[ENG] XSIAM 3.0 presentation

[Music] Hi and welcome to the XIM 3.0 webinar.

My name is Ivon Lee, product marketing manager for Cortex, and I'll be your host today. Cortex XIM has already set a

host today. Cortex XIM has already set a new benchmark for security operations with a unified platform powered by comprehensive data, AI, and automation.

Recently, we announced a major milestone to the platform with the launch of XIM 3.0, introducing the new advanced email security and exposure management

capabilities within XIM. With this

announcement, we're replacing decades old approaches to vulnerability management and email security with cuttingedge AIdriven innovation. In

today's webinar, we'll dive deep into how this announcement is going to change the game, not only for the sock, but for security operations as a whole. With us

today, we have vice president of product management all Corin to discuss why this next phase of XIM is truly revolutionary as we merge shift left proactive

security with shift right realtime reactive prevention. From there, you'll

reactive prevention. From there, you'll get an exclusive first look at XIM 3.0 know and experience it in action for yourself with our product management

team. Finally, we'll sit down with our

team. Finally, we'll sit down with our very own PaloAlto Network's Sock team lead, Matt Melon, as he discusses the importance of having a unified platform

for not only the sock, but across all security teams, including vulnerability management. So, stay tuned. You won't

management. So, stay tuned. You won't

want to miss it.

[Music] Hi everyone. Today we want to talk about

Hi everyone. Today we want to talk about XIM 3.0. We are introducing XIM 3.0

XIM 3.0. We are introducing XIM 3.0 which is a huge innovation for us here in Cortex specifically and generally in PaloAlto networks. But let's take a few

PaloAlto networks. But let's take a few steps backwards. Let's let's remember

steps backwards. Let's let's remember why we are here. The sock probably the most the noisiest area in the uh in the

organization. The sock is where things

organization. The sock is where things happen where attacks need to be blocked.

What we've identified here in PaloAlto network specifically in Cortex a while back is that um the human centered sock architecture just doesn't work. we see

the raise of or the rise in the number of alerts and uh we see the number of tools used in the sock it actually is counterproductive we've seen that and by

the way we've seen that well before the AI and the fact that we've seen AI impacting everything in security this is why we came up with the first

generation of Cortex XIM with the first generation of Cortex XI I am we were able to provide that real-time security operations that

requires that single data platform. We

were able to ingest so much data. We

were able to have internal sources, external sources all combined into one, stitch everything together, combine all the data and have our AI and analytics

run on top of this data. We all know that the result of the AI and the analytics is actually based on the data and the level and the accuracy of the

data that it can ingest with so much data available for the sock. The ability

to use then the right prioritization and to leverage the response and the automation is what made XIM so great. By

the way, it helped us get the uh the basics of XDR, CDR, the SIM, the store use cases, and that helped us really

remove away any silos, right? Take

everything in one platform. Take all the data, that unified data layer for the sock that and the unified secops all in

one tool, one UI, make sure that we can leverage the AI properly and run the automation. The results were astounding,

automation. The results were astounding, right? We were able to take the um the

right? We were able to take the um the socks efficiency MTR from days to an hour, then later on to less than 10

minutes. You know, the the way XIM

minutes. You know, the the way XIM transformed the security operations for the world's largest companies and the results were amazing, which is why we

thought it would make a lot of sense to expand XIM. And earlier this year we

expand XIM. And earlier this year we came out with the second generation of Cortex XIM. We introduced Cortex cloud.

Cortex XIM. We introduced Cortex cloud.

The cloud is a major problem and it makes a lot of sense to have it in one centralized place along with XIM. Let's

take a look for a second, right? You

have more and more applications going into the cloud with every day passing by. You have more and more exposures in

by. You have more and more exposures in the cloud.

And even though there are many many tools out there to solve this problem, you still have more and more attacks every day. Why? Let's ask ourselves what

every day. Why? Let's ask ourselves what is really required to have a good cloud solution. You need to shift left to

solution. You need to shift left to solve things as early as possible. Here

in PaloAlto Networks, it proved to reduce the level of risk in production by 92%. Then you also need to prioritize

by 92%. Then you also need to prioritize everything that you identify in production so that you can be really efficient with solving these things. And

most importantly is to be able to stop sophisticated attacks right then and there. Which is

there. Which is why we came out with Cortex Cloud. As I

mentioned, Cortex Cloud is being able to really taking everything together to that unified platform. We took

