Palo Alto Networks, the global cybersecurity company, introduced Cortex™ XSOAR, an extended security orchestration, automation and response platform that empowers security leaders with instant capabilities against threats across their entire enterprise. Cortex XSOAR is an evolution of the Demisto® platform, which was acquired by Palo Alto Networks in March 2019. Threat intel data Palo Alto Networks is redefining the security orchestration, automation and response category by making threat intelligence management a core component. By tightly integrating threat intelligence management with SOAR capabilities — such as unified case management, automation and real-time collaboration — customers are now able to fully operationalise threat feeds. Bringing threat intel data into Cortex XSOAR means security orchestration just got simpler for the customer" “Customers are facing an overwhelming volume of alerts, threat intel sources, and security tasks,” says Lee Klarich, chief product officer for Palo Alto Networks. “Both SOAR and threat intelligence management have developed over recent years as tools to help them, but existing product silos have led to even more manual work. Bringing threat intel data into Cortex XSOAR means security orchestration just got simpler for the customer. It makes no sense to have SOAR without native threat intel.” Threat management into security orchestration “The integration of threat management into security orchestration and automation is an inevitable evolution for improving security operations,” notes Jon Oltsik, senior principal analyst and fellow at the Enterprise Strategy Group (ESG). “Cortex XSOAR brings the right pieces together. Until now, operationalising vital threat intelligence data has been difficult or even impossible as it requires time, experience, and resources that are beyond the capabilities of many organisations. A platform like Cortex XSOAR acts as a security operations and analytics platform architecture, or SOAPA, for analysing and operationalising cyber threat intelligence. The benefit? Bringing the value of threat intel to the masses.” Cortex XSOAR With Cortex XSOAR, customers are able to: Standardise and automate processes for any security use case: Easily automate hundreds of security use cases with playbooks that orchestrate response actions across more than 350 third-party products. Adapt to any alert with security-focused case management: Accelerate incident response by unifying alerts, incidents and indicators from any source within a single case management framework. Boost SecOps efficiency with real-time collaboration: Facilitate investigations across teams via a virtual War Room with built-in ChatOps and command line interface to execute commands across the entire product stack in real time. Take action on threat intelligence with confidence and speed: Take full control of threat data by aggregating disparate sources, customising and scoring feeds, and matching indicators against a customer’s specific environment, as well as leveraging playbook automation to drive instant action. Extending existing platform capabilities SOAR applied to threat intelligence can help fully integrate it into your incident response program""Threat intelligence without context is just threat data. In order for threat intelligence to be of use, the original context of the threat intel has to be applied appropriately and mapped to internal incidents and policies," says Michael Poddo, director, Cyber Threat Analysis & Response, Emerson. "However, doing this at scale and speed to keep pace with real-time threat feeds is tough without automation. SOAR applied to threat intelligence can help fully integrate it into all aspects of your incident response program." Cortex XSOAR will replace Demisto by Palo Alto Networks, subsuming and extending existing platform capabilities. Demisto customers will be migrated to Cortex XSOAR upon general availability, expected in March 2020, with an option to evaluate the new Threat Intel Management module at no additional cost.
Keysight, the test and measurement vendor, has announced that Ixia, its cybersecurity and visibility business, has announced BreakingPoint QuickTest, which enables organisations to quickly evaluate the performance and security of devices and networks to assess their cybersecurity readiness. Today’s IT departments struggle against increasing network security threats while suffering from a cybersecurity skills shortage. According to Jon Oltsik, principal analyst, Enterprise Strategy Group, “more than half of organisations report a problematic shortage of cybersecurity skills.” The lack of testing expertise creates opportunities for vulnerabilities in IT environments. Optimising speed of cybersecurity testing This innovation enables organisations to optimise the speed of their cybersecurity testing without compromise"“Organisations are under pressure to make the right security investments to ensure their networks and applications are secure. This pressure, combined with the shortage of expert resources, forces organisations to compromise on the quality of their security testing,” said Sunil Kalidindi, vice president of product management at Ixia, a Keysight Business. “BreakingPoint QuickTest offers users all the power of BreakingPoint in pre-packaged test methodologies with expert analysis capabilities. This ground-breaking innovation enables organisations to optimise the speed of their cybersecurity testing without compromise.” Features of the test suites BreakingPoint QuickTest offers concise and actionable test scores for rapid result analysis, and complete automation for continuous assessment. Test suites include: Performance: to measure system performance while handling various types of application traffic mixes that include encrypted traffic NetSecOPEN: to validate the device or system against NetSecOPEN standardised tests, industry guidelines and best practices for testing modern network security infrastructure including firewall, next generation firewall (NGFW), intrusion protection system (IPS), and threat detection solutions and services Encryption Performance: to measure the system performance of TLS inspection devices or networks, while handling traffic encrypted using various types of ciphers and key sizes Security: to validate the effectiveness of a security device or system in mitigating attacks and breach attempts while maintaining traffic continuity Powered by threat intelligence BreakingPoint QuickTest is powered by threat intelligence provided by Ixia’s Application Threat Intelligence (ATI) Research Center, a globally distributed team of dedicated cybersecurity professionals that monitor and analyse the ever-evolving indicators that could threaten the security of IT networks worldwide. Ixia’s ATI Research Center has been performing advanced security research for over a decade, providing intelligence updates to customers around the globe.
