Identity-driven attacks, which target user credentials to access confidential data and systems, are one of the most common methods cyber criminals use to breach organizations’ networks. For example, in recent years Lapsus$ Group has used privileged user credentials to attack multiple government agencies, as well as multiple large technology companies.
“Today, customers who want to detect identity-related attacks must deploy multiple tools – UEBA, Insider Risk Management, endpoint-based ITDR, etc. – each providing a partial view into user activities, " said Gonen Fink, senior vice president, Cortex Products at Palo Alto Networks. "Such disjointed approaches result in poor security outcomes, alert overload, and time wasted on triage. With the addition of ITDR, the XSIAM platform now integrates all identity data sources into a single security data foundation spanning endpoints, networks and cloud. This allows our customers to run comprehensive AI-driven threat detection to protect against stealthy identity-driven attacks.”
The ITDR module ingests and integrates user behavior data, such as what times an employee typically works, and which applications and data they usually access. It processes data from a variety of sources, including authentication services, endpoint logs, cloud identity data, email and HR data, as well as network, OS, and custom sources. The built-in AI models can then be trained to flag suspicious activity based on irregular user behavior, getting ahead of prominent insider risks such as configuration manipulation, file manipulation, modification of permissions.
In addition to yielding stronger security outcomes, the addition of ITDR to Cortex XSIAM further reduces complexity in the SOC by tightly integrating identity analytics into a unified SOC platform. Cortex XSIAM already natively integrates security information and event management (SIEM), endpoint detection and response (EDR), network detection and response (NDR), security, orchestration and response (SOAR), Threat Intelligence Management (TIM) and Attack Surface management (ASM) capabilities, replacing the need for multiple point solutions.
“The ability to process large amounts of data and handle potential threats in real-time has become a major problem as the cybersecurity landscape has evolved,” said Michael Kearns, CISO of Nebraska Methodist Health System. “The integration of AI and automation has become an absolute must for organizations to keep up with growing threats to ensure they can proactively and effectively mitigate cyber risks. Palo Alto Networks is the gold standard for innovation, which is why their AI and automation capabilities from Cortex are the powering force behind our security operations.”