everything that we learned throughout the years with Prismacoloud and we really evolved that into a unified Cortex cloud on top of the Cortex

platform as part of XIM to really transform everything in cloud starting with appsec posture runtime protection

and even the sock the sock that never had a native cloud cloud solution to really solve what the sock would need in

the cloud. Later today, you'll hear Matt

the cloud. Later today, you'll hear Matt talk about their experience, our own sock leader, and you'll hear how this is

transformative for them to be able to really see in runtime in the sock what happened from an exposure or cloud level. This is this is the future of

level. This is this is the future of security being able to really tie together and connect all the pieces from

code to cloud to runtime and sock. Now

this in cortex also introduces the best-in-class runtime protection with years of experience and what we've done with XDR now bringing it to the cloud and tying all the pieces together. This

is the key and we are expanding this across the enterprise. We're introducing

Cortex XIM 3.0. With XIM 3.0, we are able to now take everything that we've done in the cloud and combine the peace time and the wartime across the enterprise. Being able to introduce that

enterprise. Being able to introduce that proactive security and combine it with the reactive security that is also required for organizations today. being able to

ingest once all the sources of information, follow that that cortex methodology of richness in data, applying the AI, then running the automation piece and making sure that we

can really be that force multiplier for organizations and be able to provide that holistic view and holistic solution from a platform standpoint. And with XIM

3.0, So, we're introducing the proactive security exposure management piece, being able to look at that risk level management across the enterprise, not

just cloud. extend it to the endpoints

just cloud. extend it to the endpoints and to the network and all around the um the estate of the organization and

combine it with that runtime reactive protection capabilities that email security combined with network that we already have and and the XDR level

protection that really brings everything into that XIM platform to provide organizations with everything they need to protect every single asset out there

including the entrance point, entry point with emails, as well as be able to analyze and peace time all the major threats that they have. You'll soon hear

more about those two from our product managers. Uh, and I'm excited about

managers. Uh, and I'm excited about that. I'm sure you are as well. Thank

that. I'm sure you are as well. Thank

you.

[Music] Hi, I'm G. Mazle, lead product manager for Cordex email security at Pow Auto

Networks. Today I'm going to walk you

Networks. Today I'm going to walk you through how we're redefining email security not as a standalone tool, but as a fully integrated part of the Cordex

platform. Let's start with what has

platform. Let's start with what has changed. We are in a new era where Gen

changed. We are in a new era where Gen AI has weaponized fishing. Attackers now

write emails that look and feel real, fast, targeted, and convincing. These

aren't spam. They are personalized attacks at scale. And most tools just aren't built for it. Traditional

security gateways and built-in protections follow a perimeter mindset.

If the threat gets past the perimeter, they lose visibility. And when they respond, they

visibility. And when they respond, they can only address the email, maybe the identity piece if you are lucky. Because

of that, the market is shifting to address the new gen AI challenges. More

and more customers are shifting away from legacy securement gateways and relying on native email security. It's

simple and builtin, but it still doesn't connect the dots. Modern threats don't stay in email. They move across channels, and that's the real challenge.

Now, let's be fair. Native email

security solutions like Microsoft 365 and Google Workspace do a great job handling the basics. They block spam, stop known malware, catch the obvious

stuff, but attackers have leveled up.

They're using stealth impersonation tactics, contextual language, behavioral tricks, things that don't always trigger the built-in defenses. That's where this

new class of email security comes in.

And it brings in all the he avi eaters, advanced fishing protection, account takeover detection, executive and supply impersonation, and others. And it's not

about replacing the native tools. It's

about adding an extra layer for catching the things they weren't built to see. So

let me show you what that looks like with Cordex email security. Starting

from detection through investigation to response. Beginning with the foundation

response. Beginning with the foundation data, we collect data from four core sources. email, endpoint, network, and

sources. email, endpoint, network, and identity. And here's the best part. If

identity. And here's the best part. If

you're already using Cordex, you already have the data. No duplicate connectors, no extra

data. No duplicate connectors, no extra overhead. We simply build on top of what

overhead. We simply build on top of what you already ingest. Then comes the alert defense,

ingest. Then comes the alert defense, artifact based insights that scan links and attachments, both static and dynamically. behavioral analytics that

dynamically. behavioral analytics that surface abnormal patterns related to the metadata of the emails and lastly NLM powered NLP that

reads between the lines understanding urgency tone and intent and catching the threat. That's just step one. Next comes

threat. That's just step one. Next comes

investigation. We don't just show you issues. We show you the full story of

issues. We show you the full story of the attack. In order to do that, we

the attack. In order to do that, we connect what happened, when, and to whom from different domains, including endpoint and identity. You get a full

timeline of impacted users and devices, and one clear view to work from.

