Facing multi-vendor environments and wide attack surfaces, security teams need an ecosystem-wide solution that eliminates repetitive cross-referencing tasks and enables faster incident containment and response.
Using Cortex XSOAR, teams can access granular policy and object data from Tufin SecureTrack through standardized, automated playbook tasks. When an alert is detected on a cloud security tool, SIEM, or vulnerability scanner, playbooks are triggered to coordinate workflows across the entire security product stack and infrastructure.
Investigating attacks often involves real-time tasks that require screen switching and cycling between vendor dashboards, wasting precious investigation time.
By running SecureTrack commands in the Cortex XSOAR War Room, security teams and analysts can obtain deep visibility and information. Participating analysts will all have full task-level visibility into the process and be able to document and run commands in one unified console. Instead of piecing together ad-hoc changes, an established workflow will ensure smooth deployment and ongoing compliance.
By combining Tufin and Cortex XSOAR, organizations can orchestrate across security products and help SOC customers standardize and automate their processes.
The result? Faster response times and better team productivity.
Combining Tufin SecureTrack’s network security policy information with the data Cortex XSOAR gathers from other products via common playbook helps security teams to:
Tufin has the broadest ecosystem of api integrations, including the major SOAR platforms, SIEM solutions, vulnerability management tools, such as Tenable, ITSM solutions for end-to-end automation, such as ServiceNow and more.
XSOAR is the product name of Palo Alto Network’s security orchestration and automated response solution (SOAR). It consolidates case management, automation, real-time collaboration and the management of threat intelligence to serve security teams throughout the incident lifecycle.
Common XSOAR use cases includes fetching incidents, creating and closing incidents and events, updating incidents, investigating events, and querying SIEM. Tufin provides network topology and connectivity intelligence to improve the accuracy of criteria that would trigger a workflow. For example, if there is an alert because malware was detected on a server, Tufin network data can provide context to determine urgency and potential impact. If the server is not exposed to the Internet, that might be a lower priority than compromises on machines that are exposed to the Internet. Likewise, Tufin can provide connectivity intelligence to identify all systems that compromised server as access to.
A SOAR playbooks automate manual tasks associated with the incident response process, which is a notoriously tedious, fragmented and manual process. The playbook a set of steps and processes that comprise an automated response to a certain type of security incident. For each playbook there are certain conditions and alerts defined that will trigger the automated playbook. For example, a playbook may entail quarantining an asset that has anomalous network traffic This frees up incident response teams to focus on more advanced tasks response tasks.
It is a security orchestration and automated response solution (SOAR). It consolidates case management, automation, real-time collaboration and the management of threat intelligence to serve security teams throughout the incident lifecycle.
IBM Security SOAR has repositories on github that feature content packs, Python APIs, reference documentation, and more
IBM Security SOAR also enables security teams to:
Only Tufin provides automation and a unified security policy, from on-prem to cloud, across NetSec and DevOps.