Cortex XSOAR simplifies security operations by unifying threat intelligence management with playbook-driven automation
Palo Alto Networks introduced Cortex XSOAR, an extended security orchestration, automation and response platform that empowers security leaders with instant capabilities against threats across their entire enterprise. Cortex XSOAR is an evolution of the Demisto platform, which was acquired by Palo Alto Networks in March 2019.
Palo Alto Networks is redefining the security orchestration, automation and response category by making threat intelligence management a core component. By tightly integrating threat intelligence management with SOAR capabilities — such as unified case management, automation and real-time collaboration — customers are now able to fully operationalize threat feeds.
“Customers are facing an overwhelming volume of alerts, threat intel sources, and security tasks,” says Lee Klarich, chief product officer for Palo Alto Networks. “Both SOAR and threat intelligence management have developed over recent years as tools to help them, but existing product silos have led to even more manual work. Bringing threat intel data into Cortex XSOAR means security orchestration just got simpler for the customer. It makes no sense to have SOAR without native threat intel.”
With Cortex XSOAR, customers are able to:
- Standardize and automate processes for any security use case: Easily automate hundreds of security use cases with playbooks that orchestrate response actions across more than 350 third-party products.
- Adapt to any alert with security-focused case management: Accelerate incident response by unifying alerts, incidents and indicators from any source within a single case management framework.
- Boost SecOps efficiency with real-time collaboration: Facilitate investigations across teams via a virtual War Room with built-in ChatOps and command line interface to execute commands across the entire product stack in real time.
- • Take action on threat intelligence with confidence and speed: Take full control of threat data by aggregating disparate sources, customizing and scoring feeds, and matching indicators against a customer’s specific environment, as well as leveraging playbook automation to drive instant action.