Palo Alto Networks Launches Identity Threat Detection and Response Module for XSIAM Platform
Palo Alto Networks has incorporated an Identity Threat Detection and Response (ITDR) module into its Cortex XSIAM security operations center (SOC) platform, according to a prepared statement.
Now, Cortex XSIAM “integrates all identity data sources into a single security data foundation spanning endpoints, networks and cloud,” said Gonen Fink, SVP of Cortex products at Palo Alto Networks.
AI Defense for Identity Attacks
The ITDR module allows Cortex XSIAM users to utilize artificial intelligence to defend against identity-based attacks, Palo Alto Networks noted. This module ingests user behavior data from authentication services, endpoint logs and other sources. It also has AI models that can be trained to flag irregular user behaviors and other suspicious activities.
In addition, the ITDR module brings identity analytics to Cortex XSIAM, Palo Alto Networks said. The module works in conjunction with Cortex XSIAM’s security information and event management (SIEM), endpoint detection and response (EDR) and other security capabilities. As such, the module helps security teams avoid “disjointed approaches” that otherwise lead to poor security outcomes, alert overload and time wasted on triage, Fink explained.
Palo Alto Networks Bolsters Security Offerings
The ITDR module announcement comes after Palo Alto Networks in February 2023 introduced a zero trust security solution for operational technology (OT) assets. Security teams can use this solution to monitor their organizations’ OT assets, applications and users and respond to attacks, the company said.
Previously, Palo Alto Networks in December 2022 finalized its acquisition of Cider Security, an application security and supply chain security company. Palo Alto Networks Prisma Cloud can use Cider’s security capabilities to protect against threats in production cloud environments, the company stated.
Palo Alto Networks provides cloud security services, next-generation firewalls and other security services and products to global organizations. It also offers the NextWave Partner Program for MSSPs, MSPs and other technology providers.