Finally, everything comes together in the email command center, your centralized hub for risk visualization and response. Here, we don't just show

and response. Here, we don't just show you what's happening across users, devices, and communications. We empower

you to act with smartcore driven prioritization. Cordex highlights the

prioritization. Cordex highlights the riskiest activity and recommends the next best step. Whether it's isolating an endpoint, locking an identity, or

pulling an email, you can remediate across every surface automatically or manually all in one place. It's not just visibility. It's connected cross-domain

visibility. It's connected cross-domain defense in motion. So what makes us better you ask? Well, first off, it's built right on top of Cordex platform.

No extra deployment, no separate console. We are using the same data you

console. We are using the same data you already collect in Cordex, email, endpoint, identity, and network without duplicating anything. Second, we're

duplicating anything. Second, we're bringing LM powered analysis to really understand what's happening in the email, the tone, the urgency, the

intent. Third, we stitch everything

intent. Third, we stitch everything together. Instead of siloed issues, you

together. Instead of siloed issues, you get a connected story line from the first demo all the way to lateral movement or expiltration. And when it's time to

expiltration. And when it's time to respond, you are not jumping between tools. You are taking action from one

tools. You are taking action from one place backed by smart score with full visibility. Now, let's bring it to life.

visibility. Now, let's bring it to life.

In this short demo, you will see how Cordex detects, investigates, and responds across email, identity, and device all in one unified platform. We

begin with the email command center. On the left, you will see the

center. On the left, you will see the flow of data coming into Cordex. Whether

it's new email data or existing signals from endpoint, identities or network, we're extending the value of what you already have. From there, Cordex

already have. From there, Cordex automatically surfaces issues using detection engines built specifically for modern email threats. These are grouped

into highfidelity cases, dramatically reducing alert fatigue and helping analysts focus on what matters most. You

will also see how many cases were mediated automatically or manually based on your automation policies and how many are still ceued, fully enriched, and

ready for review. To stay ahead of evolving threats, we highlight threatening attack vectors, identify risky users using smart score, and recommend automated actions to close the

loop on threats with confidence. Now,

let's switch to the second screen, the investigation experience. This view is

investigation experience. This view is built specifically for email threats that may propagate to endpoints or identities. On the left, you get an

identities. On the left, you get an executive summary, campaign details, related issues, affected assets, and timeline context. Analysts can then dive into the

context. Analysts can then dive into the interactive graph, tracing thread propagation, actions taken, and endpoint impact. We also include a social graph

impact. We also include a social graph showing historical interactions between the sender and recipients, making communication anomalies easy to spot.

Want to examine the email itself? You

can. full subject and body, plus LLM powered insights that explain what made it suspicious right there in context. And when it's time to respond,

context. And when it's time to respond, you take action directly from this same screen with Cordex Power Automation at your fingertips. This is what modern email

fingertips. This is what modern email security looks like. Connected,

contextual, and built for the threats of today. Now that we saw what it looks

today. Now that we saw what it looks like, let's see an example of how Cordex Advanced Email Security was able to identify and remediate an email attack.

So, an email was sent to one of our beta customers external mailboxes, a highly targeted address from a previous unseen domain. It used urgency and

domain. It used urgency and impersonation tactics, claiming the recipient's account was about to expire and urging them to upgrade or visit a

support page. On the surface, nothing

support page. On the surface, nothing seem alarming. Proof point market as

seem alarming. Proof point market as safe, Microsoft scheme spam filtering, a URL, our internal static analysis engine classified the URL as benign and virus

total as just 10 out of 94 vendors flagged the link. But by combining multiple weak signals, a new sender domain, suspicious tone, urgency

language, and the fact that it targeted a sensitive role, Cordex recognized the real risk and prevented the threat from manifesting and causing greater impact.

