Palo Alto Networks, a cybersecurity solutions provider, recently launched Cortex XSIAM 2.0, enhancing its (artificial intelligence) AI-driven security operations platform. This update introduces the bring-your-own machine learning (BYOML) framework. XSIAM 2.0. enhances visibility and prioritizes threats
Palo Alto Networks now allows the integration of personal AI in Cortex XSIAM’s AI-focused security operations platform. The company handles a substantial amount of security data, ingesting over 5 petabytes daily and storing more than 1 exabyte in total.
“Using artificial intelligence and automation, XSIAM 2.0 closes this gap by addressing operational complexity, stopping threats at scale, and speeding up incident remediation,” said Gonen Fink, senior vice president, Cortex products, Palo Alto Networks.
Palo Alto Networks launches Zero-Trust management solution
Palo Alto Networks discovers new version of malware targeting Facebook accounts
AI and machine learning
XSIAM offers AI models designed for robust security analytics and threat protection. The platform also caters to mature SOCs (Security Operations Centers) seeking customization and creation of their machine learning models. The BYOML framework unlocks access to the vast stored security data in XSIAM. This empowers security teams to craft and merge their ML (machine learning) models into XSIAM for specific purposes such as fraud detection, security research, and advanced data visualization.
Before, attackers took an average of 44 days to siphon data post-compromise; now, it is just a matter of hours. Companies typically take about five and half days to initially contain an incident, rendering legacy security solutions ineffective. Cortex XSIAM has transformed customers’ SOCs since its introduction. According to Palo Alto Networks, one services company reduced its median resolution time from days to minutes, which is an improvement of 270 times.
The new XSIAM Command Center changes how security teams monitor operations, offering a comprehensive view of data sources and alerts. It simplifies incident identification and prioritization within a unified platform. The MITRE ATT&CK Coverage Dashboard allows organizations to promptly assess their defense against various threat tactics and techniques, bolstering their security posture.