UPDATED 20:04 EST / AUGUST 24 2020

SECURITY

Palo Alto Networks aims to scale up automation for the security team

It’s fair to say that the way enterprise security has been done in the past has not worked, is not working and will likely never work.

Evidence of this is that it currently takes almost 100 days to find a breach. If the security team is lucky enough to discover it, the source is often never found, leaving a company at the mercy of the threat actors.

That’s why with breaches such as Target Corp.’s a few years ago, the vendor that provides the security tools often claims to have caught it, yet somehow the security teams missed it. Given that the infrastructure powering digital organizations is growing increasingly complex, this security mismatch between information and action is growing wider and will cause more breaches and more public embarrassment for companies.

Automation can enable security teams to focus on critical incidents instead of manually performing time-consuming tasks that often lead nowhere. What today’s security teams need is a tool that can see across the entire security spectrum and provide insights from the data that’s generated. The current security model is based on tools being deployed in silos and that makes threat identification and remediation difficult.

For example, endpoint detection and response or EDR tools do an adequate, if not great, job of finding a breach on an endpoint, but they often struggle to find the source of the problem if it originated somewhere else in the environment.  This is why I’ve gone on record as saying tools such as EDR are dead, because they can only see endpoint data. Securing a digital enterprise requires a broader, end-to-end view.

Palo Alto Networks recently announced its Cortex XSOAR Marketplace, which is aimed at modernizing cybersecurity. This initiative creates a common security framework for Palo Alto Networks and third-party vendors to use and marries it with a community of industry experts to share playbooks and integrations to tackle even the most complex security use cases.

Cortex XSOAR is a unified platform that orchestrates actions across the entire security product stack. Security operations teams use Cortex XSOAR to automate most of their response actions. The company estimates that 95% of activities can be automated. I haven’t been able to verify this number, but based on what I know of XSOAR and security operations, that number is certainly achievable and is something security teams should strive for because it removes much of the security heaving lifting from the security team.

SOAR, which stands for security orchestration, automation and response, automates security workflows for different tools and manual tasks using “playbooks.” By automating tasks such as security alerts and incident response, companies can react to cyberattacks faster and enhance overall security. SOAR has become a widely used industry term and XSOAR is Palo Alto Networks’ twist on it because it encompasses the entire security stack.

With use cases for security automation constantly expanding, Palo Alto Networks created a resource where companies can exchange content and where vendors from the SOAR ecosystem can create integrations that are easy to put into practice, hence the marketplace. Palo Alto Networks data shows that while 40% of SOAR users like building playbooks themselves, 78% want a common framework for sharing playbooks and integrations.

That’s the idea behind Cortex XSOAR Marketplace, an online store where Palo Alto Networks customers can search and share content packs, including security integrations, playbooks, dashboards and reports. Currently there are more than 450 integrations available from leading cybersecurity providers, verified by Palo Alto Networks and rated by customers.

Although content packs initially available on Cortex XSOAR Marketplace are free, Palo Alto Networks will be adding paid content packs — including premium content packs and subscription services — later this year. Paid packs will be certified by Palo Alto Networks, which means the contributing vendor or company will have to go through an extensive testing process directly with Palo Alto Networks.

The Cortex XSOAR Marketplace is not just a one-click shop for content packs, it’s a community where everyone contributes their success stories, so a company that may be struggling with automation doesn’t have to figure out the solution on its own. It can access automation playbooks that someone else came up with, saving time, money and integration headaches. Using a LEGO analogy, think of the content pack as a pre-built LEGO and the community as the manual that explains what else can be built with that LEGO.

Sharing, exchanging and reusing content in the community is the next logical extension of Cortex XSOAR as a platform and SOAR as a category. Most important, having a community allows security teams to take automation and orchestration to places they’ve never been before.

One area where companies have the opportunity to create playbooks is breach response and compliance. Since content packs can be applied to both products and processes, companies that must comply with Europes General Data Protection Regulation can automate processes to pull together all the data necessary to alert authorities and customers about a potential breach.

Palo Alto Networks envisions many companies will be interested in creating playbooks around compliance. Consequently, it’s encouraging compliance playbook submissions for its upcoming SOAR hackathon event, titled “Automation Rising.”

The Automation Rising hackathon is a playbook-building challenge that will award a cumulative $60,000 in prizes to companies that come up with the best playbooks in categories such as security, product integration and business use cases. Playbooks produced through the hackathon will be vetted for inclusion in the Cortex XSOAR Marketplace, further benefiting the growing community.

Zeus Kerravala is a principal analyst at ZK Research, a division of Kerravala Consulting. He wrote this article for SiliconANGLE.
Image: madartzgraphics/Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU