Palo Alto Networks’ AI-powered SOC platform provides enhanced flexibility and customization

Cortex XSIAM from Palo Alto Networks is the AI-driven security operations platform that enables organizations to transform their security operations with a unified platform that delivers all critical capabilities in one powerful solution. The global cybersecurity leader announced the ability for customers to integrate their own custom machine learning models, seamlessly integrating third-party EDR data and also leveraging cloud detection and response capabilities. Cortex XSIAM now offers Palo Alto Networks customers the flexibility and customization to create a security solution that aligns perfectly with their organization's goals.

"Data silos and manual repetition can’t handle the speed of today’s threats — a new approach is needed. Our customers are seeing transformative security outcomes; with Cortex XSIAM, large multinational companies have gone from a mean time to remediation (MTTR) of days down to minutes,” said Lee Klarich, Chief Product Officer at Palo Alto Networks. “From expanding our AI capabilities with BYOML, to opening data sources to treat third-party data as first party, and expanding to cloud, we continue to drive innovation with Cortex XSIAM to enable the SOC with the platform it needs to secure the entire enterprise."

Cortex XSIAM allows organizations to simplify security operations with an integrated platform: The integration of SOC capabilities, such as SIEM, XDR, SOAR and ASM, into a single platform is a game changer for security operations. With Cortex XSIAM, organizations get dramatically better security and turbocharged SOC performance.

XSIAM empowers organizations to take control of their security by offering a host of innovative features, including:

Cortex XSIAM for Third-Party EDR Telemetry allows qualifying organizations to adopt Cortex XSIAM without immediately replacing their existing EDR. This enables the ingestion of third-party EDR data into XSIAM, with the cost of ingestion credited for up to two years or until the EDR contract expires, when customers are able to migrate away from legacy EDR solutions and fully leverage the integrated XDR capability of Cortex XSIAM to realize optimal security outcomes.

Cortex XSIAM offers a Bring Your Own Machine Learning (BYOML) framework. Cortex XSIAM ingests vast amounts of security data across hundreds of supported sources to enable better out-of-the-box AI/ML analytics. For the first time, SOCs can take advantage of this data lake to create and customize ML models using a bring your own ML capability. Not every security use case is created equal, that's why enabling organizations to integrate custom ML models for those unique scenarios, incident management and data visualization requirements is key to their success.

Cortex XSIAM introduces Cloud Detection and Response (CDR) capabilities, providing visibility into cloud assets, incidents, coverage and vulnerabilities as well as integrations with Prisma® Cloud for enhanced incident grouping and navigation. With the unified user interface provided by XSIAM, security analysts can efficiently and effectively respond to cloud-based threats, enhancing situational awareness and bolstering their overall security posture.

At the heart of CDR are three major innovations that will be available to Cortex XSIAM customers:

● Cloud Command Center: Within the same unified UI that SOC analysts use for enterprise security in Cortex XSIAM, customers can now have full visibility into cloud assets, incidents, coverage, and vulnerabilities, enabling situational awareness and efficient and complete response to cloud threats.

● Security Agent across Cortex and Prisma Cloud platforms: The new agent combines Prisma Cloud’s comprehensive vulnerability and compliance management capabilities with Cortex’s best-in-class runtime security and threat protection. On top of improving security outcomes, the new agent drastically simplifies deployment and operations across the entire security program.

● Integration with Prisma Cloud: Prisma Cloud further enriches the capabilities delivered through the Cloud Command Center with granular alerts and asset information, giving broader context, detailed incident grouping, and easier navigation to assets.

Moreover, XSIAM boasts over 1,000 integrations covering commonly used SOC tools for automated alert ingestion and orchestration of workflows, enabling SOCs to optimize processes and interactions across their entire security program.