{"id":115338,"date":"2020-07-13T18:00:22","date_gmt":"2020-07-14T01:00:22","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=115338"},"modified":"2020-08-19T16:00:31","modified_gmt":"2020-08-19T23:00:31","slug":"cloud-autofocus-prisma-integration","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2020\/07\/cloud-autofocus-prisma-integration\/","title":{"rendered":"Bringing High-Fidelity Threat Intelligence to Prisma Cloud"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">We've integrated AutoFocus threat intelligence into Prisma Cloud. This will allow users to <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2019\/11\/cortex-threat-intelligence\/\"><span style=\"font-weight: 400;\">realize the promise of threat intelligence<\/span><\/a><span style=\"font-weight: 400;\"> for their cloud security. Users will get the intelligence, analytics and context required to detect attacks and understand which ones require an immediate response \u2014 you\u2019ll even gain the ability to predict and prevent future attacks.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">We hear often that cloud SOCs are overwhelmed with alerts. In addition to their sheer volume, alerts lack context or clarity, making risk prioritization and remediation slow, ultimately exposing vulnerabilities for too long. Of course, we know that accurate threat intelligence is the key to high-fidelity alerts. But most solutions today require the collection of multiple, disparate feeds for accurate threat management and risk prioritization.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><strong>What AutoFocus Provides<\/strong><\/h2>\n<p><a href=\"https:\/\/www.paloaltonetworks.com\/cortex\/autofocus\"><span style=\"font-weight: 400;\">AutoFocus<\/span><\/a><span style=\"font-weight: 400;\"> provides a massive repository of high-fidelity threat intelligence, crowdsourced from a massive footprint of network, endpoint and cloud intelligence sources. Every threat is enriched with the deepest context from our own Unit 42 threat researchers.<\/span><\/p>\n<p><div style=\"max-width:100%\" data-width=\"900\"><span class=\"ar-custom\" style=\"padding-bottom:39.78%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"aligncenter wp-image-115352 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/07\/suspicious.png\" alt=\"Auto Focus brings threat intelligence to Prisma Cloud, and the numbers show it. Crowdsourced from a massive footprint of network, endpoint and cloud intelligence sources, AutoFocus brings together more than 14 billion suspicious samples, 7 trillion artifacts, 65,000 enterprise customers, 2 billion daily URL queries, 46 million daily DNS queries and 300 million monthly never before seen samples. The image displays these numbers and intelligence sources in a chart. \" width=\"900\" height=\"358\" \/><\/span><\/div><\/p>\n<p><span style=\"font-weight: 400;\">Prisma Cloud now leverages the power of AutoFocus to:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><b>Detect: <\/b><span style=\"font-weight: 400;\">Automatically detect and alert across over 15 categories of common public cloud threats including cryptomining, ransomware, Linux malware, backdoor malware, hacking tools and more. This is achieved through new out-of-the-box policies that leverage the curated AutoFocus IP Threat Intel Feed.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Investigate<\/b><span style=\"font-weight: 400;\">: Gain the ability to use <\/span><a href=\"https:\/\/docs.paloaltonetworks.com\/prisma\/prisma-cloud\/prisma-cloud-rql-reference\/rql-reference\/rql.html\"><span style=\"font-weight: 400;\">Resource Query Language<\/span><\/a><span style=\"font-weight: 400;\"> (RQL) to run network investigations and discover cloud-specific threats detected by AutoFocus.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Understand: <\/b><span style=\"font-weight: 400;\">See detailed context on identified threats based on AutoFocus intelligence, allowing SOC teams to fully understand the depth and scope of threats.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">AutoFocus is bundled with Prisma Cloud Enterprise Edition and enables <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2020\/06\/cortex-start-threat-hunting\/\"><span style=\"font-weight: 400;\">threat hunters<\/span><\/a><span style=\"font-weight: 400;\"> to seamlessly search for even more details based on the investigation results from Prisma Cloud.\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><strong>How It Works<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">Threat intelligence from AutoFocus will automatically populate in the Prisma Cloud Console.