Match the cortex process to the security use case.
Security teams lack the people and scalable processes to keep pace with an overwhelming volume of alerts and endless security tasks. Analysts waste time pivoting across consoles for data collection, determining false positives, and performing manual, repetitive tasks throughout the lifecycle of an incident. As they face a growing skills shortage, security leaders deserve more time to make decisions that matter, rather than drown in reactive, piecemeal responses. Show
Orchestration & automation for security operationsSecurity orchestration involves interweaving people, processes, and technology in the most effective manner to strengthen the security posture of an organization. By streamlining security processes, connecting disparate security tools and technologies, and maintaining the right balance of machine-powered security automation and human intervention, security orchestration empowers security professionals to effectively and efficiently carry out incident response. Cortex XSOAR is the industry-leading Security Orchestration, Automation & Response (SOAR) technology by Palo Alto Networks that will automate up to 95% of all response actions requiring human review and allow overloaded security teams to focus on the actions that really require their attention. Benefits:An Industry FirstCortex™ XSOAR supercharges security operations center (SOC) efficiency with the world’s most comprehensive operating platform for enterprise security. Cortex XSOAR unifies case management, automation, real-time collaboration, and native Threat Intel Management in the industry’s first extended security orchestration, automation, and response (SOAR) offering. Teams can manage alerts across all sources, standardize processes with playbooks, take action on threat intelligence, and automate response for any security use case, resulting in up to 90% faster response times and as much as a 95% reduction in alerts requiring human intervention. Business Benefits
Security OrchestrationCortex XSOAR empowers security professionals to efficiently carry out security operations and incident response by streamlining security processes, connecting disparate security tools, and maintaining the right balance of machinepowered security automation and human intervention. Figure 2: Cortex XSOAR phishing playbookTable 2: Adapt to Any Alert with Security-Focused Case ManagementCustom views for security incident typesFully customize incident views, layouts, and flows with access control specific to security personas/roles.Indicator and incident correlationA central indicator repository enables searches and automated indicator correlation across incidents from multiple sources to spot trends and patterns.Flexible reports customizable to the needs of your organizationWidget-driven dashboards and reports offer unparalleled visibility into metrics.On-the-go incident monitoringThe Cortex XSOAR mobile application provides dashboards, task lists, and incident actions on the go.Automated ticketing processOut-of-the-box integrations with case management platforms such as ServiceNow, Jira, Zendesk, Remedy, Slack, and more enable full automation of the ticketing process. Case ManagementAutomation of incident response needs to be complemented by real-time investigations for complex use cases when human intervention is required. Cortex XSOAR accelerates incident response by unifying alerts, incidents, and indicators from any source on a single platform for lightning-quick search, query, and investigation. Figure 3: Customizable incident viewsTable 3: Boost SecOps Efficiency with Real-Time CollaborationReal-time investigation and collaborationEach incident has a virtual War Room with built-in ChatOps and command line interface (CLI) so analysts can collaborate and run security actions in real time.Machine learning assistanceAn ML-driven virtual assistant learns from actions taken in the platform and offers guidance on analyst assignments and commands to execute actions.Continuous learningAuto-documentation of all investigation actions aids analyst learning and development.Streamlined, automated reportingFlexible, widget-driven dashboards and reports eliminate manual reporting and can be fully customized to your organization’s needs. Threat Intel ManagementCortex XSOAR takes a new approach with native Threat Intel Management, unifying aggregation, scoring, and sharing of threat intelligence with playbook-driven automation. Figure 4: Intel-based automated playbook Designed for MSSPsCortex XSOAR supports full multitenancy with data segmentation and scalable architecture for managed security service providers (MSSPs). MSSPs can build their managed service operations on Cortex XSOAR to provide best-in-class offerings for their customers and optimize internal team productivity. Table 5: The Connective Fabric for Your Security Infrastructure and TeamsIronclad security and privacyTake advantage of data isolation with master-tenant separation and execution isolation with each tenant running as a separate process, as well as network isolation with engine (proxy) for segmented networks without firewall changes.Role-based visibility and controlUpdate playbooks, reports, automation, and more for all tenants from the master (MSSP) account. Customers can be granted access to their environments only. Third-party integrations can be done at the master or tenant level.Increased customer trust and response agilityCollaborate with customers in real time via War Room for joint investigations. Enjoy quick customer onboarding and scalability.Flexible deploymentIntegrate with cloud-based services, MSSP systems, and customers’ on-premises systems.Flexible DeploymentCortex XSOAR can be deployed on-premises, in a private cloud, or as a fully hosted solution. We offer the platform in multiple tiers to fit your needs. Table 6: Cortex XSOAR Service TiersUnlimited automation166 daily automation commandsUnlimited incident historyRolling 30-day incident historyUnlimited threat intelligence feeds5 active feeds/100 indicators per feedNative threat intelligence with AutoFocusNative threat intelligence with AutoFocus not includedFull enterprise reports packageIncident closure report24/7 Customer SupportSlack DFIR communityMultitenantSingle tenantBreadth of Use Cases:Cortex XSOAR provides an open, extensible platform applicable to a wide range of use cases—even processes outside the purview of the SOC or security incident response team. Some of the most common use cases include phishing, security operations, incident alert handling, cloud security orchestration, vulnerability management, and threat hunting. Ingestion of alerts in Cortex XSOAR Breadth of IntegrationsCortex XSOAR has the industry’s most extensive and in-depth out-of-the-box (OOTB) integrations with security and nonsecurity tools used by security teams. New integrations are added every two weeks to facilitate quick and seamless deployments for our customers. Benefits of Our Extensive Integration Ecosystem
Some of our 370+ OOTB integrations Industry-Leading Customer Success:Our customer success team is dedicated to helping you get the best value from your Cortex XSOAR investments and giving you the utmost confidence that your business is safe. Standard Success, included with every Cortex XSOAR subscription, makes it easy for you to get started. You’ll have access to self-guided materials and online support tools to get you up and running quickly. Premium Success, the recommended plan, includes everything in the Standard plan plus guided onboarding, custom workshops, 24/7 technical phone support, and access to the Customer Success team to give you a personalized experience to help you realize optimal return on investment (ROI). What is cortex in security?Cortex brings together best-in-class threat detection, prevention, attack surface management and security automation capabilities into one integrated platform. This lets you build an efficient, adaptable and responsive SOC that's designed for a constantly evolving threat environment.
What does Cortex Xsoar used to automate security processes?Threat Intelligence Management
Cortex XSOAR takes a new approach with native threat intelli- gence management, unifying aggregation, scoring, and sharing of threat intelligence with playbook-driven automation.
What is cortex in SOC?Cortex XDR provides endpoint security and EDR to block sophisticated attacks using AI-driven analysis and a range of protection modules. Cortex XDR and Cortex Xpanse provide the ultimate visibility and detections across the internet attack surface, endpoints, cloud and network.
What is Cortex XDR used for?Cortex XDR is the world's first detection and response app that natively integrates network, endpoint and cloud data to stop sophisticated attacks. Cortex XDR accurately detects threats with behavioral analytics and reveals the root cause to speed up investigations.
|