2nd Edition

Tracking the trends and news for IT and IT Security

Paul

XSIAM Has Arrived to Revolutionize the SOC

favicon.icoXSIAM Has Arrived to Revolutionize the SOC>
Palo Alto Networks Blog – Lee Klarich
The SIEM Just Isnât Working Whatâs become increasingly clear is that SIEM just isnât working for many customers: they complain itâs too expensive, too hard to manage, too hard to operate, and it fails at the most important task â helping stop threats and keep organizations safe.

Whenever an organization suffers an attack, they are always able to figure out what happened afterwards. They can reconstruct methods, know which systems were affected and which information was taken. But, if the data is available to understand what happened afterward, why couldnât it have been used to stop the attack in the first place. The answer, sadly, is that too many alerts and too many silos ultimately lead to too little insight. The problem is that SIEMs are built to digest and prioritize alerts, then present them to analysts for triage and investigation. But, the amount of alerts keeps growing, so the analysts simply canât keep up. Contrary to what some vendors say, this isnât a cost problem. Itâs a value problem. We believe that the only way a SOC platform can operate at todayâs scale is to completely rebuild from the ground up. So weâve done exactly that with XSIAM, the autonomous security operations platform designed to enable all customers to achieve the outcomes Palo Alto Networks does in our own SOC. How. It all comes down to data that drives analytics, automation and proactivity.

When designing XSIAM, we started with an assumption that it would have to collect massive amounts of data (more than just alerts and logs) to implement our vision for analytics. Data and Analytics: Much More Detail, Much More Insight When designing XSIAM, we started with an assumption that it would have to collect massive amounts of data (more than just alerts and logs) to implement our vision for analytics. Automation: More Than Workflow When we talk about automation, we donât just mean workflow automation, (i.e. automating what a human analyst does with an alert). We also mean native automation embedded into the product to normalize and stitch events together into an âattack story,â to create new detectors to dispatch alerts, etc. Proactivity: Actually Getting Ahead of Attacks If you were to talk to SOC analysts, many would describe their job as reactive. Analysts can actually hunt threats. They can look at the attack surface and take action to secure it before a vulnerability becomes an attack. I LeeKlarich
Link: https://live.paloaltonetworks.com/t5/blogs/xsiam-has-arrived-to-revolutionize-the-soc/ba-p/517529

Categories:

Tags: