Kicking off the Cortex Symphony 2021, the host of this exclusive Palo Alto Networks virtual event, Filmmaker, Actor, Comedian, Comic Book Writer, Author & Podcaster, Kevin Smith, spoke about how companies are struggling to keep everything and everyone secured.
While the cybersecurity world has been very active and ever-evolving, Kevin shared that cybercriminals must think that now is the right time to be hacking, seeing as how they are getting more organised and sophisticated – not to mention the sheer number of cyber attacks that have occurred recently.
“So, the million-dollar question: are our companies truly protected, and who’s protecting them? Well, they are protected by heroes, of course. Those of you out there on the front lines defending and protecting against these huge, organised attacks. You’re the heroes,” said Kevin.
He then introduced Nir Zuk, the Founder, CTO of Palo Alto Networks who said that with technology playing a huge role in empowering our lives, companies need to think about using various technologies in a more organised, or in his words, “harmonic” way. This is specifically true for the Security Operation Centre (SOC) in cybersecurity.
With that in mind, Nir explained what the event was about. “Symphony’s Cortex conference, what is Cortex? Cortex is Palo Alto Network’s brand for everything that has to do with Security Operation Centres; and specifically, automation of Security Operation Centres.”
Palo Alto Networks noticed that as they come out of the market with more sophisticated cybersecurity technology, it gets harder for their customers to partionalise that technology in their SOCs. Nir mentioned that Palo Alto Networks would send detailed alerts to SOCs with exact information on ‘what happens’ and ‘how it happened’, but security analysts just didn’t know what to do with them – even if they had sandboxing technology, machine-learning-based technology, cloud security technology and many more tools at their disposal.
He added that without automating the SOCs, they won’t be able to help further if they’re not going to operationalise or use it. Therefore, the Cortex is created with a vision to make SOCs autonomous, just like autonomous cars that can drive themselves. But in the SOC’s case, it’s about automating cybersecurity processes.
According to Nir, to automate these processes from a cybersecurity perspective, specifically in the SOC, you need machine-learning. But first, for machine-learning to be able to process efficiently, it needs a lot of data.
Nir explained further. “We need as much information as possible. We need a thousand fields for every connection that we see. Very deep data from the network. Very deep data from endpoints, we need about 200MB of data per day, per workstation and much more than that from cloud endpoints or servers.”
In short, the more data you have, the better machine-learning works. Nevertheless, the hard part comes from bringing all that data to one place so that machine-learning can figure out how to combat and investigate attacks, and so on, much more effectively.
Also present at the event, Tim Junio, SVP Products, Cortex at Palo Alto Networks, talked about the possibilities of unlocking machine-learning for cybersecurity.
He said that automation matters because you can go faster and be more complete to get ahead of advanced threats. In addition, he mentioned that there are different factors in making this approach possible. The following are:
Sense: Collect/gather data from the cybersecurity stack and ensure all data are of high-quality and that we know which data is high-quality versus low-quality. Logging is typically an example of low-quality data. At the same time, everything that is happening off of an agent that’s stored for a long time for every employee of a company is high-quality data.
Integrate: Integrate these data to understand the relationship between them.
Analyse: Analyse those data and build models that can represent the problem space and make predictions.
Automate: Accelerate/augment human decision-making and queue up things for people to save them time and make it easier for them to do their jobs.
So, what do these factors mean and why is it important for Palo Alto? According to Tim, they are able to save people’s time in doing their job – especially in terms of making sense of data.
“We can make this a process that continues to add new value over time because whenever we change products, buy a new product, [or] get new sources of data, we can add them to our Sense, Integrate, Analyse and Automate framework. So, we can make the new data relevant to all the old data. If we had a cybersecurity platform for automation, it would let you bring in those new data and make them relevant to all of your existing data,” explained Tim.
Palo Alto wants organisations to take security seriously; and the more customers and the general public know about it, the better. So by sharing their vision throughout the event, they hope that we can bring “harmony” to security operations.