The Cortex platform can automatically detect current security controls you may already have in place. The effectiveness of these controls is calculated without any additional effort on your part. Based on your environment's current topology and configuration, Cortex can asses the effectiveness of security controls such as Cortex XDR Agent and VM-Series NGFW (Next-Generation Firewall).
Using XDR Agent as an example, Cortex provides visibility into the efficacy of agent coverage and offers actionable steps to enhance this coverage. This is achieved by running the following checks for each vulnerability:
Is a Cortex XDR agent associated with the vulnerable asset?
Is the vulnerability associated with the asset exploitable?
Does the Cortex XDR agent have coverage for that particular exploitable vulnerability?
Is the vulnerable asset internet-exposed?
Is the vulnerable asset confirmed to be reachable from the internet by the Attack Surface Management scanner?
Is the vulnerable asset confirmed to be exploitable from the internet by the Attack Surface Testing scanner?
Is the Cortex XDR agent running the minimally required version and content release to be effective as a compensating control?
Does the agent's Exploit Protection Profile have the following settings set to Block, Report, or Disabled?
Known Vulnerable Processes Protection
Operating System Exploit Protection
Note
Auto-detection of controls is supported when certain constraints regarding topology and configuration are met. Learn more about Network Exposure Detection.
Third-party or custom security controls can also be added by manual attestation as described in the next topic.