• Sign In
    • Customer
    • Partner
    • Employee
    • Research
  • Create Account
  • EN
  • magnifying glass search icon to open search field
  • Get Started
  • Contact Us
  • Resources
  • Get support
  • Under Attack?
Palo Alto Networks logo
  • Products
  • Solutions
  • Services
  • Partners
  • Company
  • More
  • Sign In
    Sign In
    • Customer
    • Partner
    • Employee
    • Research
  • Create Account
  • EN
    Language
  • Get Started
  • Contact Us
  • Resources
  • Get support
  • Under Attack?
  • Unit 42 Threat Intelligence

Palo Alto Networks Introduces Cortex XSOAR, Redefines Security Orchestration and Automation with Integrated Threat Intel Management

Palo Alto Networks Santa Clara, CA Feb 24, 2020 at 05:00 AM
Cortex XSOAR simplifies security operations by unifying threat intelligence management with playbook-driven automation

SANTA CLARA, Calif., Feb. 24, 2020 /PRNewswire/ -- Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, today introduced Cortex™ XSOAR, an extended security orchestration, automation and response platform that empowers security leaders with instant capabilities against threats across their entire enterprise. Cortex XSOAR is an evolution of the Demisto® platform, which was acquired by Palo Alto Networks in March 2019.

Palo Alto Networks is redefining the security orchestration, automation and response category by making threat intelligence management a core component. By tightly integrating threat intelligence management with SOAR capabilities — such as unified case management, automation and real-time collaboration — customers are now able to fully operationalize threat feeds. 

"Customers are facing an overwhelming volume of alerts, threat intel sources, and security tasks," says Lee Klarich, chief product officer for Palo Alto Networks. "Both SOAR and threat intelligence management have developed over recent years as tools to help them, but existing product silos have led to even more manual work. Bringing threat intel data into Cortex XSOAR means security orchestration just got simpler for the customer. It makes no sense to have SOAR without native threat intel."

"The integration of threat management into security orchestration and automation is an inevitable evolution for improving security operations," notes Jon Oltsik, senior principal analyst and fellow at the Enterprise Strategy Group (ESG). "Cortex XSOAR brings the right pieces together. Until now, operationalizing vital threat intelligence data has been difficult or even impossible as it requires time, experience, and resources that are beyond the capabilities of many organizations. A platform like Cortex XSOAR acts as a security operations and analytics platform architecture, or SOAPA, for analyzing and operationalizing cyber threat intelligence. The benefit? Bringing the value of threat intel to the masses." 

With Cortex XSOAR, customers are able to:

  • Standardize and automate processes for any security use case: Easily automate hundreds of security use cases with playbooks that orchestrate response actions across more than 350 third-party products.
  • Adapt to any alert with security-focused case management: Accelerate incident response by unifying alerts, incidents and indicators from any source within a single case management framework.
  • Boost SecOps efficiency with real-time collaboration: Facilitate investigations across teams via a virtual War Room with built-in ChatOps and command line interface to execute commands across the entire product stack in real time.
  • Take action on threat intelligence with confidence and speed: Take full control of threat data by aggregating disparate sources, customizing and scoring feeds, and matching indicators against a customer's specific environment, as well as leveraging playbook automation to drive instant action.

"Threat intelligence without context is just threat data. In order for threat intelligence to be of use, the original context of the threat intel has to be applied appropriately and mapped to internal incidents and policies," says Michael Poddo, director, Cyber Threat Analysis & Response, Emerson. "However, doing this at scale and speed to keep pace with real-time threat feeds is tough without automation. SOAR applied to threat intelligence can help fully integrate it into all aspects of your incident response program."

Cortex XSOAR will replace Demisto by Palo Alto Networks, subsuming and extending existing platform capabilities. Demisto customers will be migrated to Cortex XSOAR upon general availability, expected in March 2020, with an option to evaluate the new Threat Intel Management module at no additional cost.

For more information:

  • Join the Palo Alto Networks Cortex XSOAR webcast on April 7.
  • Visit the blog for additional details on Cortex XSOAR and the Cortex XSOAR ecosystem.

About Palo Alto Networks
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit www.paloaltonetworks.com.

Palo Alto Networks, Cortex, Demisto, and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners.

 

Palo Alto Networks logo (PRNewsFoto/Palo Alto Networks, Inc.) (PRNewsfoto/Palo Alto Networks, Inc.)

 

SOURCE Palo Alto Networks, Inc.

Article

What is a denial of service attack (DoS) ?

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users.
December 13, 2022

Datasheet

PA-400 Series

Palo Alto Networks PA-400 series ML-Powered NGFW (PA-460, PA-450, PA-440) brings Next Generation Firewall capabilities to distributed enterprise branch offices, retail locations, and midsize businesses.
November 16, 2022

Article

What Is SASE?

Secure access service edge, or SASE (pronounced “sassy”), is an emerging cybersecurity concept. It is the convergence of wide area networking.
August 24, 2022

Article

What is a Zero Trust Architecture

Zero Trust has become one of cybersecurity’s most used buzzwords. It’s imperative to understand what Zero Trust is, as well as what Zero Trust isn’t.
December 15, 2022

Datasheet

PA-3400 Series

Palo Alto Networks PA-3400 Series ML-Powered NGFWs—comprising the PA-3440, PA-3430, PA-3420 and PA-3410—target high-speed internet gateway deployments. PA-3400 Series appliances secure all traffic, including encrypted traffic, using dedicated processing and memory for networking, security, threat prevention, and management.
January 23, 2023

Article

What Is Web Application and API Protection?

Web application and API (Application Program Interfaces) protection is a set of development, integration, and deployment practices that reduces the exposure to known vulnerabilities and denial-of-service attacks.
December 8, 2022

Get the latest news, invites to events, and threat alerts

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.

black youtube icon black twitter icon black facebook icon black linkedin icon
  • USA (ENGLISH)
  • AUSTRALIA (ENGLISH)
  • BRAZIL (PORTUGUÉS)
  • CANADA (ENGLISH)
  • CHINA (简体中文)
  • FRANCE (FRANÇAIS)
  • GERMANY (DEUTSCH)
  • INDIA (ENGLISH)
  • ITALY (ITALIANO)
  • JAPAN (日本語)
  • KOREA (한국어)
  • LATIN AMERICA (ESPAÑOL)
  • MEXICO (ESPAÑOL)
  • SINGAPORE (ENGLISH)
  • SPAIN (ESPAÑOL)
  • TAIWAN (繁體中文)
  • UK (ENGLISH)

Popular Resources

  • Blog
  • Communities
  • Content Library
  • Cyberpedia
  • Event Center
  • Investors
  • Products A-Z
  • Tech Docs
  • Unit 42
  • Sitemap

Legal Notices

  • Privacy
  • Trust Center
  • Terms of Use
  • Documents

Popular Links

  • About Us
  • Customers
  • Careers
  • Contact Us
  • Manage Email Preferences
  • Newsroom
  • Product Certifications
Report a Vulnerability
Create an account or login

Copyright © 2023 Palo Alto Networks. All rights reserved