Transcend the Boundaries of Endpoint Security

Dig Deeper into Incident Details

From the Incident Overview page, you gather additional facts:

• The incident score for severity
• Compromised assets
• Data sources for raised alerts
• Automated responses already performed

Dig Deeper into Incident Details

To generate this incident, Cortex XDR created enriched records of activity by stitching events from multiple sources, establishing the connection between hosts, identities, network traffic, and more to broaden incident context.

Hundreds of machine learning models looked for anomalous activity within stitched data, generating new detection alerts.

Cortex XDR then grouped related alerts into a single incident, painting a comprehensive picture of the attack and reducing the number of alerts that you need to review manually by 98%.

Search for and Destroy Malware

Now it's time to search for and destroy the ransomware file.

Using the live terminal, you can execute commands and scripts remotely on endpoints to facilitate rapid remediation without needing physical access to the affected devices.

Pulling Back the Curtain

So why wasn't this attack blocked by the endpoint agent?

For the purposes of this demonstration, we set the Endpoint Policy to report only, allowing the attack to progress, while notifying us of its progress. This is also a reminder to always follow the best practices while configuring policies.

Now, let's set the policy to block, and keep moving!

Identify Security Gaps and Ensure Alignment with Regulatory Standards

With a good handle on this ransomware incident, you remember that a cloud asset was involved in a brute force attempt earlier on. With this in mind, you initiate work on some proactive security measures to enhance your cloud security.

The Cloud Compliance capabilities of Cortex XDR performs Center for Internet Security (CIS) benchmarking compliance checks on cloud resources. This helps to identify potential security gaps, mitigate risks, and avoid regulatory fines or penalties.

You notice that the compliance is only at 74%, which you decide is important to include in your final report.

Assess Vulnerabilities in a Single Dashboard

Since you discovered a compromised PC during your investigation, you use Vulnerability Assessment to check for potential vulnerabilities that may have been unpatched and exploited.

You see that the compromised PC you flagged has several vulnerabilities that contributed to the ransomware attack, giving you the information you need to start patching.

Concise, Easy Reporting

It's time to generate reports for your manager in a concise format. You can select from a number of pre-built templates or create custom reports.

You generate reports about your investigation, including the Incident Management, Cloud Compliance, and Vulnerability Assessment.

Click a row to generate a report