Trying to find advanced, targeted attacks can be an exercise in frustration, akin to finding a needle in a haystack. With so many potential threats traversing your network, how do you know which ones to pay attention to – and what actions to take to prevent damage?
It’s a challenge faced by security practitioners each day, who are overwhelmed by security data and alerts from a variety of intelligence sources and third-party contributions. The problem isn’t a lack of data, but finding the events important to your organization, often in the intelligence you already have available. No one wants an attack to pass through, but there are simply too many “alerts” to follow up on.
At Palo Alto Networks we have been working with our customers to answer this challenge, and like everything we do, we envisioned how we could approach it differently. We weren’t going to introduce “yet another” threat intelligence service that only adds to the problem. We sought to transform the industry by solving the critical question of how you focus limited security resources on the unique attacks, from the hundreds of alerts you receive today. And then, how do you turn those prioritized indicators into real, actionable cybersecurity intelligence – not just a data dump from which you can’t draw real conclusions?
We are excited to bring you an answer. Today at Ignite 2015 in Las Vegas, Palo Alto Networks officially announced AutoFocus: an innovative cyber threat intelligence service that provides prioritized, actionable intelligence on the attacks an organization must respond to. Using AutoFocus, you receive intelligence in a context specific to your network and industry, including the unique threats targeting you or your industry, information on adversaries and how attacks fit into campaigns, with the tools to quickly investigate related indicators.
What do you gain with AutoFocus? True threat intelligence, which we define as the ability to take a more proactive and timely stance against advanced attacks to shut them down before attackers can achieve their ultimate objectives, and understand how to prevent them in the future.
How AutoFocus works
The AutoFocus service gives security practitioners access to intelligence derived from an ever-expanding ecosystem of the service’s users. Through this approach, it provides:
- Priority alerts — Prioritized alerts of targeted, advanced attacks based on statistical analysis, human intelligence from Unit 42, and tagged indicators from a customer’s own network, as well as a global community of security experts using the AutoFocus service.
- Attack context — Web-based dashboard providing the tools to quickly investigate the context of attacks, adversaries and campaigns, and distinguish targeted attacks from commodity malware.
- High-fidelity threat intelligence — Analysis across millions of samples and billions of file artifacts from a rapidly growing pool of over 5,000 global enterprises, service providers and government organizations routinely targeted by advanced, customized attacks.
This is a true advantage in the cybersecurity battle, sourced from the collective insight of all users. It’s not just you against advanced attacks — it is all of us working together in a highly coordinated manner.
Palo Alto Networks is now accepting applications from current customers interested in evaluating AutoFocus through a limited-time Community Access program. We invite you to learn more about AutoFocus, and submit an application for Community Access, by visitingwww.paloaltonetworks.com/autofocus. General availability of AutoFocus, including full details on subscription pricing, will be in the second half of 2015.
AutoFocus is one of our big announcements this week at Ignite 2015 in Las Vegas. Follow along over the next few days to learn more about all our Ignite news, from the launch of Traps 3.2 to the latest milestone in our integration with VMware and this year’s honorees in the Cybersecurity Canon.
[Palo Alto Networks Blog]