Palo Alto Networks XSIAM Platform Uses AI to Thwart Threats
Palo Alto Networks this week launched a cybersecurity platform that was developed from the ground up to take advantage of advances in artificial intelligence (AI).
Palo Alto Networks CTO Nir Zuk said extended security intelligence and automation management (XSIAM) platforms will supersede legacy security event information management (SIEM) platforms that previously used algorithms to add incremental AI capabilities to an existing platform. The goal of the Cortex XSIAM platform is to use algorithms to automate as many tasks as possible; any remaining tasks are then handled by cybersecurity professionals.
That approach doesn’t eliminate the need for cybersecurity professionals; instead, it provides a way to take better advantage of algorithms’ capabilities so that organizations can thwart threats in minutes rather than hours or even days, Zuk said.
The Cortex XSIAM platform is currently available to a limited number of customers, Zuk said. Cortex XSIAM goes beyond just collecting logs and alerts to enable machine learning algorithms to drive autonomous response actions such as cross-correlation of alerts and data, detection of highly sophisticated and emerging threats and automated remediation based on threat intelligence and attack surface data. That approach not only ingests more granular data, but Palo Alto Networks also claimed Cortex XSIAM platforms can ingest, normalize and integrate data at nearly half the list cost of legacy SIEM platforms.
Palo Alto Networks plans to make Cortex XSIAM generally available later this year. The goal is to combat threats that target a much wider enterprise IT attack surface, thanks to the rise of edge computing and the deployment of microservices-based applications, said Zuk. In fact, the current cybersecurity challenges organizations face are not so much due to advances cybercriminals are making as much as the greatly increased number of targets that need to be defended, noted Zuk. As such, cybersecurity teams are simply being overwhelmed.
It’s not clear to what degree algorithms will enable cybersecurity teams to level the current playing field. However, it is apparent there are not enough cybersecurity professionals available to meet the current threat level. It’s now more a question of the degree to which cybersecurity teams will rely on machine and deep learning algorithms to plug that gap, said Zuk.
Those AI capabilities will also accelerate a shift toward cloud-based cybersecurity platforms, added Zuk. It’s not feasible for most organizations to build the models required to embed AI capabilities within a security platform on their own, he added.
In general, Zuk said organizations should evaluate the types of algorithms being used with any security platform. Algorithms that, for example, are trained using supervised techniques to consistently identify a specific type of behavior are going to be a lot more successful than other approaches, he noted.
It may be a while before machine and deep learning algorithms are pervasively deployed to enhance cybersecurity. However, as these technologies become more accurate it’s also clear that the best and the brightest in cybersecurity won’t work for organizations that don’t make these kinds of tools and technologies available.
