Introducing Cortex Cloud — The Future of Real-Time Cloud Security

By 
Feb 13, 2025
10 minutes
... views
Announcement
Application Security
Cloud Security
CNAPP
News and Events
Product Features
Products and Services
Code to Cloud
Cortex Cloud
real-time cloud security
Runtime Protection
SOC

Cortex® Cloud merges the next version of Prisma® Cloud with best-in-class CDR for real-time cloud security.

 

Nearly every organization runs in the cloud, driven by promised outcomes, like 65% faster product and service delivery. AI has only accelerated cloud investment, with 63% of top-performing companies citing AI for their decision.

But the cloud comes with risks. Up to 80% of security exposures occur in the cloud, compounded by a recent 66% surge in attacks and the reality that cloud-native risks shift regularly.

Security teams struggle to keep up, facing off against adversaries who appear to thrive​​. One alert, on average, takes 145 hours to resolve. Meanwhile, attackers exploit new vulnerabilities within 15 minutes of disclosure and exfiltrate data in half the time they did last year​​.

Peace-Time Cloud Security Isn't Enough

Traditional security approaches leave organizations exposed. Posture management has been the foundation of cloud security, helping teams identify misconfigurations and enforce compliance. Security risks, however, don’t stop at misconfigurations or vulnerabilities. Organizations need more than “peace time” security. They need real-time prevention.

A New Approach

Palo Alto Networks, the pioneer of Code to Cloud security, has spent years shaping how organizations protect cloud environments. Prisma Cloud redefined cloud security posture. Cortex transformed AI-driven SecOps. Still, cloud and enterprise security teams remained disconnected, operating in silos with limited visibility, context and response capabilities.

Attackers exploit these gaps – moving between misconfigurations, runtime vulnerabilities and exposed identities faster than teams can respond. The challenges call for change. Palo Alto Networks set out to address them.

Introducing Cortex Cloud

Cortex Cloud is the next version of Prisma Cloud merged with best-in-class Cortex CDR to deliver real-time cloud security. Built on Cortex, organizations can seamlessly adopt natively integrated capabilities as part of the world’s most complete enterprise-to-cloud SecOps platform.

Security teams gain a context-driven defense that delivers real-time cloud security – continuous protection from code to cloud to SOC. Our new Cloud Runtime Security offering includes the world’s leading CNAPP capabilities at no additional cost, maximizing adoption of end-to-end cloud security on a single platform.

AI automation – unified data from code to cloud to SOC.
Cortex Cloud delivers real-time cloud security powered by unified data, Precision AI® and automation.

For Prisma Cloud customers, this translates into more power. Your investments are secure, and existing Prisma Cloud customers will experience a seamless upgrade to Cortex Cloud with all the core capabilities you’ve come to expect, enhanced with significant new innovations – including AI-powered prioritization, automated remediation and a new simplified, powerful user experience.

Additionally, once upgraded, Prisma Cloud customers can add Cortex’s industry-leading CDR capabilities as part of the new Cloud Runtime Security offering. Now available on the single Cortex platform, Cortex XSIAM users can seamlessly adopt industry-leading CNAPP, making it the preferred SOC platform for enterprise and cloud.

A Formula for Results

Breaches happen when security teams can’t connect the dots fast enough. Imagine a world, though, where runtime context informs cloud posture decisions during peace time, ensuring vulnerabilities and other risks are prioritized before they become active threats. Automation then closes the loop on critical issues, resolving risks before attackers exploit them.

At the same time, envision SOC teams with the full picture – seeing not just an attack in progress but the cloud exposures that made it possible. With runtime insights mapped to cloud risk, investigations become faster, more precise and tied to real-world attack paths.

Cortex Cloud changes the equation, setting new benchmarks for simplicity and effectiveness. From smart prioritization that manages millions of security findings to automation that streamlines remediation, organizations can take back control.

