😊 **XSIAM for Cloud**：Cortex XSIAM for Cloud提供了原生云检测和响应功能，为安全运营团队提供跨企业和云环境的整体视图。它利用相同的界面、后端、AI和自动化引擎，为企业和云环境提供统一的SOC平台。XSIAM for Cloud包含三个主要创新： * **全面UI和工作流程**：在Cortex XSIAM的统一平台中，SOC分析师可以使用新的云命令中心，全面了解云资产。这使安全团队能够快速识别和响应云威胁。 * **扩展的安全代理**：扩展版的Cortex XDR®代理将Cortex的最佳运行时安全和威胁防护与Prisma® Cloud强大的漏洞和安全合规管理功能结合，提供完整的云检测和响应解决方案。这种新功能不仅消除了对两个代理的需求，而且还显著提高了可见性，同时简化了整个安全计划的部署和运营。 * **与Prisma Cloud的原生集成**：新的Prisma Cloud集成通过更广泛的上下文和关于云资产的安全态势信息，进一步丰富了云SOC提供的功能，以便进行详细的事件分组和更便捷的导航。

😎 **XDR 3.10**：Cortex XDR 3.10在领先的扩展检测和响应的基础上，提供了超越其他传统终端安全解决方案的功能。安全运营分析师现在可以更有效地管理终端应用程序漏洞、防御移动设备威胁、简化取证调查、在云中调查和响应事件，所有这些都在一个统一的XDR解决方案中完成。 * **扩展的安全代理**：随着云采用率的飙升，可见性和合规性虽然必要，但对于全面云安全来说已经不再足够。云服务的动态和分布式性质，以及快速变化的步伐，带来了新的挑战，需要更强大和主动的安全措施。单一代理解决方案提供完整的安全覆盖范围，包括漏洞管理和合规性执行，它与现有安全基础设施无缝集成，提供对云资产的增强可见性，并简化SOC操作。 * **增强的主机洞察力漏洞评估**：软件漏洞仍然是安全事件的主要攻击途径，在2023年Unit 42的案例中，软件漏洞占初始访问点的38.60%。安全团队需要一种方法来盘点终端软件、识别漏洞并快速修补漏洞。 * **取证模块v.2**：当发生安全事件时，分析师需要一种方法来有效地管理调查、保存取证文物并进行分析，以确定到底发生了什么。此过程通常涉及使用一个工具收集取证数据，然后使用完全不同的工具集进行分析。这会减缓调查过程，造成大量手动工作和管理负担，例如在日志中跟踪证据来源。 * **iOS恶意软件配置文件**：员工越来越多地依赖手机来查看电子邮件、浏览网站和共享信息。他们面临着来自网络钓鱼攻击、恶意网站和未经授权的应用程序使用的更大风险。因此，安全团队的任务是保护这些设备上的业务数据和系统。Cortex XDR对移动设备的保护已通过两个新的安全模块提升了iOS保护。

🥳 **Xpanse 2.5**：Cortex Xpanse推出了攻击面测试功能，提供更全面、自动化的漏洞检测。攻击面测试运行非侵入性的、良性的漏洞利用，并获得明确的用户授权，以确认组织服务中的漏洞。它允许安全团队提高扫描频率和覆盖率，在不影响网络性能的情况下进行特定于服务的测试，并更有效地优先处理漏洞。 * **攻击面测试**：随着客户攻击面的不断扩大，我们发现传统的漏洞测试不足以保护其组织的外部资产。传统的漏洞管理（VM）工具缺乏对已知和未知外部资产的全面清单。这意味着外部漏洞测试既不完整，又是手动的，因此也不经常进行。 * **每日测试**：作为Cortex Xpanse攻击面测试 (AST) 的一部分，测试每天运行。 * **自动化的漏洞分析**：Xpanse 2.5 还具有自动化的漏洞分析功能，可以帮助安全团队快速识别和修复高风险漏洞。

Tackling Diverse SecOps Challenges Simultaneously

Security operations teams are tasked with solving a variety of different challenges. They face the complexities of protecting growing and dynamic cloud environments; investigating and resolving security incidents quickly; proactively managing risks, preventing the next major breach; and so much more.

At Palo Alto Networks, we’re committed to helping our customers tackle all of these challenges with a unified AI-based security platform. With the latest release across Cortex products, we’re solving a diverse set of challenges in security operations, all at once.

