Cortex XDR protects data
center endpoints such as servers and VMs against malware and exploits
on the endpoint itself, while the next-generation firewall protects
against threats that cross the network (and therefore must traverse
the firewall) to reach the endpoint. When malware or exploits are
already on an endpoint or get onto an endpoint, if the endpoint
executes the threat (for example, through an .exe or .dll file),
the firewall doesn’t see the threat because the action is on the
endpoint and no traffic crosses the firewall, so there’s nothing
for the firewall to see. However, on each endpoint, the Cortex XDR
agent sees threats in executables, macros in documents, dynamic-link
library files, and more. When these threats attempt to run, Cortex
XDR goes into action on the endpoint itself and protects the endpoint.