SecOps analyst:
A day in the life.

See intelligent automation
at work with Cortex XSOAR®.

Amp up your automation

Build your custom SOAR playbook playlist today.

SANS REPORT

Get a global perspective
on SecOps automation trends.

Insights and analysis from your peers across industries.

SOARing
above the rest.

SANS independent review: Cortex XSOAR® capabilities.

ON DEMAND EVENT

AI and automation: The future of SecOps.

Come see where security operations are headed next.

WHY IT MATTERS

While network security has evolved and adapted to new threats and technologies over the past decade, security operations remain challenged by the lack of automation and visibility across siloed teams working the same incidents.

  • Team silos

    Managing network security incidents can be a time sink as it often involves end users, ITOps, network security operations, SOCs and other stakeholders.

  • Manual processes

    Manual processes still rule for managing change processes for firewalls, making it a challenge to scale and enforce compliance.

  • Network complexity

    Increasingly complex hybrid environments make it difficult to ensure your IT, OT and cloud enforcement points are up to date on the latest indicators and signatures.

Why it Matters

The CORTEX XSOAR Solution

Streamline and speed network security response

Cortex XSOAR automated playbooks orchestrate incident response actions across the network security stack and other security tools, streamlining operations and facilitating collaboration across teams.
  • Less repetitive work, more time to focus on critical issues
  • Get increased visibility into the threat landscape
  • Optimize the advanced capabilities of next-generation firewalls
  • Workflow automation
    Workflow automation
  • Incident case management
    Incident case management
  • Strata product integrations
    Strata product integrations
  • 700+ third-party integrations
    700+ third-party integrations
  • Threat intel management
    Threat intel management

Our approach to network security automation

Ensure your enforcement points are instantly updated to the latest threat signatures, indicators and allowed domains.

Cortex XSOAR automated playbooks can help prioritize, deduplicate, check for coverage and distribute the latest malicious indicators to dozens of network devices simultaneously. Conversely, dynamic web services domain lists can be automatically updated to ensure business continuity.

  • Automate deny/allow list administration

    Indicators are normalized, scored and prioritized for automated updates of firewall EDLs. Allow lists are updated with each new web services feed.

  • Checks CVE coverage at scale

    Automatically checks PAN-OS devices to determine coverage for critical CVEs and if the appropriate defenses are in place.

NSA Enforcement

Encourage network security incident response best practices

Facilitate collaboration between IR and NetSecOps teams, and encourage network security teams to leverage policy best practices features of next-generation firewalls.

  • PAN-OS BPA + XSOAR

    Triggers BPA (Best Practice Assessment) across firewalls and collect results in a structured report that can be used to drive custom response playbooks.

  • NetOps and SOC Collaboration for IR with XSOAR

    Automate validation of indicators requested for blocking by SOC and IR teams. Streamline approvals. And rapidly block malicious IPs, URLs and Domains without requiring a commit on the firewall.

Network Incident Response

Automate workflow processes across your Strata deployments

Cortex XSOAR integrates with Strata network security solutions to automate and scale incident triage for faster response to attacks. Security teams get better visibility and control over incidents happening across their network.

  • IoT Security + XSOAR

    Automate IoT security incident triage and business owner communications to resolve incidents

  • CN-Series + XSOAR

    We combine the native automation in Kubernetes with the integration of Cortex XSOAR and PAN-OS. This helps customers completely automate security for applications deployed in Kubernetes.

  • Prisma Access + XSOAR

    Automate triage of alerts for remote connectivity and user activity. Manage egress IP addresses and populate allow lists within third-party services such as AWS, Google Cloud and Okta.

Automate workflow

A single platform for end-to-end incident lifecycle management

Cortex XSOAR integrates with 700+ products and services to provide playbook-driven responses that span across teams, products and use cases. This response automation is tightly integrated with Cortex XSOAR's fully customizable case management, enabling security teams to retain control over incidents while improving response times and operational efficiency.
Incident lifecycle management

Use Case Example: Self-Service Access to Blocked Web Services

Ease network security team workload by empowering end user self-service for common requests. For example, a request to access a blocked website will trigger a playbook to extract user information and perform URL reputation lookup. It will then present incident details to the security engineer for approval. Once approved, the playbook performs steps to allow access and close the ticket.

Use Case

How Cortex XSOAR Deploys

CORTEX XSOAR
CORTEX XSOAR
  • Customer on-premises server

  • Customer virtual/cloud

  • Cortex XSOAR hosted service

  • Cortex XSOAR Marketplace