CrowdSec available on the Cortex XSOAR Marketplace

If your SOC team incorporates Cortex XSOAR or XSIAM into the company’s security infrastructure, you can now enrich the data you have on your threats with CrowdSec CTI available in the Cortex XSOAR Marketplace. Before we dive into this integration, let’s first take a closer look at Palo Alto Networks. We will learn more about their products for security operations and how CrowdSec’s CTI adds a layer of value.

Who is Palo Alto Networks?

If you are new to Palo Alto Networks and considering using it along with our integration, let’s get a quick overview of the company and understand its solutions. 

Palo Alto Networks is a global cybersecurity company offering an array of products and services including next-gen firewalls, endpoint protection, Cloud security services, application protection platforms, and solutions for security operations.

Created in 2005 in California, the company first offered an enterprise firewall that allowed companies’ employees to use modern applications safely. Palo Alto Networks' offering quickly grew and today, it services over 70,000 organizations in a wide range of industries such as healthcare, the public sector, financial services, retail, manufacturing, oil and gas, and many more. 

What is XSOAR, XDR and XSIAM?

Palo Alto Networks is dedicated to solving SecOps’ challenges including unifying defenses, stopping threats, automating incident responses, and helping teams to monitor all internet-facing assets. They do this by providing XSOAR, XDR, and XSIAM products. We will break down what they are below: 

• XSOAR stands for Security Orchestration, Automation, and Response and is a solution for organizations to simplify their security operations with automation and allow them to scale and standardize incident response processes.  Teams can also manage alerts across all sources, use a dedicated space to collaborate on certain issues, and manage their threat intelligence. 
• XDR or Extended Detection and Response is an incident response tool that can integrate into multiple security environments to help unify all licensed components. What this means for a security team is that they can get a simpler view of threats across their entire security landscape which allows them to make quick decisions. 
• XSIAM, also known as Extended Security Intelligence and Automation Management. It is an approach to security operations that drives security outcomes by integrating and automating SOC processes. It is usually in the center of the SOC activity, unifying functionalities and putting data in a centralized place.  

What is actionable cyber threat intelligence? 

Once cyber threat information has been collected, evaluated, deemed reliable, and analyzed through rigorous and structured techniques, it becomes cyber threat intelligence. For example, CrowdSec’s cyber threat intelligence (CTI) is sourced from a large network of real users across 178 countries. The users share their diverse signals (around 20 million per day), allowing CrowdSec to gather a large amount of information on each flagged rogue IP address. 

This information is curated by CrowdSec’s expert system via a dynamic process involving a diversity check, cross-validation by our own honeypots, and finally a meticulous reputation system, guaranteeing the absence of false positives and making it resistant to poisoning. CrowdSec CTI can then stream IP blocklists directly to any firewall or remediation solution that will then provide a preventive defense. 

Having highly curated and error-free CTI is extremely beneficial for all organizations. It provides a clear insight into cyber threats, allowing for a faster, more precise response and resource development and allocation. The bottom line, you save time and money.

The value of integrating CrowdSec into your XSOAR and XSIAM 

To get the most out of XSOAR / XSIAM and enable an efficient implementation of automation, you need to have the most reliable data possible. By combining CrowdSec’s contextualized and actionable cyber threat intelligence and the power of Palo Alto Networks tools, your SOC team can: 

• Avoid noise from the Internet and reduce the volume of alerts (by implementing CrowdSec’s zero-false positive Threat Data)
• Have more oversight and information on the attacker to make swift decisions on dismantling them (CrowdSec complements XSOAR’s robust solution by including a layer of security and additional vertical context) 

• Create a more informed path to remediation and efficient processes (matching information from two reliable sources guarantees trust in the data)
• Free up time and resources (CrowdSec’s fire-and-forget model allows for easy integration into XSOAR, allowing you to get the most out of both solutions without extra effort)

Why we partnered with Palo Alto Networks to create this integration?

Partnering with Palo Alto Networks for this integration was an obvious choice for us. Our vision is similar: make the internet safer and more secure for everyone. Additionally, we cover a lot of the same ground, protecting all verticals from medical to e-commerce. We knew our CTI would be a perfect fit and provide rich value to Cortex’s already robust solution. 

How to get CrowdSec integration?

Go to https://cortex.marketplace.pan.dev/marketplace/details/CrowdSec/

Click on “Download With Dependencies” and follow the instructions here.