Palo Alto Networks unveils Cortex XSIAM 3.0 with AI upgrades

Palo Alto Networks has introduced Cortex XSIAM 3.0, which expands the capabilities of its security operations platform to include proactive exposure management and advanced email security.
Cortex XSIAM 3.0 aims to move beyond traditional reactive security approaches, offering features such as AI-driven exposure prioritisation and automated remediation that claim to reduce vulnerability noise by up to 99%. The platform is designed to provide consolidated risk visibility across network, endpoint and cloud environments, with integration options for external third-party data sources.
The update also brings enhancements in email security, including large language model (LLM)-powered threat detection, improved incident response workflows, and the ability to automate the removal of malicious emails and isolating of compromised endpoints. The company describes these additions as a response to the changing dynamics of the cybersecurity landscape, which increasingly demands both preventive measures and rapid incident handling within organisations.
Palo Alto Networks stated that Cortex XSIAM has surpassed USD $1 billion in cumulative bookings in the second quarter of the 2025 financial year, making it the company's fastest product to reach this threshold. The platform, first launched three years ago, has been positioned by the company as a central tool for normalising and consolidating cybersecurity data to power analytics and automation without the need for multiple point solutions.
The company recently expanded its cloud security capabilities through the launch of Cortex Cloud, integrating its Cloud Native Application Protection Platform (CNAPP) and Cloud Detection and Response (CDR) features onto the Cortex platform. According to Palo Alto Networks, new features in Cortex XSIAM 3.0 are targeted at addressing a total addressable market in security operations and email and vulnerability management valued at USD $37 billion.
Gonen Fink, Senior Vice President of Products, Cortex at Palo Alto Networks, commented on the product release: "Cortex XSIAM harnesses the power of the world's largest and most comprehensive set of security data to transform our customers' ability to rapidly counter evolving attacks with advanced AI and automation. This expansion of our groundbreaking SecOps platform merges best-in-class reactive with proactive security measures, allowing customers to achieve unprecedented risk reduction across their entire enterprise, from code to cloud to SOC."
The Cortex Exposure Management module is built to deliver a unified view of all exposures by collating data from network, endpoint and cloud scanners, as well as from third-party sources. AI algorithms are employed to prioritise vulnerabilities based on exploitation risk rather than solely on compliance requirements, aiming to eliminate false alarms and focus remediation on threats deemed most urgent.
The platform's automation capabilities are intended to implement new security controls for critical risks across native and integrated security tools, with automated playbooks designed to orchestrate and execute response actions, reducing manual workload and aiming to prevent future incidents.
The Advanced Email Security component is designed to strengthen defences against sophisticated phishing campaigns and other email-based threats, leveraging analytics that identify attacker intent and continuously adapt to emerging tactics. Automated response features include real-time removal of harmful messages, disabling of compromised accounts, and endpoint isolation within existing security workflows. The email module also correlates data across email, identity, endpoint, and cloud sources to provide a holistic view of incident paths for enhanced response measures.
Chris DeBrunner, Vice President of Security Operations at CBTS, said: "The transition to Cortex XSIAM has transformed our SOC operations at CBTS. Previously, we struggled with alert fatigue due to multi-console complexity, multiple data sources, disparate vendors, and labour-intensive tasks. With the consolidation of major security capabilities into one platform, we have achieved remarkable efficiencies. Our incident close-out rate has reached 100%, and we have significantly reduced our median time to resolution (MTTR) from days to, in some cases, seconds. The automation provided by XSIAM has been crucial in managing the alert overwhelm we faced, making our team more effective and less error-prone."
Chase Hymel, Chief Information Security Officer for the State of Louisiana, added: "Discovering the capabilities of Cortex XSIAM was a game-changer for the State of Louisiana. It's helped us to modernise our security infrastructure and set an example for other states to follow. By adopting XSIAM, we have significantly improved threat visibility and response effectiveness. Cortex XSIAM has allowed us to consolidate our security tools into one integrated platform, enhancing our security operations and protecting citizen data effectively. We have reduced MTTR from over 24 hours to under two minutes and automated the resolution of 86% of incidents."
Cortex XSIAM 3.0's Exposure Management and Advanced Email Security offerings are scheduled for general availability to customers worldwide in the final quarter of the 2025 financial year.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Scoop

5 hours ago

• Scoop

When Good Data Gets Buried In Uncertainty. And Inflation Is Eye-watering To Look Through

