Unifica la seguridad de tus operaciones con la plataforma de Cortex XDR
cgarcia045
74 views
18 slides
Sep 26, 2024
Slide 1 of 18
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
About This Presentation
Carlos Hernandez - PALO ALTO - Unifica la seguridad de tus operaciones con la plataforma de Cortex XDR
Slide Content
Unificala seguridadde
tusoperacionescon la
plataformade
Cortex XDR
Kenneth Tovar –Country Manager
Carlos Hernandez -Solutions Consultant
tusoperacionescon la
plataformade
Cortex XDR
Kenneth Tovar –Country Manager
Carlos Hernandez -Solutions Consultant
Carlos Hernandez
Solutions Consultant –Financial Services
M. +51 944372330
Kenneth Tovar
Country Manager -Peru & Bolivia
M. +51 959887945
Solutions Consultant –Financial Services
M. +51 944372330
Kenneth Tovar
Country Manager -Peru & Bolivia
M. +51 959887945
Why do security teams struggle?
3| © 2020 Palo Alto Net works, Inc. All r ights reser ved.
Too many alerts
to handle
Too many tools,
slowing investigations
Too many
missed attacks
3| © 2020 Palo Alto Net works, Inc. All r ights reser ved.
Too many alerts
to handle
Too many tools,
slowing investigations
Too many
missed attacks
Security OperationsTeamChallenges
Lack of
skilled staff
Lack of
automation
Not
integrated
tools
Lack of
playbooks
Lack of
visibility
Too Many
unchecked
alerts
Silo
Mentality
Lack of
context
Lack of
skilled staff
Lack of
automation
Not
integrated
tools
Lack of
playbooks
Lack of
visibility
Too Many
unchecked
alerts
Silo
Mentality
Lack of
context
IncidentLifecycle
Prepare
Contain,
Erradicate,
Recover
Post
Incident
Analyze
Triage and
Prioritize
Detect
Prepare
Contain,
Erradicate,
Recover
Post
Incident
Analyze
Triage and
Prioritize
Detect
© 2024 P alo Alto Networks, I nc. A ll rights reserved.
YESNO
Add IPs to
fir ewall ACL
Add domains
to proxy
Add file has h to
AV and submit
to v endor
Dis patch
helpdesk
Manual
execution
Em ail arri ves at user inbox
The SOC without automation
Suspicious? YESNO
User for wards
email to IT
User opens
attachment
IT investigation
• Where did the email come from?
• Did any one else rec eive it?
• Did any one open the attachment?
• Is anyone infec ted?
Threat response
User continues
their day
Malware
infection
AV trigger s alert
IT investigation
• Where did this c ome from?
• Is this an isolated inc ident? Or a broader attack?
• Has the user infec ted anything or any one else?
• How long has this threat been ac tive?
Chec k SIEM
Chec k AV
Other s ystems
Manual
respons e
Manual
respons e
Manual
respons e
Manual
respons e
Malicious?
Threat response
Chec k SIEM
Chec k mail
Other s ystems
YESNO
Add IPs to
fir ewall ACL
Add domains
to proxy
Add file has h to
AV and submit
to v endor
Dis patch
helpdesk
Manual
execution
Em ail arri ves at user inbox
The SOC without automation
Suspicious? YESNO
User for wards
email to IT
User opens
attachment
IT investigation
• Where did the email come from?
• Did any one else rec eive it?
• Did any one open the attachment?
• Is anyone infec ted?
Threat response
User continues
their day
Malware
infection
AV trigger s alert
IT investigation
• Where did this c ome from?
• Is this an isolated inc ident? Or a broader attack?
• Has the user infec ted anything or any one else?
• How long has this threat been ac tive?
Chec k SIEM
Chec k AV
Other s ystems
Manual
respons e
Manual
respons e
Manual
respons e
Manual
respons e
Malicious?
Threat response
Chec k SIEM
Chec k mail
Other s ystems
© 2024 P alo Alto Networks, I nc. A ll rights reserved.