So to wrap it up, a bad email isn't just a bad email. It's often the beginning of something much bigger. Identity

compromise, lateral movement, or even full-blown bridge. Two, legacy tools

full-blown bridge. Two, legacy tools don't see the full picture. They look at email in isolation, missing what happens next. And three, Cordex advanced email

next. And three, Cordex advanced email security changes that with LLM's multi- channelannel insights and unified response. We help you to stop threat

response. We help you to stop threat faster and smarter and it's already been into Cortex. Email is the gateway to

into Cortex. Email is the gateway to your organization. How confident are you

your organization. How confident are you that your current setup is ready to address email attacks in the edge of Gen AI? Reach out to your Palo Alto Networks

AI? Reach out to your Palo Alto Networks representative to level up your email security. Thank you for watching. I

security. Thank you for watching. I

can't wait for you to try it.

What we saw was somebody who was changing the game in terms of reinventing the way we think about the SIM technology. We look at the promise

SIM technology. We look at the promise of what we're seeking for XIM and where we're seeing the benefits. is the

ability to more effectively consolidate the visibility through all that data to make sense of it and the ability to then rapidly accelerate creating runbooks and

use cases out of that data in order to drive our response and our decision-m and the relationship between Palo Alto networks and Cognizant is one that I get to see come into real life in terms of

how we're going to transform and how we're reinvisioning our entire security program.

[Music] [Music] Hey everyone, super excited to talk about exposure management today.

Vulnerability management is very important in keeping your organization secure. It is a hard problem and

secure. It is a hard problem and enterprises put a lot of effort and time into this. The question is why? Now when

into this. The question is why? Now when

we look at what is going on with vulnerability management, it is actually failing, not helping in reducing risk to customers. Tons of vulnerabilities are

customers. Tons of vulnerabilities are published every day. No one is able to keep up with it. Most organizations have more than 100,000 vulnerabilities in

their backlog. Not only that, most of

their backlog. Not only that, most of these don't even matter.

A very few of these are actually exploitable in the wild and far fewer are exposed to internet. We see there are layer defenses that are deployed

which avoid exploitation and we see a lot lot of wasted effort in chasing the risks that don't matter. With AI, vulnerabilities have

matter. With AI, vulnerabilities have become more relevant. Now, attackers are learning to exploit these faster and

faster. The data which was published

faster. The data which was published recently shows that onethird of these vulnerabilities that were exploited in this first quarter were exploited in

less than 24 hours. Manual processes and humans

hours. Manual processes and humans cannot keep up with this pace.

We need to bring in AI and automation to help here. And that is what we have

help here. And that is what we have done. Codeex exposure management gathers

done. Codeex exposure management gathers all the context from native and third party sources, analyzes and prioritizes with

AI to identify the risks that matter to you. Not only that, connect that with

you. Not only that, connect that with existing protections and mitigations that you have deployed. then use

automation to drive full remediation. AI and automation is needed

remediation. AI and automation is needed to do all of this in near real time.

Cortex offers robust set of scanners to assess every asset across environments be it endpoint, cloud,

enterprise or OT and IoT. We also

facilitate bringing in data from third party scanners.

We take all of these data, apply analytics, specifically AI based analytics to understand the risks that matter to you, actively test them to see if they

are actually exploitable and pinpoint at the real risks that need attention today. XIM offers two parts to

today. XIM offers two parts to remediation.

One, how do I leverage automation to identify owners and follow the traditional path of patching and upgrading? This works for most of your

upgrading? This works for most of your backlog. The other path is to provide

backlog. The other path is to provide AIdriven recommendations to mitigate risk. While the traditional processes

risk. While the traditional processes may take days or weeks to patch, deploying compensating controls offers immediate protection against threats.

Let me quickly show you how this looks like in Cortex XIM. What you see here is exposure management command center. We

get data from all the native sources, pal network sources and also the third party sources. We get all of this data in this

sources. We get all of this data in this case 1.2 million vulnerabilities.

We crunch those identify what the risks that matter to you and provide you with the cases that requires your attention.

Today let's look at what goes in in identifying 479 cases from 865k unifi unique

vulnerabilities. What we do is take 1.2

vulnerabilities. What we do is take 1.2 2 million vulnerabilities. Understand

what are those duplicative findings are from various sources. Remove them from basic cases. Then looking at the

basic cases. Then looking at the remaining, we look at hey what's the most important to you? What's exposed to the internet? Look at what's highly

the internet? Look at what's highly exploitable, what has low business impact, unlikely to be exploited again.

We look at what's most important for you based on is it internet exposed, does it have any business impact, is it highly exploitable and so on so forth. And we

also provide you capabilities to dep prioritize by policy. What do we what do we mean? You could actually go back and

we mean? You could actually go back and customize and remove the vulnerabilities which you don't care.

