Palo Alto Networks Debuts New Identity Threat Detection and Response Module for Cortex XSIAM

Palo Alto Networks, a global cybersecurity provider, is releasing its new Identity Threat Detection and Response (ITDR) module for Cortex XSIAM, enabling customers to ingest user identity and behavior data and deploy state of the art AI technology to detect identity-driven attacks. The module further strengthens XSIAM's ability to consolidate multiple security operations capabilities into a unified, AI-driven security operations center (SOC) platform, according to the vendor.

"Today, customers who want to detect identity-related attacks must deploy multiple tools—UEBA, Insider Risk Management, endpoint-based ITDR, etc.—each providing a partial view into user activities," said Gonen Fink, senior vice president, Cortex Products at Palo Alto Networks. "Such disjointed approaches result in poor security outcomes, alert overload, and time wasted on triage.  With the addition of ITDR, the XSIAM platform now integrates all identity data sources into a single security data foundation spanning endpoints, networks and cloud. This allows our customers to run comprehensive AI-driven threat detection to protect against stealthy identity-driven attacks."

The ITDR module ingests and integrates user behavior data, such as what times an employee typically works, and which applications and data they usually access.

It processes data from a variety of sources, including authentication services, endpoint logs, cloud identity data, email and HR data, as well as network, OS, and custom sources.

The built-in AI models can then be trained to flag suspicious activity based on irregular user behavior, getting ahead of  prominent insider risks such as configuration manipulation, file manipulation, or modification of permissions.

In addition to yielding stronger security outcomes, the addition of ITDR to Cortex XSIAM further reduces complexity in the SOC by tightly integrating identity analytics into a unified SOC platform.

Cortex XSIAM already natively integrates security information and event management (SIEM), endpoint detection and response (EDR), network detection and response (NDR), security, orchestration and response (SOAR), Threat Intelligence Management (TIM), and Attack Surface management (ASM) capabilities, replacing the need for multiple point solutions.

For more information about this news, visit