Palo Alto Networks is one of the leading cybersecurity technology companies in the world. Due to this status,  it is also a prime target for potential hackers trying to prove themselves. In addition to delivering advanced cybersecurity products and services to their customers, they operate an internal Security Operations Center (SOC) that monitors their datacenters, infrastructure and data utilized by more than 10.000 employees and customers worldwide.

You would expect Palo Alto Networks to have a heavily operated and fully staffed 24×7 eyes on screen SOC, but nothing could be further from the truth. The PA SOC operates on a single shift during standard business hours with a lean crew.

 

How do they manage it?

Two key fundamentals make the difference in this concept: machine learning / AI and automation.

Palo Alto Networks relies on machine learning / AI-driven detection because they revolutionize defense strategies by use of:

• Proactive Threat Detection: AI monitors and identifies anomalies in real-time, outpacing traditional methods.
• Scalability: AI tools adapt to handle growing threats, crucial in an era of remote work and IoT.
• Reduced False Positives: They cut down on noisy alerts, allowing teams to focus on real threats.
• Rapid Response: AI reacts swiftly, automating countermeasures or alerting teams for quick mitigation.
• Adaptive Learning: These tools evolve with new data, staying ahead of emerging threats.
• Predictive Analytics: AI analyzes trends from historical data, aiding proactive security measures.

In essence, AI-driven detection tools eliminate the noise and let ’s you focus on already correlated incidents that require attention.

Next to AI, Automation is a key concept in these SOC’s of the future in the form of Security Orchestration, Automation, and Response (SOAR) tools. These tools provide critical value in the modern threat landscape with Swift Incident Response capability, eliminating trimming Alert Fatigue and rapid threat mitigation added value.

The combination of AI and Automation are the key strengths that make it possible to build a cost-effective and results-driven SOC.

Jarviss has built its ManagedXDR service being an automated detection and response service with additional Jarviss SOC expertise, exactly on these principles.

The Jarviss Managed XDR service is a 24×7 automated cybersecurity detection and response service based on AI, XDR, ITDR, and SOAR technology. It provides:

• Detection of suspected incidents based on AI-driven XDR and ITDR technology
• Enrichment of these suspected incidents with additional relevant security information
• Classification of these incidents to determine priority and impact
• Automated response actions to mitigate possible impact
• 8×5 assistance from, and 24×7 escalation to, cybersecurity specialists for further analysis
• Continuous reporting and monitoring of the cyber maturity of our customers

 

The Jarviss Managed XDR service uses the Palo Alto Cortex SOAR tool but is otherwise completely technology agnostic. In addition to integrations with Palo Alto Networks, we also integrate with SentinelOne, Vectra AI, Microsoft, Fortinet, Crowdstrike, Armis, Silverfort, and more.

Build your security strategies with the Jarviss ManagedXDR. Don’t wait until it is too late.

Send us an email at info@jarviss.be or give us a call at +32 9 394 99 11.

 

Source: Palo Alto Networks Security Operations Center (SOC) – Palo Alto Networks

Author: Jo Vander Schueren