Palo Alto Networks launches new cloud-based user behaviour analytics application
Palo Alto Networks is continuing to help companies better protect their systems from cyber threats with its latest product.
The Calif.-based security firm has released Magnifier, a cloud-based behavioral analytics application that allows organizations to rapidly identify and prevent threats on their network.
“Magnifier is essentially a user behavior analytics service that’s cloud-based and ties into our existing cloud platform strategy around our security capabilities,” Victor Tavares, senior manager of systems engineering at Palo Alto, tells CDN. “It leverages the visibility that we have in the network, and also in the cloud and at the endpoint, and creates security outcomes based on what we can see as anomalies that help us deal with a lot of the threats that aren’t easily detected as malware today.”
It is delivered on Palo Alto’s Application Framework and is tightly integrated with the company’s Next-Generation Security Platform as well as its Logging Service, which Tavares points out is something that sets the platform apart from its competition.
“We’re building on top of our existing infrastructure that’s based on our firewalls, so we’re able to uniquely leverage a very large install base and therefore the potential that’s associated with that for our customers,” he says. “Building Magnifier on our platform allows us to be flexible, accessible, and provide very advanced security outcomes for customers that have already established themselves on our platform. Plus, it allows for us to create a significant security value for customers who are not. So if you’re not necessarily a Palo Alto Networks firewall customer or endpoint customer, you benefit from the network effect associated with everyone establishing value into this platform model.”
The company explains in a Jan. 23 press release that attackers who gain access and dwell in a network for months or even years while stealing sensitive data if they can blend in with legitimate users. And with the volume of threat alerts that are generated by organizations from multiple endpoints, genuine security issues can get lost in the fray.
To alleviate these problems, Magnifier automatically and precisely detects and averts attacks, insider abuse, and endpoint compromise by combining machine learning with network, endpoint, and cloud data.
“There are hundreds or even thousands of alerts on a daily basis, and determining which ones might be real and dangerous to a customer’s network is a big challenge for cyber security professionals,” adds Rob Lunney, Canada country manager for Palo Alto Networks. “But we created the Cyber Security Threat Alliance where we basically pool our threat intelligence with some of our competitors because we all have a common objective to protect our customers from cyber security threats. With this broader base of information, tools like Magnifier build a personalized understanding of what a customer’s network looks like, mapping patterns and behaviours of how applications interact and how customers act and crosschecking it with the data from the Alliance, and is therefore more effective in detecting and stopping cyber attacks.”
Lunney also mentions that training certifications for this new security program are available now for Palo Alto partners. And with Palo Alto’s platform leveraging existing cloud architectures, such as Amazon Web Services and Microsoft Azure, organizations in Canada concerned about data residency need not worry.
Magnifier will be generally available worldwide on a subscription-based service in February 2018.
For more details on its features, Palo Alto says Magnifier offers several new capabilities, including:
- Accuracy and Efficiency: Magnifier analyzes data from next-generation firewalls and Pathfinder endpoint analysis service to profile user and device behavior. Because its detection algorithms are tailored for the logs sent by the Next-Generation Security Platform, Magnifier can apply precise machine learning and attack detection algorithms compared to inspecting generic log files for threats. As a result, Magnifier generates a small number of highly accurate and actionable alerts.
- Automated Investigation: Magnifier streamlines threat hunting efforts by automatically interrogating suspicious endpoints to determine which processes are responsible for attack behaviors. It then analyzes the processes, using Palo Alto Networks WildFire cloud-based threat analysis service, to determine if they are malicious. Magnifier’s endpoint analysis and detailed alerts with full investigative detail enable security analysts to immediately review and respond to incidents.
- Scale, Agility and Ease of Deployment: Palo Alto Networks customers can implement behavioral analytics simply by enabling the Magnifier application with the cloud-based Palo Alto Networks Logging Service, using their existing Palo Alto Networks firewalls as sensors to collect telemetry data from their networks, without a need to purchase and maintain additional networking devices or costly on-premise logging servers.