Security

Review: Cortex XSOAR Protects Against Common Threats Facing the Public Sector

The automated platform allows users to set custom responses to cyberthreats and incidents.

Carlos Soto is an award-winning reviewer and journalist with 20 years of experience covering technology and business within various sectors and industries.

State and local government agencies possess hoards of valuable data about citizens, businesses, healthcare organizations and other entities. Naturally, this makes them targets for cyberattacks that seek to pilfer data, extort government agencies and commit cyber fraud.

The challenge of thwarting cyberattacks is compounded by the fact that local government agencies, in particular, often have limited staff, resources and budget for cybersecurity, despite being under constant threat.

One solution that has proved to be a big help in extending cyber defenses and reducing attacks is automation. Automating the mitigation of low-level attacks can reduce up to 90% of the threats stalking the public sector. Eliminating that part of the threat landscape allows smaller staffs to concentrate on advanced threats that could do real damage.

Click the banner below to become more cyber resilient in the face of an evolving threat landscape.

x-cyberattack-static-2024-clickhere-desktop

x-cyberattack-static-2024-clickhere-mobile

Automation can also help with incident response, especially when time is of the essence. Attackers who get past firewalls and other frontline defenses no longer have days, weeks or months to further scope out their target. Instead, they can be blocked by well-informed humans in just a few hours. These attackers can be removed almost instantly using properly tuned automation with sufficient permissions to act independently, with humans receiving reports for review after the fact.

Automated Security Helps IT Teams Do More With Less

The Cortex XSOAR platform from Palo Alto Networks was created with the demands of a highly targeted environment in mind. I was able to review the platform running in a test environment and found it helpful in eliminating many threats automatically and assisting human workers with mitigating others.

As the industry's first extended security orchestration and automation platform (hence the name), Cortex XSOAR simplifies security operations by unifying automation, case management, real-time collaboration and threat intelligence. It’s a complete package that is surprisingly easy to deploy and manage, even for smaller IT staffs.

The first thing I noticed about XSOAR is its easy-to-use interface and intuitive user experience. Adding to the ease of use is robust functionality that’s native to the platform, particularly when customizing features for the nuances of your users and enterprise.

That high level of customization is crucial for state and local jurisdictions, whose networks differ from one another and, more generally, from typical private-sector organizations. For example, cities and towns increasingly have opened swaths of their networks to the public, commingling with classified areas and common workspaces. Being able to customize protections and acceptable risk levels can keep everything secure while providing access to citizens.

Cortex XSOAR Allows Users to Customize Responses

The platform’s automation and response capabilities are especially impressive. XSOAR delivers native threat intelligence management that can be tailored to the environment, prioritizing key intelligence about the most likely attacks. According to Palo Alto, incident response time can be reduced by 90% or more. A key part of the automation platform is an incident response “war room,” which empowers teams to collaborate during mitigations and helps with post-incident analysis and training.

The automation extends to the responses themselves. Playbooks can help users customize how they respond to different types of threats and incidents. When a similar threat comes along, users can go through those playbooks to reach similar conclusions or even have the platform automate much of that response.

EXPLORE: State and local agencies must prepare for unexpected cyber threats.

Of course, automation is only effective if a platform is smart enough to act properly without human intervention. In my testing, the XSOAR platform successfully eliminated over 90% of the most common threats without human intervention. That could free up staff to concentrate on the most dangerous and complex security challenges — putting humans in the driver’s seat, with help from Cortex. In any case, threat remediation can be handled much more quickly, if not instantly, with Cortex on the job.

Attackers have put the public sector in their crosshairs. A platform like Cortex XSOAR can help even the odds, giving a big boost to limited IT staff by handling many attacks on its own and assisting with everything else.

SPECIFICATIONS

BRAND: Palo Alto Networks
PRODUCT LINE: Cortex XSOAR
MODEL: Threat intelligence management
OPERATING SYSTEM: Linux, MacOS, Windows
SOFTWARE TYPE: Annual license per user

Top IT Security Issues For Agencies

Attackers often target public sector entities, as they have vast stores of vital information and because IT budgets in towns and cities are often limited. From personal information to financial data, higher education is a cornucopia of valuable data for all kinds of attackers.

Breaches often result in identity theft, fraudulent payouts from social programs and other financial losses. Internally, IT staff can become exhausted and stressed. The volume of IT security data on networks that must be sifted through, especially in large cities and states, can be overwhelming for security teams.

Here are some of the key types of attacks, security incidents and vulnerabilities faced by public sector agencies — and how a platform like Palo Alto Networks Cortex XSOAR can help:

Phishing attacks. Phishing emails and websites are commonly used to trick citizens and employees into revealing sensitive information, such as passwords or personally identifiable information, that can be used to perpetrate fraud. A tool like XSOAR can help orchestrate all other cyber solutions to help staff thwart attacks that lead to unauthorized access and account takeover.
Insider threats. Malicious but often unintentional insider incidents (following a phishing attack, for instance) can be triggered by employees, contractors and others who use hybrid public and private networks. These attacks can be difficult to detect because an authorized user is involved. But tools like XSOAR can detect anomalous activities outside traditional workflows, either taking pre-emptive action or alerting human staff.
Lack of security awareness. The free time that IT staff gains from using the XSOAR automated platform can allow them to educate staff and citizen users about security best practices, achieving a basic level of cyber hygiene. This can help to eliminate a vast number of low-level threats.
Legacy systems. Many agencies use outdated software and older systems that may not receive regular security updates or patches. These systems may not meet current security standards and are more vulnerable to attacks. Implementing XSOAR empowers IT security teams with out-of-the-box integrations that can wall off those assets and provide a level of protection without requiring an immediate rip-and-replace.
Bring-your-own-device policies. Some government agencies let employees use their own devices, especially in hybrid work environments. XSOAR can generate playbooks regarding proper security practices to ensure that all connected devices meet security standards. Playbooks can also be followed if an attack originates from a smartphone or other external device, speeding detection and mitigation of those tricky threats.