Advanced attackers increasingly use targeted, stealthy, persistent methods to evade traditional security measures. Indicators of compromise (IoCs) don’t necessarily present themselves in one static location. Correlating logs from different security technologies takes time and resources you cannot afford to spend.
Our automated correlation engine brings the power of our threat research to your fingertips. How? By continuously scrutinizing isolated events across multiple logs and log types on the firewall and correlating indicators of compromise across your network, which might be overlooked if analyzed by themselves against surface infections.
Connect the Dots Automatically
The automated correlation engine includes correlation objects defined by our threat research team, Unit 42, as well as from previously unknown threats observed by WildFire™ cloud-based malware analysis. These objects identify suspicious traffic patterns or sequences of events that indicate compromise.
Correlation objects trigger correlation events when they match on malicious traffic patterns and network artifacts to alert you to compromised hosts on your network, giving you the ability to detect compromised hosts automatically, so you can remediate quickly and prevent the spread of infection.