This May, I had the opportunity to attend one of Palo Alto's Ignite conferences. As opposed to previous years, when Palo had one major conference over a week, they decided to take the conference "on the road" and hold numerous one-day conferences across the country. I elected to attend the conference in Los Angeles. Today, I'd like to talk about what I learned and what new solutions Palo Alto is working on.

After the opening remarks and a donut, I attended the first workshop of the day. Palo offered three different workshops at a time over three different periods. For the first workshop, I attended the Security Operations technical deep dive. During this discussion, they demonstrated various tools including Cortex XDR, XSOAR and Xpanse. Finally, they finished the discussion by demonstrating their new AI advancements in Cortex XSIAM.

  1. XDR is designed to detect and stop threats on endpoints. Based on behavioral analysis, it can detect and block threats, including advanced malware and zero-day attacks. XDR provides a way to quickly identify the source of attacks to help remediate and defend against future attempted attacks.
  2. XSOAR is useful for automation and orchestration of security operations. Attacks are getting more frequent and complex, stretching analysts thin. XSOAR enables the automation of these manual repetitive tasks, generating reports that are simple to understand, freeing up analysts to remediate these security risks.
  3. Xpanse helps shrink the attack surface and manage external exposure and risks. With the modern scattered network with hybrid and cloud introduced, the attack surface is always changing and increasing. Xpanse is an attack surface management tool (ASM), designed to discover and respond to any cracks in the network edge.
  4. XSIAM combines all of these and more into one centralized platform. XSIAM provides one console that collects information from many sources and utilizes an AI model to connect events to detect and stop threats. By viewing possible indicators of attack in a greater scope, XSIAM is able to combine these "low-confidence events into high-confidence incidents." XSIAM is designed to automate manual work, hoping to remediate threats before users even have to take a look at the threat. XSIAM also features a sort of "copilot" that responds to questions and helps analysts in their threat remediation.

The next breakout session was a hands-on workshop. Once again, there were three options. I figured I should stick with Security Operations, so I went back to get to use XDR. I was hoping to get to use XSIAM but no such luck. Palo's XDR lab reminded me of our own XDR Lab and Learning Path. I may be biased, but I think our lab is a bit better.

The final breakout session I attended was the XSOAR hands-on lab. At WWT, we don't have a dedicated XSOAR lab, but it is a module in the version 10 and 11 NGFW foundations lab. This lab gave me some ideas for future updates to the XSOAR module whenever I do its next refresh. 

After the conference finished, we had dinner with some of the WWT sales teams and their accounts. I'm thankful for the opportunity and for getting the chance to meet so many people. My main takeaway from the conference was XSIAM. Having the single pane of glass console that combines all of Palo Alto's already existing solutions into one with an additional AI integration sounds like a great step forward in the security operations space. Hopefully I'll be able to build out a related lab to get XSIAM onto the platform soon. Until next year!