Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
1 | © 2020 Palo Alto Networks, Inc. All rights reserved.1 | © 2020 Palo Alto Networks, Inc. All rights reserved.
WEBINARHOW TO QUOTECORTEX XDR 2.0
MANUEL MANNELLOSYSTEM ENGINEER – EXCLUSIVE [email protected]
2 | © 2020 Palo Alto Networks, Inc. All rights reserved.
AGENDA
● Portfolio rebranding
● Cortex Suite Overview
● Cortex XDR Overview
● Cortex XDR License Types
● Cortex XDR Use Cases
● Q&A
3 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Detection & response
Automation & orchestration
Network traffic & behavioral analytics
Threat intelligence
SECURE THE FUTURE
SECURE THE CLOUD
SECURE THE ENTERPRISE
Secure access
SaaS
Public cloud
Hybrid data center
Internet Perimeter
Branch & mobile
5G & IoT
Endpoint
DATA LAKE
4 | © 2020 Palo Alto Networks, Inc. All rights reserved.4 | © 2020 Palo Alto Networks, Inc. All rights reserved.
CORTEX SECURES THE FUTUREREWIRING SECURITY OPERATIONS
5 | © 2020 Palo Alto Networks, Inc. All rights reserved.
412M recordsstolen
2M recordsstolen
2.9M recordsstolen
147M recordsstolen
1998
AS THREATS ESCALATE, SECOPS IS MORE IMPORTANT THAN EVER
110M recordsstolen
2B recordsstolen
145M recordsstolen
143M recordsstolen
47M182M
600M
925M +
Morris Worm
Space agencybreach
134M credit cards stolen
150M recordsstolen
500M guest recordsstolen
77M recordsstolen
New Malicious programs registered
New Malicious programs registered
New Malicious programs registered
New Malicious programs registered
200M recordsstolen
95M recordsstolen
1.6M recordsstolen
Present20162013201020072004
Malicious codeTrojansWormsViruses
Identity theftPhishing
Mobile viruses
DNS attacksBotnets
SabotageAnti-spam
SQL attacks
Social engineeringDDos attacks
Malicious emailRansomware Botnets
Banking malwareKeyloggers
RansomwareBotnets
RansomwareCryptominer
Certificate attacksBitcoin walletAndroid hacksInsider threats
Cyberwarfare Fileless attacks
Automated & AI attacksCloud migration
S3 buckets
6 | © 2020 Palo Alto Networks, Inc. All rights reserved.
WHY DO SECURITY TEAMS STRUGGLE?
Too much noise(a.k.a alert fatigue)
Too many productsto piece together an incident
Too many manual, repetitive
actions
7 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Low (Reactive) Medium High (Proactive)Maturity
Detection RULE-BASED CORRELATED RULE-BASED ANALYTICS-BASED
Context LOG AGGREGATION SILOED DATA COLLECTION INTEGRATED RICH DATA
Automation NONE PARTIAL FULL
EFFICIENCY
MTTR/MTTD & RISK
HOW SECOPS MUST TRANSFORM TO REDUCE RISK
8 | © 2020 Palo Alto Networks, Inc. All rights reserved.
OUR UNIQUE APPROACH WITH CORTEX
GOOD DATA
ANALYTICS
AUTOMATION
PROACTIVE RESPONSE
9 | © 2020 Palo Alto Networks, Inc. All rights reserved.9 | © 2020 Palo Alto Networks, Inc. All rights reserved.
10 | © 2020 Palo Alto Networks, Inc. All rights reserved.
KEY DIFFERENTIATORS: GAIN ENTERPRISE-SCALE VISIBILITY
CORTEX Data Lake
Network Endpoint Cloud Third-Party Data
11 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Our Approach: Breaking down data and product silos
Prevention, Detection and Response Across Endpoint, Network & Cloud Data
EPP
EDR UBA
NTA
Endpoint Protection
Network Traffic Analysis
User BehaviorAnalytics
Endpoint Detection &
Response
12 | © 2020 Palo Alto Networks, Inc. All rights reserved.
KEY DIFFERENTIATOR: SUPERCHARGE INVESTIGATION & RESPONSE
Unified Incident Engine
Intelligently group related alerts into one incident
Automated Root Cause Analysis
Reveal the root causeof attacks in one click
IntegratedResponse
Quick actions to contain attacks or run custom
forensics
13 | © 2020 Palo Alto Networks, Inc. All rights reserved.
CORTEX XDR MITRE ATT&CK COVERAGE
PALO ALTO NETWORKS
88%Cybereason
78%Microsoft
77%CrowdStrike
77%SentinelOne
74%Endgame
74%Carbon Black
74%FireEye
70% Countertack
57%RSA
55%
Scored higher than all other
vendors with 93% fewer misses
Attack technique coverage
14 | © 2020 Palo Alto Networks, Inc. All rights reserved.14 | © 2020 Palo Alto Networks, Inc. All rights reserved.
CORTEX XDR LICENSE TYPES
15 | © 2020 Palo Alto Networks, Inc. All rights reserved.
CORTEX XDR LICENSE TYPES
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-licenses.html
16 | © 2020 Palo Alto Networks, Inc. All rights reserved.
