Top Security & Risk Management Trends
One year after Palo Alto Networks introduced the first XDR product to the market, Gartner named XDR as one of the top 9 security trends in 2020.

“In response to the growing security skills gap and attacker trends, extended detection and response (XDR) tools, machine learning (ML), and automation capability are emerging to improve security operations productivity and detection accuracy.” – Gartner

Hear from happy customers

State of North Dakota "We desperately needed to do automation and to have a tool that filtered through all the noise. Cortex is doing exactly that. We’re seeing the noise going away and we’re getting to the important alerts that we hadn't seen previously."

Ryan Kramer - Enterprise Network Architect, State of North Dakota

Hear from the state of North Dakota
Cherwell Software “Once we got Cortex XDR in, we had the relief of knowing we were seeing real viable data, information we could react to, information we could act on, and what the endpoints were doing. There was this tremendous relief that now we could be ahead of the situation."

Greg Biegen - Director of Information Security, Cherwell Software

Hear from Cherwell Software
The San Jose Water Company The San Jose Water security operations team was manually working through 900 - 1,200 alerts daily. They needed a solution that would enable them to quickly look in a single location and identify the critical items to investigate immediately.
“Not only did Cortex XDR reduce the number of incidents we had to look at, but the time taken to act on those incidents was also reduced…The X in XDR, for me, is the extension of my team.”

Peter Fletcher - Director of Cyber Security, San Jose Water Company
Hear from the San Jose Water Company
The Ada County “With Cortex XDR… we are able to be a lot more proactive instead of reactive. I would get 400 or 500 alerts a day. Now I'm down to maybe seven or eight...We're not spending six hours on incident response, we're spending 10 minutes.”

Bret Lopeman - Senior Security Engineer, Ada County
Hear from the Ada County
City of Williamsburg "We were feeding information into a security information and event management system, but it was disjointed. Palo Alto Networks told us about Cortex XDR, and seeing how all security events go into a single data lake and Cortex XDR stitches everything together in one place for us, we were pretty much sold after the first demo."

Mark Barham, Director of IT, City of Williamsburg
Read more about City of Williamsburg