As the rate and sophistication of cyberattacks increase, security teams are increasingly pressed to turn cutting edge security analytics into action. The integration between Vectra and Palo Alto Networks enables security staff to quickly expose a variety of hidden attacker behaviors, pinpoint the specific hosts at the center of a cyberattack, and block the threat before data is lost.
By automating analysis and response, security teams can condense weeks of work into seconds and take action before damage is done.
Key benefits include:
- Automate network defenses by combining behavior-based threat detection with real-time enforcement.
- Identify and block advanced attacker behaviors and quarantine compromised hosts.
- Empower security analysts to respond to threats by triggering blocking actions using simple event tags.
- Trigger blocking actions based on type of threat, risk, and certainty. Stopping threats with network-based behavioral analytics
Why integrate Vectra AI with Palo Alto?
The Palo Alto Networks and Vectra partnership aligns behavioral threat detection and realtime enforcement between the two companies in real time, providing our joint customers with increased visibility and synchronized protection to effectively combat today’s advanced threats.
Joint customers can rapidly integrate Palo Alto Networks with Vectra in a matter of minutes with Vectra Active Enforcement.
Success or failure of a security team can often boil down to time-to-response. Sophisticated attackers thrive by staying under the radar, and detecting them can often require hours to days of investigation from highly trained security analysts. According to the M-Trends 2017 report from Mandiant Consulting, it takes 99 days between when a network is compromised and when the attack is detected.
The integration between Vectra AIand Palo Alto Networks directly addresses this challenge. First, Vectra automates the work of Tier-1 security analysts to find hidden signs of an attack. Vectra Active Enforcement turns this detected threat into action by integrating with Palo Alto Networks dynamic block lists to stop the malicious traffic or quarantine a compromised host. Support for Panorama allows staff to extend blocking to any Palo Alto Networks firewall in a distributed environment.