YESNO
Add IPs to
fir ewall ACL
Add domains
to proxy
Add file has h to
AV and submit
to v endor
Dis patch
helpdesk
Manual
execution
Em ail arri ves at user inbox
Suspicious? YESNO
User for wards
email to IT
User opens
attachment
IT investigation
• Where did the email come from?
• Did any one else rec eive it?
• Did any one open the attachment?
• Is anyone infec ted?
Threat response
User continues
their day
Malware
infection
AV trigger s alert
IT investigation
• Where did this c ome from?
• Is this an isolated inc ident? Or br oader attac k?
• Has the user infec ted anything, or any one els e?
• How long has this threat been ac tive?
Chec k SIEM
Chec k AV
Other
sy stems…
Manual
respons e
Manual
respons e
Manual
respons e
Manual
respons e
Malicious?
Threat response
Chec k SIEM
Chec k mail
Other
sy stems…
The SOC without automation
SOC analysts repeat
this 100sor 1,000s of
times each day.
YESNO
Add IPs to
fir ewall ACL
Add domains
to proxy
Add file has h to
AV and submit
to v endor
Dis patch
helpdesk
Manual
execution
Em ail arri ves at user inbox
Suspicious? YESNO
User for wards
email to IT
User opens
attachment
IT investigation
• Where did the email come from?
• Did any one else rec eive it?
• Did any one open the attachment?
• Is anyone infec ted?
Threat response
User continues
their day
Malware
infection
AV trigger s alert
IT investigation
• Where did this c ome from?
• Is this an isolated inc ident? Or br oader attac k?
• Has the user infec ted anything, or any one els e?
• How long has this threat been ac tive?
Chec k SIEM
Chec k AV
Other
sy stems…
Manual
respons e
Manual
respons e
Manual
respons e
Manual
respons e
Malicious?
Threat response
Chec k SIEM
Chec k mail
Other
sy stems…
The SOC without automation
SOC analysts repeat
this 100sor 1,000s of
times each day.
Too Much Info, Too Many Silos, Not Enough Insight
© 20 22 Palo Alto Networks, Inc. Al l rights reserved.
< 30%
of SOC teams
meet KPI goals
Network
Endpoint
Identity
SOC
~11K
Alerts per day
4+
Days to investigate
212
Days of dwell time
NTA
EDR
IAM
CDR
Alerts
SIEM
© 20 22 Palo Alto Networks, Inc. Al l rights reserved.
< 30%
of SOC teams
meet KPI goals
Network
Endpoint
Identity
SOC
~11K
Alerts per day
4+
Days to investigate
212
Days of dwell time
NTA
EDR
IAM
CDR
Alerts
SIEM
If We Have The Data To Figure Out What Happened After The Incident,
Why Aren’t We Able To Do This In Real Time?
Focus on Human
Readable Alerts
Bolted on Analytics
& Automation
Analyst as
the Intake
Cloud
Endpoint
Data
Data
Data
Data
Network
3rd-party
Analytics
(AI/ML)
Automation
Detection,
Investigation,
Response
SOC
Humans cannot investigate 1 million events per second.
Why Aren’t We Able To Do This In Real Time?
Focus on Human
Readable Alerts
Bolted on Analytics
& Automation
Analyst as
the Intake
Cloud
Endpoint
Data
Data
Data
Data
Network
3rd-party
Analytics
(AI/ML)
Automation
Detection,
Investigation,
Response
SOC
Humans cannot investigate 1 million events per second.
Cortex XDR
breaks down data
and product silos
For prevention, detection and
response across all data
Endpoint
Protection
UEBA
User and
Entity
Behavior
Analytics
EPP
Virtual
Patching
Cloud Detection
& Response
VP
NDR
CDR
13| © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confi denti al information.
SIEM
Security Information
& Event Management
Network Detection
& Response
Endpoint
Detection &
Response
EDR
Endpoint
Data
Collection
FIM
RIM
SYSMON
breaks down data
and product silos
For prevention, detection and
response across all data
Endpoint
Protection
UEBA
User and
Entity
Behavior
Analytics
EPP
Virtual
Patching
Cloud Detection
& Response
VP
NDR
CDR
13| © 2023 Palo Alto Networks, Inc. All rights reserved. Proprietary and confi denti al information.
