Palo Alto Networks Adds MDR Service to Augment Security Teams
Palo Alto Networks today added a managed detection and response (MDR) service to its portfolio that will be delivered via its Unit 42 research and cybersecurity services team.
Wendi Whitmore, senior vice president for Unit 42 at Palo Alto Networks, said the goal is to augment organizations that are struggling to fill cybersecurity positions by using Unit 42’s expertise—since that arm of the company focuses on security vulnerability research.
The Unit 42 Managed Detection and Response service provides 24/7 threat detection, investigation and response in real-time using Palo Alto Networks’ Cortex extended detection and response (XDR) platform. The Unit 42 service adds a mix of proprietary processes, infrastructure and detection, response and threat hunting capabilities using the security intelligence it gathers, Whitmore explained. Unit 42 personnel will also provide periodic health checks of an organization’s security posture along with detailed recommendations on policy changes.
The rollout of Palo Alto Networks’ MDR service comes at a time when many organizations are reevaluating their cybersecurity strategies with an eye toward relying more on both cloud services and external expertise. The shift to the cloud presents an opportunity to consolidate cybersecurity vendors as capabilities previously provided by a small army of vendors increasingly become features of a larger set of integrated cloud services.
In many cases, however, organizations still lack the expertise required to manage such a diverse range of capabilities; interest in relying on managed security services continues to steadily increase.
It’s not clear what percentage of security technologies will be consumed as a service in the years ahead, but the days when security operations teams deployed and integrated security platforms on their own are coming to an end. It’s simply easier to invoke a set of cloud services to secure today’s highly distributed computing environments now that most employees are working from home more frequently in the wake of the COVID-19 pandemic.
The debate then becomes whether to rely on platforms and services provided by a single vendor versus relying on managed services provided by services firms that integrated multiple third-party products into a single offering. The crux of that debate comes down to whether an organization prefers best-of-breed offerings from multiple vendors over a single platform from a vendor that claims to provide equivalent capabilities. Over time, the need to apply artificial intelligence (AI) models to cybersecurity will also drive more organizations toward relying on cloud services provided by a single vendor.
Regardless of approach, organizations will also soon find themselves navigating a wave of mergers and acquisitions across the security sector as the economy continues to contract. Many of the startups that emerged in recent years are likely to be acquired. Cybersecurity teams that employed those offerings will then have to evaluate to what degree they will want to continue to rely on those platforms once they are assimilated into a larger entity.
In the meantime, the shift to the cloud is transforming security operations in a way that enables organizations to focus more of their efforts on defining and applying cybersecurity policies rather than managing security infrastructure.
