Palo Alto reveals latest edition of Cortex XSIAM

Palo Alto Networks has unveiled Cortex XSIAM 3.0, the next evolution of its SecOps platform.

According to the company, the Cortex XSIAM 3.0 is strengthened with proactive exposure management and advanced email security, enabling customers to further consolidate on Cortex for significantly better, faster and more cost-effective security operations.

Cortex XSIAM

Three years ago, Palo Alto Networks introduced Cortex XSIAM, which consolidates and normalises cybersecurity data to fuel advanced, real-time analytics and automation, making disjointed point products obsolete.

The company states that the Cortex XSIAM 3.0 continues its disruption of the security operations market by upending old approaches to vulnerability management and email security.

It further expands the scope of the SOC from reactive to proactive security to prevent breaches before they happen, in addition to its current powerful incident response capabilities.

“Unprecedented risk reduction”

Gonen Fink, SVP of Products, Cortex at Palo Alto Networks explained: “Cortex XSIAM harnesses the power of the world’s largest and most comprehensive set of security data to transform our customers’ ability to rapidly counter evolving attacks with advanced AI and automation.

“This expansion of our ground-breaking SecOps platform merges best-in-class reactive with proactive security measures, allowing customers to achieve unprecedented risk reduction across their entire enterprise, from code to cloud to SOC,” Fink added.

Exposure management and email security

The company says that the Cortex XSIAM 3.0 will enable customers to stop attacks at scale using AI-driven threat defense with Cortex Exposure Management and Advanced Email Security.

Cortex Exposure Management

With Cortex Exposure Management, the company claims that users can cut vulnerability noise by up to 99% with AI-driven prioritisation and automated remediation spanning the entire enterprise. Users are able to:

• See every exposure – uncover risks with a unified solution spanning native network, endpoint and cloud scanners — extended with integration from any third-party source
• Cut alert noise based on actual risk, not compliance – use AI to prioritise high-risk, exploitable vulnerabilities with no compensating controls, eliminating false alarms
• Close the loop with industry-leading automation to prevent future attacks – create new protections for critical risks in native network, endpoint and cloud security solutions. Automate remediation across first and third-party tools with playbook automation

Cortex Advanced Email Security

Palo Alto Network highlights that with the use of Cortex Advanced Email Security, user can stop sophisticated email-based attacks missed by other solutions with advanced AI and automation. Users are able to:

• Outsmart GenAI-powered threats – detect advanced phishing and email-based threats based on attacker intent with LLM-powered analytics that continuously learn from emerging threats.
• Stop attacks in real time with built-in automation – automatically remove malicious emails, disable compromised accounts and isolate affected endpoints with best-in-class workflow automation.
• Extend industry-leading detection and response with complete email context: Correlate email, identity, endpoint and cloud data for unparalleled visibility into the full attack path for effective incident response.

“Remarkable efficiencies”

Chris DeBrunner, VP of Security Operations, CBTS explained: “The transition to Cortex XSIAM has transformed our SOC operations at CBTS.

“Previously, we struggled with alert fatigue due to multi-console complexity, multiple data sources, disparate vendors and labour-intensive tasks.”

Debrunner continued: “With the consolidation of major security capabilities into one platform, we have achieved remarkable efficiencies.

“Our incident close-out rate has reached 100%, and we have significantly reduced our median time to resolution (MTTR) from days to, in some cases, seconds.

“The automation provided by XSIAM has been crucial in managing the alert overwhelm we faced, making our team more effective and less error-prone,” he concluded.

“Set an example for other states to follow”

Chase Hymel, CISO, State of Louisiana commented: “Discovering the capabilities of Cortex XSIAM was a game-changer for the State of Louisiana.

“It’s helped us to modernise our security infrastructure and set an example for other states to follow. By adopting XSIAM, we have significantly improved threat visibility and response effectiveness.

“Cortex XSIAM has allowed us to consolidate our security tools into one integrated platform, enhancing our security operations and protecting citizen data effectively.”

Hymel concluded: “We have reduced MTTR from over 24 hours to under two minutes and automated the resolution of 86% of incidents.”