Transform your SecOps: Cortex XSIAM Demonstration and Insights

[MUSIC PLAYING] Hi, I'm Josh Yost, Cortex systems engineering leader at Palo Alto Networks.

Today, I'm going to guide you through a brief tour of XSIAM.

XSIAM is a transformative advancement in security operations, seamlessly integrating the capabilities of point and legacy solutions into one unified platform.

By harnessing the power of Precision AI, machine learning, analytics and automation, XSIAM empowers our customers to achieve unparalleled SecOps outcomes, delivering measurable value at an accelerated pace.

Now let's dive into the demo.

Here you see the XSIAM command center, your real-time operational hub tailored for a variety of security roles.

Whether you're looking to delve into active incidents or gauge your organization's transformative progress, this is your starting point.

On the left, the Integrations Dashboard showcases a spectrum of data sources, ranging from endpoint and network to identity cloud, application telemetry, and more, all while providing insights into the health and volume of data ingestion.

Traditional SIM tools often require security engineering teams to spend substantial time onboarding and normalizing these data sources.

XSIAM simplifies this process significantly with over a thousand integrations, including both Palo Alto Networks and third-party data.

The vast majority can be set up in just a few clicks.

Our integration library is always expanding.

Let's return to the main display.

Here you see the process of over 2,500 alerts being intelligently stitched grouped and analyzed, condensing down to 112 fully contextualized incidents.

By clicking here, we can observe this happening in real time.

XSIAM not only consolidates related data and alerts into coherent stories but also implements automations, suggests playbooks, and automatically resolves incidents, reducing the manual workload associated with these tasks.

Heading Over to automations, XSIAM's not only streamlining resolution for the majority of incidents here.

It's also enhancing efficiency with automation recommendations.

As new optimizations and recommendation methods emerge, they're integrated into the platform automatically, fostering a culture of continuous improvement within your operations team.

This proactive approach can entirely eliminate alert backlogs, allowing your team to concentrate on strategic initiatives and proactive pursuits.

Now let's head over to the Incident View and see how XSIAM empowers your investigators and responders.

The Incidents View is where the analysts can begin their day.

Note the smart score here beside each incident, a product of Precision AI.

This prioritizes incidents so your team knows exactly where to focus their time and efforts.

Now let's take a look at a single incident to see what it's like using the tool.

We immediately provide the analysts with crucial context and data.

In this example, 19 alerts from six different data sources have been intelligently stitched and aggregated.

Precision AI not only enriches these alerts but does so with a low false positive rate, a stark contrast to the manual and tedious rule creation and tuning associated with legacy systems. The incident details are also mapped to the MITRE ATT&CK framework to aid the investigation.

If I want, I can also zoom out and view MITRE information at the organizational level to help pinpoint specific areas that require attention from my team.

Looking at the automations, you can see here, the system has already proactively run two playbooks with two more suggested based on what's going on in the incident.

I can execute these recommendations, and, if they're effective, I can automate them for future incidents.

Here we have continuous improvement driven by a nudge from the solution.

Additional information about the incident includes all associated artifacts and assets.

Now, effective investigation hinges on the ability to pivot quickly.

Legacy systems hinder this with scattered information, which leaves the analysts searching for the data instead of focusing on the investigation.

XSIAM, on the other hand, facilitates very swift navigation.

For instance, let's say I want to take a deeper look at our user here, Sherlock.

Here we see Sherlock's user risk profile powered by Precision AI.

It presents essential information at a glance-- identity, location, activity hours, role, historical risk score trends, along with other pertinent data, such as login and SaaS information.

With Precision AI and the comprehensive capabilities of XSIAM, we're not just enhancing metrics like MTTD and MTTR.

We're also significantly boosting the satisfaction of operations and engineering teams. Today's glimpse of XSIAM is just the tip of the iceberg.

I invite you to join your Cortex SecOps specialist team for a more in-depth exploration.