Palo Alto Networks Provides Telemetry Sharing Capability to CISA CLAW

Jul 14, 2022
4 minutes
... views

This post is also available in: 日本語 (Japanese)

I’m thrilled to announce that Palo Alto Networks Prisma Access and Cortex Data Lake are now fully compatible with the Cybersecurity and Infrastructure Security Agency (CISA) Cloud Log Aggregation Warehouse (CLAW). Working with CISA, Palo Alto Networks created an onboarding service to forward logs and telemetry from Cortex Data Lake securely to CLAW. This capability enables departments and agencies using Cortex Data Lake to participate in EINSTEIN by sending telemetry to CLAW.

What Is CLAW?

CLAW is a CISA-deployed architecture for collecting and aggregating security telemetry data from agencies using commercial services from cloud services providers. It’s meant to enable secure, efficient methods for processing cloud security data in a way that offers CISA a similar level of situational awareness, provided by its current National Cybersecurity Protections System (NCPS) EINSTEIN, on-premises deployments.

The EINSTEIN system is designed to detect and block cyberattacks from compromising federal agencies, and it provides CISA with the situational awareness to use threat information detected in one agency to protect the rest of the government and help protect the private sector, too.

Palo Alto Networks CLAW forwarding capability provides rapid onboarding as agencies begin moving to approved cloud-based TIC solutions. And, if you implement Prisma Access, you’ll get the added benefit of using the only Zero Trust Network Access (ZTNA) 2.0 solution currently available on the market.

Palo Alto Networks pioneered and recently introduced ZTNA 2.0. ZTNA 2.0 addresses the deficiencies of legacy ZTNA approaches for securing remote and hybrid workforces by connecting all users and apps with fine-grained access controls and providing behavior-based continuous trust verification after users connect. This reduces the attack surface dramatically. ZTNA 2.0 can also make the transition to a broader Zero Trust architecture easier. (Read more about ZTNA in the public sector.)

What Does This Mean for Departments and Agencies?

For federal civilian departments and agencies, our established CLAW forwarding capability means you have several capabilities:

  • Use the FedRAMP Moderate Authorized Palo Alto Networks Prisma Access Secure Access Service Edge (SASE) solution as you work to modernize your IT and accelerate the adoption of a Zero Trust architecture. This enables you to meet aggressive timelines outlined in a U.S. Office of Management and Budget (OMB) memo released earlier this year.
  • Use Prisma Access to comply with CISA’s Trusted Internet Communications (TIC) 3.0 guidance. TIC 3.0, which is the latest version of CISA’s TIC program, is meant to help agencies secure federal data, networks and boundaries. This is done while providing visibility into agency traffic, including cloud communications.
  • Meet National Cybersecurity Protection System (NCPS) requirements to implement reporting patterns and maintain telemetry sharing with CISA as your organization moves to TIC 3.0 services. CISA analysts use this data for 24/7 situational awareness, analysis and incident response.

According to CISA, when agencies move toward TIC 3.0 use cases, some network traffic no longer traverses traditional NCPS sensors, which means security information about that traffic is no longer captured by NCPS. Traditional NCPS sensors, located at TIC and Managed Trusted Internet Protocol Service (MTIPS) gateways, capture security information as traffic passes between the agency and the internet.

With a secure connection between Palo Alto Networks Cortex Data Lake and CLAW, federal civilian departments and agencies can send telemetry directly to CLAW through Prisma Access. The Cortex Data Lake, which provides cloud-based, centralized log storage and aggregation for Prisma Access, collects, transforms and analyzes enterprise data, and then pushes log data to CLAW from cloud services.

Learn More about Prisma Access

Palo Alto Networks Prisma Access is part of a suite of FedRAMP Authorized, cloud-delivered services that are helping U.S. agencies modernize IT and cybersecurity. Find out how this solution and our other FedRAMP Authorized cloud services, including Cortex Data Lake, can help federal civilian departments and agencies secure their networks and remote and hybrid workforces. Or contact our federal team to request a meeting.

Also, be sure to visit our Zero Trust for public sector page to learn how Palo Alto Networks is helping organizations in the public sector to accelerate their Zero Trust journey.

Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.