Professional Documents
Culture Documents
Webcast 120670
Webcast 120670
Is and Isn’t
Kasey Cross, Palo Alto Networks
What You’ll Learn
?
Why XDR? XDR The XDR How to Spot Q&A
Requirements Bandwagon a Fake
© 2021 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Why
Why XDR?
XDR?
© 2021 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Too many siloed tools
4 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Too many alerts and
complex investigations
© 2021 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Traditional Approaches to Security Aren’t Working
of security professionals are of security analysts say each Mean time to identify
not satisfied with their security alert takes 10+ (MTTI) a breach
ability to detect attacks minutes to investigate
"2021 State of SecOps Report," Forrester Consulting, "The Impact of Security Alert Overload," CriticalStart, 2021, "2020 Cost of a Data Breach Report," Ponemon Institute
© 2021 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
How
XDR
© 2021 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
XDR Requirements
XDR
Data Lake
All Data
2. Behavioral Analytics Based on Profiling Behavior Over Time
HTTPS
SS
FTP H
Exfiltration
SMTP
HTTPS
Network data
ENV21\Sauron
XDR alert 2
ROOT
CAUSE
12
1 2 3
See the entire chain of Instantly understand Get full context including
events with one click the root cause threat intel in one view
4. Advanced Investigation, Hunting and Forensics Capabilities
Incident Management
Intelligent alert grouping, Powerful Queries
scoring, workflows and Search for attack tactics
MITRE ATT&CK mapping with XQL Search
Directly connect to
Sweep across hosts in real Execute scripts on one or
endpoints for granular
time to find and delete files more hosts
custom actions & forensics
6. Prevention
SIEM vs. SOAR vs. XDR: Evaluate the Extended detection and response
differences (XDR): Which solution is best
September 14, 2021 May 26, 2021
© 2021 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
SIE
M
How to
Spot a
Fake
Endpoint Threat Full Visibility & AI- Accelerated Advanced Threat Coordinated
Prevention Driven Detection Investigations Hunting Response
Block endpoint attacks Find stealthy threats with Quickly analyze attacks Uncover hidden threats Swiftly contain fast
with a proven, lightweight the solution that achieved by grouping alerts into with a powerful XQL moving threats across
next-gen antivirus agent the best combined incidents and viewing querying language key enforcement points
MITRE ATT&CK detection rich investigative
& protection scores context
Correlation, IOC & BIOC Root cause analysis & Integrated threat
Host firewall Script execution
rules cross-data insights intelligence
Rogue device discovery Live Terminal for direct File block, quarantine,
Disk encryption Managed Threat Hunting
& asset management endpoint access removal, device isolation
© 25
2021| Palo
© 2020
Alto
Palo
Networks,
Alto Networks,
Inc. All rights
Inc. Allreserved.
rights reserved.
Proprietary and confidential information.
Cortex
© 2021 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Cortex XDR: Strong track record with third-party testing
Highest combined prevention and A Strategic Leader in the 2020 AV- A Leader in The Forrester Wave:
detection in MITRE ATT&CK Round 3 Comparatives Endpoint Prevention Endpoint Security SaaS Q2/2021
& Response Report
© 2021 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Securing Applications With Zero Trust
© 2021 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Palo Alto Networks for the Zero Trust Enterprise
© 2021 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
What is Zero Trust?
A strategic approach to
cybersecurity that secures an
organization by eliminating implicit
trust and continuously validating
every stage of a digital interaction.
© 2021 Palo Alto Networks, Inc. All rights reserved. Proprietary and confidential information.
Cortex XDR Agent Protection
Reconnaissance Technique-Based Kernel Threat AI-Driven WildFire Malware Malicious Ransomware Behavioral Threat
Protection Exploit Prevention Protection Intelligence Local Analysis Analysis Process Protection Protection
Prevention
Prevents Blocks exploit Protects against Prevents known Prevents Detects advanced Stops script-based Blocks Stops attacks by
vulnerability techniques used to exploits targeting threats with intel Unknown threats unknown threats threats ransomware analyzing chains of
profiling used by manipulate good or originating from gathered from endpoint events
exploit kits applications the kernel WildFire
Entity
Network Current Time Peer Profile
Behavior Profile Profile • Device Type:
• Past user activity workstation, server,
• User activity • Peer profile of user
• Past device server type
• Device activity and device activity
Cloud activity • User Type: admin,
standard user
Identity
Profiling Engine
Palo Alto Networks
& Third-Party Data
Profile behavior & detect anomalies
indicative of an attack