{"id":106659,"date":"2020-02-24T05:00:43","date_gmt":"2020-02-24T13:00:43","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=106659"},"modified":"2020-07-29T11:54:00","modified_gmt":"2020-07-29T18:54:00","slug":"cortex-xsoar","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2020\/02\/cortex-xsoar\/","title":{"rendered":"Redefining Security Orchestration and Automation with Cortex XSOAR"},"content":{"rendered":"<p><span style=\"font-weight: 400;\"><img loading=\"lazy\" decoding=\"async\"  class=\"size-full wp-image-106660 alignright lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/02\/Cortex_XSOAR_blog_illustration_blog_2.png\" alt=\"This conceptual image shows the new imagery for Cortex XSOAR, an evolution of Demisto.\" width=\"601\" height=\"351\" \/>We are proud to introduce Cortex XSOAR, an evolution of Demisto, that continues our tradition of raising the bar for the security orchestration, automation and response (SOAR) category.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Since Palo Alto Networks acquired Demisto almost a year ago, we have worked tirelessly to scale Demisto's strong offering to every security team in need of automation, while driving the next stage of innovation within the SOAR category.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h4>Take a look at a couple highlights:<\/h4>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Our platform has more than 270 out-of-the-box playbooks to automate and orchestrate any security use case.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Our commitment to an open ecosystem couldn\u2019t be stronger; we have over 350 third-party integrations and have added 105 in the last 11 months (read about our <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2020\/02\/cortex-xsoar-ecosystem\"><span style=\"font-weight: 400;\">newest partner integrations<\/span><\/a><span style=\"font-weight: 400;\">).<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">At the same time, analysts have expanded their outlook on the future of SOAR. According to Gartner\u2019s <\/span><a href=\"https:\/\/start.paloaltonetworks.com\/the-hitchhikers-guide-to-soar\"><span style=\"font-weight: 400;\">Market Guide for Security Orchestration, Automation and Response Solutions<\/span><\/a><span style=\"font-weight: 400;\">, \u201cA large number of security controls on the market today benefit from threat intelligence. SOAR tools allow for the centralized collection, aggregation, deduplication, enrichment of existing data with threat intelligence and, importantly, conversion of intelligence into action.\u201d\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If threat intelligence and SOAR were meant to be together, who are we to stop that from happening? Today, we are excited to premiere the first extension of the platform with the addition of native threat intel management<\/span><b>. <\/b><span style=\"font-weight: 400;\">Now, security leaders can take advantage of a new approach to threat intelligence management that uses the power of playbook-driven automation to drive the right response across their entire enterprise.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">We expect Cortex XSOAR to be generally available in March 2020. Join us on April 7 for our virtual grand unveiling, where <\/span><a href=\"https:\/\/register.paloaltonetworks.com\/introducingcortexsoar\"><span style=\"font-weight: 400;\">we\u2019ll share all the details about Cortex XSOAR and its new Threat Intel Management capabilities<\/span><\/a><span style=\"font-weight: 400;\">, including a live demo showing how you can use it to automate challenging security workflows.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h4>Why SOAR and Threat Intel Management?<\/h4>\n<p><span style=\"font-weight: 400;\">Threat intelligence platforms (TIPs) emerged to help security teams make sense of the overwhelming volume of Indicators of Compromise (IoCs) generated from threat feeds, allowing analysts to manually apply those insights to improve the security of their environment. Good idea, wrong platform. Since TIPs premiered, SOAR has entered the scene, providing the means to bridge external threat intelligence with internal incidents and use playbook-driven automation to take quick, confident action across the enterprise. Tools, processes and teams must be able to collaborate and ultimately act on intel together.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h4>What Our Customers Have to Say:<\/h4>\n<p><span style=\"font-weight: 400;\">\"We have a treasure trove of data from our threat intelligence feeds,\u201d says Lakhsmi Kaliyaperumal, SVP and Head of Internal Security Operations at Infosys. \u201cIf we could map this data to incidents we see in our environment, we can quickly identify and fix the critical ones. The reality is that a good portion of the threat data we get ends up uninvestigated and underutilized. Cortex XSOAR would help teams like ours consume and act on our intel data in an automated and more scalable way.