DutchEnglish

Blog

Palo Alto Cortex XDR: IT Security with people skills

May 13, 2022

Frank Kemeling

Senior Security Officer and Ethical hacker at Aumatics.

IT Security is under pressure. Palo Alto Cortex XDR has an effective weapon against threats, thanks to AI (Artificial Intelligence) at the endpoint level. Senior Security Officer Frank Kemeling uses Palo Alto Cortex XDR for Aumatics customers and explains how the detection system makes the difference.

Suppose ransomware tries to get in. That will happen today or tomorrow. If IT Security is in order, alarm bells will go off and the attack will be repelled. Great, it works.

Good news, you might say.

But now the facts about IT Security in 2022. The number of attacks increased by 40% last year. Add this to the increased number of notifications about mandatory updates and patches. And if systems overlap in detection, you get two or more notifications about the same action or event. Alarm bells keep going off in the IT department.

Is the workload high in the IT department? Has a chain of tools and suppliers been built up over the years and has the cohesion disappeared? Is there understaffing due to IT vacancies? Who says something is done with a threat? And when? And is that on time?

The IT department is thus helped with simplicity, overview and intelligent detection and fast action.

Palo Alto Cortex XDR: AI-powered Detection

That requires a different approach. Palo Alto Cortex XDR is a detection and response system that acts on the basis of AI (Artificial Intelligence) at the endpoint level.

In this blog we explain the advantages of the relatively new strategy of Palo Alto Cortex XDR. The system can reduce the number of notifications by 98%. In almost half of the cases, human action is no longer necessary. For that reason, Aumatics Cortex XDR recently introduced the platform to customers.

Time to streamline IT Security? Then this might also be the best IT Security tool for your organization.  

Endpoint Security

Endpoints: simply put: devices/equipment, such as laptops and mobile phones. These devices are at the very bottom or at the farthest point of a network. Endpoint security applies security to these physical devices, providing a proven and widely used security method.

How it goes now, and sometimes doesn't work

Endpoint virus scanners remain current because they receive continuous updates. That is, if they are also continuously updated. That dependence makes the scanners vulnerable. Palo Alto Cortex XDR takes a different approach. Successfully.

Here's how it works: traditional virus scanners need to be continuously updated to deal with the current stream of threats. Viruses and other malware have certain characteristics. They leave their fingerprints and are recognized that way. A signature. For this, the virus scanner must be in contact with a server that updates the signature database. That database ensures the match between the traffic on an endpoint and threats.

That works bijna Always good.

In recent times we have seen a large increase in the number of online threats. We are increasingly working online. This trend will continue in the coming years. So there is more and more available for malicious parties online. Money, such as cryptocurrency, but also think of confidential company information and privacy-sensitive data.

The number of attacks with ransomware, viruses and malware has increased by about 2021% in 40. Developers of IT Security software and hardware are therefore engaged in a neck-and-neck race to fend off attacks.

The method in which viruses or ransomware is detected worked well. But because the numbers have increased so much, more and more threats are still creeping in. For example, because the update of virus definitions comes too late. Viruses can even be made especially for one target.

The different approach of Cortex XDR

Palo Alto Cortex XDR is faster and more effective for a number of reasons.

The detection and response system does not act on the basis of the signatures. It analyzes threat behavior and patterns.

More and earlier detection

Palo Alto Cortex XDR would have noticed a threat or attack before because of the way it approaches your network. For example, because of the technology it uses. Or by the route that is taken before it arrives on the device. Or by the activities that are carried out to get there.

Every year, an average of 1000 new signatures of online threats are released. But in the end, these attacks use no more than 30 proven techniques. For years. These strategies basically don't change. A new one is added every ten years. A lot clearer, and therefore more manageable.  

So if you base your defense on detecting and combating these techniques, you are always up to date. And so you are more likely to be the threat.

The Palo Alto Artificial Intelligence method has another advantage. You also see these attacks coming earlier. Suppose a new threat has been unleashed on the world wide web. It will be some time before every developer of IT Security is aware.

Until then, it has free rein to penetrate. Or: it prepares for this. We call that a Zero Day Exploit. It's new, but the cure is still pending.

Palo Alto Cortex XDR will be able to identify these preparations by matching one of the 30 techniques. Even if the threat is released the same day, it will recognize the threat without prior knowledge in most cases.

Cyber ​​Security

Cyber ​​Security starts with overview and control.

Cyber ​​Security. You don't get read about it. But with reading alone, your corporate network remains a target for hackers, phishing, and ransomware.

learning moments

If you want to avoid problems in the future, you have to learn from the mistakes made. They are therefore shown more clearly than ever before. In this way, the IT department is quickly aware of where the threat came in, which path it took and what the remedy was.

Are the consequences major and is in-depth research necessary into the origin? For example, for insurance or for investigative services? The Cortex Forensics add-on collects the data in order to identify the culprit and retrieve the stolen files. Even if this tool is installed afterwards, retroactively.  

This analysis can be made because Palo Alto Cortex XDR already creates a clear picture of the complete network landscape during implementation. That happens with Host Insights. Host Insights maps your network, the equipment used, the cloud solution used, combined with an overview of identity data.

Even if you work at home on the company laptop and you were not on the screen before: even then you will be included as part of the network. This also applies to devices and, for example, firewalls and even to USB sticks. And if they appear on the radar, policy can be applied immediately.

For example, it asks the following questions:

  • Which devices are part of the network?
  • Are there devices that do not have the latest security updates?
  • Are all application settings set in such a way that they pose no risk?
  • Are threats already identified that need to be combated immediately?

After installation, the network starts with a clean slate and a clear, detailed and fine-grained IT Security policy. The result: maximum insight and, if necessary, a faster response.

Prevent 'alert fatigue' in your IT department

Is action required or already performed? Then this will be displayed in the combined overview in Cortex XDR Console. The notification, the remedy, the essentials and if you don't ask for it: then no more than that. During the development of the system, extra attention was paid to avoiding unnecessary notifications and summarizing events. Those reports will also decrease in number for the simple reason that the platform itself ensures that there is nothing to report.

After all, an attack simply has to be fought, and immediately. What is there to report? Get that stuff done! Cortex XDR will do just that. Has the threat been defused? Then that will be reported. Pro-active, without having to wait for someone from IT to watch.  

The IT department is no longer tired with nonsensical reports. This saves Palo Alto Cortex XDR on staff. In number of hours, but also in level. Cortex XDR displays notifications in such a way that every IT employee with a little level of expertise interprets the notification correctly.

Cortex XDR is therefore not just a tool. It is a platform for the detection and neutralization of all threats on your endpoints. A platform that makes all others redundant. And makes the company network as transparent as possible for the IT department.  

Palo Alto Cortex XDR; characteristics and properties

  • Behavioral Analytics Threat Protection
  • Device control with USB device management
  • Network analysis based on Artificial Intelligence  
  • Host firewall
  • Continuous thorough network inspection against intrusion
  • Disk encryption with BitLocker and FileVault
  • WildFire integration for cloud-based malware analysis
  • Kernel Protection
  • Ransomware protection module  
  • Prevention against theft of personal data  
  • Exploit protection based on techniques
  • Child process protection

.

Frank Kemeling

Senior Security Officer and Ethical hacker at Aumatics.