Palo Alto Networks Adds Identity Module to Integrated SOC Platform

Palo Alto Networks this week revealed it added a threat detection and response module to its Cortex extended security intelligence and automation management (XSIAM) platform that uses machine learning algorithms to surface anomalous activity based on identity and user behavior.

Gonen Fink, senior vice president for Cortex Products at Palo Alto Networks, said the module makes it possible for the platform to ingest user identity and behavior data that is then analyzed by machine learning algorithms to surface suspicious activity within seconds.

The Cortex XSIAM platform already employs machine learning algorithms within the context of a modern security information and event management (SIEM) platform that automates a range of responses across multiple types of cyberattacks. The overall goal is to rely more on machine learning algorithms to reduce the fatigue cybersecurity teams working in security operations centers (SOCs) frequently experience by making it easier to identify imminent threats as they occur.

As a unified SOC platform, Cortex XSIAM provides a SIEM as well as additional capabilities that include endpoint detection and response (EDR), network detection and response (NDR), security orchestration and response (SOAR), threat intelligence management (TIM) and attack surface management (ASM) to consolidate cybersecurity operations. The identify module extends those capabilities to include user experience and behavior analytics (UEBA) without having to acquire a completely different platform that must be managed in isolation from all the other tasks performed by SOC analysts.

Organizations of all sizes are now trying to adopt zero-trust policies that rely on identity to make sure end users are only able to access specific resources. However, when end user credentials are compromised, it’s difficult to detect unless the behavior of those end users starts to change. The Cortex XSIAM platform makes it easier to detect those behavior changes in a way that enables cybersecurity teams to combat both external and internal threats, said Fink.

That approach helps reduce the total cost of cybersecurity as more organizations consolidate the number of cybersecurity tools and platforms they need to support, he added.

Insider threats are especially a concern during uncertain economic times because employees may be illicitly accessing IT resources for any number of reasons. Companies are concerned that rogue employees leaving the company may be engaged in activities that are detrimental to the organization, noted Fink.

Regardless of the type of threat, Fink said time is always of the essence. The Cortex XSIAM platform takes advantage of machine learning algorithms to surface threats in near-real-time to enable cybersecurity teams to rapidly limit the scope of a breach, he added.

It’s not clear to what degree cybersecurity teams are taking advantage of machine learning algorithms and other forms of artificial intelligence (AI) to combat cyberattacks. However, it’s clear cybercriminals will be taking advantage of AI to launch attacks, so organizations are now locked into what amounts to an AI arms race to secure IT environments that are becoming more extended with each passing day.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 747 posts and counting.See all posts by mike-vizard