Leveraging XM Cyber’s Attack Simulation Context in Cortex XSOAR

May 05, 2021
3 minutes
... views

Security and network teams struggle with the high volume of alerts due to insufficient context and automation to help cut through the noise, especially when they lack information on how to respond and mitigate common incidents. When the SOC is unable to keep up with the volume of incoming alerts, the ability to separate low risk and high risk incidents becomes necessary to ensure the organization maintains security around critical data and devices.

Security teams simulate attacks to test signature-based security controls and overall system response. It is imperative for attack simulations to reflect your environment and prioritize real exposures in your network. To best leverage remediation techniques, your security team needs to fully understand the context of the attack.

To help security teams understand their alerts and test security controls, the XM Cyber content pack, available in the Cortex XSOAR Marketplace, automates continuous discovery of network exposures and simulates new attack paths to critical assets within Cortex XSOAR.

 

Let’s take a look at how this combination can help your security program

 

Together, XM Cyber and Cortex XSOAR enable your security and IT Teams to chart the attack paths associated with new exploits and identify the impacted assets. XM Cyber provides a graphic representation of the attack steps with the ability to drill down from each stage to the remediation context, and prioritization information needed to respond quickly and effectively.

Figure 1: XM’s Cyber “Battleground” appears a bit like a combat wargaming model, with geometrical shapes representing assets and arrows representing threats. This simulation has a movie-like feel and users can control it by using fast-forward, rewind and pause. When an asset is breached, users can see all paths taken by the simulated hacker and the vulnerabilities exploited along those paths. All of this is informed by data ingested from the network XM is protecting. Once tests are finished, XM ranks vulnerabilities based on importance and ease of remediation.

Figure 1: XM’s Cyber “Battleground” appears a bit like a combat wargaming model, with geometrical shapes representing assets and arrows representing threats. This simulation has a movie-like feel and users can control it by using fast-forward, rewind and pause. When an asset is breached, users can see all paths taken by the simulated hacker and the vulnerabilities exploited along those paths. All of this is informed by data ingested from the network XM is protecting. Once tests are finished, XM ranks vulnerabilities based on importance and ease of remediation.

 

Enrich Cortex XSOAR workflows with XM Cyber contextual attack information

 

Your analysts rely on Cortex XSOAR for the best security incident orchestration possible. By adding the XM Cyber Attack-Centric Exposure Prioritization Platform (ACEPP) content pack, your team will gain insightful information for each incident, including:

  • Detailed information on the prioritized risk of business critical assets
  • Identification of key assets centralized between many attack paths
  • Contextual insight on the operating exploit or attack agent, including a list of assets that may be directly or indirectly compromised
  • Remediation advice ranked in order of importance that requires minimal effort from your security team

Effective exposure risk management requires context for the highest level of remediation. Increase your teams efficacy against attacks, with the ability to continuously calculate every possible attack path and leverage a visual representation that includes critical asset details and attacker techniques. By applying actual risk factors associated with your live environment,  your security and IT operations teams can improve the speed at which they are able to identify and remediate the right risks in the right order. Utilize the integrated content pack for XM Cyber with Cortex XSOAR to increase the efficiency of your team and strengthen the security posture of your organization.

 

Learn more

 

Build out your security ecosystem with the XM Cyber content pack, available now on the Cortex XSOAR Marketplace. Learn about and leverage over 650 different integrations for the market leading security orchestration, automation, and response (SOAR) platform.

Click here to find out more about XM Cyber.

Don’t have Cortex XSOAR? Download the Community Edition to get started.

 


Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.