Palo Alto Networks Takes On Identity Attacks, Extends its Cortex XSIAM Platform with AI-driven Identity Threat Detection and Response

Published

March 7, 2023

Security teams can further combine several SOC products thanks to XSIAM.

The leading provider of cybersecurity services globally, Palo Alto Networks, announced the launch of its new Identity Threat Detection and Response (ITDR) module for Cortex XSIAM. Customers can utilize ITDR to ingest user identification and behavior data and use cutting-edge AI technologies to quickly identify identity-driven attacks. By combining several security operations capabilities into a single, AI-driven security operations center (SOC) platform, the module increases XSIAM’s capacity to do so.

One of the most popular ways for cybercriminals to enter networks inside of businesses is through identity-driven assaults, which target user credentials to get access to private data and systems. For instance, the Lapsus$ Group has recently attacked numerous significant technological corporations and government institutions using privileged user credentials.

“Today, customers who want to detect identity-related attacks must deploy multiple tools – UEBA, Insider Risk Management, endpoint-based ITDR, etc. – each providing a partial view into user activities”, “Such disjointed approaches result in poor security outcomes, alert overload, and time wasted on triage. With the addition of ITDR, the XSIAM platform now integrates all identity data sources into a single security data foundation spanning endpoints, networks and cloud. This allows our customers to run comprehensive AI-driven threat detection to protect against stealthy identity-driven attacks.”

Gonen Fink, senior vice president, Cortex Products at Palo Alto Networks

The ITDR module ingests and integrates user behavior data, including average working hours and the applications and data that employees frequently access. In addition to processing data from network, OS, and custom sources, it also processes data from authentication services, endpoint logs, cloud identity data, email, and HR data. In order to detect suspicious activity based on unusual user behavior and prevent well-known insider dangers like configuration manipulation, file manipulation, and authorization modification, built-in AI models can be trained.

Along with improving security, the integration of ITDR into Cortex XSIAM makes the SOC even simpler by tightly integrating identity analytics into a single SOC platform. Endpoint detection and response (EDR), network detection and response (NDR), security, orchestration and response (SOAR), Threat Intelligence Management (TIM), and Attack Surface management (ASM) capabilities are already natively integrated into Cortex XSIAM, eliminating the need for multiple point solutions.

“The ability to process large amounts of data and handle potential threats in real-time has become a major problem as the cybersecurity landscape has evolved”, “The integration of AI and automation has become an absolute must for organizations to keep up with growing threats to ensure they can proactively and effectively mitigate cyber risks. Palo Alto Networks is the gold standard for innovation, which is why their AI and automation capabilities from Cortex are the powering force behind our security operations.”

Michael Kearns, CISO, Nebraska Methodist Health System

To Read More IT Related News Click Here