Improved Threat Intelligence Management with Cortex XSOAR TIM 3.0
The constantly evolving threat landscape puts Security Operations Center (SOC) teams on high alert time and again. While remote workers are trying to keep up with the demands of their new work environment, threat actors are persistently trying to exploit every vulnerability. Add to this the shortage of highly skilled workers, which overloads SOC teams with an endless stream of security incidents. SOC teams therefore need a high-quality threat intelligence (TIP) platform equipped with unique intelligent features to achieve more with TIP than ever before.
With this in mind, Palo Alto explains the evolution of its threat intelligence platform
What’s new in Cortex XSOAR Threat Intelligence Management 3.0?
With the introduction of Cortex XSOAR Threat Intelligence Management 3.0, Palo Alto Networks’ platform offers a number of powerful new strategic intelligence capabilities. These help the entire company to effectively combat cybercriminal activities so that the security team can focus on the essentials. TIM 3.0 is designed to take threat intelligence to the next level, with advanced features that enable the entire threat intelligence management lifecycle.
Strategic Intelligence Reports
With TIM 3.0, users can create, share, customize, and export threat intelligence reports. You can also categorize the reports by type and select the layout that will be displayed for the report. This is especially useful because the reports provide a summary of the threat intelligence research work. They change the way companies communicate the current threat landscape to internal and external stakeholders by tailoring the report to the person who receives it. This can be any report, from a high-level summary report for executives to a detailed, tactical report for the SOC and other security officers.
The new Cortex XSOAR Threat Intel Management 3.0 provides the following out-of-the-box report types:
- Executive Brief
- Malicious software
- Threat Actor
Users can also add new report types to support use cases that are not covered by the standard types and that may require a different report layout. In addition, you can customize the layout of an existing standard report.
The most powerful threat data from Unit 42
With TIM 3.0, users get fully integrated threat data with real-world information and malware analysis repositories to identify and discover new malware families or campaigns. You can now access threat data with the “Full View” (Full View), which displays the full summary of the Cortex XSOAR indicator with many more details.
This function helps to understand which malware families, campaigns or attack techniques are associated with the respective security incidents. It gives analysts the unprecedented ability to identify and track new threats as they emerge in the more than 30 billion malware samples already collected and analyzed by Palo Alto Networks.
The potential of advanced real-time threat intelligence
The previous version of Threat Intelligence Management gave companies a unique insight into the cyber threat data maintained by Unit 42. It allowed analysts to collaboratively create profiles of threat actors, campaigns, and attack techniques relevant to their industry. With TIM 3.0, you can now reach the next level and trade with great confidence. Analysts learn not only about the threat actors, but also about malware families, campaigns or attack techniques related to their security incidents. This gives them an unprecedented ability to identify and track new threats as they emerge in tens of billions of malware samples.
Take a strategic approach with advanced reporting functions
Strategic threat intelligence provides a comprehensive picture of how threats and attacks change over time. The information can include historical trends, motivations and attributions to the perpetrators of the attacks. In this way, threat intelligence teams receive information about future operations and tactics of the enemy and can decide which defensive measures are most effective.
TIM 3.0 takes Palo Alto Networks’ threat intelligence platform to the next level with workflows and a central repository for intelligence analysts to create and share finished intelligence products with stakeholders. Intelligence analysts will be able to understand trends within threat data by leveraging their local threat data maintained by Unit 42.
The future of security operations lies in operationalization with automation
Today, it is important to really use the power of threat intelligence, reduce the flood of data that security teams face when fighting false alarms, and equip SOC teams with the right data and the right context. SOC teams therefore need a threat intelligence platform that:
- can collect, summarize, organize, identify and automate common threats such as phishing and malware;
- strategically oriented and creates tailor-made, ready-to-use reports that can be shared with all parties involved;
- has features that support the entire threat data management lifecycle;
Heading into 2022, SOC teams continue to struggle with the shortage of skilled workers and qualified analysts, as well as budget constraints. The future of security operations lies in the effective operationalization of threat data through automation.