Palo Alto debuts Unit 42 team for managed detection and response

Palo Alto Networks this week announced the immediate availability of Unit 42 Managed Detection and Response (MDR), a service providing on-call cybersecurity specialists to track and respond to security threats in real time.

The idea is to back Palo Alto’s existing automated Cortex extended detection and response (XDR) platform with human expertise, dedicating members of the company’s threat response team and others to minimizing unnecessary alerts and prioritizing those from serious threats. It’s a response, the company said in a statement, to an increasingly advanced and complicated threat environment—as well as an in-house security landscape that, in many cases, hasn’t matured to match.

It’s the lack of cutting-edge expertise that makes security a particular challenge for so many organizations, noted Palo Alto senior vice president Wendi Whitmore in the statement.

“As cyberattacks continue to rise, many organizations are being asked to handle advanced threats with limited resources and without the right expertise,” she said. “This will not lead to good results.”

Unit42 MDR offers continuous monitoring

The core part of the offering is continuous monitoring and response—Palo Alto’s experts keep watch on events and alerts around the clock, using the company’s in-house processes and infrastructure to detect and respond to potential threats more quickly and accurately.

Palo Alto also provides, as part of the Unit 42 MDR service, what it calls proactive threat hunting—leveraging the security firm’s institutional knowledge and XDR technology to check client environments for complex threats. Finally, Unit 42 also conducts periodic spot checks on clients, basing recommendations for changes in security posture and policy on the company’s expertise in preventing attacks.

XDR, according to Gartner’s latest market report and definition for the technology, is a SaaS-based tool that unifies the management of multiple security functions into front-end system for unified analysis and smooth operation, tying firewalls, endpoint protection, network intrusion protection, secure email, and the like.

The market is relatively immature, Gartner’s report said, and carries the risk of vendor lock-in—putting one company in overall charge of a business’ entire security posture, is not without risk—but the analyst firm lauded the possibility of a more effective and integrated threat response system, due in part to precisely the same factors cited by Palo Alto in announcing Unit 42: the difficulty of finding and retaining in-house security talent, as well as the difficulty of integrating protection methods against a multitude of modern threats.

“Mainstream organizations are often overwhelmed by the intersectionality of these two problems,” the report said.