Network Security, Cloud Security, Threat Management

Palo Alto launches unified tool to take the heat off SOC analysts

Individuals work at a network operations center at the LightEdge Solutions company on October 15, 2019 in Altoona, Iowa. A new tool from Palo Alto released a tool to help analysts working in security operations center focus on high priority efforts. (Photo by Joe Raedle/Getty Images)

Individuals work at a network operations center at the LightEdge Solutions company on October 15, 2019 in Altoona, Iowa. A new tool from Palo Alto released a tool to help analysts working in security operations center focus on high priority efforts. (Photo by Joe Raedle/Getty Images)

Palo Alto Networks on Wednesday announced the general availability of its Cortex Extended Security Intelligence and Automation Management (XSIAM) platform, which leverages automation to unify cloud and on-premises security monitoring, analytics, and operations.

The promise of better tools for security operations center (SOC) analysts has been longstanding, and Palo Alto claims that on average, a Cortex-powered SOC detects threats in 10 seconds and responds to high-priority threats in one minute, with an 80% reduction in alerts that SOC analysts need to review.

Cortext XSIAM has been already made available to a number of top organizations spanning healthcare, design and manufacturing, technology, the public sector and entertainment industries. Many of these organizations are overwhelmed by alert volumes and false positive, as well as lack of visibility across all parts of the organization, including on-premises and the cloud.

“We want to give our customers a new approach to SOC operations with a focus on results, efficiency and productivity," said Lee Klarich, chief product officer, Palo Alto Networks. "Cortex XSIAM establishes an autonomous SOC where organizations can respond to threats in a fraction of the time it takes today, and analysts can focus on the highest priority incidents. The SOC of the future will be built on AI and automation — any other approach is destined for failure."

Jon Oltsik, a senior principal analyst and ESG Fellow, said XSIAM creates a central data model for what have been traditionally different data sets: logs, EDR and NDR data, and threat intelligence data. It integrates SOC components like XDR, SOAR, SIEM, and TIP to unify the analyst experience, and also ramps up the use case for advanced analytics,  said Oltsik

“Basically, Palo Alto Networks looked at all the demands for SOC modernization and designed an integrated architecture for this purpose,” Oltsik said.  “It’s not complete yet but it is a step in the right direction.”

Frank Dickson, who covers security and trust at IDC, said that automation has become a “nonnegotiable” as it can enable conviction at scale. With its Cortex XSIAM, Dickson said Palo Alto looks to apply an autonomous security operations platform approach to its eXtended detection and response solution set to reduce the burden on security professionals. “The offering is actual product Palo Alto has been able to demonstrate in its own SOC,” added Dickson.

Related

Attacks against SAP apps on the rise

SecurityWeek reports that SAP systems have been subjected to a 400% increase in ransomware attacks during the last three years, while hacker forum conversations regarding SAP vulnerabilities and SAP-specific cloud and web services rose by 490% and 220%, respectively, over the same period.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.