New Palo Alto Networks security products assist with data, analytics and automation

SECURITY

Palo Alto Networks Inc. today announced new and enhanced cybersecurity products that it says will revolutionize the way data, analytics and automation are deployed by security organizations.

The first on the list are enhancements to Cortex XSIAM, an AI-driven extended security intelligence and automation management platform that turns widespread infrastructure telemetry into an intelligent data foundation. Using the data, the company says, Cortex XSIAM delivers best-in-class artificial intelligence and dramatically accelerate threat response.

Palo Alto Networks argues that the SIEM category has served security operations for many years to aggregate and analyze alerts and logs — with incremental improvement in security outcomes. As a result, security operations teams continued to bolt on new tools that promised to solve point problems, resulting in a fragmented and ineffective security architecture.

Built from the ground up, Cortex XSIAM throws that approach out the door by collecting granular data — not just logs and alerts — to drive machine learning for natively autonomous response actions. The service delivers detection of highly sophisticated emerging threats and automates remediation based on native threat intelligence and attack surface data.

Key features of XSIAM included the ability to natively ingest, normalize and integrate granular data across the security infrastructure at nearly half the list cost of legacy security products attempting to solve the problem. The service promises responses in minutes rather than days through multiple layers of AI-driven analytics. Cortex XSIAM enables continuous discovery of vulnerabilities through native attack surface management and automated responses based on integrated threat intelligence from tens of thousands of Palo Alto Networks customers.

“Organizations are still taking hours, or even days or months, to remediate threats — those are hours and days we no longer have given the speed and sophistication of attacks that are now commonplace, Nikesh Arora, chief executive officer and chairman of Palo Alto Networks, said in a statement. “This is not an area where we need an evolutionary approach. This is an area where we need a revolutionary approach.”

The second release is a new Cortex capability called Xpanse Active Attack Surface Management. Xpanse Active AMS is designed to help security teams not just actively find but also proactively fix their known and unknown internet-connected risks,

Features of Xpanse Active ASM include active discovery that refreshes its internet-scale database several times a day and uses supervised machine learning to accurately map these vulnerabilities back to an organization. This is said to assist in obtaining an outside-in view of a given network — the same view attackers have.

Xpanse Active ASM continuously processes discovery data, mapping new systems to the people responsible for each system. The service continuously analyzes and maps the streamed discovery data to understand and prioritize top risks in real-time so that customers can stay ahead of attackers by quickly closing down the riskiest exposures.

Active response in Xpanse Active ASM includes native embedded automatic remediation capabilities that use active discovery data and active learning analysis to automatically shut down exposures before they allow threats into a network.

“While the fundamental need for attack surface management hasn’t changed, the threat landscape today is much different. Organizations need an active defense system that operates faster than attackers can,” explained Matt Kraning, chief technology officer of Cortex for Palo Alto Networks. “With Xpanse Active ASM, we give defenders the ability not only to see their exposures instantly but also to shut them down automatically with no human labor required.”

Image: Palo Alto Networks