Palo Alto Networks: How Cortex XSOAR Is Redefining Security Orchestration And Automation

By Noah Long ● Feb 27, 2020
  • Global cybersecurity company Palo Alto Networks announced the introduction of Cortex XSOAR

Global cybersecurity company Palo Alto Networks announced the introduction of Cortex XSOAR — which is an extended security orchestration, automation, and response platform that empowers security leaders with instant capabilities against threats across their entire enterprise. Cortex XSOAR evolved from the Demisto platform (acquired by Palo Alto Networks in March 2019).

Palo Alto Networks is redefining the security orchestration, automation, and response category by making threat intelligence management a core component. And by tightly integrating threat intelligence management with SOAR capabilities like unified case management, automation, and real-time collaboration, customers are now able to fully operationalize threat feeds.

Using Cortex XSOAR, customers are able to standardize and automate processes for any security use case and easily automate hundreds of security use cases with playbooks that orchestrate response actions across more than 350 third-party products.

And customers will be able to adapt to any alert with security-focused case management (accelerate incident response by unifying alerts, incidents, and indicators from any source within a single case management framework).

Plus customers will be able to boost SecOps efficiency with real-time collaboration (facilitate investigations across teams via a virtual War Room with built-in ChatOps and command-line interface to execute commands across the entire product stack in real-time).

And Cortex XSOAR customers will be able to take action on threat intelligence with confidence and speed (take full control of threat data by aggregating disparate sources, customizing and scoring feeds while matching indicators against a customer’s specific environment, as well as leveraging playbook automation to drive instant action).

The Cortex XSOAR platform will replace Demisto by Palo Alto Networks, subsuming and extending existing platform capabilities. And Demisto customers will be migrated to Cortex XSOAR upon general availability (expected in March 2020) with an option to evaluate the new Threat Intel Management module at no additional cost.

Key Quotes:

“Customers are facing an overwhelming volume of alerts, threat intel sources, and security tasks,” says Lee Klarich, chief product officer for Palo Alto Networks. “Both SOAR and threat intelligence management have developed over recent years as tools to help them, but existing product silos have led to even more manual work. Bringing threat intel data into Cortex XSOAR means security orchestration just got simpler for the customer. It makes no sense to have SOAR without native threat intel.”

“The integration of threat management into security orchestration and automation is an inevitable evolution for improving security operations,” notes Jon Oltsik, senior principal analyst and fellow at the Enterprise Strategy Group (ESG). “Cortex XSOAR brings the right pieces together. Until now, operationalizing vital threat intelligence data has been difficult or even impossible as it requires time, experience, and resources that are beyond the capabilities of many organizations. A platform like Cortex XSOAR acts as a security operations and analytics platform architecture, or SOAPA, for analyzing and operationalizing cyber threat intelligence. The benefit? Bringing the value of threat intel to the masses.”

“Threat intelligence without context is just threat data. In order for threat intelligence to be of use, the original context of the threat intel has to be applied appropriately and mapped to internal incidents and policies,” says Michael Poddo, director, Cyber Threat Analysis & Response, Emerson. “However, doing this at scale and speed to keep pace with real-time threat feeds is tough without automation. SOAR applied to threat intelligence can help fully integrate it into all aspects of your incident response program.”