Palo Alto Networks Debuts XSIAM For Cloud: 4 Key Things To Know

The company is seeking to simplify the usage of cloud security tools including cloud detection and response through updates to its XSIAM security operations platform, an executive tells CRN.

Palo Alto Networks unveiled a product offering Thursday that seeks to deliver new cloud security functionality through its XSIAM security operations platform.

The new Cortex XSIAM for Cloud module includes the introduction of cloud detection and response (CDR) capabilities to the vendor’s fast-growing XSIAM (extended security intelligence and automation management) platform.

Until now, a security team would need to use 10 to 20 different tools to achieve the capabilities available in XSIAM For Cloud, said Gonen Fink, senior vice president of products for Cortex and Prisma Cloud at Palo Alto Networks. But “in reality that’s not happening” because of the complexity of doing so, he said.

Ultimately, the new offering enables Palo Alto Networks to deliver what Fink described as the “first” Security Operations Center (SOC) platform optimized for the cloud.

The launch follows the debut in November of the second generation of XSIAM, featuring updates around the user experience and the addition of support for custom machine learning (ML) models.

What follows are four key things to know about Palo Alto Networks’ debut of XSIAM For Cloud.

Improved Visibility

New capabilities available with the introduction of XSIAM For Cloud include a new Cloud Command Center that provides comprehensive visibility around cloud assets, according to Palo Alto Networks.

This is crucial because tools for improving cloud visibility through spotting misconfigurations — such as CSPM (cloud security posture management) — are not capable of fully protecting an organization, Fink said.

“Even if you're configured properly, attackers can find a way in. It's not enough,” he said.

Ultimately, SOC teams today generally lack sufficient visibility into cloud assets, according to Fink.

“They don't have the same visibility they had to the endpoint or to on-prem servers,” he said. “So that’s what we’re changing.”

Cloud Security Agent

A key enabler for this improved visibility and security is the launch of a new cloud security agent as part of XSIAM For Cloud, Fink said.

Currently, “there are a lot of cloud security vendors that can do a good job on posture, but they don't have the visibility into the actual workload through an agent — and so they cannot do protection,” he said.

Palo Alto Networks has previously offered a Cortex XDR (extended detection and response) runtime security agent that could run on cloud workloads and a Prisma Cloud agent focused on vulnerability management and compliance, Fink noted. The new XSIAM cloud security agent, however, brings together the Prisma Cloud and Cortex technologies into a single agent, he said.

“It’s one piece that combines everything you need to secure cloud workloads,” Fink said.

The unified agent is a crucial capability for enabling cloud detection and response (CDR), he said.

Previously, “we had some CDR capabilities in XDR, in XSIAM, in Prisma Cloud. But now we can bring all of them together — both data collected from the cloud security agents, as well as data we collect from the cloud service providers about what's going on in the different workloads that may not be protected,” Fink said. “We bring all of these into one data lake and then apply our AI automation to detect and investigate and respond to cloud threats.”

Tool Consolidation

Palo Alto Networks has seen “a lot of traction” with XSIAM, in part due to the vendor’s “platformizing multiple technologies into one” with the offering, Fink said.

“When you buy 20 different tools, and you’re trying to make them work together, then you usually fail,” he said. “In general, where we're heading with XSIAM is to continue this platformization of bringing more and more tools that you need to use into one platform. So XSIAM for Cloud is a big step in this direction.”

Centralized Data Lake

Importantly, along with bringing together multiple cloud security tools, XSIAM For Cloud is also bringing cloud security data into one centralized data lake, Fink said.

“Now with XSIAM for Cloud, you bring all the data into one place, all the visibility exists on one screen,” he said.

Crucially, “the fact that all the data is in one place allows us to use AI in a much smarter way. Because AI is all about data,” Fink said.

Until the Prisma Cloud integration with XSIAM being announced now, Prisma Cloud’s capabilities have not been particularly useful to SOC teams, he noted.

“What we've done now is this tight integration of Prisma Cloud with XSIAM. So all the data [Prisma Cloud] collects and all the security posture findings will be available to the SOC,” Fink said.