Unified Data for Complete Security Intelligence

Security teams aren’t short on data – quite the opposite. Threat indicators get lost in the vast array of cloud telemetry. Cortex Cloud unifies first- and third-party findings into a unified dataplane, eliminating the need to manually connect dispersed insights. Every signal and event is stitched together, giving teams full, real-time context for every decision.

End-to-end visibility allows organizations to reduce investigation times, prioritize what matters and automate responses, whether strengthening security during peace time, such as application development, or responding to real-time incidents under active attack.

AI and Automation — Smarter Detection, Faster Response

With over 7,000 detectors and 2,400+ machine learning models, Cortex Cloud identifies high-risk threats with precision using Cortex XDR’s best-in-class CDR agent, which achieved industry-leading results in the most recent MITRE ATT&CK testing. AI-powered recommendations guide teams toward the fastest resolution, while automation accelerates containment, blocking malicious activity and isolating compromised resources.

Security teams no longer need to navigate disconnected tools and siloed workflows. Out-of-the-box and customizable playbooks orchestrate response workflows, automating fixes where possible and streamlining analyst actions when human oversight is required. As Cortex Cloud continually learns from incidents, automation becomes faster, smarter and more effective, keeping defenders ahead of attackers at every turn.

Proven Outcomes at Scale

Cortex Cloud builds on real-world results already achieved by the Cortex platform:

  • 100% detection coverage in MITRE ATT&CK evaluations, the highest prevention rate among vendors with zero false positives.
  • 90% reduction in MTTR, often cutting response times from 4 days to under 1–2 hours​​.
  • 75% decrease in analyst workload, reducing manual tasks and alert fatigue​.
  • Incident close rates improved from 20% to 100%, demonstrating the power of unified workflows and AI-driven automation​​.

Elevating CNAPP’s Core Capabilities

Application Security — Fix Issues at the Source

Security starts in development. Cortex Cloud natively integrates with engineering ecosystems to prevent risks and secure applications by design. The solution unifies leading AppSec tools with newly added third-party scanners for complete code and runtime context to prevent and prioritize risk. Cortex Cloud Application Security centralizes visibility across pipelines and production.

With AI-driven risk prioritization, security teams focus on vulnerabilities and misconfigurations attackers will likely target, while agile security guardrails embed best practices directly into developer workflows. Instead of chasing risks after deployment, organizations achieve protection that scales with growth.

Screenshot of ASPM Command Center's SB Banking.
The ASPM Command Center combines code, runtime and application context to fix issues at the source.

Cloud Posture Security — A Connected View of Risk

It’s not just about more findings. It’s about contextualized insights that drive action. Yesterday’s cloud security teams worked on posture management without knowing how their configurations affect active threats. They’ve only been able to see theoretical risk. With Cortex Cloud, you can now see real-world attack paths, including whether a vulnerability is actively being exploited in runtime.

Cortex Cloud improves multicloud risk management with new AI-powered prioritization, guided fixes to resolve multiple risks with a single action and automated remediation. Now, you can correlate risks – misconfigurations, vulnerabilities, overly permissive IAM roles, sensitive data exposures – to reveal exploitable attack paths. AI-powered prioritization and Action Plans goes further, grouping related risks with a shared issue, allowing teams to remediate at scale instead of tackling risks one by one. Security teams burn down issues faster, reducing manual workflows by up to 25-fold and resolving multiple risks with a single action.

The fully and tightly integrated solution changes the game for Prisma Cloud customers with a single user experience across CSPM, CIEM, DSPM, AI-SPM, KSPM, ASPM, CWP and vulnerability management – offering complete protection in hybrid and multicloud environments.

Screenshot of Cloud Security Operations Dashboard.
The Cloud Security Ops dashboard provides single pane visibility across your cloud posture and key metrics, such as most critical cases and response time.

