Palo Alto Networks adds BYOML framework to Cortex XSIAM 2.0
It used to take an attacker 44 days on average to exfiltrate data from an organization once it was compromised — now it’s a matter of hours — and with companies taking an average of 5.5 days to initially contain an incident, legacy security operations solutions no longer work.
Since its debut, Cortex XSIAM has helped customers revolutionize their security operations center (SOC). One services company improved its median time to resolution from days to minutes — 270 times faster than before.
Further improving its AI-driven security operations platform, Palo Alto Networks unveiled Cortex XSIAM 2.0, which includes a new bring-your-own machine learning (BYOML) framework.
Palo Alto Networks collects more security data than any other cybersecurity company, with more than 5 petabytes of security data ingested daily, and with more than 1 exabyte stored in total. XSIAM offers out-of-the-box AI models built for superior security analytics and protection against threats.
In addition, many mature SOCs want the ability to customize and create their own ML models. The BYOML framework makes the vast security data stored in XSIAM available for the first time. This allows security teams to create and integrate their own ML models into XSIAM to enable unique use cases like fraud detection, security research and sophisticated data visualization.
In addition to the BYOML framework, XSIAM 2.0 includes new features that enable organizations to address today’s security operations challenges through increased visibility and threat prioritization. The new XSIAM Command Center creates a seismic shift in how security teams monitor their security operations with a comprehensive view of data sources and alerts, enabling the effortless identification and prioritization of security incidents within a single unified platform.
Additionally, with the new MITRE ATT&CK Coverage Dashboard, organizations can swiftly gauge their overall defense against a broad set of threat actor tactics and techniques, channeling their efforts toward strengthening their overall security posture.
“Effective security operations are a major challenge for companies all worldwide. The speed at which attackers are moving, coupled with new regulatory requirements like the SEC Mandate requiring public companies to disclose material cybersecurity incidents within four days of discovery, make it impossible to handle cyberthreats with traditional manual approaches. Using artificial intelligence and automation, XSIAM 2.0 closes this gap by addressing operational complexity, stopping threats at scale, and speeding up incident remediation,” said Gonen Fink, SVP, Cortex products, Palo Alto Networks.
“As a solution built from the ground up with lessons learned from a suite of leading security products, XSIAM delivers a comprehensive autonomous SOC solution that scores high on a wide range of key criteria,” said Andrew Green, research analyst, GigaOm.
The outcomes achieved by XSIAM 2.0 cannot be met with multiple point products and siloed data. XSIAM converges SOC capabilities, including XDR, SOAR, SIEM and more, into a single platform to streamline security operations. It also continuously collects, stitches and normalizes raw data, all through a unified approach. Unified data, coupled with an AI-driven platform approach, is why customers have seen the following results:
- Oil and gas company: 75% reduction in incidents requiring investigation. This is from ~1,000 a day to ~250 a day, eliminating false positives and duplicates.
- Boyne Resorts: Added 20 more data sources into one platform, streamlining and improving investigations.
- Imagination Technologies: 10x improvement in incident closure rate, going from <10% to 100%.
“One of our biggest pain points is information overload. Business growth is great, but it means we have more business operations to manage, and meanwhile, the threat actors are getting more sophisticated. XSIAM is helping because it effectively lets us cut straight to the real and serious incidents that we need to focus on and we’re not wasting time on data that doesn’t need our attention,” said Paul Alexander, director of IT operations at Imagination Technologies.
“Log collection was a huge weak point for us. Our SIEM was expensive, and it was difficult to integrate sources. We were hunting down alerts that weren’t accurate; it was a hodgepodge of stuff that wasn’t correlated together. With XSIAM, we have more visibility and faster investigations. Seamless data onboarding and automation setup are game changers,” said Mike Dembek, network architect at Boyne Resorts.
XSIAM 2.0 is generally available to customers globally today.