Advanced attackers increasingly use targeted, stealthy, persistent methods to evade traditional security measures. Indicators of compromise (IoCs) don’t necessarily present themselves in one static location. Correlating logs from different security technologies takes time and resources you cannot afford to spend.

Our automated correlation engine brings the power of our threat research to your fingertips. How? By continuously scrutinizing isolated events across multiple logs and log types on the firewall and correlating indicators of compromise across your network, which might be overlooked if analyzed by themselves against surface infections.

Connect the Dots Automatically

The automated correlation engine includes correlation objects defined by our threat research team, Unit 42, as well as from previously unknown threats observed by WildFire™ cloud-based malware analysis. These objects identify suspicious traffic patterns or sequences of events that indicate compromise.

Correlation objects trigger correlation events when they match on malicious traffic patterns and network artifacts to alert you to compromised hosts on your network, giving you the ability to detect compromised hosts automatically, so you can remediate quickly and prevent the spread of infection.

 

Identify Infection in Time to Stop It

The manual work needed to identify and confirm compromised host activity can take valuable hours if not days. It’s like finding the needle in the haystack. Sometimes, suspicious behaviors are overlooked because they don’t indicate compromise by themselves, and correlating other suspicious behaviors on the network may require hours of investigation.

The automated correlation engine does this work for you by automatically identifying compromised host activity in your network within minutes, empowering your team to spend less time manually mining data and more time proactively securing your organization.


 

What is a denial of service attack (DoS) ?

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users by flooding it with traffic.
  • 2
  • 54907

What is an Intrusion Prevention System?

An Intrusion Prevention System (IPS) is a network security prevention technology that examines network traffic flow to detect and prevent vulnerability exploits
  • 4
  • 105802

Product Summary Specsheet

Key features, performance capacities and specifications for all Palo Alto Networks firewalls.
  • 85
  • 234786

What is a Zero Trust Architecture?

Businesses who want to prevent the exfiltration of sensitive data and improve their defense against modern cyber threats can consider a Zero Trust architecture.
  • 1
  • 37408

What is Cybersecurity?

Cybersecurity refers to the preventative techniques used to protect the integrity of networks, programs and data from attack, damage, or unauthorized access.
  • 4
  • 80143

PA-5200 Series Datasheet

Palo Alto Networks® PA-5200 Series of next-generation firewall appliances is comprised of the PA-5280, PA-5260, PA-5250 and PA-5220.
  • 21
  • 86987