Cloud Runtime Security — Stop Attacks in Real Time

Threats evolve in seconds, and static security approaches can’t keep up. Cortex Cloud prevents known and unknown threats in real time across VMs, containers, Kubernetes clusters and serverless environments. Behavioral threat protection, anomaly detection and risk correlation ensure that attacks are identified and stopped. A single, unified agent for runtime security consolidates capabilities that previously required multiple agents. Gaining seamless detection, prevention and response across cloud workloads, security teams move from reactive investigation to proactive cloud defense.

Our new Cloud Runtime Security offering includes the world’s leading CNAPP capabilities at no additional cost, maximizing adoption of end-to-end cloud security on a single platform.

Screenshot of cases showing alerts, automations, artifacts, and assets.
Incident cases dramatically improve MTTR by stitching several alerts mapped to the MITRE ATT&CK framework with suggested automation actions.

The SOC Advantage — Integrated Threat Detection, Investigation and Response

Cortex Cloud is also available on Cortex XSIAM, making it the preferred SOC platform for enterprise and cloud. While cloud threats both evolve and increase, native CNAPP from Cortex Cloud equips teams with deep visibility, real-time threat detection and automated response workflows that turn intelligence into action. Advanced AI powers rapid identification of cloud-specific attack patterns, mapping adversary behaviors to the MITRE framework for immediate, contextualized insights.

Screenshot of XSIAM Command Center showing alerts and incidents.
XSIAM brings together data across the enterprise, including cloud, stitching alerts into prioritized incidents for unprecedented remediation efficiency.

Unlike current approaches that rely on disconnected tools and fragmented context, Cortex XSIAM with native CNAPP delivers best-in-class capabilities in a fully integrated solution. Security teams pivot effortlessly between runtime threats, cloud misconfigurations and identity risks. Days spent chasing shadows are finally over. It’s time to go on offense.

Reclaim Control with Cortex Cloud

Cloud security moves fast. Attackers move faster. See how Cortex Cloud turns the tables with real-time, end-to-end protection that puts security teams back in command. Schedule a demo today and join us at Symphony 2025 to witness the breakthrough that’s redefining how the cloud is secured.

 

Forward-Looking Statements

This blog contains forward-looking statements that involve risks, uncertainties and assumptions, including, without limitation, statements regarding the benefits, impact or performance or potential benefits, impact or performance of our products and technologies or future products and technologies. These forward-looking statements are not guarantees of future performance, and there are a significant number of factors that could cause actual results to differ materially from statements made in this blog, including, without limitation: developments and changes in general market, political, economic, and business conditions; risks associated with managing our growth; risks associated with new products and subscription and support offerings; shifts in priorities or delays in the development or release of new offerings, or the failure to timely develop, release and achieve market acceptance of new products and subscriptions as well as existing products and subscription and support offerings; failure of our business strategies; rapidly evolving technological developments in the market for security products and subscription and support offerings; our customers’ purchasing decisions and the length of sales cycles; our competition; our ability to attract and retain new customers; and our ability to acquire and integrate other companies, products, or technologies. We identify certain important risks and uncertainties that could affect our results and performance in our most recent Annual Report on Form 10-K, our most recent Quarterly Report on Form 10-Q, and our other filings with the U.S. Securities and Exchange Commission from time-to-time, each of which are available on our website at investors.paloaltonetworks.com and on the SEC's website at www.sec.gov. All forward-looking statements in this blog are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.

Related Blogs

Announcement, Must-Read Articles, Product Features, Products and Services

XSIAM 2.0: Continuing to Drive SOC Transformation

Announcement, News and Events, Product Features, Products and Services

What’s Next with Cortex

Announcement, Must-Read Articles, News and Events, Product Features, Products and Services

XSIAM Has Arrived to Revolutionize the SOC

Announcement, Network Perimeter, Next-Generation Firewalls, Products and Services

WildFire Secures Your Digital Future

Announcement, Must-Read Articles, News and Events

What’s New in Cortex: The Latest Innovations for the World’s #1 SecOps Platform (Feb ’25 Release)

Announcement, Partners, Products and Services

A New Era of Protection — Multicloud Security

Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.

Get the latest news, invites to events, and threat alerts