Escalating conflict in the Middle East is likely to dominate market moves for the foreseeable future as the data flow slows and tensions intensify. As expected, last week the Fed and BoE left monetary policy settings unchanged with both central banks both noting they are still assessing the impact of tariffs on growth and inflation. Meanwhile at home we saw Kiwi growth outpace expectations over Q1. Our COTW looks at the increase in inflationary pressures stemming from offshore. Food prices are up 4.4%, and oil prices are heading higher. Here's our take on current events Conflict in the Middle East intensified over the weekend as the US launched strikes on three nuclear sites in Iran. And with geopolitical tensions running high, investors continue to move towards safe haven assets. Reclaiming it's tested safe-haven status the USD has regained strength seeing the Kiwi dollar trading back below 60c. Meanwhile, oil prices, already a leg higher last week, will likely continue on a path higher as tensions persist. Especially with the situation still fluid and the potential for retaliation by Iran. Markets will be closely watching the next steps in the geopolitical landscape. Particularly around the potential closure of the Strait of Hormuz. But for now, the risk remains tilted toward further downside for the Kiwi as the risk-off sentiment continues. As the situation unfolds, we're thinking about the potential inflationary and growth impacts for the global and domestic outlook. Sustained disruption in the Middle East would likely exacerbate energy supply concerns, causing a bout of global inflationary pressures. And in today's already fragile environment, facing tariff trade disruption and an economy only just emerging from recession, a near-term rise in fuel costs would likely place additional pressure on Kiwi households and businesses, reinforcing downside risks to domestic growth. Like most things these days, we're hoping for a better outcome to play out… But we must flag the downside risks to the global and domestic outlook. Overshadowed by the conflict in the Middle East, the US Federal Reserve and the Bank of England also met last week. Both central banks left policy rates unchanged as expected, and signalled a patient approach, awaiting more clarity on the impact of tariffs on growth and inflation. Here at home, the latest GDP numbers out last week showed the pace of the economic recovery quickened over the start of 2025. Economic activity lifted 0.8% over the March quarter, slightly outpacing our expectation of 0.7% and significantly stronger than the RBNZ's 0.4% forecast. (See our full report here). It's nice to have some good news. But we're holding our horses. The economy remains 0.7% below pre-recession levels. And in the year to March 2025, the Kiwi economy shrank 1.1%. We're still crawling out of the deep hole we fell into last year. A hole which has been even deeper on a per capita basis. On a per person basis, economic activity lifted 0.5% over the quarter but remains down 1.6% over the year. Unfortunately, we may be crawling for some time longer. From here out, we're not expecting to see the same strength seen over summer period sustained. We expect that the damaging effects to growth from tariff volatility and uncertainty have already started to take effect this quarter. And we expect those headwinds to become more evident in the June quarter GDP figures. More timely economic data are already starting to point to a slowdown. Electronic card spending has softened, and both the manufacturing PMI and services PSI fell sharply back into contraction in May. Weak confidence amid economic fragility and tariff uncertainty is resulting in softening demand. And it's under these conditions that we're expecting a weaker Q2 GDP outturn than the strong prints over the summer period. Chart of the Week: Inflation is eye-watering to look through. Monetary policy makers must look through short-term volatility, even if it's eye-watering. Inflationary pressures from offshore are heating up. Food prices are up 4.4%, reflecting elevated global commodity prices. Higher prices for fruit and vegetables as well as meat drove the increase in food prices in May, up 3.6% and 1.7%, respectively. Petrol prices fell 2.7% in May, but a reversal is likely this month following the conflict in the Middle East. Global oil prices are almost 20% higher since the start of the month. Domestic inflation continues to ease, but frustrations remain. Rents for example, have cooled rapidly, rising just 0.1% over the month. Annual rental inflation is running at 2.8% - the slowest pace since January 2015. Household energy costs however are on the rise, up a chunky 2.3% over the month. The risk here is that inflation flirts with the top of the RBNZ's target band in the near-term. We had already pencilled in a move towards 2.7% this year. But it's looking like we'll see a higher peak. In saying that, downside risks dominate the medium-term. Consumer prices will come under pressure amidst slowing global demand and excess capacity in the economy. There's risk that inflation falls below the RBNZ's 2% sweet spot, which would necessitate further monetary policy support. The typical play for central bankers facing a spike in inflation is to look through it, especially if it is the result of a shock. Such is the case for the recent increase in oil prices. The impact should be temporary and an unwind likely. But as we've learnt from the RBNZ's last meeting, there's nervousness around rising inflation expectations. Using Scoop for work? Scoop is free for personal use, but you'll need a licence for work use. This is part of our Ethical Paywall and how we fund Scoop. Join today with plans starting from less than $3 per week, plus gain access to exclusive Pro features. Join Pro Individual Find out more

