WEBINAR - passport.exclusive-networks.it€¦ · 1| © 2020 Palo Alto Networks, Inc. All rights...

1 | © 2020 Palo Alto Networks, Inc. All rights reserved.1 | © 2020 Palo Alto Networks, Inc. All rights reserved.

WEBINARHOW TO QUOTECORTEX XDR 2.0

MANUEL MANNELLOSYSTEM ENGINEER – EXCLUSIVE [email protected]

2 | © 2020 Palo Alto Networks, Inc. All rights reserved.

AGENDA

● Portfolio rebranding

● Cortex Suite Overview

● Cortex XDR Overview

● Cortex XDR License Types

● Cortex XDR Use Cases

● Q&A


Detection & response

Automation & orchestration

Network traffic & behavioral analytics

Threat intelligence

SECURE THE FUTURE

SECURE THE CLOUD

SECURE THE ENTERPRISE

Secure access

SaaS

Public cloud

Hybrid data center

Internet Perimeter

Branch & mobile

5G & IoT

Endpoint

DATA LAKE


CORTEX SECURES THE FUTUREREWIRING SECURITY OPERATIONS


412M recordsstolen

2M recordsstolen

2.9M recordsstolen

147M recordsstolen

1998

AS THREATS ESCALATE, SECOPS IS MORE IMPORTANT THAN EVER

110M recordsstolen

2B recordsstolen

145M recordsstolen

143M recordsstolen

47M182M

600M

925M +

Morris Worm

Space agencybreach

134M credit cards stolen

150M recordsstolen

500M guest recordsstolen

77M recordsstolen

New Malicious programs registered




200M recordsstolen

95M recordsstolen

1.6M recordsstolen

Present20162013201020072004

Malicious codeTrojansWormsViruses

Identity theftPhishing

Mobile viruses

DNS attacksBotnets

SabotageAnti-spam

SQL attacks

Social engineeringDDos attacks

Malicious emailRansomware Botnets

Banking malwareKeyloggers

RansomwareBotnets

RansomwareCryptominer

Certificate attacksBitcoin walletAndroid hacksInsider threats

Cyberwarfare Fileless attacks

Automated & AI attacksCloud migration

S3 buckets


WHY DO SECURITY TEAMS STRUGGLE?

Too much noise(a.k.a alert fatigue)

Too many productsto piece together an incident

Too many manual, repetitive

actions


Low (Reactive) Medium High (Proactive)Maturity

Detection RULE-BASED CORRELATED RULE-BASED ANALYTICS-BASED

Context LOG AGGREGATION SILOED DATA COLLECTION INTEGRATED RICH DATA

Automation NONE PARTIAL FULL

EFFICIENCY

MTTR/MTTD & RISK

HOW SECOPS MUST TRANSFORM TO REDUCE RISK


OUR UNIQUE APPROACH WITH CORTEX

GOOD DATA

ANALYTICS

AUTOMATION

PROACTIVE RESPONSE



KEY DIFFERENTIATORS: GAIN ENTERPRISE-SCALE VISIBILITY

CORTEX Data Lake

Network Endpoint Cloud Third-Party Data


Our Approach: Breaking down data and product silos

Prevention, Detection and Response Across Endpoint, Network & Cloud Data

EPP

EDR UBA

NTA

Endpoint Protection

Network Traffic Analysis

User BehaviorAnalytics

Endpoint Detection &

Response


KEY DIFFERENTIATOR: SUPERCHARGE INVESTIGATION & RESPONSE

Unified Incident Engine

Intelligently group related alerts into one incident

Automated Root Cause Analysis

Reveal the root causeof attacks in one click

IntegratedResponse

Quick actions to contain attacks or run custom

forensics


CORTEX XDR MITRE ATT&CK COVERAGE

PALO ALTO NETWORKS

88%Cybereason

78%Microsoft

77%CrowdStrike

77%SentinelOne

74%Endgame

74%Carbon Black

74%FireEye

70% Countertack

57%RSA

55%

Scored higher than all other

vendors with 93% fewer misses

Attack technique coverage


CORTEX XDR LICENSE TYPES


CORTEX XDR LICENSE TYPES

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-licenses.html

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-licenses.html


CORTEX XDR CONVERSION TABLE

Product tier Purchase method SKU Quantity Minimum quantity Retention

Cortex XDR Prevent Per endpoint PAN-XDR-PRVT # of endpoint 200 endpoints 30 days alerts

Cortex XDR ProPer endpoint PAN-XDR-ADV-EP # of endpoint 200 endpoints 30 days alerts + endpoint data

