In cybersecurity, coordination and information sharing is beyond important. Proper integration of the key systems required to maintain your security posture is what enables security teams to succeed in an increasingly complex threat environment. This is why we at SafeBreachTM are so excited to have joined a select group as a launch partner for the Palo Alto Networks Cortex XSOARTM Marketplace. Security teams using Cortex XSOAR can validate their security controls with SafeBreach, and can stream relevant breach-and-attack simulation results and Indicators of Compromise (IoCs) from SafeBreach into Cortex XSOAR. The Cortex XSOAR platform can then automatically orchestrate remediation of low-level IoCs via integrated endpoint and network security solutions. Sharing information and working together in an integrated ecosystem gives our shared customers superpowers.
How Integration Helps Security Teams Uplevel Security Posture
Consider the following scenario: A security analyst is notified by their threat intel system of a new series of attacks from APT29 that seem to be focused on companies in a related industry. They figure APT29 is going to come after their organization next. SafeBreach correlates the Threat Intelligence feeds to the current SafeBreach Hacker’s Playbook, builds new attacks based on updated indicators, and triggers the most relevant attack methods to run across the analysts enterprise.
After running the simulations, SafeBreach identifies a handful of misconfigured controls and security gaps that need to be fixed to shore up the security stance against APT29. SafeBreach prescribes specific actions for the SecOps and vulnerability management teams. The fixes identified by SafeBreach are automatically streamed into Cortex XSOAR for automated remediation or to create a ticket and kick off a remediation workflow that requires human involvement.
This is a much faster and effective way to run SecOps. If these systems were not integrated, then the above process would likely be mostly manual and take months to complete. With Cortex XSOAR pulling insights from SafeBreach, low-level indicators can be immediately remediated; behavioral indicators can be examined and potentially remediated within hours. Overall, the integration provides SecOps teams with a fast metabolism to automate the easy analysis and remediation work while expediting the harder cases focused on less obvious behavioral indicators.
Technology and Business Benefits: Manage Risks Smarter, Prevent Breaches
Working together, SafeBreach and Cortex XSOAR can help teams improve their security stance, cover the most important security ground faster, and reduce critical business cyber risk. More specifically, teams can radically improve efficiency and efficacy by:
- Discovering security gaps through continuous breach and attack simulation (SafeBreach)
- Automatically remediating and validating missed IOCs (Cortex XSOAR)
- Orchestrating remediation of behavioral IOCs (Cortex XSOAR)
- Maximizing the effectiveness of existing security controls (SafeBreach)
These benefits have potential to drive substantial tangible business impacts. For example, when security teams integrate BAS, SOAR, EDR/XDR and network controls they may:
- Reduce the likelihood of breaches
- Save time by moving from manual to automated workflows
- Improve compliance coverage and simplify IT security audits
- Allow CISOs to optimize and get the most bang for their buck from their security controls
The business and technology benefits of integration and a robust ecosystem of security technology partners are even more impactful in the current environment of economic distress. Security budgets are being cut and teams are looking to do more with less while still improving their capabilities. The best way to achieve this is cooperation, collaboration, and integration. Integrating the world’s most widely used breach-and-attack-simulation platform with Cortex XSOAR and other detection and response and network controls solution partners is an easy way to give cybersecurity teams the superpowers that differentiate great security from merely good or adequate security.