Forrester TEI: Unlock 244% ROI with Cortex XSIAM
AI-driven SecOps platform delivered 244% ROI, cut breach risk 60%, and consolidated tools for significant savings. Learn more about Palo Alto Networks Cortex XSIAM.
Security Operations
Security Operations
Must-Read Articles
Product Features
Use-Cases
News and Events
Partner Integrations
Playbook of the Week
The Ransomware Speed Crisis
There is a ransomware speed crisis. Attacks have accelerated 100x faster since 2021. Discover why traditional security fails and build AI-powered defenses.
SIEM Replacement Made Easy (Yes, Really!)
Deploy Cortex XSIAM in 3 months or less with AI-powered migration tools. Replace your SIEM faster with automated onboarding and ready-to-use analytics.
Breaking Down Security Silos: How XDL Powers Advanced Threat Operations
Learn how Cortex XDL unifies vulnerability management and email security through shared intelligence to stop coordinated attacks at enterprise scale.
How Cortex Defends Against Microsoft SharePoint "ToolShell" Exploits
Cortex defends against the new "ToolShell" attack chain, which exploits vulnerabilities to achieve full remote code execution without requiring creden...
More Blogs
Displaying 1—16 of
533 results
Sort By:
Real-World Email Attacks Detected by Cortex Advanced Email Security
Discover how unified email security stops brand impersonation, credential harvesting, and localized phishing attacks using AI and cross-domain analysi...
The Case Files of Detective Aems: A Study in Digital Deduction
Discover how AI-powered email security defeats sophisticated phishing, BEC attacks, and brand impersonation through contextual analysis and unified th...
From Silos to Synergy: How Cortex XDL Transforms XDR to Elevate Threat Dete...
Learn how Cortex XDL transforms Cortex XDR by breaking down data silos and fusing telemetry from endpoint, networks, cloud, and identity to deliver AI...
Discover the Power of Next-Gen Automation in XSIAM 3.x
Discover how XSIAM 3.x on Cortex platform simplifies security automation with intuitive playbook building, 1,000+ integrations, and streamlined workflows.
Stopping Cross-Domain Attacks with Cortex XDL + Cortex XSIAM
Siloed security tools miss 75% of threats. See how Cortex XDL's unified data foundation enables AI-powered detection against identity-driven attacks.
AI and Cybersecurity, AI Security, Cybersecurity, Data Security, Incident Response, Reports, Unit 42
The Case for Multidomain Visibility
Get key insights from the 2025 Unit 42 Global Incident Response Report. Defend against complex, multidomain cyberattacks with unified visibility, AI-powered detection and identity ...
Defending against Phantom Taurus with Cortex
New APT threat actor, Phantom Taurus, is targeting global organizations. Learn more about how Cortex defends, prevents and responds to malware suite, NET-STAR.
Cortex XDR is the Only Endpoint Security Market Leader to Achieve 99% in Bo...
Palo Alto Networks Cortex XDR achieves 99% in both threat prevention & response in AV-Comparatives 2025 EPR test - the only endpoint security market l...
Raising the Bar for Incident Response
Unit 42 is now NCSC Enhanced Level CIR assured, proving our commitment to exceed the highest global standards for incident response and trust.
SCCM: Enterprise Backbone or Attack Vector? Part 2
Learn how attackers exploit Microsoft SCCM infrastructure through LDAP, WMI enumeration & detection strategies to secure enterprise environments.
SCCM: Enterprise Backbone or Attack Vector?
Learn how attackers exploit Microsoft SCCM infrastructure through LDAP, WMI enumeration & detection strategies to secure enterprise environments.
Palo Alto Networks and MITRE ATT&CK® Evaluations: Enterprise 2025
To further accelerate innovation for our customers, Palo Alto Networks will not participate in the 2025 MITRE ATT&CK® Evaluations after two years of leading results.
Security Operations Under Fire Inside Black Hat's NOC
Palo Alto Networks secures Black Hat's NOC, managing billions of threat events with AI-driven automation, multivendor integration and rapid crisis response.
