Palo Alto Networks | Cortex XDR | White Paper 1 CORTEX XDR Breaking the Security Silos for Detecon and Response Security teams face a dizzying array of threats, from ransomware and cyberespionage to fileless aacks and damaging data breaches. However, the biggest headache for many security analysts is not the endless number of risks that dominate news headlines but the frustrang, repeve tasks they must perform every day as they triage incidents and aempt to while down an end- less backlog of alerts. This paper describes the thorniest challenges security analysts confront, including a deluge of alerts and complex invesgaon processes that can overwhelm even the most mature security operaons centers. It then proposes a framework to tackle every stage of security operaons with Cortex XDR™ for detecon and response. As the specters of malware, targeted aacks, and insider abuse connually escalate, tools like Cortex XDR can be your secret weapon to eliminate threats and simplify operaons.
9
Embed
CORTEX XDR - Exclusive Networks · Security teams face a dizzying array of threats, from ransomware and cyberespionagetofilelessattacksanddamagingdatabreaches.However,the...
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Palo Alto Networks | Cortex XDR | White Paper 1
CORTEX XDRBreaking the Security Silos for Detection and Response
Security teams face a dizzying array of threats, from ransomware and cyberespionagetofilelessattacksanddamagingdatabreaches.However,thebiggestheadacheformanysecurityanalystsisnottheendlessnumberofrisksthatdominatenewsheadlinesbutthefrustrating,repetitivetaskstheymustperformeverydayastheytriageincidentsandattempttowhittledownanend-lessbacklogofalerts. Thispaperdescribesthethorniestchallengessecurityanalystsconfront,includingadelugeofalertsandcomplexinvestigationprocessesthatcanoverwhelmeventhemostmaturesecurityoperationscenters.ItthenproposesaframeworktotackleeverystageofsecurityoperationswithCortexXDR™fordetectionandresponse.Asthespectersofmalware,targetedattacks,andinsiderabusecontinuallyescalate,toolslikeCortexXDRcanbeyoursecretweapontoeliminatethreatsandsimplifyoperations.
Palo Alto Networks | Cortex XDR | White Paper 2
Analysts Under SiegeSecurityteamstodayfacetwodauntingchallenges:acontinualbarrageofattacksandanendlessseaofalerts.Securityteamsknowthreatactorscanlaunchanunlimitednumberofattacks,consequence-free,untilonesucceeds.Toreducethepossibilityofanintrusion,teamstypicallydeploymultiplelayersofsecurity,butthesetoolsgenerateamassivenumberofalerts—174,000alertsperweekonaverage.1
Looking for Threats in All the Wrong PlacesTherisingtideofattackshasconvincedorganizationsofallsizestoembracedetectionandresponse.Toaddressthisnew-founddemand,theITsecurityindustryhasintroducedaslewofsiloedtools,suchasendpointdetectionandresponse(EDR),networktrafficanalysis(NTA),anduserandentitybehavioranalytics(UEBA).However,thesetoolsprovideanarrowviewofactivityandrequireyearsofspecialistexperiencetooperate.
Cortex XDR Detection and ResponseCortexXDRistheworld’sfirstcloud-baseddetectionandresponseappthatnativelyintegratesnetwork,endpoint,andclouddatatostopsophisticatedattacks.CortexXDRhasbeendesignedfromthegrounduptohelporganizationslikeyourssecureyourdigitalassetsanduserswhilesimplifyingoperations.Usingbehavioralanalytics,itidentifiesunknownandhighlyevasivethreatstargetingyournetwork.MachinelearningandAImodelsuncoverthreatsfromanysource,includingmanagedandunmanageddevices.
What Is NeededAnewapproachisrequiredtosolvetoday’ssecurityoperationschallenges—onethatwilleaseeverystageofsecurityoperations,fromdetectionandthreathuntingtotriage,investigation,andresponse.Thisnewapproachrequiresthefollowingthreeintegratedcapabilities,workingtogethertolowerriskandsimplifyoperations.
• Great threat prevention:Greatpreventionallowsyoutostopeverythingyoucan—themorethan99%ofattacksthatcanbeblockedautomaticallyinrealornear-realtime—withoutmanualverification.Youneedconsistent,coordinatedpreventionacrossallyourdigitalassets.
• AI and machine learning:Withthegrowingamountofdatabeingcol-lected,youranalystsshouldn’tbeforcedtomanuallyanalyzeorcorrelatedatatoidentifythreats.Youneedmachinelearningandanalyticstolearntheuniquecharacteristicsofyourorganizationandformabaselineofexpectedbehaviortodetectsophisticatedattacks.