CORTEX XDR CONVERSION TABLE
Product tier Purchase method SKU Quantity Minimum quantity Retention
Cortex XDR Prevent Per endpoint PAN-XDR-PRVT # of endpoint 200 endpoints 30 days alerts
Cortex XDR ProPer endpoint PAN-XDR-ADV-EP # of endpoint 200 endpoints 30 days alerts + endpoint data
Per TB PAN-XDR-ADV-1TB # of TBs 5TB Based on the amount of TBs
Use-case Prior SKUs Prior model New SKU New model
Endpoint protection PAN-TRAPS Per endpoint PAN-XDR-PRVT Per endpoint with Cortex Data Lake included
Endpoint detection and response (EDR)
PAN-MGFR-XDR+ PAN-LGS
Per TB PAN-XDR-ADV-EP Per endpoint with Cortex Data Lake included
Network traffic analysis (NTA)
PAN-MGFR-XDR+ PAN-LGS
Per TB PAN-XDR-ADV-1TB Per TB
Enterprise Detection & Response (XDR)
PAN-MGFR-XDR+ PAN-LGS
Per TB PAN-XDR-ADV-EP& PAN-XDR-ADV-1TB
Per endpoint & Per TB
SKUs Introduced:
SKU conversion table:
17 | © 2020 Palo Alto Networks, Inc. All rights reserved.17 | © 2020 Palo Alto Networks, Inc. All rights reserved.
USE CASE:ENDPOINT PROTECTION
(CORTEX XDR PREVENT)
18 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Legacy EDPs can’t keep up with advanced threats and burden
local systems
THE PROBLEM: INFECTIONS CONTINUE DESPITE BEST EFFORTS
Legacy Endpoint Security Has Failed
Endpoint Protection is Limited
EDP is locked to the endpoint and lacks a solution for
unmanaged devices
Siloed Network & Endpoint Protection
Current approaches do not share protections between
different parts of the enterprise
19 | © 2020 Palo Alto Networks, Inc. All rights reserved.
QUOTE EXAMPLE: REPLACING 300 NEXT-GEN AV ENDPOINTS
SKU Required: PAN-XDR-PRVT
QUOTE=
PAN-XDR-PRVT * N° ENDPOINTS * N° YEARS
Cortex Data Lake: For each endpoint, with log retention of 30 days is already included
20 | © 2020 Palo Alto Networks, Inc. All rights reserved.20 | © 2020 Palo Alto Networks, Inc. All rights reserved.
USE CASE:ENDPOINT DETECTION & RESPONSE
(CORTEX XDR PRO PER ENDPOINT)
21 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Sophisticated attacks & insider abuse can bypass
controls
THE PROBLEM: TOO MANY FALSE POSITIVES AND MISSED ATTACKS
You Can’t Prevent All Attacks
Anomaly Detection is not a “Human” Job
Detecting anomalies requires analyzing a comprehensive
data set
Detection Yields Too Many False Positives
Teams waste time and miss threats chasing low-context false
positive alerts
22 | © 2020 Palo Alto Networks, Inc. All rights reserved.
QUOTE EXAMPLE: REPLACING 300 THIRD-PARY EDRs
SKU Required: PAN-XDR-ADV-EP
QUOTE=
PAN-XDR-ADV-EP * N° ENDPOINTS * N° YEARS
Cortex Data Lake: For each endpoint, with log retention of 30 days is already included
23 | © 2020 Palo Alto Networks, Inc. All rights reserved.23 | © 2020 Palo Alto Networks, Inc. All rights reserved.
USE CASE:NETWORK TRAFFIC ANALYSIS
(CORTEX XDR PRO PER TB)
24 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Limited monitoring of east-west traffic, VPN users,
unmanaged devices & IoT
THE PROBLEM: WHY DO WE NEED NETWORK TRAFFIC ANALYSIS?
Lack of visibility into internal network traffic
Limited hunting based on network data
Cannot use network data for detection or searches
Inability to find active attacks
No AI or behavioral analytics to find low and slow attacks &
lateral movement
25 | © 2020 Palo Alto Networks, Inc. All rights reserved.
QUOTE EXAMPLE: NTA TB NECESSARY FOR 5xPA-220 & 2xPA-3220
SKU Required: PAN-XDR-ADV-1TB
QUOTE=
PAN-XDR-ADV-1TB * N° TB * N° YEARS
Cortex Data Lake: The calculation can be easily done with the Cortex Sizing Calculator toolhttps://apps.paloaltonetworks.com/cortex-sizing-calculator
26 | © 2020 Palo Alto Networks, Inc. All rights reserved.26 | © 2020 Palo Alto Networks, Inc. All rights reserved.
USE CASE:INVESTIGATION & RESPONSE
(CORTEX XDR PRO PER ENDPOINT + TB)
27 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Analysts have to review each alert individually
THE PROBLEM: THREAT CONTAINMENT TAKES TOO LONG
Limited Context Across Multiple Alerts
Finding Root Cause Takes Too Long
By the time you find root cause, the attack has
progressed
Investigations Are Highly Manual
Teams must manually piece together data from siloed tools &
data sources
28 | © 2020 Palo Alto Networks, Inc. All rights reserved.
QUOTE EXAMPLE: NTA FOR 5xPA-220 & 2xPA-3220 + 300 ENDPOINTS
SKU Required: PAN-XDR-ADV-1TB + PAN-XDR-ADV-EP
QUOTE=
NTA (PAN-XDR-ADV-1TB * N° TB)+
EDR (PAN-XDR-ADV-EP * N° ENDPOINTS) *
N° YEARS
Cortex Data Lake: The calculation can be easily done with the Cortex Sizing Calculator toolhttps://apps.paloaltonetworks.com/cortex-sizing-calculator
29 | © 2020 Palo Alto Networks, Inc. All rights reserved.29 | © 2020 Palo Alto Networks, Inc. All rights reserved.
Q&A
30 | © 2020 Palo Alto Networks, Inc. All rights reserved.
THANK YOU
30 | © 2020 Palo Alto Networks, Inc. All rights reserved.
MANUEL MANNELLOSYSTEM ENGINEER – EXCLUSIVE [email protected]