Palo Alto Networks Releases Integrated SOC Platform
Palo Alto Networks today announced the general availability of Cortex XSIAM, an integrated security operations center (SOC) platform.
Rick Caccia, senior vice president of marketing for Cortex and Unit 42 services at Palo Alto Networks, said Cortex XSIAM combines a security event information management (SIEM) database with extended detection and response (XDR), user behavior analytics, attack surface management, network detection and threat intelligence tools within a single platform.
The goal is to enable cybersecurity teams to more easily maintain context as they identify and remediate threats using multiple tools, noted Caccia.
In addition, the total cost of building and maintaining a SOC decreases because security engineers no longer need to spend time integrating and maintaining a wide range of tools, he added.
Finally, Cortex XSIAM also leverages investments Palo Alto Networks has made in machine learning algorithms to augment cybersecurity teams. Over time, those algorithms will reduce the number of alerts generated because they will be able to better distinguish which events represent an actual attack rather than a false positive, said Caccia.
In effect, cybersecurity teams will be able to spend more time doing the job they were hired to do versus investigating a steady stream of false-positive alerts, noted Caccia.
In fact, Palo Alto Networks reported it has already deployed Cortex XSIAM in its own SOC where the company processes more than one trillion events per month; Cortex XSIAM now automatically handles the vast majority of them. Overall, the company claims its SOC now detects threats in 10 seconds and responds to priority threats in one minute, with an 80% reduction in alerts generated.
Organizations have the option of deploying Cortex XSIAM in the cloud or an on-premises IT environment, but Caccia noted that cloud deployments make it easier to manage the large volumes of data any SOC now processes. In addition, Cortex XSIAM is also capable of processing the telemetry data that emerging cloud-native applications generate, he added.
Over the years, many cybersecurity teams have made investments in SIEM platforms, but Caccia noted that as threats increase in volume and sophistication and the threat landscape evolves, it’s apparent there is a need for an integrated SOC platform that leverages machine learning algorithms to enable cybersecurity teams to effectively respond.
Rather than thinking in terms of algorithms augmenting cybersecurity teams, organizations should begin shifting toward an operational mindset where cybersecurity teams are augmenting platforms that identify and remediate the bulk of most threats, added Caccia. Machine learning algorithms and other forms of artificial intelligence will undoubtedly change the nature of cybersecurity jobs, but instead of millions of unfilled cybersecurity jobs, Caccia said the number of open positions will become more manageable over time. There will always be a need for well-trained cybersecurity professionals to analyze complex security events, he added.
It’s too early to say just how advances in cybersecurity automation are following the rise of machine learning algorithms and other forms of artificial intelligence. It is clear cybersecurity teams that are already overwhelmed need all the help they can get. In many cases, cybersecurity professionals will vote with their feet and go to work for organizations willing to make the investments required for them to succeed versus continuing to fight what is all too often a losing battle.
