Use Cortex XDR Agent to Protect Data Center Endpoints
Protect your data center endpoints by preventing malware
from executing on the endpoint itself.
Cortex XDR Agent protects
data center endpoints such as servers and VMs against malware and exploits
on the endpoint itself, while the next-generation firewall protects
against threats that cross the network (and therefore must traverse
the firewall) to reach the endpoint. When malware or exploits are
already on an endpoint or get onto an endpoint, if the endpoint
executes the threat (for example, through an .exe or .dll file),
the firewall doesn’t see the threat because the action is on the
endpoint and no traffic crosses the firewall, so there’s nothing
for the firewall to see. However, on each endpoint, Cortex XDR Agent
sees threats in executables, macros in documents, dynamic-link library
files, and more. When these threats attempt to run, Traps goes into
action on the endpoint itself and protects the endpoint.
Cortex XDR Agent and the next-generation firewall provide a double
layer of protection to data center endpoints so that the firewall
protects endpoints from threats on the network while Cortex XDR
Agent monitors and protects endpoints against threats that reside
on the endpoint. The security policy you configure for endpoints
on an Endpoint Security Manager (ESM) and the security policy you
configure on Panorama or on the firewall don’t conflict because
they govern different events at different locations. Cortex XDR
Agent controls security within each individual endpoint. The firewall
controls security of traffic that traverses the firewall.
Install Cortex XDR Agent on every data center endpoint. The best
practices for Cortex XDR Agent in the data center are the same as
the best practices for Cortex XDR Agent on any endpoint because
the context is always the endpoint itself, so the context “in the
data center” or “in a user group” doesn’t matter—Cortex XDR Agent
protects all endpoints the same way. So the deployment process,
the
malware protection policy best practices,
etc., are the same for the data center as for any other area of
the network.