Palo Alto Networks kicked off its 2021 Symphony event today with founder and CTO Nir Zuk touting the benefit of a platform approach to cybersecurity. “If it’s one orchestra that works together in harmony, you get a symphony,” he said. “And cybersecurity is similar. Integrating different products and trying to get them to work together doesn’t work anymore. We need a symphony. We need one solution.”
Palo Alto Networks’ answer to this is Cortex, its security operations center platform that combines security operations, automation, and response (SOAR) with extended detection and response (XDR). Cortex automates security operations center processes as well as threat hunting and incident response, Zuk said. “If we don’t automate the security operations center, we’re going to get stuck, as an industry and as a vendor, and we will not be able to protect you,” he added. “So we created Cortex. And the vision behind Cortex is to get to a point where the security operations center is autonomous.”
While the SOAR piece of Cortex uses playbooks to automate security operations center workflows, the XDR piece collects data from across an organizations’ infrastructure — across the network, endpoints, and clouds — and uses machine learning to analyze that data and hunt for threats, Zuk explained. “We believe the way to do that is by collecting data from the entire infrastructure as a whole, versus trying to do it one data source at a time, which is the EDR, NTA, UEBA, and so on,” he said. Those three acronyms refer to endpoint detection and response, network traffic analysis, and user and entity behavior analytics. Machine learning-based XDR is “the only way to hunt for attacks and certainly the only way to investigate attacks,” Zuk said.
To this end, Palo Alto Networks has been steadily building out its XDR capabilities, and this included buying attack surface management vendor Expanse for $670 million. It has since folded that company’s technology into Cortex.
During the security giant’s most recent earnings call, Palo Alto Networks CEO Nikesh Arora said Cortex XDR protected the vendor’s own infrastructure during the SolarWinds breach. “Cortex XDR instantly blocked a SolarStorm attempt on Palo Alto Networks, thanks to its behavioral threat protection capability,” he said. “We continue to be bullish on the rapid pace of innovation that is going into our Cortex XDR.”
But back to Symphony, at the end of Zuk’s opening keynote, he threw down the XDR gauntlet. “Things like EDR are really stupid ideas,” Zuk said. “It’s really stupid to try to focus just on one data source at a time.”
Unit 42 Gets New Chief, Consulting Boost
Also during the opening keynotes, Wendi Whitmore, SVP of cyber consulting and threat intelligence at Palo Alto Networks, announced the company’s new cybersecurity consulting group that combines its Unit 42 threat hunting team with Crypsis security consultants and incident response specialists. Palo Alto Networks acquired Crypsis for $265 million last summer.
Whitmore, herself, is relatively new to Palo Alto Networks. She joined from IBM, where she served as VP of that company’s X-Force threat hunting group. At Palo Alto Networks, she’ll lead the newly expanded Unit 42.
The group’s name is a nod to the number 42 in the “The Hitchhiker’s Guide to the Galaxy” because it focuses on providing “the Answer to the Ultimate Question of Life, the Universe, and Everything” — for cyberthreats.
Crypsis security consultants respond to more than 1,300 incidents a year, while the Unit 42 threat research team, founded in 2014, regularly partners with governments around the globe to fight cybercrime, Whitmore said.
“The Crypsis team is laser focused on the mission of conducting world class data breach investigations, while the Unit 42 team has focused on rapidly building threat intelligence into Palo Alto Networks’ detections for years,” she added.
The combined team will introduce proactive security services and also expand incident response services to more countries in Asia, Europe and the Middle East, said Ryan Olson, VP of threat intelligence at Unit 42.
“What we’re looking to provide now are more things that are proactive from the perspective of how do you prepare for a ransomware incident? How do you prepare for a different type of intrusion that’s going to come into your network?” And how do you prepare for these situations using Palo Alto Networks’ products and services, Olson explained. “It’s about how we incorporate that into better preparation to prevent the breach rather than focusing as much on cleaning up after the fact.”
"stupid" - Google News
April 21, 2021 at 01:17AM
https://ift.tt/3n2RLU6
Palo Alto Networks' Nir Zuk: EDR Is 'Really Stupid Idea' - SDxCentral
"stupid" - Google News
https://ift.tt/3b2JB6q
https://ift.tt/3febf3M
Bagikan Berita Ini
0 Response to "Palo Alto Networks' Nir Zuk: EDR Is 'Really Stupid Idea' - SDxCentral"
Post a Comment