Welcome to the Era of Autonomous Security

Feb 22, 2022
4 minutes

This post is also available in: 日本語 (Japanese)

Extended Security Intelligence and Automation Management

Cybersecurity has an urgent threat remediation problem. With the rapid proliferation of applications, workloads, microservices and users, our collective digital attack surface has expanded faster than we can protect it. Cyber adversaries are banking on our inability to act with speed, yet most organizations are still taking hours, or even days or months to identify and remediate threats.

At the heart of our weakness lies our inability to fully leverage massive scales of data for our defense.

Security Information and Event Management (SIEM) solutions were built to facilitate alert and log management but have relied heavily on human-driven detection and remediation with bolt-on analytics and process automation only here and there. The SIEM category has served security operations for years with significant manual overhead and slow incremental improvement in security outcomes. Combating today’s threats requires us to radically reimagine how we run cybersecurity in our organizations using AI.

Today, we announced Cortex XSIAM with a vision to create the autonomous security platform of the future, driving dramatically better security with near real time detection and response. XSIAM stands for extended security intelligence and automation management – a novel category that orients towards an AI-driven architecture from the ground up. With XSIAM, security professionals manage intelligence and automation, while letting the intelligence and automation manage information and events. Imagine a world where security alerts from your infrastructure were organized and addressed automatically. Welcome to XSIAM.

Hear the vision for XSIAM.

At the foundation of Cortex XSIAM is an intelligent data foundation, where high-quality telemetry across the security infrastructure, threat intelligence, external attack surface data and user response actions are ingested and integrated automatically. Unlike SIEM, Cortex XSIAM ingests granular data – not just alerts and logs – to fuel many layers of machine learning that automate critical threat detection and remediation steps downstream. And like any well-architected AI solution, the overall platform keeps getting better, learning from experience and outcomes.

For three years, Palo Alto Networks has been working hard to solve this problem. XSIAM is an inflection point in how we think about cybersecurity and how we lean into AI in areas where machines are simply built to perform better than us. This will get us to our desired outcomes. It may also disrupt existing multi-billion dollar cybersecurity categories.

We are currently deploying Cortex XSIAM with a limited number of customers, including our own Security Operations Center, and are looking forward to welcoming everyone to the new platform later this year. Interested in learning more? Sign up for the latest updates on Cortex XSIAM.

Forward-Looking Statements

This release contains forward-looking statements that involve risks and uncertainties, including regarding the benefits or potential benefits to customers of our products. These forward-looking statements are not guarantees of future performance, and actual results, developments and business decisions may differ from those envisaged by such forward-looking statements. We identify the principal risks and uncertainties that affect our performance in our Annual Report on Form 10-K, filed on September 3, 2021, and our other filings with the U.S. Securities and Exchange Commission, which are available on our website at investors.paloaltonetworks.com and on the SEC's website at www.sec.gov. All forward-looking statements in this release are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.

Any unreleased services or features (and any services or features not generally available to customers) referenced in this or other public statements are not currently available (or are not yet generally available to customers) and may not be delivered when expected or at all. Customers who purchase Palo Alto Networks applications should make their purchase decisions based on services and features currently generally available.

Subscribe to the Newsletter!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.