XSIAM enables security teams to further consolidate disparate SOC products

Palo Alto Networks has launched its new Identity Threat Detection and Response (ITDR) module for Cortex® XSIAM™. ITDR enables customers to ingest user identity and behavior data and deploy state of the art AI technology to detect identity-driven attacks within seconds. The module further strengthens XSIAM’s ability to consolidate multiple security operations capabilities into a unified, AI-driven security operations center (SOC) platform.

  • 1 year ago Posted in

Identity-driven attacks, which target user credentials to access confidential data and systems, are one of the most common methods cyber criminals use to breach organizations’ networks. For example, in recent years Lapsus$ Group has used privileged user credentials to attack multiple government agencies, as well as multiple large technology companies. 

 

“Today, customers who want to detect identity-related attacks must deploy multiple tools – UEBA, Insider Risk Management, endpoint-based ITDR, etc. – each providing a partial view into user activities, " said Gonen Fink, senior vice president, Cortex Products at Palo Alto Networks. "Such disjointed approaches result in poor security outcomes, alert overload, and time wasted on triage.  With the addition of ITDR,  the XSIAM platform now integrates all identity data sources into a single security data foundation spanning endpoints, networks and cloud. This allows our customers to run  comprehensive AI-driven threat detection to protect against stealthy identity-driven attacks.”

 

 

The ITDR module ingests and integrates user behavior data, such as what times an employee typically works, and which applications and data they usually access. It processes data from a variety of sources, including authentication services, endpoint logs, cloud identity data, email and HR data, as well as network, OS, and custom sources. The built-in AI models can then be trained to flag suspicious activity based on irregular user behavior, getting ahead of  prominent insider risks such as configuration manipulation, file manipulation, modification of permissions.  

 

In addition to yielding stronger security outcomes, the addition of ITDR to Cortex XSIAM further reduces complexity in the SOC by tightly integrating identity analytics into a unified SOC platform.  Cortex XSIAM already natively integrates security information and event management (SIEM), endpoint detection and response (EDR), network detection and response (NDR), security, orchestration and response (SOAR), Threat Intelligence Management (TIM) and Attack Surface management (ASM) capabilities, replacing the need for multiple point solutions. 

 

“The ability to process large amounts of data and handle potential threats in real-time has become a major problem as the cybersecurity landscape has evolved,” said Michael Kearns, CISO of Nebraska Methodist Health System. “The integration of AI and automation has become an absolute must for organizations to keep up with growing threats to ensure they can proactively and effectively mitigate cyber risks. Palo Alto Networks is the gold standard for innovation, which is why their AI and automation capabilities from Cortex are the powering force behind our security operations.” 

On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
Falcon platform will deliver complete protection against identity-based attacks across hybrid cloud...
95% of UK businesses said they were negatively impacted by supply chain cyber breaches within the...
Acquisition of leading DSPM company will bolster Proofpoint’s human-centric security platform...
NTT DATA’s new Managed Detection & Response service powered by Palo Alto Networks Cortex XSIAM...
SPG is enhancing its cybersecurity capabilities in a new partnership with Saviynt, a leading...
Graylog has unveiled significant security advancements to drive smarter, faster, and more...
Datadog has published its new report, the State of Cloud Security 2024. The report found that...