XSIAM 2.2: Delivering XSIAM for Cloud to security operations teams.XDR 3.10: Expanding beyond traditional endpoint security.Xpanse 2.5: Confirming attack surface vulnerabilities for high-precision prioritizationXSOAR 8.6: Automating security operations from anywhere.Unit 42 MDR: Delivering MDR for Cloud

XSIAM 2.2: Delivering XSIAM for Cloud to Security Operations Teams

Cloud security presents a distinct challenge since it is often performed separately from traditional security operations. Security operations teams commonly lack visibility into cloud-specific data, relying on security tools that weren't designed for the cloud. These tools commonly don't understand how applications are architected for the cloud, the unique aspects of cloud attacks, or what the SOC analyst needs to respond to in real time.

As organizations increasingly migrate to the cloud, bridging this divide between cloud and on-premises security operations becomes paramount to ensure comprehensive protection against evolving cyber threats.

XSIAM for Cloud

We’re tackling these problems with Cortex XSIAM for Cloud, which provides native cloud detection and response capabilities as part of the Cortex XSIAM AI-powered platform. It provides SecOps teams with a holistic view across their enterprise and cloud environments, and it leverages the same frontend, backend, AI and automation engines that made XSIAM so successful. For the first time, security teams have a purpose-built SOC platform for all SecOps’ needs, in both the enterprise and the cloud.

There are three innovations that underpin XSIAM for Cloud:

Comprehensive UI and Workflows: Within the same unified platform for enterprise security in Cortex XSIAM, SOC analysts can now utilize a new Cloud Command Center for complete visibility into cloud assets. This visibility enables security teams to identify and respond to cloud threats quickly.An Expanded Security Agent: An expanded version of the Cortex XDR® Agent augments Cortex's best-in-class runtime security and threat protection with Prisma® Cloud's powerful vulnerability and security compliance management capabilities to deliver a complete Cloud Detection and Response solution. These new capabilities not only eliminate the necessity for two agents but also significantly enhance visibility while streamlining deployment and operations across the entirety of a security program.Native Integration with Prisma Cloud: The new Prisma Cloud integration further enriches the capabilities delivered through the cloud SOC with broader context and security posture information about cloud assets for detailed incident grouping and more straightforward navigation.

Cloud Command Center in Cortex XSIAM

Cloud Command Center in Cortex XSIAMDave Gruber, Principal Cybersecurity Analyst at Enterprise Strategy Groups said:

Our research shows that 89% of SOC teams either play a major role or have complete ownership of cloud security operations. Yet current SOC tools often fall short in providing the level of visibility and context needed to support cloud investigations. The addition of native, cloud SecOps capabilities within Cortex XSIAM narrows this gap, enabling cloud and security teams to work more collaboratively to see, understand and mitigate attacks involving cloud resources.

XDR 3.10: Expanding Beyond Traditional Endpoint Security

Cortex XDR 3.10 builds on leading extended detection and response with enhanced capabilities that go beyond other traditional endpoint security solutions. Security operations analysts can now more effectively manage endpoint application vulnerabilities, defend against mobile device threats, streamline forensic investigations, investigate and respond to incidents in the cloud, all within one unified XDR solution.

Expanded Security Agent

As cloud adoption soars, it becomes increasingly clear that visibility and compliance, while necessary, are no longer sufficient for comprehensive cloud security. The dynamic and distributed nature of cloud services, combined with the rapid pace of change, introduced new challenges that demand more robust and proactive security measures. A single-agent solution that offers complete security coverage, including vulnerability management and compliance enforcement, that seamlessly integrates with existing security infrastructures to provide enhanced visibility into cloud assets and streamline SOC operations.

Available in both Cortex XSIAM and Cortex XDR, the expanded security agent was designed specifically for cloud environments, combining Prisma Cloud's powerful vulnerability and compliance management capabilities with Cortex's best-in-class runtime security and threat protection. SOC teams no longer need to navigate through multiple tools to understand what is happening. The new agent ensures real-time monitoring and response, collecting logs, metrics and events that are complemented by broad agentless telemetry and rich automation tools integrated into the existing cloud infrastructure. Collectively, these capabilities deliver a true real-time Cloud Detection and Response solution that would be impossible with agentless-only products.

Enhanced Vulnerability Assessment with Host Insights

Software vulnerabilities continue to be the top vector of compromise for security incidents, representing 38.60% of the initial access points in Unit 42 cases in 2023. Security teams need a way to inventory endpoint software, identify vulnerabilities, and patch them quickly.