Pulse Secure, global provider of software-defined Secure Access solutions has announced the integration of SDP (Software Defined Perimeter) architecture within its Secure Access platform and the inclusion of Pulse SDP as an add-on within its award-winning Access Suite. By offering a flexible path to SDP, the company extends its foundation of Zero Trust access for hybrid IT and provides enterprises and service providers with unrivalled provisioning simplicity, security posture fortification and lower total cost of ownership. According to a recent Enterprise Strategy Group survey: 66% of organisations expect that within two years, more than 30% of their cloud-resident data will be sensitive 53% of mobile knowledge workers wait at least a week before applying a security patch or update to the devices they use for work 45% of organisations that have repatriated a public cloud-based application(s)/workload(s) have deployed them on converged infrastructure Zero Trust Strategy Pulse Secure Access Suite provides remote, mobile, cloud, network and application security Ubiquitous access to applications and dynamic resource provisioning are the new normal, yielding an increase in advanced threats and massive data breaches. As enterprises embrace digital transformation and migrate their applications and infrastructure to multi-cloud, access requirements have become more stringent and complex to prevent attacks and data leakage. To reduce risk, organisations are applying a Zero Trust Strategy of “verification before trust” by incorporating stronger user and device authentication, granular access control, and enhanced segmentation no matter where the application and resources reside. “Business leaders face a digital imperative to boost user productivity, while also mitigating the risk of data breaches that are growing in size and frequency,” said Sudhakar Ramakrishna, CEO of Pulse Secure. “From our inception, Pulse Secure has focused on providing a pragmatic approach to Zero Trust Secure Access that balances user experience with compliance. By incorporating SDP architecture within our Access Suite, we can deliver the deployment flexibility, scale and investment protection sought by enterprises and service providers.” Pulse Secure Access Suite Pulse Secure Access Suite provides remote, mobile, cloud, network and application security with comprehensive VPN, Mobile Device Management (MDM), Single Sign-on (SS0), endpoint and IOT device visibility, Network Access Control (NAC) and virtual Application Delivery Controller (ADC) capabilities. Pulse SDP complements this integrated solution set by offering direct device to application/resource secure connectivity only after successful user, device and security state verification including geo location and behaviour-based anomaly detection. As a result, organisations gain seamless accessibility while streamlining access provisioning, improving performance and reducing the visible attack surface. More so, organisations gain greater economies and a non-disruptive way to readily implement SDP functionality when, where and how they require. Pulse Secure can provide strong value that can be compelling for customers and service providers" “Despite industry suggestions about VPN replacement, SDP is not a panacea for all applications and hybrid IT infrastructure as enterprises migrate to the cloud. While deployments can offer comparatively simple, secure connectivity, SDP projects tend to be based on specific use cases and projects. VPN and SDP will likely co-exist for a while, so organisations need to keep an eye on joint usability, management and costs,” said Jon Oltsik, senior principal analyst at Enterprise Strategy Group. “By offering an integrated secure access suite that supports VPN and SDP architectures for data centre and cloud, Pulse Secure can provide strong value that can be compelling for customers and service providers.” Pulse SDP integration to Access Suite Pulse SDP augments the Access Suite and offers an array of features and business benefits including: Dual-mode VPN and SDP architecture; provides enterprises single pane of glass secure access management and operational visibility across public cloud, private cloud and data centre. Extensive multi-factor authentication and authorisation options; ensures users, their devices and the applications they access are continuously verified before and during the transaction. Uniform policy management; enables consistently provisioned secure connections that increase usability and security while reducing configuration errors, policy drift and gateway sprawl. Granular, stateful access enforcement; aligns business and compliance requirements with on-demand, application-level access that supports anywhere access and preferred device. Enhanced user experience; offering users easy and seamless access options including web portal, application-activated, SSO and captive portal. Access responsiveness; separate data and control planes to ensure scalability with proprietary Optimal Gateway Selector technology to expedite application delivery. Deployment flexibility; freedom to move or extend implementation on premise, through private and public cloud, and with their hosting provider or managed service provider of choice. Reduced total cost of ownership; unified Secure Access platform that works with a customer’s existing investment and access ecosystem to consolidate disparate remote and cloud access controls and avoid expensive administrative, licensing and management overhead. Pulse Secure software and cloud solutions With a simple software upgrade, customers can activate Pulse SDP using the latest Pulse Secure infrastructure Pulse SDP will be offered solely as a licensed component within Advanced and Enterprise Editions of the Pulse Access Suites in April 2019. Pulse SDP is comprised of an SDP Controller, SDP Client and SDP Gateway which are enabled within the Pulse Secure software, hardware and cloud solutions. This approach allows SDP and perimeter-based VPN functionality to work in parallel and provides Zero Trust access security and essential operational flexibility for enterprises and service providers. With a simple software upgrade, customers can activate Pulse SDP using the latest Pulse Secure infrastructure. The Pulse Secure Access Suite, Advanced Edition with SDP option has an annual subscription MSRP of $66.00 USD per user for 1000 users. Other license and delivery options are available. Between now and June 30, 2019, customers can upgrade or renew their existing Pulse Access Suite subscription to activate SDP functionality at no additional charge.