Techday NZ

7 hours ago

• Techday NZ

High-performance tech framework attracts global police sector

A workplace performance framework developed in New Zealand using research into the psychological breaking points of elite athletes is attracting interest from police and defence sectors in North America and the UK. Vantaset, established by performance specialist Craig Steel, has created a platform-as-a-service (PaaS) aimed at improving workplace productivity through methods first engineered for elite athletic performance. Steel's team includes a former All Blacks manager and two Olympians. The company's approach has prompted contract signings with World Policing in the UK, which provides technical and governance advice to thousands of police forces worldwide, and an international consulting firm that advises government security and law enforcement agencies across Europe and North America, including the FBI. This move comes after the deployment of the technology in over 100 New Zealand organisations, including the NZ Police. The transformation project within the NZ Police was previously described by international consultants as one of the most successful government sector transformations in history, resulting in heightened staff engagement, greater public trust, and a reported reduction in crime by over 20%. International interest Steel says discussions are ongoing with police chiefs and defence experts in North America who have indicated a need to address significant challenges in staff engagement and retention. The Vantaset system, which took seven years and USD $7 million to develop, is now under consideration for pilot trials in these regions. "They told us this was the most promising process they've seen to address what they describe as a leadership and engagement crisis affecting critical agencies globally, so piloting the process is the logical next step in demonstrating its effectiveness in this environment." According to Bernard Rix, Chairman of World Policing, Vantaset's proven track record in New Zealand was a key factor in establishing the partnership. "Given the demonstrable impact Vantaset's technology had on New Zealand Police, we're confident it can be implemented in other law enforcement agencies around the world to help them improve the performance of their respective forces, which is why we've partnered with them." Origins in sport Steel's original research focused on 'athlete capitulation' — the psychological moment an athlete fails under pressure. By analysing and reverse-engineering this breakdown, he created a framework responsible for more than 20 World Cup and equivalent titles for New Zealand athletes and allowed personal bests to be delivered on demand in high-pressure environments. Quantitatively, the framework enabled New Zealand athletes to achieve personal bests 87% of the time at Tier 1 events, compared to the international average of 8-10%. Steel commented on the wider impact of the approach: "What began as a system for world-class athletes is now changing the way organisations develop and engage their workforce," says Steel. "We're focused on helping organisations, including the Police, improve the impact and effectiveness of their staff as their personal performance is vital to the nations they represent." Adapting for organisations Team members, such as Olympians Moss Burmester and advisor Anthony Moss, are now supporting the transition of high-performance sporting principles into broader workplace environments, including government agencies and corporate boardrooms. Steel adds that organisations' typical risk-averse cultures can restrict innovation: "Our work began with high-performance sport. But when we were invited to trial it in business, the results were just as transformative." He said the platform codifies elite performance in a way that enables consistent support across all organisational levels. "It's about unlocking the potential that already exists in their business as opposed to just trying to mitigate its risks, which crushes innovation. "In elite sport, the goal is never to avoid failure, it's to produce something exceptional. But in the business world, most performance management systems are built to manage issues when they occur rather than amplifying the organisation's capacity to perform," he says. Steel describes Vantaset's digital platform as a tool for large-scale adoption of high-performance principles. "What we've done is build a high-performance operating system that organisations can scale across their entire workforce so they can embed a proven way of working that brings out the best in everyone. The focus isn't on minimising mistakes, it's on helping people be the most effective versions of themselves, as that's what drives growth and improvement." Over 30,000 employees have used Steel's framework so far. The company is now targeting an expansion into other Five Eyes nations, including the United States, Australia, Canada, and the United Kingdom. Strategic distribution To facilitate international growth, Vantaset is engaging with consulting partners capable of distributing the system into both public and private sectors. Steel said Five Eyes countries were prioritised due to national security and trust considerations. "We've chosen to focus on the Five Eyes nations because we recognise that when it comes to working with defence forces and critical government agencies, trust and national security considerations are paramount. "If we were to work with non-aligned or competing jurisdictions, it could close doors to the agencies in the nations we're best positioned to support. This strategic alignment should ensure our eligibility to work with the most sensitive public sector environments, where human performance is most vital." The Vantaset platform is now being positioned for broader global uptake with ongoing dialogue involving international consulting firms and law enforcement agencies.

