Network Security Monitoring

Autonomous Network Security Monitoring; Analyzing the ‘Breadcrumbs’ Hiding in Your Palo Alto Networks IPS/IDS Logs

Tim Wenzlau
by Tim Wenzlau
category Network Security Monitoring

Detecting an intruder at the point of entry can have the greatest impact on reducing system compromise. That is why Network Intrusion Detection and Prevention Systems (IDS and IPS), such as Palo Alto Networks, are essential tools for any security organization, whether they are protecting the data of a large financial services company or the sensitive research and valuable intellectual property of a university.

The downside is that these systems generate such a high-volume of data that even large, mature security teams do not have the capacity to analyze all the data collected.

A common strategy for dealing with this volume of data is to apply rules to filter data, such as, ‘only show me an IPS detection alert if it appears to be high priority’. The result is that a great deal of relevant security data is disregarded, limiting visibility into relevant clues and context which would save time in identifying and responding to actual threats.

Imagine being able to increase the visibility and depth of analysis by leveraging every IPS detection alert from your Palo Alto Networks’ devices.

An autonomous network security monitoring tool should seamlessly integrate into existing PAN IPS/IDS implementations and immediately begins providing value by taking over the monitoring, analysis and decision-making required to turn IDS/IPS data into vetted, actionable security incidents that are ready for human analyst response.

By the way, out-of-the-box, Respond Analyst’s accuracy rate is between 83-92%, after a month on the job, accuracy rates push higher – with many customers reporting nearly 100% accuracy after 60-90 days.