Yuriy KOROVAICHENKO, Deputy Head of Information Security Department SEETON (SEETON GROUP LLC), talks about the capabilities and benefits of the comprehensive cybersecurity platform from Palo Alto Networks in the article "Networks and Business" magazine
What do most modern companies have in common?
For 78% of cybersecurity professionals, this means at least one cyber incident or compromise of confidential data in IT systems during the year. This is stated in the Forrester analytical article “Top Cybersecurity Threats in 2024”. At the same time, the number of companies that experienced six or more incidents increased by 13% compared to 2022 – indicating an increase in the frequency of cyber attacks and the risk of repeated incidents.
At the same time, in the conditions of a full-scale war, Ukrainian enterprises have become one of the main targets for cybercriminals and are facing an unprecedented number of cyber threats, which highlights the need for effective cybersecurity solutions. Traditional methods, such as antivirus programs, firewalls and IDS/IPS systems, are no longer effective enough due to the complexity and complexity of modern attacks.
In response to these challenges, Extended Detection and Response (XDR) technology was developed, which combines data from various sources for comprehensive analysis and effective counteraction to the latest cyber threats. One of the leaders in this segment is the Cortex XDR platform from Palo Alto Networks, which demonstrates high efficiency in real-world application scenarios.
What is Cortex XDR and how does it work?
Cortex XDR is an advanced threat and incident detection and response platform from Palo Alto Networksis an intelligence platform that goes beyond traditional EDR solutions. The platform combines data from endpoints, networks, clouds and other sources into a single analytics system, providing detailed analysis and effective threat detection. It's not just a cybersecurity solution, it's a business continuity mechanism that includes secure scaling, risk management, and operational resilience.
Cortex XDR Platform Architecture and Capabilities
The Cortex XDR architecture is based on a combination of cloud infrastructure, agents on endpoint devices, and centralized analytics and response tools (Figure 1).
Fig. 1. Cortex XDR architecture
Agents are installed on users’ devices and run in the background without creating any additional overhead. These agents continuously capture information about system events, user behavior, application activity, and network traffic. The data is encrypted and sent to the Cortex Data Lake, a centralized cloud storage for further analysis.
At the same time, using advanced artificial intelligence methods, including machine learning and behavioral analysis, the platform identifies anomalous activity and potential threats. An important element of this system is integration with the Unit 42 global threat database, which is regularly updated with up-to-date data on new types of cyberattacks, malware, and vulnerabilities.
One of the benefits of Cortex XDR is its automated incident response. The platform uses pre-built playbooks to instantly isolate compromised devices, block suspicious IP addresses, and instantly alert security teams to potential threats. This ensures rapid incident containment and minimizes the risk of threats spreading across the corporate network.
An important element of the Cortex XDR platform is built-in integration not only with Palo Alto Networks solutions, but also with external security platforms, in particular with SIEM solutions and SOAR automated response systems.
Cortex platform as the basis of an integrated security system
Modern threats to information security require a comprehensive and integrated approach to protecting an organization's digital assets. The Cortex platform is an effective solution that combines innovative technologies of threat analytics, machine learning and automation of cyber incident response processes (Fig. 2). Thanks to the full cycle of security management, Cortex allows you to quickly detect threats, analyze potential risks, coordinate the work of teams in real time and effectively protect the company's workstations and servers.
The main functions of the platform cover the following key areas:
✔ Security Orchestration & Automation - automated management of security measures;
✔ Case Management - organization of incident management;
✔ Threat Intelligence - using up-to-date data on threats for their timely detection;
✔ Real-Time Collaboration - ensuring effective interaction between members of security teams;
✔ Investigation & Response - detailed analysis of incidents and rapid response to them;
✔ ML-based threat detection - detection of potential threats using artificial intelligence;
✔ Endpoint Protection - protection of company devices from attacks and malware.
