What’s New for Cortex (July ‘25)

By 
Jul 24, 2025
6 minutes
... views
AI and Cybersecurity
Announcement
Product Features
Cortex Cloud
Cortex Email Security Module
Cortex XSIAM
Vulnerability Management

Delivering Proactive Security with the Latest Updates in Cortex (July ’25 Release)

Adversaries are using AI to move at machine speed. With our latest updates, we’re giving defenders the firepower to stop AI-fueled attacks with new innovations across the entire Cortex portfolio.

These updates reflect a clear focus: harnessing AI to deliver more proactive security, expand visibility across every environment, and streamline workflows so security teams can move faster and stop threats with confidence. Let's dive into the key innovations.

Cortex XSIAM 3.2: The AI-Powered SOC Gets Smarter

This release expands on the industry-leading capabilities of our #1 SecOps platform with new AI-powered Exposure Management and Email Security add-on modules and streamlined operational workflows.

Proactive, AI-driven Exposure Management

XSIAM’s leading protection capabilities are expanding to give you an edge against even more threats. Our AI-powered Exposure Management reduces alert fatigue by cutting vulnerability noise by up to 99%, prioritizing critical risks and automating remediation across your entire enterprise. This allows you to prioritize critical Common Vulnerabilities and Exposures (CVEs) and automate remediation across your entire enterprise, ensuring that efforts are focused on the vulnerabilities that truly matter. To learn more, visit our deep-dive blog.

Product screen of the new Exposure Management Command Center, showing security data from multiple sources being scanned to highlight critical risks.
New Exposure Management Command Center

AI-Powered Advanced Email Security

We’re introducing a new Cortex Advanced Email Security add-on module, which leverages the full power of the Cortex platform to go beyond email-centric protection. It uses advanced AI, including large language models (LLMs) and behavioral analytics, to understand true email intent and detect even the most advanced phishing and business email compromise (BEC) attacks. By correlating email threat data with identity, endpoint, and network telemetry, you’ll receive insights into everything from trending attack vectors to Automation Recommendations. Learn more about this release from our deep-dive blog.

Product screen of the new New Advanced Email Security dashboard showing trending email attack vectors and employees who are at a higher risk of falling victim to phishing.
New Advanced Email Security Trending Attack Vectors Dashboard

Improved Collaboration and Control

Cortex XSIAM 3.2 introduces new features that foster better teamwork and give you more granular control over your security environment. Ticket Synchronization integrates with systems like Jira and ServiceNow, improving coordination between security and development teams. Scope-Based Access Control (SBAC) lets you enforce corporate policies by precisely defining which users can access specific assets and what actions they can perform. And Streamlined Automation now allows you to exclude specific assets from workflows, giving you more precise control over remediation.

Product screen of the Scope-Based Access Control (SBAC) workflow, showing how access control can be automatically applied based on various factors including assets, cases, or endpoints.
Scope-Based Access Control (SBAC)

Enhanced Integration and Visibility

We're making it easier to connect your security ecosystem and gain deeper insights. The Generic Webhook Integration simplifies ingesting external data without needing custom APIs. And with Enhanced Analytics Insights, you can now view the full detection logic behind all analytics and behavioral indicators of compromise (BIOCs) directly in the console, giving you immediate clarity on why alerts were triggered.

Product screen of the Enhanced Analytics Insights dashboard showing the full detection logic behind all analytics and behavioral indicators of compromise (BIOCs).
Enhanced Analytics Insights Dashboard

ASM for XSIAM: Proactive External Risk Discovery and Investigation

New features in the ASM module for XSIAM help you proactively defend against external threats and accelerate investigations. Digital Risk Protection uncovers risks beyond your traditional assets, such as leaked credentials and brand impersonation on the open internet. To speed up response, the Global Lookup feature provides instant threat intelligence on any IP or domain, empowering your team to make faster, more informed security decisions.

Note: Cortex XSIAM 3.2 includes all features released in Cortex XDR 4.2. Customers on XSIAM 2.7 will receive upgrade guidance in the coming weeks.

