Having perfect visibility on threats; staying in control; moving fast and mitigating risks; in an increasingly digital world where security stakes are increasing, Palo Alto Networks’ watchwords are very much in the spotlight. Invited by Jean-François Vaillancourt, President of NETsatori, Palo Alto’s cyber defense specialist, Xavier Trépanier, gave a conference on the theme of “securing the company, securing the cloud with Prisma, and securing the future with Cortex from Palo Alto. »
The evening, on the theme of cybersecurity and artificial intelligence, began with the presentation of Palo Alto Networks in the friendly setting of an art gallery in the Old Port of Montreal and ended, a few hundred meters away, in the Pyramid PY1 with Guy Laliberté’s new immersive show in which NETsatori had the pleasure of working. The main theme of the event: advanced technologies.
As Xavier Trépanier pointed out, when we talk about cybersecurity, “the question is not whether we will face an incident, but when it will happen”. As most organizations migrate their data and business logic to the cloud, rely on SaaS and shift to mobility, it is essential to clarify the sharing of responsibilities between cloud service providers and the enterprise. The complexity that was caused by the thousands of rules in internal firewalls does not automatically disappear when you migrate to the cloud. It should be remembered, he said, that “most security breaches are the result of incorrect firewall configurations and old rules that have never been erased”. Other issues identified: on the one hand, the tons of logs that accumulate and with which nothing is done and, on the other hand, the very large number of alerts that are generated by the systems in place. “How, with a team of three security analysts, do you want to manage more than 500 alerts per week? That’s impossible. “, notes Xavier Trépanier. The solution lies in the use of artificial intelligence and machine learning to automate the analysis, classification and response to the majority of incidents in order to reduce, in this example, the number of real and important alerts to around 100 that three people can then manage effectively.
The highlight of the conference was the presentation of Cortex XDR which allows to stop in near real time sophisticated attacks that, without the help of the artificial intelligence and Data Lake that Palo Alto’s UEBA system uses, it would be very difficult to detect. Where, even today, the analysis and preparation of the response to an attack can take up to 200 days, Cortex XDR does it in… a few seconds. With hundreds of use cases natively integrated into Cortex XDR and millions of data from endpoints and networks analyzed in real time by Palo Alto’s AI systems, almost all incidents can be automated and processed within seconds of being identified. This then gives analysts time to focus on the responses implemented or suggested by Cortex XDR to address the more significant threats. Beyond the buzzword, artificial intelligence in the service of cybersecurity makes sense with Cortex XDR.