Palo Alto Networks unveils Cortex XSIAM 3.0 with AI upgrades

Palo Alto Networks has introduced Cortex XSIAM 3.0, which expands the capabilities of its security operations platform to include proactive exposure management and advanced email security.

Cortex XSIAM 3.0 aims to move beyond traditional reactive security approaches, offering features such as AI-driven exposure prioritisation and automated remediation that claim to reduce vulnerability noise by up to 99%. The platform is designed to provide consolidated risk visibility across network, endpoint and cloud environments, with integration options for external third-party data sources.

The update also brings enhancements in email security, including large language model (LLM)-powered threat detection, improved incident response workflows, and the ability to automate the removal of malicious emails and isolating of compromised endpoints. The company describes these additions as a response to the changing dynamics of the cybersecurity landscape, which increasingly demands both preventive measures and rapid incident handling within organisations.

Palo Alto Networks stated that Cortex XSIAM has surpassed USD $1 billion in cumulative bookings in the second quarter of the 2025 financial year, making it the company's fastest product to reach this threshold. The platform, first launched three years ago, has been positioned by the company as a central tool for normalising and consolidating cybersecurity data to power analytics and automation without the need for multiple point solutions.

The company recently expanded its cloud security capabilities through the launch of Cortex Cloud, integrating its Cloud Native Application Protection Platform (CNAPP) and Cloud Detection and Response (CDR) features onto the Cortex platform. According to Palo Alto Networks, new features in Cortex XSIAM 3.0 are targeted at addressing a total addressable market in security operations and email and vulnerability management valued at USD $37 billion.

Gonen Fink, Senior Vice President of Products, Cortex at Palo Alto Networks, commented on the product release: "Cortex XSIAM harnesses the power of the world's largest and most comprehensive set of security data to transform our customers' ability to rapidly counter evolving attacks with advanced AI and automation. This expansion of our groundbreaking SecOps platform merges best-in-class reactive with proactive security measures, allowing customers to achieve unprecedented risk reduction across their entire enterprise, from code to cloud to SOC."

The Cortex Exposure Management module is built to deliver a unified view of all exposures by collating data from network, endpoint and cloud scanners, as well as from third-party sources. AI algorithms are employed to prioritise vulnerabilities based on exploitation risk rather than solely on compliance requirements, aiming to eliminate false alarms and focus remediation on threats deemed most urgent.

The platform's automation capabilities are intended to implement new security controls for critical risks across native and integrated security tools, with automated playbooks designed to orchestrate and execute response actions, reducing manual workload and aiming to prevent future incidents.

The Advanced Email Security component is designed to strengthen defences against sophisticated phishing campaigns and other email-based threats, leveraging analytics that identify attacker intent and continuously adapt to emerging tactics. Automated response features include real-time removal of harmful messages, disabling of compromised accounts, and endpoint isolation within existing security workflows. The email module also correlates data across email, identity, endpoint, and cloud sources to provide a holistic view of incident paths for enhanced response measures.

Chris DeBrunner, Vice President of Security Operations at CBTS, said: "The transition to Cortex XSIAM has transformed our SOC operations at CBTS. Previously, we struggled with alert fatigue due to multi-console complexity, multiple data sources, disparate vendors, and labour-intensive tasks. With the consolidation of major security capabilities into one platform, we have achieved remarkable efficiencies. Our incident close-out rate has reached 100%, and we have significantly reduced our median time to resolution (MTTR) from days to, in some cases, seconds. The automation provided by XSIAM has been crucial in managing the alert overwhelm we faced, making our team more effective and less error-prone."

Chase Hymel, Chief Information Security Officer for the State of Louisiana, added: "Discovering the capabilities of Cortex XSIAM was a game-changer for the State of Louisiana. It's helped us to modernise our security infrastructure and set an example for other states to follow. By adopting XSIAM, we have significantly improved threat visibility and response effectiveness. Cortex XSIAM has allowed us to consolidate our security tools into one integrated platform, enhancing our security operations and protecting citizen data effectively. We have reduced MTTR from over 24 hours to under two minutes and automated the resolution of 86% of incidents."

Cortex XSIAM 3.0's Exposure Management and Advanced Email Security offerings are scheduled for general availability to customers worldwide in the final quarter of the 2025 financial year.