Per TB PAN-XDR-ADV-1TB # of TBs 5TB Based on the amount of TBs

Use-case Prior SKUs Prior model New SKU New model

Endpoint protection PAN-TRAPS Per endpoint PAN-XDR-PRVT Per endpoint with Cortex Data Lake included

Endpoint detection and response (EDR)

PAN-MGFR-XDR+ PAN-LGS

Per TB PAN-XDR-ADV-EP Per endpoint with Cortex Data Lake included

Network traffic analysis (NTA)


Per TB PAN-XDR-ADV-1TB Per TB

Enterprise Detection & Response (XDR)


Per TB PAN-XDR-ADV-EP& PAN-XDR-ADV-1TB

Per endpoint & Per TB

SKUs Introduced:

SKU conversion table:


USE CASE:ENDPOINT PROTECTION

(CORTEX XDR PREVENT)


Legacy EDPs can’t keep up with advanced threats and burden

local systems

THE PROBLEM: INFECTIONS CONTINUE DESPITE BEST EFFORTS

Legacy Endpoint Security Has Failed

Endpoint Protection is Limited

EDP is locked to the endpoint and lacks a solution for

unmanaged devices

Siloed Network & Endpoint Protection

Current approaches do not share protections between

different parts of the enterprise


QUOTE EXAMPLE: REPLACING 300 NEXT-GEN AV ENDPOINTS

SKU Required: PAN-XDR-PRVT

QUOTE=

PAN-XDR-PRVT * N° ENDPOINTS * N° YEARS

Cortex Data Lake: For each endpoint, with log retention of 30 days is already included


USE CASE:ENDPOINT DETECTION & RESPONSE

(CORTEX XDR PRO PER ENDPOINT)


Sophisticated attacks & insider abuse can bypass

controls

THE PROBLEM: TOO MANY FALSE POSITIVES AND MISSED ATTACKS

You Can’t Prevent All Attacks

Anomaly Detection is not a “Human” Job

Detecting anomalies requires analyzing a comprehensive

data set

Detection Yields Too Many False Positives

Teams waste time and miss threats chasing low-context false

positive alerts


QUOTE EXAMPLE: REPLACING 300 THIRD-PARY EDRs

SKU Required: PAN-XDR-ADV-EP

QUOTE=

PAN-XDR-ADV-EP * N° ENDPOINTS * N° YEARS

Cortex Data Lake: For each endpoint, with log retention of 30 days is already included


USE CASE:NETWORK TRAFFIC ANALYSIS

(CORTEX XDR PRO PER TB)


Limited monitoring of east-west traffic, VPN users,

unmanaged devices & IoT

THE PROBLEM: WHY DO WE NEED NETWORK TRAFFIC ANALYSIS?

Lack of visibility into internal network traffic

Limited hunting based on network data

Cannot use network data for detection or searches

Inability to find active attacks

No AI or behavioral analytics to find low and slow attacks &

lateral movement


QUOTE EXAMPLE: NTA TB NECESSARY FOR 5xPA-220 & 2xPA-3220

SKU Required: PAN-XDR-ADV-1TB

QUOTE=

PAN-XDR-ADV-1TB * N° TB * N° YEARS

Cortex Data Lake: The calculation can be easily done with the Cortex Sizing Calculator toolhttps://apps.paloaltonetworks.com/cortex-sizing-calculator

https://apps.paloaltonetworks.com/cortex-sizing-calculator


USE CASE:INVESTIGATION & RESPONSE

(CORTEX XDR PRO PER ENDPOINT + TB)


Analysts have to review each alert individually

THE PROBLEM: THREAT CONTAINMENT TAKES TOO LONG

Limited Context Across Multiple Alerts

Finding Root Cause Takes Too Long

By the time you find root cause, the attack has

progressed

Investigations Are Highly Manual

Teams must manually piece together data from siloed tools &

data sources


QUOTE EXAMPLE: NTA FOR 5xPA-220 & 2xPA-3220 + 300 ENDPOINTS

SKU Required: PAN-XDR-ADV-1TB + PAN-XDR-ADV-EP

QUOTE=

NTA (PAN-XDR-ADV-1TB * N° TB)+

EDR (PAN-XDR-ADV-EP * N° ENDPOINTS) *

N° YEARS

Cortex Data Lake: The calculation can be easily done with the Cortex Sizing Calculator toolhttps://apps.paloaltonetworks.com/cortex-sizing-calculator

https://apps.paloaltonetworks.com/cortex-sizing-calculator


Q&A


THANK YOU


MANUEL MANNELLOSYSTEM ENGINEER – EXCLUSIVE [email protected]

Date post:	27-Jul-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

WEBINAR - passport.exclusive-networks.it€¦ · 1| © 2020 Palo Alto Networks, Inc. All rights...

Documents