CORTEX XDR

The industry’s first extended detection and response platform that spans all data sources to stop
modern attacks.
.
RECENT INDUSTRY INSIGHTS
Lengthy breach response times. Too many alerts. Too many siloed tools.
Mean time to identify and contain a breach: 277 days Security teams receive 11,000 security alerts per day, Average number of security tools per organization: 45+
Additional time to respond if not using XDR: 29 days yet 53% cannot address even half of them.
Cost of a Data Breach Study, 2022, Ponemon Institute State of Security Operations Report 2021 Ponemon 2020 Cyber Resilient Organization Report

CORTEX XDR MESSAGING

Cortex XDR is the industry’s first extended detection and response platform that spans all data sources to stop modern attacks. CORTEX XDR
With Cortex XDR, security teams can: Key Metrics
∙ Automatically detect stealthy attacks by applying behavioral analytics to network, endpoint and cloud data ∙ Reduce alert load by 98%
∙ Cut investigation time 88% by integrating data from multiple sources to reveal the root cause of alerts & grouping related alerts into incidents ∙ Reduce triage and
∙ Block malware, exploits, and fileless attacks with best-in-class threat prevention investigation time by 88%
∙ A Strategic Leader in AV-
CORTEX XDR ELEVATOR PITCH Comparatives Test
Security teams tell us that they have too many tools and they have to pivot from console to console to investigate alerts. Despite all these tools, ∙ 100% protection and
attacks still get through. Cortex XDR is designed to solve these challenges and help you successfully stop attacks. It’s the industry’s first extended 100% detection across all
detection and response platform that integrates data from any source. Cortex XDR accurately detects threats with behavioral analytics and 19 steps in 2022 MITRE
machine learning and it reveals the root cause of any alert to simplify investigations. Tight integration with enforcement points accelerates ATT&CK

containment, enabling you to stop attacks before the damage is done. ∙ A Leader in 2021
Forrester Endpoint
Security Wave
KEY ASSETS AND SALES TOOLS
Maximize the ROI of
Customer Competitive Rewire Security
Datasheet Demo for Partners Detection and
Presentation Information Operations Video
Response
CORTEX XDR

PROSPECT CHALLENGES AND RESPONSES

Titles and Responsibilities Challenge Faced Pitch and Customer Benefit
▪ Can’t detect advanced attacks ▪ Behavioral analytics: Automates attack detection by profiling behavior and generating a small number of
▪ Too many alerts accurate alerts with full investigative context.
Security Operations ▪ Don’t have enough information to triage ▪ Flexible custom rules: Detects attacks targeting vulnerable or high-risk systems in your organization & apply
Alert Triage Analyst (Tier 1)
alerts knowledge gained from past investigations.
Incident Responders (Tier 2) ▪ Can’t efficiently investigate threats ▪ Data stitching: Eliminates alert fatigue by allowing analysts to quickly investigate security alerts from any source
Threat Hunters (Tier 3) with a single click. Eliminates alert backlog and lowers experience needed for accurate analysis.
▪ Need specialized experts to confirm
Architects and Engineers ▪ Root cause analysis: Simplifies investigations for the entire SecOps team by identifying the sequence of events
SOC manager attacks
▪ Searches require learning a new query and root cause of alerts.
language Powerful search tools: Makes threat hunting easy with intuitive queries

▪ Automation and efficiency: Reduces operating costs with machine learning and by fully integrating network,
endpoint & cloud data, avoiding manual correlation or costly professional services
▪ Increased productivity: Lowers experience needed for accurate analysis across alert triage and investigations.
▪ Growing cost of security operations
▪ Increased ROI: Reduces the number of products to deploy and operate, lowering TCO 44% versus siloed tools.
CISO ▪ Cloud-based deployment: Lowers management costs by eliminating the need to deploy & maintain new single-
Develop and lead security purpose servers & infrastructure.
programs
▪ Automated detection and accelerated investigations: Stop threats that otherwise would have been missed by
▪ Business risks associated with breaches combining rich data, behavioral analytics and machine learning.
and data loss ▪ Full visibility to eliminate blind spots: By stitching together network, endpoint and cloud data, you can catch all
threats, including ones involving unmanaged devices and cloud assets, and thereby reduce the risk of a breach.

