Recently, Palo Alto Networks launched their Cortex XSIAM platform across Australia and New Zealand. I attended to learn first hand about their capability at the place of the launch event, Palace Central in Sydney.
The event kicked off with some drinks and entertainment followed by the session which was in a theatre lead by various members of the Palo Alto Networks team including Shailesh Rao, President, Cortex at Palo Alto Networks, followed by Riccardo Galbiati, Chief Technology Officer – Australia and New Zealand other members from Palo Alto.
XSIAM, which stands for eXtended Security Intelligence and Automation Management, is a security platform that uses automation and artificial intelligence to help companies improve their cybersecurity. Shailesh Rao, the president of the Cortex division at Palo Alto Networks, discusses the transformation of security operations through the use of technology. He emphasises the importance of having a beginner’s mind and approaching cybersecurity with fresh perspectives. Shailesh talks about the exponential growth of the Cortex business and their plans to change the way security operations are run.
He highlighted the need to shift from a human-driven approach to one that leverages machine learning and AI. Shailesh explained that attackers are becoming more advanced and attacks are happening at an alarming pace, making it essential to rely on machines for effective security operations. He emphasises the importance of reducing the meantime to detect security threats, as early detection significantly mitigates the damage caused by cyber attacks.
“We love our security analysts. We love yours too. But this is not a problem designed to be solved at human scale. This is a problem that has well passed our abilities as humans. This has to be solved with machines, with Machine Learning, with AI.” Said Rao.
He want to challenge the traditional approach of relying solely on security information and event management (SIEM) systems, which were originally designed around storage optimisation. He advocates for a new approach that prioritises analytics and leverages the latest innovative technologies., and the need for a transformation in security operations. Rao’s enthusiasm and belief in the potential of XSIAM to revolutionise security operations is evident throughout his presentation.
Galbiati discussed the importance of security operation centers (SOC) in dealing with cyber threats. He highlighted the historical origins of operation centers and emphasises the need for a clear and well-defined mission for any SOC. He referenced the iconic Apollo Mission Control as an example of an operation center with a single-minded mission.
The CTO defines the mission of cybersecurity as the reduction of the probability of material impact to an organisation due to a cyber event.
Galbiati went on to emphasise the need for business to continue while under attack, and acknowledges that achieving 100% security is not possible. He then explained how a SOC should aggregate and analyse signals, prioritise responses, and coordinate tasks in order to stay in business despite cyber attacks.
However, he raises the question of how to do all these tasks – faster than the attackers, as speed is crucial in responding to breaches. Riccardo described a scenario where organisations discover they’ve been breached and the challenges they face in answering crucial questions from the CISO. He highlighted the inefficiencies and friction in the current processes and the need for optimisation and automation.
“Why don’t we rethink it and assemble this so we’ll come up with something completely new? That’s first principle thinking – in motion. So the very first principle that we could claim to be a mission of cybersecurity” said Galbiati
He also mentioned the growing complexity of cybersecurity with the introduction of Cloud options and IoT devices. He stressed the importance of effective analytics in a SOC, leveraging technology to analyze and sift through the vast amounts of data generated.
XSIAM helps security teams respond to threats faster, simplifies the process of handling data, and makes it easier to protect against identity threats. The platform is designed to work with both Cloud and traditional on-prem systems, making it a versatile tool for modern security operations. It has been shown to save time and improve the efficiency of security teams.