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The screenshot below shows how AutoFocus surfaces deeper insight for a suspicious resource within a public cloud account:<\/span><\/p>\n<figure id=\"attachment_115365\" aria-describedby=\"caption-attachment-115365\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><div style=\"max-width:100%\" data-width=\"900\"><span class=\"ar-custom\" style=\"padding-bottom:49.22%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"wp-image-115365 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/07\/volume.png\" alt=\"AutoFocus brings threat intelligence to Prisma Cloud in part by surfacing deep insight for a suspicious resource within a public cloud account, as shown in this screenshot of the AutoFocus threat feed in Prisma Cloud. \" width=\"900\" height=\"443\" \/><\/span><\/div><figcaption id=\"caption-attachment-115365\" class=\"wp-caption-text\">AutoFocus threat feed in Prisma Cloud<\/figcaption><\/figure>\n<p><span style=\"font-weight: 400;\">With AutoFocus integrated into Prisma Cloud, users can obtain deep insight into any flagged suspicious IP connections:<\/span><\/p>\n<figure id=\"attachment_115378\" aria-describedby=\"caption-attachment-115378\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><div style=\"max-width:100%\" data-width=\"900\"><span class=\"ar-custom\" style=\"padding-bottom:68.67%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"wp-image-115378 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/07\/investigate.png\" alt=\"With the integration of AutoFocus, bringing threat intelligence to Prisma Cloud, users can obtain deep insight into any flagged suspicious IP connections, as shown in this screenshot. \" width=\"900\" height=\"618\" \/><\/span><\/div><figcaption id=\"caption-attachment-115378\" class=\"wp-caption-text\">Detailed investigative information in Prisma Cloud<\/figcaption><\/figure>\n<p><span style=\"font-weight: 400;\">With the addition of AutoFocus, <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/prisma\/cloud\"><span style=\"font-weight: 400;\">Prisma Cloud<\/span><\/a><span style=\"font-weight: 400;\"> provides users with comprehensive threat intelligence and vulnerability data sourced across multiple unique sources:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><b>Prisma Cloud Intelligence Stream:<\/b><span style=\"font-weight: 400;\"> Our own collection of 30-plus upstream data sources across commercial, open-source and proprietary feeds; offering vulnerability data for hosts, containers and functions as well as malware and IP-reputation lists.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Palo Alto Networks sources:<\/b><span style=\"font-weight: 400;\"> In addition to AutoFocus, Prisma Cloud integrates with <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/products\/secure-the-network\/wildfire\"><span style=\"font-weight: 400;\">WildFire<\/span><\/a><span style=\"font-weight: 400;\"> for malware scanning as part of data security capabilities.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Third-party sources:<\/b><span style=\"font-weight: 400;\"> Prisma Cloud integrates with data provided from Qualys, Tenable, AWS Inspector and others to provide a single view into risk within cloud environments.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">When combined with AutoFocus, Prisma Cloud lets users experience unmatched alert accuracy with the risk clarity required to effectively protect today\u2019s <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2020\/06\/cloud-native-security-genome\/\"><span style=\"font-weight: 400;\">highly dynamic<\/span><\/a><span style=\"font-weight: 400;\">, distributed cloud environments.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><strong>How to Begin Using AutoFocus in Prisma Cloud<\/strong><\/h2>\n<p><span style=\"font-weight: 400;\">The AutoFocus integration is now available for existing Prisma Cloud Enterprise Edition users, providing the powerful insights discussed above.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">New users can begin a <\/span><a href=\"https:\/\/marketplace.paloaltonetworks.com\/s\/product-rdl\"><span style=\"font-weight: 400;\">free trial of Prisma Cloud<\/span><\/a><span style=\"font-weight: 400;\"> today. <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We've integrated high-fidelity threat intelligence into Prisma Cloud through AutoFocus, providing intelligence, analytics and context.<\/p>\n","protected":false},"author":656,"featured_media":115339,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6768,6770],"tags":[1132,6890,922],"coauthors":[6809],"class_list":["post-115338","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-the-cloud","category-secure-the-future","tag-autofocus","tag-prisma-cloud","tag-threat-intelligence","cloud_sec_category-devsecops"],"jetpack_featured_media_url":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/07\/prisma-blog-image.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/115338","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/656"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=115338"}],"version-history":[{"count":1,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/115338\/revisions"}],"predecessor-version":[{"id":115391,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/115338\/revisions\/115391"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/115339"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=115338"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=115338"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=115338"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=115338"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}