Advanced attackers increasingly use targeted, stealthy, persistent methods to evade traditional security measures. Indicators of compromise (IoCs) don’t necessarily present themselves in one static location. Correlating logs from different security technologies takes time and resources you cannot afford to spend.

Our automated correlation engine brings the power of our threat research to your fingertips. How? By continuously scrutinizing isolated events across multiple logs and log types on the firewall and correlating indicators of compromise across your network, which might be overlooked if analyzed by themselves against surface infections.

Connect the Dots Automatically

The automated correlation engine includes correlation objects defined by our threat research team, Unit 42, as well as from previously unknown threats observed by WildFire™ cloud-based malware analysis. These objects identify suspicious traffic patterns or sequences of events that indicate compromise.

Correlation objects trigger correlation events when they match on malicious traffic patterns and network artifacts to alert you to compromised hosts on your network, giving you the ability to detect compromised hosts automatically, so you can remediate quickly and prevent the spread of infection.

 

Identify Infection in Time to Stop It

The manual work needed to identify and confirm compromised host activity can take valuable hours if not days. It’s like finding the needle in the haystack. Sometimes, suspicious behaviors are overlooked because they don’t indicate compromise by themselves, and correlating other suspicious behaviors on the network may require hours of investigation.

The automated correlation engine does this work for you by automatically identifying compromised host activity in your network within minutes, empowering your team to spend less time manually mining data and more time proactively securing your organization.


 

What is an Intrusion Prevention System?

An Intrusion Prevention System (IPS) is a network security prevention technology that examines network traffic flow to detect and prevent vulnerability exploits
  • 4
  • 96821

What is a denial of service attack (DoS) ?

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users by flooding it with traffic.
  • 2
  • 44360

What is Cybersecurity?

Cybersecurity refers to the preventative techniques used to protect the integrity of networks, programs and data from attack, damage, or unauthorized access.
  • 3
  • 73748

What is a Zero Trust Architecture?

Businesses who want to prevent the exfiltration of sensitive data and improve their defense against modern cyber threats can consider a Zero Trust architecture.
  • 1
  • 30411

PA-5200 Series Datasheet

Palo Alto Networks® PA-5200 Series of next-generation firewall appliances is comprised of the PA-5280, PA-5260, PA-5250 and PA-5220.
  • 19
  • 81163

What is a Data Center?

A data center is a facility that centralizes an organization’s IT operations and equipment, and where it stores, manages, and disseminates its data
  • 0
  • 39789