How Your Security Operations Team Can Maintain Zero Trust

This post is also available in: 日本語 (Japanese)

Your security operations team plays a critical role in an effective Zero Trust strategy, which requires a level of visibility and control across your company’s infrastructure. This includes having visibility into your network traffic, orchestrating data from sources across the infrastructure, applying machine learning for actionable insights and using automation to take those actions. This means that, in practice, the security operations team has plenty to do to monitor and maintain a Zero Trust approach.

Zero Trust means that you can’t assume that any of the users, endpoints, credentials or devices on your network are trustworthy: Endpoints can be compromised, and credentials can be stolen. Your security operations team must continually monitor for suspicious or anomalous behavior to ensure that everyone is who they say they are and is acting legitimately. By deploying an analytics solution that can see across endpoint, cloud and network assets, the team can gain enterprise-wide visibility and safeguard managed as well as unmanaged assets.

Palo Alto Networks has invested heavily in enabling security operations teams – and their IT counterparts – to execute these Zero Trust strategies. The Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q3 2020 listed Palo Alto Networks as a leader, saying, “Palo Alto Networks has essentially either procured, acquired, or built every tool or capability an organization needs to operate a Zero Trust infrastructure. Palo Alto Networks is assembling a robust portfolio to deliver Zero Trust everywhere – on-premises, in the data center, and in cloud environments.”

The SecOps portion of our toolkit centers around the Cortex portfolio:

Cortex XDR is an extended detection and response solution that not only prevents attacks and detects behavioral anomalies on endpoints, but also offers holistic visibility, investigation and remediation capabilities that extend to the network and cloud.

The more telemetry data you have, the more insights you have to identify anomalies, as well as to inform architectural tweaks to your Zero Trust deployment. Palo Alto Networks gathers telemetry data from across the cloud, network and endpoints into the Cortex Data Lake, where the data is stitched together to enable machine learning and analytics. Cortex XDR uses this data to baseline normal user and device behavior, thus allowing the behavioral analytics engine to detect threats based on anomalies. When a new threat vector is found, Cortex XDR facilitates a deep investigation of the newfound threat so you can uncover what occurred and react accordingly.

Cortex XSOAR is a security orchestration, automation and response solution with native threat intelligence management. Cortex XSOAR uses API-driven automation playbooks that automate and orchestrate incident responses across the security stack, allowing security teams to take action quickly when security incidents are discovered. The large list of pre-built integrations range from authentication to network security to vulnerability management and include security and non-security tools used by SecOps teams (both with Palo Alto Networks and non-Palo Alto Networks tools). These integrations drive playbooks that automate repetitive manual tasks. They also facilitate communication and collaboration between teams, speedy investigations and remediation of threats.

Want to learn more? Hear Palo Alto Networks CTO, Nir Zuk, talk more about how to build on a Zero Trust strategy.

This post is part of a series covering “Zero Trust Throughout Your Infrastructure.”