The Challenge of Cybersecurity Frenemies and Collaboration
Michael Sikorski discusses how cybersecurity relies on "frenemies" building cultural bridges to collaborate against shared threats, as attackers already do.
Why Integrated File Integrity Monitoring Matters for Elevating Your Securit...
Strengthen security & compliance with integrated File Integrity Monitoring (FIM). Learn how Cortex FIM provides real-time detection of unauthorized ch...
Cortex XDR Is the Only Endpoint Security Market Leader Certified in Both AV...
Cortex XDR is the only endpoint security market leader certified in both AV-Comparative EDR Detection and Anti-Tampering tests, proving superior threat detection.
More Blogs
Displaying 1—16 of
500 results
Sort By:
Announcement, Application Security, Cloud Security, CNAPP, News and Events, Product Features, Products and Services
Introducing Cortex Cloud — The Future of Real-Time Cloud Security
Cortex Cloud brings the world’s leading CNAPP onto the #1 SecOps platform, delivering real-time protection — for the fir...
A Leader in the 2024 Gartner Magic Quadrant for EPP
Palo Alto Networks was named a leader in endpoint protection platforms by Gartner for Cortex XDR.
Introducing XSIAM 3.0
XSIAM is expanding from reactive response to proactive defense, transforming exposure management and email security with unified data, AI and automation.
Forrester Names Palo Alto Networks a Leader in XDR
Palo Alto Networks was named a leader in extended detection and response platforms by Forrester for Cortex XDR.
Cortex Email Security Module: Defending Against Evolving Email Threats
Discover how Cortex Email Security Module detects sophisticated phishing attacks through AI-powered analysis, cross-domain correlation, and automated ...
MITRE ATT&CK Evaluations — Cortex XDR Among Elite in Endpoint Security
Palo Alto Networks achieves top MITRE ATT&CK 2024 results with 100% detection rates against evolving AI-powered cyber threats.
A Deep Dive Into Malicious Direct Syscall Detection
This blog explains how attackers use direct syscalls to overcome most EDR solutions, by first discussing the conventional Windows syscall flow and how most EDR solutions monitor those calls.
Automating Response to Suspicious Process Executions
This playbook automates the investigation and response to suspicious process executions triggered by a scheduled task.
Forrester Names Palo Alto Networks a Leader in Attack Surface Management
Palo Alto Networks was named a leader in attack surface management by Forrester for Cortex Xpanse.
NL2XQL: Turning Natural Language into Powerful Cybersecurity Querying
NL2XQL transforms natural language into powerful XQL queries, making cybersecurity investigations accessible to all security teams without requiring d...
Automating Response to Unauthorized Scheduled Task Executions
Discover how Cortex XSIAM automates detection and response to malicious scheduled tasks that reference external HTTP/FTP sources for improved security...
Automating Response to Unauthorized Tor Logins
The A Successful Login from Tor playbook in Cortex XSIAM enhances security teams’ ability to detect and respond to unauthorized access attempts using Tor. By automating identity verification, automated remediat...
Announcing Unit 42 Managed XSIAM — Redefining 24/7 Managed SecOps
Palo Alto Networks announces Unit 42 Managed XSIAM, a solution that provides 24/7 expert-led defense across every attack surface.
Detecting Threats with Microsoft Graph Activity Logs
Discover how Microsoft Graph API is used as an attack vector by threat actors through a real-world attack scenario. Find out why monitoring Microsoft Graph activity logs is important and how Cortex delivers tai...
Creating an Automated Workflow for Account Lockout Resolution
This playbook automates and speeds up response to excessive user account lockouts, which could indicate a credential-based attack.
Flexible Security Data Management with Cortex XSIAM & Cribl
Cortex XSIAM now integrates with Cribl to help security teams route high-quality data, fuel AI-driven operations, and detect threats fast with full vi...
Subscribe to Security Operations Blogs!
Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.