Fig. 2. Cortex - a full-cycle cybersecurity management platform
Benefits of Cortex XDR for Ukrainian businesses
The implementation of the Cortex XDR platform opens up significant strategic advantages for Ukrainian companies seeking to strengthen their own cybersecurity and increase the overall efficiency of business processes. Using this solution allows you to achieve the optimal balance between a high level of security and reasonable resource savings, which is especially relevant in the conditions of the Ukrainian market.
Cortex XDR delivers the following key business benefits:
✔ Using an integrated platform reduces the cost of supporting individual cybersecurity tools by up to 30%. This is achieved by centralizing management and unifying security processes.
✔ Cortex XDR provides automated detection, analysis, and blocking of potential cyber threats, which significantly reduces response time and minimizes the possible negative consequences of attacks.
✔ The solution helps companies comply with key international regulations, including GDPR, HIPAA, and has an expert opinion from the DSSZZI. This allows companies to confidently conduct business both domestically and internationally, without the risk of receiving fines or regulatory notices.
✔ Timely and effective cyber incident management provided by Cortex XDR helps minimize the risks of confidential data leakage and other consequences of attacks, preventing reputational damage and ensuring a high level of trust among customers and partners.
Thus, the integration of Cortex XDR is a strategic step for Ukrainian companies that seek to remain competitive by ensuring a high level of cybersecurity at the optimal cost of their own resources.
With Cortex XDR, an incident is no longer an “emergency” — it’s a clearly defined situation with data, context, and predictable actions. That’s how XDR should work.
XSIAM: the next stage of XDR development
XSIAM is a platform from Palo Alto Networks that consolidates cybersecurity tools into a single system driven by artificial intelligence (Figure 3). It optimizes the operation of security centers (SOCs) by combining XDR, SOAR, ASM (attack surface management), and SIEM. Through artificial intelligence, XSIAM provides improved threat detection, automated response, and human factor minimization.
Fig. 3. Cortex XSIAM from Palo Alto - a cybersecurity platform that combines various tools
In late April, Palo Alto Networks introduced Cortex XSIAM 3.0, an updated SOC platform. It introduced features such as Cortex Exposure Management, which reduces false positives by 99% using artificial intelligence, and Cortex Advanced Email Security, which uses large AI language models (LLMs) to combat phishing.
Thanks to innovative solutions, the XSIAM platform remains a leader in its segment after two years of existence. In Q2 of fiscal 2025, Cortex XSIAM sales reached $1 billion.
Comprehensive security for a new reality
Cortex XDR is not just an incident response tool, but a holistic cybersecurity ecosystem that combines analytics, automation, and agile threat management. In the context of Ukrainian businesses operating in an environment of increasing cyber threats, this solution allows for a significant increase in the level of security without excessive burden on cybersecurity teams.
In the future, Cortex XDR can become the basis for the transition to a more comprehensive solution - Cortex XSIAM, which combines all security data into a single analytical system. This will allow not only to quickly respond to threats and automate decision-making, but also to proactively prevent cyberattacks thanks to innovative artificial intelligence technologies.
Source: “Networks and Business” magazine, June 2 (136) 2025 https://sib.com.ua/sib-2-136-2025/cortex.pdf
As a leading systems integrator, we are proud to have the most specialisations from Palo Alto Networks among all partners in Ukraine! Our team embodies the slogan "Power of Technology", providing unique cybersecurity solutions for Ukraine and obtaining the first and unique specialisations.
We have added to our Hardware Firewall expertise:
✅ Cortex XDR – a unique specialization
✅ Cortex XSIAM – the only one in Ukraine
✅ Cortex XSOAR – the only one in Ukraine
These unique achievements highlight our ability to provide the highest level of security through Palo Alto Networks' advanced technologies.
Thank you to our team and partners for working together! 💪 Together we are creating a safe digital future with the Power of Technology!
Are you interested in cybersecurity solutions or need a consultation?
Write to us by email: cs@seeton.pro