With Cortex XDR 3.10, the Host Insights module now uses an enhanced vulnerability assessment engine to identify both OS-level and application-level CVEs. With this updated approach, customers can better prioritize and address vulnerabilities quickly, before they become a potential security issue.

Forensic Module v.2

When a security incident happens, analysts need a way to manage investigations effectively, preserve forensic artifacts and perform analysis to figure out exactly what happened. This process generally involves collecting forensic data with one tool and then analyzing it with a completely different set of tools. This slows down the investigative process with much manual work and administrative burdens like tracking evidence sources in a log.

With a completely revamped Cortex XDR Forensics Module, investigations just got a lot easier. This update significantly expands the Forensics Add-on, offering a unified solution for collecting, tracking and analyzing forensic data. Designed to align with user workflows and enhance ease of use, the module facilitates streamlined data collection, grouping and analysis without needing a secondary agent. Users can create and manage separate investigations, control custom access permissions, and hunt threats using historical artifacts.

iOS Malware Profiles

Employees increasingly rely on their phones to check email, browse websites, and share information. They are facing a greater risk from phishing attacks, malicious websites and unauthorized app usage. As a result, security teams are tasked with protecting business data and systems on these devices. Cortex XDR protection for mobile devices has elevated iOS protection with two new security modules.

Safari Safeguard: This module provides BYOD users with a safer browsing experience and enhanced protection against phishing attacks and malicious websites.Network Shield: For enterprise-supervised iOS devices, this module provides granular control over web usage. It allows for limiting network access to unsanctioned iOS apps, as well as automatic filtering of malicious URL access.

Unit 42: Delivering Managed Detection and Response (MDR) for Cloud

For customers who want to augment their new cloud security capabilities with managed detection and response services, Unit 42 now delivers 24/7/365 managed services for the expanded security agent. Our Unit 42 Managed Detection and Response (MDR) service offers a dedicated team of world-class analysts, threat hunters and researchers to investigate and respond to attacks on behalf of customers. This allows security operations teams to concentrate on more strategic tasks.

Xpanse 2.5: Confirming Attack Surface Vulnerabilities for High-Precision Prioritization

As our customers’ attack surfaces continue to grow, we’ve seen that traditional vulnerability testing is insufficient to secure their organization’s externally-facing assets. Conventional Vulnerability Management (VM) tools lack a comprehensive inventory of known and unknown external assets. This means that external vulnerability testing is incomplete as well as manual, and, consequently, infrequent.

Attack Surface Testing

To address this challenge, Cortex Xpanse has introduced Attack Surface Testing, which provides more comprehensive and automated vulnerability detection. Attack Surface Testing runs unintrusive, benign exploits with explicit user authorization to confirm vulnerabilities in the organization's services. It allows security teams to enhance scan frequency and coverage, perform service-specific testing without affecting network performance, and prioritize vulnerabilities more effectively.

In addition to this, Xpanse 2.5 also has a host of other new capabilities to help organizations shrink and secure their attack surface. Read the latest Xpanse blog to learn more.

XSOAR 8.6: Automating Security Operations from Anywhere

Security automation is crucial to improving operational efficiency and driving faster and more complete security outcomes. In 2023, we introduced Cortex XSOAR 8, delivered as a SaaS solution to provide greater performance, scalability and reliability. However, customers that require on-premises deployments have not been able to take advantage of all of XSOAR 8's advanced automation capabilities, until today.

XSOAR 8 for On-Premises

We are pleased to announce that XSOAR 8 now supports on-premises deployments. New customers who require an on-premises deployment for policy or regulatory reasons can now take advantage of the latest features of Cortex XSOAR.

Cortex XSOAR on-premises is available as a virtual appliance designed for deployment within an organization's data center. This ensures that all customers have access to the advanced new platform and features of Cortex XSOAR 8, regardless of their deployment location.

The enhanced features and capabilities listed here are just the tip of the iceberg for what we’ve packed into this Cortex release across XSIAM, XDR, Xpanse and XSOAR.

To learn more about these and other innovations from Cortex, register to attend Symphony 2024. At this annual Cortex event, we dive into the latest threat trends and how we’re transforming security operations and threat protection.

The post What’s Next in Cortex — XSIAM for Cloud and Other Innovations appeared first on Palo Alto Networks Blog.