Palo Alto Networks Cortex XSOAR
About the product
Palo Alto Networks Cortex XSOAR (formerly DEMISTO) is dedicated SOAR (Security Orchestration, Automation, and Response) software that has been on the market since 2015. It enables security teams (SOC) to automate operations and accelerate incident response times. In addition, a range of internal integration mechanisms with various platforms allows for the aggregation of all aspects of an incident. Thanks to the use of machine learning mechanisms, the solution is able to identify the most appropriate SOC team members to resolve a given incident.
ORCHESTRATION AND AUTOMATION- dozens of ready-made integrations enable fast two-way communication with external systems. PAN Coretx XSOAR can receive data from external systems, which can be used to create new incidents or enrich existing objects with data. It automates the analysis of received data (e.g., automatic analysis of a file in a selected vendor’s sandbox), performs informational functions (e.g., sending an email to the user of an infected endpoint to prevent them from opening an attachment), and takes corrective action (e.g., blocking access to specified services on a network device). The entire process is supported by a tool that allows you to create a graphical incident analysis template.
WAR ROOM- the product also features an interesting mechanism that provides an environment for testing new features and scripts, and speeds up work with the system using a CLI command engine. The entire incident analysis process is simultaneously used to build a central IoC database and processed by a machine learning mechanism that provides guidance to system operators and can manage the incident assignment process (incidents with similar characteristics will be directed to the same operator, which speeds up their handling).
INCIDENT MANAGEMENT- the incident repository allows for the assignment of incidents and their full handling with a comprehensive search engine. As part of incident handling, it is possible to create evidence of violations and analyze incidents in the context of their relationship with other events in the environment. The system status can be visualized using configurable dashboards and a reporting mechanism.
Advantages of the solution
Introduction of a central incident management system in the organization
Reduction of security incident response time
Automation of repetitive tasks
Mitigation of analyst fatigue caused by an excess of FP events
Full utilization of existing products through API integration
Effective implementation of processes using multiple solutions
Simplification of SOC accountability and reporting
Facilitation of analyst collaboration on incidents
See other products Palo Alto Networks 17
Cortex XDR
Cortex XDR is the world's first extended threat detection and response platform that collects and integrates all security data, making it easier to block sophisticated attacks.
Palo Alto Networks Next Generation Firewall (PA-Series, VM-Series, CN-Series)
Next Generation Firewall (NGFW) from Palo Alto Networks is an advanced network security platform that integrates traditional firewall functions with modern security mechanisms, application identification, and identity-based access control.
Palo Alto Networks Prisma Access
Palo Alto Networks Prisma Access is a comprehensive Secure Service Edge (SSE) platform that integrates advanced security features with cloud-based software-defined WAN technology (Prisma SD-WAN), delivering the Secure Access Service Edge (SASE) model.
Palo Alto Networks Prisma SDWAN
Palo Alto Networks Prisma SD-WAN is an advanced, cloud-delivered software-defined WAN solution that transforms traditional WANs into a virtualized, secure infrastructure.
Palo Alto Networks Threat Prevention (NGFW’s module)
In Palo Alto Networks solutions, IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) functionalities are an integral part of the ATP (Advanced Threat Prevention) module, which extends the functionality of Palo Alto NGFW.
Palo Alto Networks NGFW Webproxy
Next Generation Firewall (NGFW) from software version 11.0 offers the ability to configure a web proxy feature that allows you to inspect and control HTTP/HTTPS traffic in one of two ways: explicit or transparent.
Palo Alto Networks Advanced DNS Security
Advanced DNS Security (ADNS) is a modern solution for Palo Alto Networks that protects against threats hidden in the DNS (Domain Name System) layer.
Palo Alto Networks SSL Decryption (build-in within PA-Series, VM-series, Prisma Access)
Palo Alto Networks SSL Decryption is an advanced feature built into Palo Alto Networks' Next Generation Firewall that enables SSL/TLS traffic decryption for threat detection, security policy enforcement, and prevention of hidden attacks.
Palo Alto Networks Enterprise DLP
Palo Alto Networks Enterprise Data Loss Prevention (DLP) is an advanced security solution that enables the detection and prevention of data leaks in network traffic.
Prisma Cloud (Cloud Security)
The Cloud Security module of Palo Alto Prisma Cloud provides security and regulatory compliance for cloud environments.
Cortex XSIAM (Extended Security Intelligence and Automation Management)
The needs of SOC teams have evolved. Detecting security incidents and neutralizing them after detection takes organizations too much time.
Palo Alto Networks Advanced WildFire
Palo Alto Networks Advanced WildFire (AWF) is an advanced malware analysis and prevention solution that combines sandboxing, machine learning, and global real-time analysis to protect against known and unknown threats.
Palo Alto Xpanse
Palo Alto Networks Xpanse is an advanced ASM solution that enables automatic detection and monitoring of all your organization's Internet-facing assets, regardless of who created them or where they are located.
Palo Alto Networks CASB
The Palo Alto Networks CASB (Cloud Access Security Broker) solution is an advanced cloud security platform designed to monitor, control, and protect access to SaaS applications and other cloud services in real time.
Palo Alto Networks Secure Web Gateway
Secure Web Gateway (SWG) is an advanced security solution from Palo Alto Networks designed to protect internet and cloud traffic from modern threats.
Palo Alto Networks Prisma Access Browser
Prisma Access Browser (PAB) is an advanced web browser based on the Chromium engine, natively integrated with the Prisma Access SSE solution, designed specifically for enterprises to secure both managed and unmanaged devices.
Palo Alto ITDR
Identity-related threats and malicious insiders are currently significant attack vectors for organizations. These threats involve unauthorized access to user accounts as a result of theft or the use of weak credentials, phishing attacks, or social engineering techniques.