For example, you may have an honeypot on which you don't care about vulnerabilities. You could go back and

vulnerabilities. You could go back and define that piece and remove all those vulnerabilities that don't matter to you. We give you ability to customize

you. We give you ability to customize and remove them from your backlog. When

I say all of these are dropped on the floor, they're actually not out of the system. They are still there, but it's

system. They are still there, but it's out of your view. And you could take these and export it and provide it to an auditor or anyone who wants to look at the backlog of

vulnerabilities. Now the remaining in

vulnerabilities. Now the remaining in this case the 17,000 issues here are the actual risks that matter to you. We

don't stop there. We take a quick look at these things, employ our AI based systems to understand how do we consolidate these, understand

the mitigation controls that may be existing to help provide protections to these vulnerabilities. Once you take

these vulnerabilities. Once you take this into account, we combine them based on what shared fixes they have. That

will consolidate all of your 70,000 issues to mere 500 cases.

And that's where our automation kicks in. Automation will actually put them

in. Automation will actually put them into various buckets based on what decisions it could make and only the top

items that need analysts attention today are put in required attention. What you

see here is an auditor's view where you can quickly audit what are the most important vulnerabilities that you need to take care of. It has all the high important metrics that you care about.

Meantime to triage, meanantime to resolve, how many issues you have, how many assets that are affected, so on so forth. It also provides you at a quick

forth. It also provides you at a quick bird's eye view of what are the recommended actions that you could take on each of these cases. Let's jump into

one of these case. What you see here is a recent vulnerability about Apache Tomcat.

Now our system was able to find this vulnerability. It was 15 instances of

vulnerability. It was 15 instances of them. Instead of creating 15 issues, we

them. Instead of creating 15 issues, we created one case and that case gives you all the required risk information. And not only that, when you

information. And not only that, when you look at the detail, it gives you a full causality chain. The chain tells you

causality chain. The chain tells you that hey, we were able to exploit this vulnerability from the internet using our attack surface testing technology.

Now what we found is that this particular server where the vulnerability was found has an XDR agent

on it but the XDR agent doesn't have a CV exploit protection enabled. Our

system quickly identifies that provides you a recommended action where you could actually deploy this exploit protection.

Click on this. There you go. quickly our

this. There you go. quickly our

automation system goes in deploys this profile on the agent and helps you protect against exploitation. Now at

this point what you see is this particular case has been mitigated but not remediated. The risk is

not remediated. The risk is dropped and you can take your regular steps to go and patch this vulnerability on your cycle. Hope you found this useful. Looking forward to experiencing

useful. Looking forward to experiencing it yourself. Next up, Elad Kuran and

it yourself. Next up, Elad Kuran and Matt

[Music] Mullen. So, I'm so glad that you can uh

Mullen. So, I'm so glad that you can uh be with us today. Today we have Matt with us. Matt. Hi. Hi. Oh, good to have

with us. Matt. Hi. Hi. Oh, good to have you with us. It's great to be here. Oh,

I'm glad. I'm glad. So, why don't you tell us a bit about the Palo Alto Networks sock?

Yeah. So our internal socks mission is to detect and respond to cyber attacks targeting PaloAlto networks. So we have 13 sock analysts who use a lot of automation and highfidelity threat

detections through our Cortex XIM product to run relatively lean given that we're 20,000 person company. And

just for some context, we have a pretty large public-f facing attack surface of about 200,000 public IPs and an even bigger internal attack surface with over

4 million VMs, a million containers growing about 10% every month. So

there's no shortage of interesting challenges for our van management team to tackle.

That's a lot of estate. Indeed. um why

don't you talk to us about the vulnerability management and you know some of the challenges you're facing I assume almost on a daily if not more frequent than that uh basis yeah I mean

our vulnerability management team is a separate team from the sock there's six people in it who report up to me as the senior director of security operations

and their mission is to find and communicate vulnerabilities to the right teams across our business uh so so we can get those remediated and uh bottom

line reduce risk for the company. So

with this kind of scale and vulnerability management the biggest challenges we face are number one prioritizing the right fixes and then number two uh dealing with the huge

amount of engineering work required to run our uh va management operations. So

like prioritization is really important uh to get right when you're dealing with millions of vulnerabilities. Uh and

being able to answer the question which of the vulnerabilities do I need to get fixed first to avoid an incident is really key. uh and then all of the

really key. uh and then all of the engineering uh around the data flows from the different vulnerability sources to get them in the same single repository

dduplicating them enriching them with thread intel identifying which are public facing which ones are exploitable etc is no easy task uh so frankly it's

what my uh sixperson vault management team spends a lot of their time doing you you you were as you were talking I uh all of this with six people. That's

that's pretty amazing. But I assume you have the technologies that you've used that historically um were part of um the way you addressed all this vulnerability

management requirements and and the things for you to manage that. Talk to

us about the technologies that you've been using uh throughout.

