What Is Cortex Data Lake?

Sep 12, 2019
2 minutes
... views

Cortex Data Lake is an epic, scalable data infrastructure that’s capable of ingesting, learning and signaling millions of events per second. It’s the technology that enables Cortex XDR to detect and stop threats across network, cloud and endpoints, running over a dozen machine learning algorithms.

A conceptual image representing the power of Cortex Data Lake

Cortex Data Lake is the powerful backbone of the Cortex platform. The relationship between Cortex Data Lake and Cortex XDR reminds me of a joke: The president and the first lady stop at a gas station, where the first lady recognizes the owner of a gas station as an old boyfriend. The president jokes that she could have been the wife of a gas station owner, and the first lady responds, “No dear, he’d be the President of the United States!” 

What can Cortex Data Lake do?

First, Cortex Data Lake ingests your Next-Generation Firewall logs, your Traps logs, and your Prisma Access logs. It ingests data with full fidelity, with over a hundred data points per network log, including metadata from WildFire, our malware prevention service. We designed and priced the product to store all these details for future AI processing; the higher the fidelity, the more accurate your machine learning will be. No wonder we were found to deliver the broadest coverage with the fewest missed attack techniques among 10 endpoint detection and response (EDR) vendors in the recent MITRE evaluation.

What’s the point of ingesting all this data? Let’s see some of the things you can do with it:

  • Network traffic visibility: The Explore app enables network operations teams to interact with their Palo Alto Networks Next-Generation Firewall traffic via a simple web UI. 
  • SOAR: With Demisto, you can orchestrate workflows on your firewall, cloud and endpoint data across your Cortex Data Lake, Splunk and other security information and event management (SIEM) instances. We hear lots of praise for this coexistence to help customers avoid forwarding huge volumes of firewall logs to their SIEMs.
  • Feed the data into applications: We have 24 partner apps and counting. The Cortex team and our partner ecosystem are busy building new apps every day to simplify, integrate and improve security operations. 
Check out this online calculator to find out how much data your organization could store.
Learn more about how Cortex Data Lake enables AI-based innovations for cybersecurity.

Happy log forwarding!


Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.