Check Point announces the general availability of CloudGuard SaaS, an industry-first cloud suite designed to prevent sophisticated security threats that target SaaS applications. One of the latest additions to Check Point’s CloudGuard portfolio of cloud security products, CloudGuard SaaS protects enterprises that use SaaS applications and cloud-based email (including Office 365, GSuite and OneDrive), and prevents targeted attacks intended to steal sensitive data. Addressing advanced SaaS threats, CloudGuard SaaS provides 360-degree protection against malware and zero-days, phishing attacks, as well as employee account takeovers. Additionally, it can discover unsanctioned use of SaaS applications and prevent data leakage, while providing instant threat visibility. Data leakage protection CIOs should work with security and risk managers to create and follow a comprehensive and continuous approach for the controlled use of SaaS" “In today’s fifth-generation cyber-attack landscape, it’s crucial to implement technology equipped to take on more threats on business cloud applications,” said Itai Greenberg, VP of Product Management at Check Point Software Technologies. “Businesses generally turn to solutions in the Cloud Access Security Broker domain, which offer visibility and data leakage protection. CloudGuard SaaS goes beyond CASB capabilities. It’s designed to prevent the most common attacks on SaaS applications, providing peace of mind to enterprises.” According to Gartner Jay Heiser, Research VP, Analyst at Gartner: “CIOs should work with security and risk managers to create and follow a comprehensive and continuous approach for the controlled use of SaaS, or they will fail to meet business goals, resulting in unnecessary losses or incidents.” Breach prevention solution CloudGuard SaaS is an essential solution that equips businesses with the necessary preventive security for a multitude of enterprise SaaS applications within minutes. “Businesses today face potential cyberattacks occurring from multiple vectors, including SaaS-based applications. Products like Check Point CloudGuard SaaS can help enterprises looking to protect themselves from attacks of different levels – from phishing to zero-day compromises,” said Jon Oltsik, senior principal analyst at the analyst firm ESG. Superior threat prevention against malware and zero-days: CloudGuard SaaS is the most effective breach prevention solution for malware and zero-day attacks on SaaS applications, leveraging Check Point’s SandBlast technology. SandBlast scored a 100% block rate and highest evasion testing with NSS Labs, a globally recognised trusted source for independent, fact-based cybersecurity testing. Sophisticated phishing attacks CloudGuard SaaS blocks SaaS account takeovers by preventing unauthorised users from logging in, even if the device is already compromised By leveraging these capabilities, CloudGuard SaaS protects email attachments and file downloads on file hosting services and collaboration tools. CloudGuard SaaS blocks zero-day threats before they reach users and delivers safe content in seconds, using advanced threat emulation and extraction technology. Innovative technology stops account takeovers: CloudGuard SaaS blocks SaaS account takeovers by preventing unauthorised users from logging in, even if the device is already compromised. Using its new ID-Guard technology, CloudGuard SaaS identifies fraudulent access by finding bad logins and centralising multi-factor authentication. In addition, CloudGuard SaaS can authenticate users in any SaaS application on any device—mobile or PC. Total phishing protection: CloudGuard SaaS prevents more phishing attacks than standard email services by leveraging artificial intelligence engines. It can stop sophisticated phishing attacks, spear-phishing, and email spoofing that may bypass other solutions. Malicious email content can also be blocked with high-precision certainty.