Cybersecurity solutions provider Palo Alto Networks stressed that in dealing with security, you do not focus on endpoints alone but instead extend into a larger and broader set of data that comes from network, endpoints and cloud together.
Marc Lainez, system engineer at Palo Alto Networks Philippines, noted a study that showed endpoint detection and response (EDR) technology can detect only 26% of threats. “This is considered a low coverage which means that if you’re focusing on EDR alone, you are not seeing the whole picture,” said Lainez.
To transform security, there is a need to replace EDR with the integration of three capabilities that include preventing what you can prevent, detecting by using behavioral analytics, and closing the gap that security operations centers (SOCs) are having problems with. This approach is called Cortex XDR, which can detect, investigate, respond and completely close the loops. It is the industry’s only open and integrated Artificial Intelligence- and Machine Learning-based continuous security platform designed to remove the burden of security operations within the enterprise.
Cortex XDR addresses security issues such as fragmented data, alerts and responses created by traditional technologies which made operator’s job more complex and security less effective. An important part of this solution is the Cortex Data Lake or the aggregation point of all data that were collected from the network, endpoint and cloud sensor that resides in the organization’s premises. Lainez said Cortex Data Lake is scalable, privately secured and only customers have access to their own data.
“Once we have these data, we can perform numerous types of analyses. By doing that, we accelerate dramatically the time to investigate and time to mitigate the data so we can stop attacks before they can do damage,” said Lainez.
Lainez also said Cortex XDR can be customized to the level that organizations are unique and behaviors of users are unique. “We can customize the rules to accommodate all these nuances.”
Together with Cortex XDR, Palo Alto Networks also introduced the latest version of Traps, an advance endpoint solution that can replace traditional antivirus. It is also a prevention tool which extends its capabilities to include behavioral threat protection to work with Cortex XDR. All behavioral profiles are important to be captured, recorded and be brought to the Cortex Data Lake, Lainez claimed.
Traps is being used by Cortex XDR as the ultimate data collection point for the endpoint so if there’s an investigation to be done, you can go back in time and check all the timeline events that happened on the endpoint.
“The critical ones, the suspicious ones, the malicious ones, and even the seemingly non-sense events are needed to be collected and Traps is capable of doing that,” noted Lainez.
Apart from these, Traps can also extend the coverage of security from traditional computers to virtual machines, public and private cloud to new ways of computing including Linux.
Meanwhile, Oscar Visaya, country manager at Palo Alto Networks Philippines emphasized the need for heightened security management as the current state of cybersecurity affects businesses.
Visaya mentioned a lot of customers undergoing digital transformation did not include security transformation as part of it. There is also the lack of skilled staff in cybersecurity that can manage complexities or the need for a revolutionary tool or approach to manage it. Another status quo is that SOCs are also very complex that they have many tools which can generate uncorrelated data.
