Embed Size (px)
Citation preview
By Glenn WongDirector of Technology Partnerships
Partner Spotlight: Faster Threat Intelligence With Palo Alto Networks
Assemble and deliver actionable threat intelligence from Palo Alto Networks and Recorded Future.
PARTNER BRIEF
R E C O R D E D F U T U R E
Summary
Recorded Future has completed an integration with the Palo Alto Networks AutoFocus threat intelligence service and MineMeld application to streamline the sharing and enforcement of threat intelligence. The integration enables mutual customers to ingest AutoFocus threat intelligence into Recorded Future Intel Cards, which can be used to help create and enforce new prevention-focused controls for Palo Alto Networks next-generation firewalls.
Now, security operations analysts can quickly gain full context of threat actors, their TTPs (tactics, techniques, and procedures), malware, and other IOCs (indicators of compromise) to intercept threats before they impact the business.
3
Partner Spotlight: Faster Threat Intelligence With Palo Alto Networks
Recorded Future
Challenge
Enterprise networks are under constant attack. Adversaries use both automation and sophisticated techniques to attack your network and security analysts need actionable threat intelligence with context to make fast and accurate security decisions.
Once a verdict has been reached, security analysts must also be able to take immediate action without having to incur the delays associated with having to manually manage block lists.
Solution
Security analysts can combine threat intelligence from Palo Alto Networks AutoFocus with Recorded Future Intel Cards to expand the context around incidents and malcode-derived threat intelligence. This combination adds global sources of threat intelligence completely outside defended networks in the open, deep, and dark web.
Once a threat is identified, organizations can automatically enforce new security controls for Palo Alto Networks next-generation firewalls with the MineMeld application.
Additionally, Palo Alto Networks customers can use the Recorded Future browser extension to look up these IOCs directly in AutoFocus: IP address, domain, vulnerability, and hash.
4
Partner Spotlight: Faster Threat Intelligence With Palo Alto Networks
Recorded Future
Recorded Future Intel Card for an IP address identified as part of an AutoFocus investigation.
Example
There are many ways analysts can use threat intelligence from Recorded Future and Palo Alto Networks AutoFocus together. First, analysts can access instant web context on artifacts and sandbox results in AutoFocus with just a right-click to pull up a Recorded Future Intel Card on IP addresses, domains, hashes, and vulnerabilities.
5
Partner Spotlight: Faster Threat Intelligence With Palo Alto Networks
Recorded Future
......
Recorded Future Hash Intel Card including a lookup to Palo Alto’s AutoFocus.
Conversely, analysts using Recorded Future can access AutoFocus content directly from within a Hash Intel Card. In the example below, an analyst researching a suspicious hash using Recorded Future finds a “malicious” risk score based on references in VirusTotal and Malwr.com; with a single click, additional data from AutoFocus can be appended to this context, including Unit 42’s assessment that this file hash is an example of the malware “Hancitor.”
6
Partner Spotlight: Faster Threat Intelligence With Palo Alto Networks
Recorded Future
Using the Palo Alto Networks MineMeld application, analysts can automate processes to block malicious IPs/domains/URLs with external dynamic lists, dynamic address groups, and content from a variety of sources including Recorded Future. This centralizes threat intelligence management and delivery, simplifies maintenance such as the automated timeout of expired indicators, and speeds your organization’s ability to counter emerging threats.
Prototype information and a simple connection graph utilizing Recorded Future’s IP risk list within MineMeld.
7
Partner Spotlight: Faster Threat Intelligence With Palo Alto Networks
Recorded Future
Closing
With the integration between Palo Alto Networks and Recorded Future, security analysts can:
› Combine intelligence from AutoFocus with real-time threat intelligence from Recorded Future leveraging intelligence from the entire web — open, deep, and dark — enabling customers to benefit from protection rules with more confidence.
› Gain instant context around an IOC with easy-to-read Intel Cards, giving security operations all relevant information in a consolidated view.
› Reach faster verdicts with evidence-based risk scores for indicators, enabling security operations teams to reach quick decisions.
› Speed prevention of malicious IPs/domains/URLs on the Palo Alto Networks next-generation firewalls with the MineMeld application.
In short, the integration enables security teams to consolidate threat intelligence easily and deliver protection rules faster with more confidence.
To see the Palo Alto Networks and Recorded Future integration in action, read the joint solution brief or watch a demo with Marc Benoit and Luigi Mori of Palo Alto Networks as they preview the MineMeld application, including native integration with Recorded Future, at Ignite 2016.
You can also directly contact the Palo Alto Networks sales team.
We arm you with real-time threat intelligence, for cyber security programs that decrease operational risk and maintain durable competitive advantages for the business. With billions of indexed facts, and more added every day, our patented Web Intelligence Engine continuously analyzes the entire Web to give you unmatched insight into emerging threats.
About Recorded Future
Recorded Future, 363 Highland Avenue, Somerville, MA 02144 USA | © Recorded Future, Inc. All rights reserved. All trademarks remain property of their respective owners. | 12/16
www.recordedfuture.com|REQUEST A DEMO
@RecordedFuture
Partner
Palo Alto Networks
Palo Alto Networks is the next-generation security company, leading a new era in cyber security by safely enabling applications and preventing cyber breaches for thousands of organizations worldwide. Their game-changing security platform delivers security far superior to legacy or point products, safely enables daily business operations, and protects an organization’s most valuable assets.