Techday NZ

3 days ago

• Techday NZ

Exclusive: Logistics firms face rising OT cyber threats amid global tensions

Cyber attackers are increasingly targeting logistics and supply chain networks, aiming to destabilise nations and gain strategic leverage without ever crossing a border. According to Leon Poggioli, ANZ Regional Director at Claroty, the recent cyber espionage affecting logistics firms supporting Ukraine is not an isolated trend but part of a broader pattern. "There's two key reasons nation states do this," he explained during a recent interview with TechDay. "One is to disrupt the other nation's defences, and the other is to put political pressure on the general public by interfering with their supply chains." These attacks frequently target operational technology (OT) systems - the core infrastructure behind physical processes in logistics, energy, manufacturing and healthcare. Poggioli said attackers exploit connectivity in these environments to carry out sabotage remotely. "A lot of these environments have some kind of external connectivity, so that gives an attacker an ability to remotely trigger a cyber attack and disrupt those supply chains." In some cases, tactics have extended to disrupting weapons infrastructure, such as drones. "When one nation uses drones, the other will defend itself by trying to jam signals and disrupt that infrastructure," he explained. Compared to IT systems, OT vulnerabilities can be far more complex and risky to remediate. Poggioli noted that in OT, even small changes can impact safety and operations. "In the IT world, it's easy to push patches out," he said. "In OT, even a minor change can disrupt operations, so remediation needs to be more targeted." Claroty's platform is built to help organisations quickly cut through large volumes of vulnerability data to find what really matters. "A site may have 1,000 vulnerabilities, but we can whittle that down to the five that make the most impact," he said. "That becomes a manageable number that a cyber leader and OT asset manager can act on within weeks." Recent data from Claroty's global survey of cybersecurity professionals reinforces the growing financial and operational risks posed by cyber attacks on cyber-physical systems (CPS). Nearly half of respondents (45%) reported financial impacts of $500,000 USD or more from such attacks in the past year, with over a quarter suffering losses of at least $1 million. These costs were largely driven by lost revenue, recovery expenses, and employee overtime. "It's a growing concern across multiple sectors, particularly in chemical manufacturing, energy, and mining – more than half of organisations in those sectors reported losses over half a million dollars," Poggioli said. Ransomware remains a major burden, especially in sectors like healthcare where 78% of organisations reported paying over $500,000 to regain access to encrypted systems. "These are real costs, not theoretical risks," he added. "And they're rising." Operational downtime is also widespread. Nearly half of global respondents experienced more than 12 hours of downtime following an attack, with one-third suffering outages lasting a full day or more. "When operations halt, the financial and reputational damage mounts quickly," Poggioli said. He added that one of the most pressing vulnerabilities is the level of remote access in these environments. "We're seeing around 45% of CPS assets connected to the internet," he said. "Most of that is done through VPNs that were never built for OT security." Third-party access is another growing concern, with 82% of respondents saying at least one cyber attack in the past year came through a supplier. Nearly half said five or more attacks stemmed from third-party connections, yet 63% admit they don't fully understand how these third parties are connected to their CPS environment. Poggioli pointed to this as a critical blind spot. "Legacy access methods and poor visibility are allowing attackers in through the back door," he said. Even more concerning is the risk from insiders. "You want to be able to trust your team, but someone with inside knowledge can do more damage than an external attacker," Poggioli said. "Even air-gapped environments need constant monitoring." A cyber attack on Denmark's power grid in 2023 served as a wake-up call. "One operator didn't even know they had the vulnerable firewall in their system," he said. "That's why visibility is so important. You can't secure what you don't know exists." While preparedness across the logistics sector varies, Poggioli believes the industry is slowly recognising the strategic value of cybersecurity. "It's going to become a point of competitive advantage," he said. "Customers are going to start asking serious questions about cyber security and supply chain integrity." He drew a sharp distinction between cyber criminals and state-backed actors. "Cyber criminals want fast financial gain, but nation states are more focused on political objectives," he said. "They have better resources and longer timelines. That changes the game." Poggioli warned that just because no incident has occurred doesn't mean attackers aren't already embedded in critical networks. "There's growing evidence of adversaries nesting in these systems," he said. "My hypothesis is they're preparing for future conflict. If war breaks out, they're already in position to strike." For logistics firms looking to strengthen their defences, Poggioli said the first step is basic visibility. "Most people I speak to admit they don't know 100% what's out there or how it's connected," he said. "Start with an asset inventory. Once you have that, you can start risk modelling and reduce exposure." There are signs that resilience strategies are making a difference. According to the Claroty report, 56% of professionals now feel more confident in their CPS systems' ability to withstand cyber attacks than they did a year ago, and 72% expect measurable improvements in the next 12 months. Still, Poggioli said complacency is not an option. "If you don't know how big the problem is, you won't know how to solve it," he said. "Once you understand the risks, you can act to protect your operations and show the business the value of cyber security."