\"<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><strong>Here\u2019s a Sneak Peek at the Extended Cortex XSOAR Offering with Native Threat Intel Management:<\/strong><\/h2>\n<p>&nbsp;<\/p>\n<p><b>Take complete control of your threat intelligence feeds<\/b><span style=\"font-weight: 400;\"> by eliminating manual tasks with automated playbooks to aggregate, parse, de-duplicate, score and manage millions of daily indicators across dozens of supported sources.<\/span><\/p>\n<p><div style=\"max-width:100%\" data-width=\"993\"><span class=\"ar-custom\" style=\"padding-bottom:80.46%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"aligncenter size-full wp-image-106673 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/02\/XSOAR3.png\" alt=\"This screenshot shows Cortex XSOAR's threat intelligence feeds. \" width=\"993\" height=\"799\" \/><\/span><\/div><\/p>\n<p><b>Make smarter incident response decisions by enriching every tool and process<\/b><span style=\"font-weight: 400;\">. Cortex XSOAR accomplishes this by layering third-party threat intel with internal incidents to prioritize alerts and make smarter response decisions. Teams can gain confidence in their actions by enriching any detection, monitoring or response tool with context from curated threat intelligence.<\/span><\/p>\n<p><div style=\"max-width:100%\" data-width=\"948\"><span class=\"ar-custom\" style=\"padding-bottom:81.75%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"aligncenter size-full wp-image-106686 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/02\/XSOAR2.png\" alt=\"This screenshot shows how Cortex XSOAR layers third-party threat intel with internal incidents. \" width=\"948\" height=\"775\" \/><\/span><\/div><\/p>\n<p><b>Close the loop between intelligence and action with playbook-driven automation <\/b><span style=\"font-weight: 400;\">to shut down threats across your enterprise based on proven SOAR capabilities.<\/span><\/p>\n<p><div style=\"max-width:100%\" data-width=\"1206\"><span class=\"ar-custom\" style=\"padding-bottom:75.62%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"aligncenter size-full wp-image-106699 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/02\/XSOAR1.png\" alt=\"This screenshot shows how Cortex XSOAR allows for playbook-driven automation. \" width=\"1206\" height=\"912\" \/><\/span><\/div><\/p>\n<p><span style=\"font-weight: 400;\">Cortex XSOAR is expected to be generally available in March 2020. We can\u2019t wait to share more, so don\u2019t miss our live virtual event, \u201c<\/span><a href=\"https:\/\/register.paloaltonetworks.com\/introducingcortexsoar\"><span style=\"font-weight: 400;\">Introducing Cortex XSOAR<\/span><\/a><span style=\"font-weight: 400;\">.\u201d<\/span><\/p>\n<p><i><span style=\"font-weight: 400;\">1<\/span><\/i><i><span style=\"font-weight: 400;\"> Gartner, Market Guide for Security Orchestration, Automation and Response Solutions by Claudio Neiva, Craig Lawson, Toby Bussa, Gorka Sadowski, June 27, 2019.<\/span><\/i><\/p>\n<p><i><span style=\"font-weight: 400;\">Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner\u2019s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.<\/span><\/i><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cortex XSOAR is an evolution of Demisto, continuing our tradition of raising the bar for the security orchestration, automation and response category<\/p>\n","protected":false},"author":41,"featured_media":106660,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6770],"tags":[161,7025,6827,1556],"coauthors":[776],"class_list":["post-106659","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-the-future","tag-automation","tag-cortex-xsoar","tag-demisto","tag-security-orchestration","sec_ops_category-news-and-events","sec_ops_category-product-features"],"jetpack_featured_media_url":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/02\/Cortex_XSOAR_blog_illustration_blog_2.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/106659","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=106659"}],"version-history":[{"count":5,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/106659\/revisions"}],"predecessor-version":[{"id":106719,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/106659\/revisions\/106719"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/106660"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=106659"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=106659"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=106659"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=106659"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}