* [Blog](https://www2.paloaltonetworks.com/blog)
* [Security Operations](https://www2.paloaltonetworks.com/blog/security-operations/)
* [Partner Integrations](https://www2.paloaltonetworks.com/blog/security-operations/category/partner-integrations/)
* Securing the 'New Normal'...

# Securing the 'New Normal' with Tufin Orchestration Suite and Cortex XSOAR

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Ftufin-orchestration-suite-cortex-xsoar%2F)  
[](https://twitter.com/share?text=Securing+the+%E2%80%98New+Normal%E2%80%99+with+Tufin+Orchestration+Suite+and+Cortex+XSOAR&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Ftufin-orchestration-suite-cortex-xsoar%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsecurity-operations%2Ftufin-orchestration-suite-cortex-xsoar%2F&title=Securing+the+%E2%80%98New+Normal%E2%80%99+with+Tufin+Orchestration+Suite+and+Cortex+XSOAR&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/security-operations/tufin-orchestration-suite-cortex-xsoar/&ts=markdown)  
\[\](mailto:?subject=Securing the ‘New Normal’ with Tufin Orchestration Suite and Cortex XSOAR)  
Link copied  
By [John Moran](https://www.paloaltonetworks.com/blog/author/john-moran/?ts=markdown "Posts by John Moran")  
Aug 20, 2020  
5 minutes  
[Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown)  
[Cortex XSOAR](https://www.paloaltonetworks.com/blog/tag/cortex-xsoar/?ts=markdown)  
[Incident Response](https://www.paloaltonetworks.com/blog/tag/incident-response/?ts=markdown)  
[network orchestration](https://www.paloaltonetworks.com/blog/tag/network-orchestration/?ts=markdown)  
[security operations](https://www.paloaltonetworks.com/blog/tag/security-operations/?ts=markdown)

When a security incident is detected, analysts and incident responders must have immediate access to the information required to efficiently and effectively scope, investigate, and contain the incident.

With these challenges in mind, let's take a look at a few ways the Tufin Orchestration Suite, combined with Cortex™ XSOAR, can enable incident response teams to work more efficiently when faced with a potential security incident.

**SOC Teams' Context-Rich Analysis \& Visibility With Tufin SecureTrack**

When a potential incident is initially detected, it may arrive in the form of a single endpoint detection or IDS alert with very minimal information. A single alert is probably one of tens, hundreds, or even thousands of alerts routinely received. Organizations must quickly triage and prioritize each alert, as a single overlooked alert has the potential to manifest itself into a full-blown security incident.

The first steps in a successful response are to determine if the alert is in fact an incident, and if it is, then to begin enriching the initial alert data with additional context. Analysts and incident responders must be able to trust that the data used to make response-related decisions is accurate and up to date. Gathering this information is frequently a manual process, taking precious minutes or hours of triage time. This problem is compounded by the fact that analysts, network security teams and responders must often work in silos. They have to manually query multiple data sources to gather all the network intelligence required to effectively triage an alert, in an uncoordinated and asynchronous manner.

***Context is the key*** . Without the proper context, it's impossible to determine the potential risk to your organization and therefore, the appropriate response. Absent, incorrect, or obsolete network information leads to incorrect conclusions regarding the context of the incident, which can lead organizations to misjudge and mishandle their response to an incident.

Tufin SecureTrack delivers real-time network intelligence gathered directly from multi-vendor network security devices. This information includes network objects, security policies, routes, and more. SecureTrack automatically queries this information in real time, and doesn't require manual input from network admins when a change is made.

SOC and network teams can also benefit from Tufin SecureTrack's unified visibility to gain intelligence on network security posture, connectivity, path traversal, and hybrid network topology. Cortex XSOAR playbooks that extract this information can be used to automate everyday tasks, which may help to enhance incident response time-to-detection. See the figure below illustrating a sample workflow using Cortex XSOAR playbooks enriched with Tufin SecureTrack information.

![Tufin SecureTrack playbook](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/08/tufin-image-1.png)

**Containment and Remediation with Tufin SecureChange**

Once a security incident has been identified, one of the primary goals of the incident response process is comprehensive and coordinated incident containment with accurate records of the information. Frequently described as "*stopping the bleeding,* " the focus of containment is to put immediate measures in place to contain the incident while further investigations can take place, and permanent remediation measures can be deployed. Often, incident containment includes blocking certain hosts, ports, or services by implementing new/changed network security policies to quarantine traffic or as a pass-through for obfuscation while the investigation continues.

Applying new security policies for incident containment poses two problems: First, designing and implementing these changes takes time and a thorough understanding of network topology, two things which analysts and incident responders often lack. In an enterprise network, blocking a new host, port, or service can impact business continuity due to the domino effect on underlying infrastructure.

Second, changes made during incident containment are frequently made outside of the organization's normal change control process to expedite desired results. While the urgency of the incident may require going outside normal change control processes, bypassing the safeguards of the change control process may result in additional risk being inadvertently introduced to the network, critical services unintentionally being taken offline, or compliance violations, as changes are not properly recorded.

Tufin SecureChange has visibility into the entire network topology, whereby analysts and incident responders can block a host, port, or service by simply submitting a change request with a source and destination. Based on this information, SecureChange can then automatically design and provision the required change on the relevant network devices to ensure effective containment. Tufin's playbook for Cortex XSOAR provides comprehensive actions that can be taken by the incident response team with the confidence that the impact of such a change is evaluated against your company's security policy, and vetted out by all stakeholders for a synchronized response. See below for the sample ticket that can be created for incident response.

![Sample incident response ticket](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/08/tufin-image-2.png)

**Enforcement and Assurance With Tufin and Cortex XSOAR**

Accurate information for analysis and remediation is a hallmark of successful incident response. The Tufin Orchestration Suite provides responders with critical network information which is accurate, up to date, and actionable. Multi-vendor support enables visibility and control across a heterogeneous environment, serving as a single source of truth for the entire network. With these benefits, integrating Tufin with the native threat intelligence platform of Cortex XSOAR can significantly reduce the time to triage an alert and the mean time to respond (MTTR) to an incident.

*** ** * ** ***

## Related Blogs

### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Code42 Incydr + Cortex XSOAR: Right-Sizing Insider Risk Response](https://www2.paloaltonetworks.com/blog/security-operations/code42-xsoar-marketplace/)

### [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### SlashNext Reinvents Incident Response with Cortex XSOAR](https://www2.paloaltonetworks.com/blog/security-operations/slashnext-xsoar-marketplace/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown)

[#### Introducing Automated Firewall Management and Incident Response](https://www2.paloaltonetworks.com/blog/security-operations/introducing-automated-firewall-management-and-incident-response/)  
[#### Discover the Power of Next-Gen Automation in XSIAM 3.x](https://www2.paloaltonetworks.com/blog/security-operations/discover-the-power-of-next-gen-automation-in-xsiam-3-x/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Think You Have Visibility? Think Again.](https://www2.paloaltonetworks.com/blog/security-operations/think-you-have-visibility-think-again/)

### [Playbook of the Week](https://www.paloaltonetworks.com/blog/security-operations/category/playbook-of-the-week/?ts=markdown)

[#### Automating Response to Suspicious SaaS Access From a Tor Exit Node](https://www2.paloaltonetworks.com/blog/security-operations/automating-response-to-suspicious-saas-access-from-a-tor-exit-node/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language