- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
In my new video that you can watch below, we walk through the challenges around students who are circumventing content filtering by using evasive proxy or VPN apps. Hit that play button to watch the video, or read on to get an overview of what it covers.
While the firewall has some ability to detect and block these apps, this often requires the customers to implement SSL decryption and other complex configurations. Cortex XDR gives us an additional layer of enforcement at the endpoint level, and Cortex XSOAR allows us to tie in the Next-Generation Firewall (NGFW) to enforce other restrictions at the network level and perform additional automations, such as emailing the offending student, an IT group, or any other important individuals.
The workflow goes roughly as follows:
While this is a very specific, introductory use case, I’ve tried to explain throughout the video that the use case can be altered and extended many different ways. The same basic framework could apply to other types of applications, or even other sorts of alerts coming from XDR.
Another thing that I didn't mention in my video is that the playbook I'm using in Cortex XSOAR is just a modified version of an out-of-the-box Cortex XDR playbook, so I didn't have to build it completely from scratch. I just made a few changes to add my specific workflow towards the end of the built-in incident handling playbook.
Hopefully this blog helps paint the picture of what this video is, why I created it, and how it could be extended to support other, more broad use cases.
Make sure that you visit the LIVEcommunity technology pages for Cortex XDR and Cortex XSOAR. There you’ll find more videos and blogs, as well as articles and discussions all about Cortex.
Please let me know in the comments below if there's anything else you’d like to see a video about, or how we can help you in your use case.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
3 Likes | |
2 Likes | |
1 Like | |
1 Like | |
1 Like |