Zero-Day Response with Zero Fire Drills: How XDR Eases Vulnerability Protection

Palo Alto Networks

By Kasey Cross, Sr. Product Marketing Manager, Palo Alto Networks


A new zero-day disclosure often triggers a whirlwind of activity for IT and security teams. Vulnerability management staff scramble to find all affected systems and patch or remove vulnerable software. Threat hunters search for signs that adversaries exploited vulnerabilities. Security engineers seek out ways to block exploits and virtually patch exposed systems.

Zero-Day Response Strategies
From workspace applications to mail servers and load balancers to VPN appliances, vulnerabilities have affected a wide range of solutions and exposed digital enterprises to an increasing number of attacks. And, with widespread vulnerabilities—such as Log4Shell and Follina—finding all affected software across an organization can take days or even weeks. Teams might need multiple tools to discover all vulnerable assets, including cloud and unmanaged assets.

To uncover compromised assets, hunters often must comb through comprehensive data from across the environment – including endpoint, network, and cloud event data. Without powerful search tools and rich telemetry dating back 30 days or more, hunters might not be able to find adversaries lurking in their organizations.

Discovery, Hunting and Exploit Prevention with XDR
Extended Detection and Response, or XDR, is your secret weapon to streamline your response to zero-day vulnerabilities and reduce the risk of a successful attack. XDR is a new category of threat detection, investigation, and response solutions that provide holistic protection by gathering security data from any source. XDR tools detect stealthy threats with cross-data analytics and machine learning and speed investigations with cross-data insights.

When zero-day vulnerabilities arise, XDR tools can help you locate vulnerable software. XDR tools can often identify known vulnerable software through vulnerability assessment capabilities. You can also search for the hashes associated with vulnerable software applications and libraries.

XDR solutions can detect post-exploit activity, such as lateral movement or exfiltration, with behavioral analytics. Your threat hunters can search across all XDR data including network, cloud, endpoint and identity data, to unearth signs of compromise.

Perhaps most importantly, XDR agent software installed on endpoints can proactively block zero-day exploits. Its ability to block zero-day attacks early–at the exploit stage–helps prevent subsequent infection and damage. It can also block post-exploit activity, such as the download of malware or the attempt to run malware on endpoints.

Protect Your Organization from Zero-Days with Cortex XDR
Cortex XDR, the industry’s first extended detection and response platform, spans all data sources to stop modern attacks. Delivering best-in-class endpoint protection, AI-driven threat detection, and an enterprise-ready console for investigations, Cortex XDR keeps organizations safe from threats, including zero-day attacks.

The Cortex XDR agent offers a complete prevention stack, starting with the broadest set of exploit protection modules available to block the exploits that lead to malware infections. A powerful Java deserialization exploit protection module blocks exploits like Log4Shell and SpringShell while other modules block exploit attempts and evasive techniques, including buffer overflows, remote code, execution, protocol fragmentation, obfuscation, and more.

Cortex XDR is complemented by partner-delivered managed services as well as Palo Alto Networks Unit 42 services for managed threat hunting and incident response. Stay tuned for coming new expansions to both Cortex XDR and Unit 42 managed services that will be featured at Black Hat USA 2022.

Sustaining Partners