Cortex XDR 3.15/4.2: Smarter AI, Stronger Endpoint Protection, and Enhanced Control

This release delivers significant advancements in AI-driven threat prevention, expands endpoint security capabilities across operating systems, and offers more flexible control over your security environment.

Deeper Endpoint Security Across All OS

This update brings enhanced protection to the core of your endpoints, no matter the operating system. We're now providing Kernel Module Examination for Linux, allowing us to detect and prevent sophisticated attacks by scanning kernel modules at load time. For Windows, we've strengthened our defense with Enhanced Driver Threat Prevention, offering unique visibility into user-to-kernel interactions to block privilege escalation. And for macOS, Network Packet Inspection enhances security and EDR telemetry by detecting and preventing malicious network activity directly from the endpoint.

Product screen of the Kernel Module Examination in Linux dashboard, showing detections of potential threats and options to take action on each alert.
Kernel Module Examination in Linux

Granular Control and Streamlined Operations

We're giving you more flexibility and control over your security infrastructure. With Flexible Control over Automatic Agent Upgrades, you can now set specific upgrade schedules for each endpoint profile. This ensures a safer, more efficient upgrade workflow that minimizes disruption while keeping your security consistently up-to-date.

Cortex XSOAR 8.11: Streamlined Automation and Integration

Cortex XSOAR 8.11 enhances your experience by focusing on streamlined automation and expanded connectivity. New features help you work faster and smarter, with advanced search capabilities allowing you to quickly find and reuse existing playbooks and scripts to save time. To ensure your most critical security automations run without a hitch, you can now clear incident queues to prevent bottlenecks. Furthermore, it's now easier than ever to bring in external data through a new generic webhook, allowing you to connect a wider range of services to XSOAR and get a more complete view of your security posture, even without a formal API integration.

Cortex Xpanse 2.10: Broader Attack Surface Coverage

The latest Xpanse release expands attack surface testing and detection capabilities to give you a more comprehensive view of your external attack surface.

Comprehensive Attack Surface Visibility and Response

The latest Cortex Xpanse release delivers value by focusing on expanded threat detection and more decisive risk management. This update significantly enhances your ability to find and stop attacks with new detection rules that proactively identify applications leaking credentials. It also broadens visibility into active threats that are already inside your network, such as ransomware and web shells. To help you prioritize what matters most and save valuable time, you can now instantly see confirmed exploits for emerging vulnerabilities within a single unified view in the Threat Response Center. This streamlined insight is complemented by new bulk action capabilities, allowing your team to manage alerts and assets more efficiently.

Product screen of the unified view of attack surface threats in the Threat Response Center of Cortex Xpanse. It shows confirmed exploits for emerging vulnerabilities within a single unified view in the Threat Response Center. This streamlined insight is complemented by new bulk action capabilities, allowing your team to manage alerts and assets more efficiently
Unified View of AST in the Threat Response Center

These are just the highlights from a feature-packed month. The July 2025 releases demonstrate a clear commitment to providing a more integrated, intelligent, and proactive security strategy. For a detailed breakdown of these enhancements, please refer to the full release notes. To learn more about these and other innovations, visit the Cortex portfolio.

Related Blogs

Announcement, News and Events, Product Features, Products and Services

Introducing XSIAM 3.0

Must-Read Articles, Product Features, Uncategorized, Use-Cases

Cortex Advanced Email Security – Built for Today’s AI Threats

Announcement, Application Security, Cloud Security, CNAPP, News and Events, Product Features, Products and Services

Introducing Cortex Cloud — The Future of Real-Time Cloud Security

Announcement, Must-Read Articles, News and Events, Product Features

What’s Next in Cortex - New Wave of Innovations in Cortex (June 2024 Release)

Announcement, News and Events, Product Features

What’s Next in Cortex — XSIAM for Cloud and Other Innovations

Announcement, Must-Read Articles, Product Features, Use-Cases

Not in My Sandbox: Save Those Deployment Tears

Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.

Get the latest news, invites to events, and threat alerts

Get the latest news, invites to events, and threat alerts