- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
With the ever evolving threat landscape, security operations teams require a new level of efficiency to protect their organizations. The latest release across Cortex products aims to solve a diverse set of challenges in security operations, all while improving the efficiency and overall analyst experience.
The latest release of Cortex XSIAM enhances SecOps workflows and enriches the analyst experience by introducing higher levels of visibility and automation suited for the analyst’s individual preferences.
One challenge analysts encounter is the inability to promote important data from alerts to the incident level, leading to difficulty in accessing the necessary information. Furthermore, without aggregated or enriched data from alerts at the incident level analysts will find it difficult to gain a comprehensive understanding of the situation.
But, the new Custom Incident Layout, available in XSIAM 2.3, enables analysts to customize the incident page layout. This streamlines the investigation process by enhancing the visibility of important incident-specific fields, data ingested from integrations, and playbooks that can be executed. Incident layouts are customizable by incident type (e.g., phishing, malware, etc.) or based on analyst preference.
Analysts also face challenges in quantifying the impact of incident mitigation processes and identifying where delays or inefficiencies occur, which hinders the assessment and optimization of workflows. Addressing these challenges is crucial for enhancing incident response and customer satisfaction.
The solution to this is Incident SLAs, which allows analysts to effectively monitor and assess key performance indicators (KPIs) by setting SLAs at the incident level. This provides a quantifiable and efficient approach to tracking KPIs, obtaining real-time insights into operational performance, and ensuring alignment with established objectives. By doing so, organizations can effectively meet critical goals and foster accountability and efficiency across operations.
Many analysts require separate environments for testing, which can often result in a large overhead of maintaining test data, and other challenges. For example, users migrating from XSOAR to XSIAM miss the ability to write all content, integrations, playbooks, and scripts in one environment and push them in a managed manner to their production environment. Additionally, there is a lack of tools to create and test datasets and playbooks before pushing them to the production environment, and difficulty in maintaining change management, as each update necessitates users to complete changes from start to finish in one go. Addressing these challenges would improve efficiency and streamline the development and deployment processes.
The new Playbook Dev-Prod Capabilities in XSIAM ensure efficient creation, deployment, and testing of automation playbooks. XSIAM now provides a pre-configured development repository for creating automation playbooks, utilizing data ingested from an organization's production tenants, and providing SecOps engineers with Dev-Prod capabilities. The Dev-Prod repository enables engineers to write, test, and revise playbooks in an isolated setting before deploying them to production.
Managing incidents across multiple environments poses a significant challenge, particularly in terms of workload management, tracking the status of incidents, and prioritizing events effectively. There is a pressing need for solutions that offer the capability to take action, as the current read-only solutions are limited in addressing incidents promptly and effectively.
Multi-Tenant Unified Incident View empowers managed security service providers (MSSP) and multi-tenant administrators to centralize security operations across distributed environments with a consolidated view of all incidents within each child tenant. This enables administrators to take action, such as updating incident status, severity, and assignee across child tenants. This feature is also available in Cortex XDR 3.11.
In the 2024 Forrester Wave™ for Extended Detection and Response Platforms, Cortex XDR was named a Leader in the industry, acknowledged for our commitment to disruption, ability to empower analysts to detect and respond effectively, as well as the enhancements enabling more platform features and analytics for identity and cloud. Our latest Cortex XDR 3.11 release builds on our leading extended detection and response capabilities with the introduction of new and updated protection modules to defend and prevent the latest threat techniques. These new features are also available in XSIAM 2.3.
When dealing with evolving and evasive cyberattacks, one of the more challenging aspects for defenders is detecting and preventing the unknown. When developing new features in our products, the Cortex research and development teams actively seek out the latest and greatest new tactics, techniques, and procedures (TTPs) that threat actors are using.
In doing so, we’ve taken these findings and have released new and updated protection modules in Cortex XDR 3.11 and Cortex XDR Agent 8.5 that protect against new attack techniques using in-memory shellcode, targeting the kernel, and stealing crypto wallets.
Today, the Cortex Causality Chain interface provides a useful but complex way to access information. To enable faster and more intuitive investigations, the alert Causality Chain interface has been revamped. The new Causality Chain Interface provides easier access to key information about an alert at each stage of the causality chain, enabling faster and more intuitive investigations, while also improving analyst workflows.
The next advancement of our industry-leading attack surface management solution, Xpanse 2.6, delivers enhancements to some of our most incredibly powerful capabilities yet. The new capabilities include enhancements to the Threat Response Center, new remediation use cases for our Active Response Module, such as automatic patching, and lastly, usability improvements to improve the analyst’s overall efficiency.
New usability improvements include:
Security automation is crucial to improving operational efficiency and driving faster and more complete security incident response. In 2023, we introduced Cortex XSOAR 8 SaaS solution that delivers greater performance, scalability, and reliability, and more recently, supports on-premises deployments.
Cortex XSOAR 8.7 focuses on providing immediate value out-of-the-box with automation workflows and an overall pleasant user experience for both our SaaS and on-premises customers.
The enhanced features and capabilities listed here are just the tip of the iceberg for what we’ve packed into this Cortex release across XSIAM, XDR, Xpanse and XSOAR. Learn more about the Cortex platform by visiting /cortex/.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
4 Likes | |
3 Likes | |
3 Likes | |
2 Likes | |
2 Likes |
User | Likes Count |
---|---|
11 | |
4 | |
3 | |
2 | |
2 |