Figure 3: Analysis of data from multiple sources by Cortex XDR
Cortex XDR Protects You at Every Stage of Security OperationsAttackerscontinuallyinnovate.Tooutpacethem,securityteamsmustimplementarepeatableprocesstoproactivelyblockattackswithbest-in-classpreventionandtodiscoverandstopactivethreats.CortexXDRgivesyouthetoolstoaccomplishfouriterativesteps:
Achieve Closed-Loop Prevention, Detection, and Response with Cortex XDR
Prevent Known and Unknown Threats While Gaining Complete VisibilityIroncladsecuritystartswithgreatprevention.Tothisend,allCortexXDRsubscriptionsincludeTrapsforendpointprotectionandresponse,offeringyouthebestendpointsecurityavailable.Trapsisalightweightagentthatautomaticallyblocksmalware,exploits,andfilelessattackswhilesimultaneouslycollectingeventdataforCortexXDR.
Automatically Detect Attacks with Behavioral Analytics and AI CortexXDRuncoversstealthyattacksusinganalyticsandmachinelearning,allowingyourteamtofocusonthethreatsthatmatter.CortexXDRstartsbyanalyzingrichdatagatheredacrossthePaloAltoNetworksplatform,providingyoucompletevisibilityandeliminatingblindspots.Itstitchestogetherdatacollectedfromyournetwork,endpoints,andcloudassetstoaccuratelydetectattacksandsimplifyinvestigations.
Figure 5: Automatic discovery of anomalies indicative of malware, targeted attacks, and insider abuse
Threat Hunting and IoC SearchingThreathuntingplaysavitalroleinsecurityoperations,whetheranalystsareperforminganindependentsearchorexpandingfromaninvestigation.Withsearchqueries,yourteamcanuncoversuspiciousactivitybysearchingforspecifichosts,files,processes,registryupdates,networkconnections,andmore.Queriescanbeprecise,suchas,“Whatarethechangesmadetoaspecificfilebyaspecificprocessonahost?”oropenended,suchas“Showmealltheprocessesrunninginthedomain.”Yoursecurityteamcansearch,schedule,andsavequeriesascustomrules.
Data Inspected by Cortex XDR CortexXDRanalyzesprotocol-levelmetadataintrafficlogs,enhancedapplicationlogs,andthreatlogscollectedbyPaloAltoNetworksNGFWs,VM-SeriesvirtualizedNGFWs,andGlobalProtect™cloudservice.ItalsoexaminesendpointdatafromTraps.Bybuildingaprofilebasedonmorethan1,000dimensionsofbehavior,includingfrequencyofconnections,sourceanddestinationoftraffic,protocolsused,andmore,CortexXDRcanlearntheexpectedbehaviorofusersanddevices.CortexXDRalsomonitorsinternaltrafficaswellasoutboundtrafficfromclientsandserverstotheinternet.
Figure 7: Find the root cause of any alert, including network and cloud security alerts
Palo Alto Networks | Cortex XDR | White Paper 8
Apply Knowledge Gained from InvestigationsWithCortexXDR,yourteamcanapplyknowledgefromeachinvestigationtoreduceyourattacksurfaceandstreamlinefutureinvestigations,transformingyoursecurityposturefromreactivetoproactive.
• Root cause analysis view:Aunique,patentedanalysisenginecontinuouslyreviewsbillionsofeventstoidentifythechainofeventsbehindeverythreat.Itvisualizestheattacksequencebacktotherootcauseandprovidesessentialdetailsabouteachelementinthesequence,makingcomplexattackseasytounderstand.Youranalystscaninstantlyseewhichendpointprocesseswereresponsiblefornetworkorcloudsecurityalertswithoutmanuallycorrelatingeventsorpivotingbetweenconsoles.
Respond and Adapt to ThreatsOnceyouidentifythreats,youneedtocontainthemquickly.CortexXDRletsyoursecurityteaminstantlyeliminatenetwork,endpoint,andcloudthreatsfromoneconsole.Yourteamcanquicklystopthespreadofmalware,restrictnetworkactivitytoandfromdevices,andupdatethreatpreventionlists,suchasbaddomains,throughtightintegrationwithenforcementpoints.
The Silver Lining of Cloud DeploymentAsacloud-basedapp,CortexXDReliminatestheneedtodeployadditionalon-premisessoftwareorhardware.ItusesyourexistingPaloAltoNetworksproductsassensorsandenforcementpoints,streamliningdeploymentandmanagement.ThedatacollectedfromyourPaloAltoNetworksinfrastructureisstoredinCortexDataLake,ascalable,cloud-baseddatarepository.CortexDataLakedeliversefficientlogstoragethatscalestohandlethelargevolumeofdataneededfordetectionandresponse.YoucanquicklydeployCortexXDRandCortexDataLake,avoidingthetime-consumingprocessofsettingupnewequipment.