Use Cortex XDR to Protect Data Center Endpoints
Protect your data center endpoints by preventing malware
from executing on the endpoint itself.
Cortex XDR protects data
center endpoints such as servers and VMs against malware and exploits
on the endpoint itself, while the next-generation firewall protects
against threats that cross the network (and therefore must traverse
the firewall) to reach the endpoint. When malware or exploits are
already on an endpoint or get onto an endpoint, if the endpoint
executes the threat (for example, through an .exe or .dll file),
the firewall doesn’t see the threat because the action is on the
endpoint and no traffic crosses the firewall, so there’s nothing
for the firewall to see. However, on each endpoint, the Cortex XDR
agent sees threats in executables, macros in documents, dynamic-link
library files, and more. When these threats attempt to run, Cortex
XDR goes into action on the endpoint itself and protects the endpoint.
Cortex XDR and the next-generation firewall provide a double
layer of protection to data center endpoints so that the firewall
protects endpoints from threats on the network while Cortex XDR
monitors and protects endpoints against threats that reside on the
endpoint. The security policy you configure for endpoints on an Endpoint
Security Manager (ESM) and the security policy you configure on
Panorama or on the firewall don’t conflict because they govern different
events at different locations. Cortex XDR controls security within
each individual endpoint. The firewall controls security of traffic
that traverses the firewall.
Install the Cortex XDR agent on every data center endpoint. The
best practices for Cortex XDR in the data center are the same as
the best practices for Cortex XDR on any endpoint because the context
for Cortex XDR is always the endpoint itself, so the context “in
the data center” or “in a user group” doesn’t matter—Cortex XDR
protects all endpoints the same way. So the
recommended Cortex XDR deployment
process, the
malware protection policy deployment
process, etc., are the same for the data center as for any
other area of the network.