Advanced attackers increasingly use targeted, stealthy, persistent methods to evade traditional security measures. Indicators of compromise (IoCs) don’t necessarily present themselves in one static location. Correlating logs from different security technologies takes time and resources you cannot afford to spend.

Our automated correlation engine brings the power of our threat research to your fingertips. How? By continuously scrutinizing isolated events across multiple logs and log types on the firewall and correlating indicators of compromise across your network, which might be overlooked if analyzed by themselves against surface infections.

Connect the Dots Automatically

The automated correlation engine includes correlation objects defined by our threat research team, Unit 42, as well as from previously unknown threats observed by WildFire™ cloud-based malware analysis. These objects identify suspicious traffic patterns or sequences of events that indicate compromise.

Correlation objects trigger correlation events when they match on malicious traffic patterns and network artifacts to alert you to compromised hosts on your network, giving you the ability to detect compromised hosts automatically, so you can remediate quickly and prevent the spread of infection.

 

Identify Infection in Time to Stop It

The manual work needed to identify and confirm compromised host activity can take valuable hours if not days. It’s like finding the needle in the haystack. Sometimes, suspicious behaviors are overlooked because they don’t indicate compromise by themselves, and correlating other suspicious behaviors on the network may require hours of investigation.

The automated correlation engine does this work for you by automatically identifying compromised host activity in your network within minutes, empowering your team to spend less time manually mining data and more time proactively securing your organization.


 

At a Glance Automated Correlation Engine

Palo Alto Networks Automated Correlation Engine continuously scrutinizes firewall events and correlates indicators of compromise on your network.

  • 0
  • 471