SIEM
Security Information
& Event Management
Network Detection
& Response
Endpoint
Detection &
Response
EDR
Endpoint
Data
Collection
FIM
RIM
SYSMON
Cortex XDR:Collect, Detect, Protect
© 20 22 Palo Alto Networks, Inc. Al l rights reserved.
Swiftly Investigate
•Root cause & timeline analysis
•Threat hunting
•Integrated threat intel
Block attacks
MITRE-leading endpoint security
●Next-generation antivirus
●Device control, disk encryption, host firewall
Respond & Adapt
•Integrated enforcement
•Live Terminal
•Search and Destroy
•Dynamic Cyber Content Update
Accurately Detect
•Behavioral analytics
with machine learning
•Customizable detection
•Vulnerability assessment
1 2
4
3
© 20 22 Palo Alto Networks, Inc. Al l rights reserved.
Swiftly Investigate
•Root cause & timeline analysis
•Threat hunting
•Integrated threat intel
Block attacks
MITRE-leading endpoint security
●Next-generation antivirus
●Device control, disk encryption, host firewall
Respond & Adapt
•Integrated enforcement
•Live Terminal
•Search and Destroy
•Dynamic Cyber Content Update
Accurately Detect
•Behavioral analytics
with machine learning
•Customizable detection
•Vulnerability assessment
1 2
4
3
Enterprise-scale Visibility
15| © 2019Palo Alto
Networks. All Rights
Reserved.
Data Lake
Network Endpoint Cloud Any Third-Party
Data
15| © 2019Palo Alto
Networks. All Rights
Reserved.
Data Lake
Network Endpoint Cloud Any Third-Party
Data
© 2024 P alo Alto Networks, I nc. A ll rights reserved.
Data fusion | An overview
AI-fuseddata for the full unified incident story
EndpointNetwork Cloud Identity
FULL INCIDENT CONTEX T
Data fusion | An overview
AI-fuseddata for the full unified incident story
EndpointNetwork Cloud Identity
FULL INCIDENT CONTEX T
We Must Shift to a Machine-led, Human Empowered SOC Platform
Massive Amounts of Data
(Not Just Human Readable)
Empowered Analysts to
Make the Hard Decisions
Machines and Automation Should
be the Front End of This Process
Analytics
(AI/ML)
Detection,
Investigation,
Response
Automation
SOC
!
!
Cloud
Endpoint
Data
Data
Data
Data
Network
3rd-party
Massive Amounts of Data
(Not Just Human Readable)
Empowered Analysts to
Make the Hard Decisions
Machines and Automation Should
be the Front End of This Process
Analytics
(AI/ML)
Detection,
Investigation,
Response
Automation
SOC
!
!
Cloud
Endpoint
Data
Data
Data
Data
Network
3rd-party
The Proof:We have achieved a 1 min. response time
Events
Potential
Incidents
Automated /
Manual Analysis
Major Incidents
DAY IN THE LIFE OF THE PALO ALTO NETWORKS SOC
52 B Events
133 Potential
Incidents
125 Automated
8 Manual
0
Mean Time to Detect
10
SECONDS
Mean Time to Respond
(High priority)
1
MINUTE
© 20 22 Palo Alto Networks, Inc. Al l rights reserved.
Events
Potential
Incidents
Automated /
Manual Analysis
Major Incidents
DAY IN THE LIFE OF THE PALO ALTO NETWORKS SOC
52 B Events
133 Potential
Incidents
125 Automated
8 Manual
0
Mean Time to Detect
10
SECONDS
Mean Time to Respond
(High priority)
1
MINUTE
© 20 22 Palo Alto Networks, Inc. Al l rights reserved.
Three Tenets of SOC Transformation
Great data drives
great analytics
Let the machines
do the work
Proactive >
Reactive
Great data drives
great analytics
Let the machines
do the work
Proactive >
Reactive
Thank You
CONFIDENTIAL
CONFIDENTIAL
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 74
- Slides 18
- Age 437 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
35 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
38 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
34 views
14
Fertility awareness methods for women in the society
Isaiah47
31 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
30 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
31 views