The biggest challenge in cybersecurity is resource allocation. You may feel this in terms of budget shortages, an inability to hire the talent you need, overextending your staff with time spent responding to alerts, or any number of other issues stemming from being unable to allocate resources.
With this perspective, one may start to understand all security innovation as providing a solution by managing scale. This could come in many different forms, like:
- A managed service that pays a premium for top talent and then spreads those services across multiple customers.
- A brilliant technique for detecting threats born from creating an efficiency in log analysis.
- An automation solution that performs tasks robotically and in less time than a human could, where the time saved in salaries offsets the cost of the solution.
If I’m wrong, show me a return on investment calculator that isn’t measuring how the product or service can do something you could do yourself, only cheaper.
Over the past decade, we’ve seen a ton of innovation in the security space, but we’re still in the untenable situation of having a SOC model centralized around security information and event management (SIEM) systems. This has led to a meteoric rise in the use of managed services, not because they are able to do things better, but because they can do things cheaper than you can.
Creating efficiencies for MDR providers as well as your own SOC should be the aim of every security vendor, and to that end, Palo Alto Networks has developed a unified SOC platform based on three key principles:
Eliminate Complexity with a Common Data Model
The evolution from endpoint detection and response (EDR) to extended detection and response (XDR) was an important step in working with non-native data sets. Stitching firewall logs into your EDR data set to trace an intrusion across an infrastructure or detect compromises on unmanaged devices was a huge step in the right direction. One of the major benefits of XDR is having your threat detection development managed by the vendor selling you the XDR solution. The shortcoming is this threat detection development is limited by the in-house expertise for working with different telemetry sources and the logs used for training models.
It should be immediately obvious why the breadth of Palo Alto Networks' expertise and the exabyte of log data we have for training machine learning models puts us ahead of the pack. There is still one problem though: There isn’t a common log format among vendors. This is why we have developed a common data model that simplifies working with large data sets by enabling a single query language to interact with it. Further, by using this common data model, our machine learning models become vendor agnostic, allowing our detection capabilities to be equally effective across heterogeneous environments.
Shift to Machine-Led, Human-Empowered Workflows
Automation is a critical path for up-leveling the effectiveness of your current workforce. Leveraging a security orchestration, automation, and response (SOAR) platform with out-of-the-box “no-code” automation capabilities can help you shift analyst attention to the areas that benefit most from human interaction. Through the use of “no-code” and “low-code” playbook automation, it is easier for organizations to cross the threshold of adoption that have historically plagued SOAR solutions. It’s also important to understand that with over 900 integrations, robust automation capabilities, and ease of building new playbooks, you still have the power to automate virtually any repetitive task being performed within your organization with Cortex XSOAR.
Do not think XSOAR is our blanket solution for achieving this goal of machine-led, human-empowered workflows. A focus on prevention and stopping attacks before you need automation is a critical part of delivering this objective. This industry has been comfortable with allowing automated response from antimalware solutions for decades. Enabling technology to automatically stop known attacks reduces reliance on humans, and enables those humans to focus on things like novel attacks and other areas where they are best for the job.
Identify and Mitigate Threats Before Impact
Continuing to build on the idea of shifting technology left to empower human workflows is the idea that we can identify and mitigate threats before anything bad happens. This isn’t some kind of Minority Report precognition type of thing; it’s actually much simpler than that. Identifying threats and exposures in your attack surface and providing the ability to remediate them in real-time can protect you from attack, especially in the case of ransomware.
As we get closer to Symphony 2023, we’re very excited to not only talk to you about the vision behind our unified SOC platform but to show you the product and what these outcomes look like. For more information on this and other exciting content, register for Cortex Symphony 2023 here.