Palo Alto Networks has introduced Cortex™ XSOAR, an extended security orchestration, automation and response platform that empowers security leaders with instant capabilities against threats across their entire enterprise. Cortex XSOAR is an evolution of the Demisto® platform, which was acquired by Palo Alto Networks in March 2019.
With Cortex XSOAR, customers are able to:
- Standardize and automate processes for any security use case: Easily automate hundreds of security use cases with playbooks that orchestrate response actions across more than 350 third-party products.
- Adapt to any alert with security-focused case management: Accelerate incident response by unifying alerts, incidents and indicators from any source within a single case management framework.
- Boost SecOps efficiency with real-time collaboration: Facilitate investigations across teams via a virtual War Room with built-in ChatOps and command line interface to execute commands across the entire product stack in real time.
- Take action on threat intelligence with confidence and speed: Take full control of threat data by aggregating disparate sources, customizing and scoring feeds, and matching indicators against a customer’s specific environment, as well as leveraging playbook automation to drive instant action.
“Threat intelligence without context is just threat data. In order for threat intelligence to be of use, the original context of the threat intel has to be applied appropriately and mapped to internal incidents and policies,” says Michael Poddo, director, Cyber Threat Analysis & Response, Emerson. “However, doing this at scale and speed to keep pace with real-time threat feeds is tough without automation. SOAR applied to threat intelligence can help fully integrate it into all aspects of your incident response program.”
Cortex XSOAR will replace Demisto by Palo Alto Networks, subsuming and extending existing platform capabilities. Demisto customers will be migrated to Cortex XSOAR upon general availability, expected in March 2020, with an option to evaluate the new Threat Intel Management module at no additional cost.