Yeah, so our our previous strategy was to basically build lots of custom tools.

So, we built our data pipelines to get all of our VM data from these disperate systems that were finding vulnerabilities into a big GCP database

where we attempted to dduplicate and enrich on the fly. It was a ton of work to build and support that. Um, it was prone to breakage. Uh, and frankly, it

was pretty frustrating that I had to build something so custom. Yeah. Not not

surprising. And you know we talking beyond this one and um one thing that I know you've already started is looking at bringing all of your vulnerability

management piece of work into XIM and kind of focusing on on looking at your best practices around your uh XM and

Cortex platform. Tell us about the

Cortex platform. Tell us about the improvements that you've been seeing in this in this process uh throughout.

Yeah. Well, we've already migrated to Cortex XIM's attack surface testing product for our public facing vulnerability scanning. Uh, it does a

vulnerability scanning. Uh, it does a really good job at identifying exploitable vulnerabilities on our public attack surface. Uh, we found it very accurate as well. We haven't found

a false positive yet, which is something very important to us. Um, and we've started to use XIM playbooks as well to automate some of our vulnerability

triage work. So, for example, our

triage work. So, for example, our playbooks confirm that the exposure is still present, retrieve the owners from the cloud tags and enforce a consistent

process for our uh, vulnerability management engineers to follow. Yeah.

So, by the way, false positives is is is a huge problem and huge pain. So I I hear you on this one and and not even to that extent to a broader extent. Can you

elaborate a bit more of how much is it really important to have everything in a unified platform and and have the vulnerability management be

a really a part of that broader sock view and your entire posture management view.

Yeah, it it is important to have everything on a unified platform because it's a simpler architecture for me and my team to maintain. So I don't want my

team going out and building custom databases and managing scripts to identify the highest priority vulnerabilities. I want a a SAS product

vulnerabilities. I want a a SAS product to handle all that engineering complexity for me. Um so having the the sock and the vulnerability management

teams using the same platform to me makes a lot of sense because number one automation we need to bring the same sort of automation focused philosophy

that's helped sock teams be successful to the vulnerability management teams and there's a lot of work for the vulner management teams to do manually. And

then number two, sock teams often need vulnerability data when they're working an incident. So I mean the first thing

an incident. So I mean the first thing that a sock incident responder needs to do in response to a cloud incident is figuring out how the compromise occurred

which could have been enabled by a vulnerability. So all this to say fewer

vulnerability. So all this to say fewer tools, less engineering and more automation is the way. So I I I hope and

I plan to transition my sixperson van management team from doing lots of data engineering toward doing more actual

vulnerability analysis and and balancing the risk uh and business needs. And to

me that is what a super mature vulnerability management team should be focusing on. And that's why I'm excited

focusing on. And that's why I'm excited about the new exposure management capabilities coming to Cortex. It's

going to bring that automation that we need to our va management operations, reduce the engineering work uh so that we can zero in quickly on what we need

to prioritize. Yeah. Um thanks for this

to prioritize. Yeah. Um thanks for this and I couldn't agree more. It could be a force multiplier for many other organizations and thanks for taking us through the journey and everything you

experience. Naturally the magnitude and

experience. Naturally the magnitude and things we have here it's huge. So many

other organizations can definitely uh learn from your experience here. So

thank you. You're welcome. Thanks.

Using a platform like XIM and the AI tools available with it will allow us to consolidate that information, identify it, respond to it much quicker. What I

love about Palo Alto Networks is they're always constantly innovating and I know that with the 3.0 version for XIM will have some great enhancements like email

security and exposure [Music] management. Well, there you have it. XIM

management. Well, there you have it. XIM

3.0 really is the only security operations platform you need. To learn

more about XIM 3.0 know and learn how it can help your organization. Reach out to Apollo Alto Network's sales representative today. Thank you for

representative today. Thank you for joining us and for trusting Palo Alto Networks to be your security partner of choice. Until next time, stay safe.

choice. Until next time, stay safe.

[Music]