Tufin + Cortex XSOAR Integration
Palo Alto Networks Cortex XSOAR is a leading Security Orchestration, Automation, and Response (SOAR) platform that helps security teams accelerate incident response, standardize and scale processes, and learn from each incident. Integrating Cortex with Tufin enriches your SOAR playbooks with network connectivity intel.
Enrich your incident response automation playbooks
Facing multi-vendor environments and wide attack surfaces, security teams need an ecosystem-wide solution that eliminates repetitive cross-referencing tasks and enables faster incident containment and response.
Using Cortex XSOAR, teams can access granular policy and object data from Tufin SecureTrack through standardized, automated playbook tasks. When an alert is detected on a cloud security tool, SIEM, or vulnerability scanner, playbooks are triggered to coordinate workflows across the entire security product stack and infrastructure.
Better Attack Visibility
Investigating attacks often involves real-time tasks that require screen switching and cycling between vendor dashboards, wasting precious investigation time.
By running SecureTrack commands in the Cortex XSOAR War Room, security teams and analysts can obtain deep visibility and information. Participating analysts will all have full task-level visibility into the process and be able to document and run commands in one unified console. Instead of piecing together ad-hoc changes, an established workflow will ensure smooth deployment and ongoing compliance.
By combining Tufin and Cortex XSOAR, organizations can orchestrate across security products and help SOC customers standardize and automate their processes.
The result? Faster response times and better team productivity.
Tufin + Cortex XSOAR
Combining Tufin SecureTrack’s network security policy information with the data Cortex XSOAR gathers from other products via common playbook helps security teams to:
- Enable case management with the ability to easily ingest, search, and query security alerts and notifications
- Implement comprehensive security orchestration and accelerate incident response at scale.
- Manage threat intelligence with threat feed aggregation and automated security policy
- Minimize screen switching, manual data reconciliation, and repetitive work.
- Run commands with XSOAR’s comprehensive command line interface (CLI).
- Unify and automate responses and compliance processes across cloud and on-premise infrastructures.
- Improve end-to-end visibility.
- Easily configure Demisto REST API to automate tasks and orchestrate security operations.
- Run playbooks that perform malware remediation, phishing detection, malware endpoint investigation, and F5 firewall rule management.
- Stitch together network, endpoint, cloud and data for threat detection with Cortex XDR and IOC
- Integrate your IoT security
- Visualize network topology and application connectivity to provide investigators with enhanced visibility to assess the possible scope of an incident quickly and accurately
- Automatically initiate, design and implement network access changes using playbooks and Tufin workflows (e.g. to contain potentially infected systems)
- Maintain compliance and adherence to established change control processes throughout the incident, with full auditability.
- Leverage hundreds of Cortex XSOAR product integrations to further enrich Tufin data and vice versa while coordinating response across security functions.
- Run thousands of commands including Tufin playbooks, supported via a ChatOps interface while collaborating with other analysts and Cortex XSOAR chatbots
Tufin has the broadest ecosystem of api integrations, including the major SOAR platforms, SIEM solutions, vulnerability management tools, such as Tenable, ITSM solutions for end-to-end automation, such as ServiceNow and more.
XSOAR is the product name of Palo Alto Network’s security orchestration and automated response solution (SOAR). It consolidates case management, automation, real-time collaboration and the management of threat intelligence to serve security teams throughout the incident lifecycle.
Common XSOAR use cases includes fetching incidents, creating and closing incidents and events, updating incidents, investigating events, and querying SIEM. Tufin provides network topology and connectivity intelligence to improve the accuracy of criteria that would trigger a workflow. For example, if there is an alert because malware was detected on a server, Tufin network data can provide context to determine urgency and potential impact. If the server is not exposed to the Internet, that might be a lower priority than compromises on machines that are exposed to the Internet. Likewise, Tufin can provide connectivity intelligence to identify all systems that compromised server as access to.
A SOAR playbooks automate manual tasks associated with the incident response process, which is a notoriously tedious, fragmented and manual process. The playbook a set of steps and processes that comprise an automated response to a certain type of security incident. For each playbook there are certain conditions and alerts defined that will trigger the automated playbook. For example, a playbook may entail quarantining an asset that has anomalous network traffic This frees up incident response teams to focus on more advanced tasks response tasks.
It is a security orchestration and automated response solution (SOAR). It consolidates case management, automation, real-time collaboration and the management of threat intelligence to serve security teams throughout the incident lifecycle.
IBM Security SOAR has repositories on github that feature content packs, Python APIs, reference documentation, and more
IBM Security SOAR also enables security teams to:
- Automate case management for security or privacy events
- Automate and document incident response plans
- Establish an incident response platform where teams can prepare for privacy breaches and enact remediation
- Easily integrate the SOAR platform with hundreds of integrations beyond Tufin
- Streamline automation configuration for faster, more accurate playbook creation
- Integrate malware analysis into incidents
- Perform threat enrichment for incidents before security analysts even begin
- Easily facilitate QRadar integration with SIEM applications like Splunk or Microsoft Azure Sentinel
- Customize application templates for supported offense fields