COMMON OBJECTION HANDLING AND FAQ

Objections Response
Security is our top priority. The Cortex Data Lake leverages industry-standard best practices for security and confidentiality,
I am concerned about sending log data to the cloud including app, system, network, and physical security. Data sent to Cortex Data Lake is encrypted in transmission. Cortex
XDR is SOC 2 Type II Plus certified and has reached a key FedRAMP milestone. Share the Cortex XDR privacy datasheet.
Do I need to buy & deploy both Cortex XDR agents and No, customers only need one source of data, such as Cortex XDR agents or firewalls, for detection and response. Note that
firewalls? Cortex XDR Pro per endpoint includes agents, providing a single agent for prevention as well as detection and response.
CORTEX XDR

TOP COMPETITIVE ADVANTAGES

Competitive Advantage Cortex XDR Capabilities
∙ Stitches together network, endpoint and cloud and third-party data to:
– Provide EDR, NDR, CDR, UEBA and endpoint protection in one offering
Detection Across All Data Sources
– Present the full context of alerts to simplify investigations
– Detect advanced attacks and remove blind spots
∙ Offers best-of-breed prevention for exploits, malware & fileless attacks
Best-in-Class Endpoint Protection Included ∙ Integrates with WildFire for cloud-based malware analysis
∙ Offers host firewall, disk encryption, vulnerability assessment, and device control
∙ Profiles user & device behavior to identify anomalies indicative of attack
Behavioral Analytics to Detect Network & Endpoint Attacks ∙ Uses machine learning in customers’ environments to detect attacks
∙ Uses machine learning performed for local static analysis in Cortex XDR agents & WildFire
∙ Automatically determines the root cause, chain of events, and timeline of any alert with one click in a simple, intuitive user
Accelerated Investigations with Root Cause Analysis &
interface
Incident Management
∙ Group related alerts into incidents to reduce individual alerts 50x
∙ Avoids the need for on-prem log storage
Simple Deployment & Management ∙ Supports logs and alerts from next-gen firewalls, Cortex XDR agents, Prisma Access, and third-party tools, eliminating the
need for new sensors and enforcement points

Competitors Competitor Weaknesses (Start with Top Competitive Advantages Shown Above)
CrowdStrike • Offers managed services to compensate for poor attack detection
Microsoft Defender • Incomplete protection for Linux & Mac; inferior endpoint threat prevention and detection; poor MITRE ATT&CK results.
VMware Carbon Black • Weak endpoint threat prevention; acquired by Broadcom; questionable product roadmap and future
SentinelOne • Focused only on endpoint data; no forensics or cloud sandboxing capabilities; no intelligent alert grouping into incidents
• Lack endpoint detection or response; generate a high-volume of false positives
Darktrace • Require additional network appliances
• Depends heavily on a managed security service to supplement inaccurate alerts
CORTEX XDR

Discovery Questions Qualifying Questions

1. Do you have a dedicated security operations team?

1. How do you detect and respond to threats today? • How do you handle alerts and investigations?
2. What do you have in place to find an active attacker or a malicious insider in • How many people are in your security team?
your network? • How many employees does your organization have?
3. Are you satisfied with your current endpoint security product? Recommendation: Refer organizations with fewer than 1,000 employees and
4. What percentage of security alerts can you investigate today? organizations that do not have dedicated SecOps analysts to Unit 42 MDR
(Managed Detection and Response) or to an XMDR partner.
5. How long does it take you to triage and investigate alerts?
2. What is your stance on cloud-delivered security?
• How many alerts do you receive a week?
Recommendation: Qualify out organizations that aren’t willing to send security
• What is a typical process to investigate an alert?
data to the cloud.
6. What are your greatest security operations challenges?
3. What is your renewal cycle for endpoint products?
7. Do you have enough staff to handle all your security alerts?
Recommendation: If a customer is unwilling or unable to consider Cortex XDR
8. Do you have any active endpoint detection and response (EDR), or network agents, position Cortex XDR for network detection and response using on firewall
traffic analysis projects? logs.
9. What are your plans to improve SecOps efficiency and reduce security product
sprawl?

CALL TO ACTION
Primary: Would you like to speak to a Sales rep about how Cortex XDR can stop more attacks, consolidate your product stack, and boost SOC efficiency?
Secondary: Would you like to sign up for a virtual threat hunting and investigations hands-on workshop?