Partner Use Case | Bringing Threat Detection and Mitigation Closer Together
In this article
This article was written and contributed by our partner, NETSCOUT.
A Use Case for the integration of Palo Alto Networks Panorama and NETSCOUT Omnis Cyber Intelligence. Being able to combine network visibility, threat detection, and investigation with centralized enforcement is essential to maintaining a successful cybersecurity posture.
The Challenge
You can't protect what you can't see. For threat detection to be effective, network visibility must extend from the network core to the edge and beyond to include application and infrastructure components residing in the cloud or third-party colocation facilities. Combining intelligent threat detection with comprehensive visibility is required to fully analyze, understand, and mitigate attacks in the network. But detection is only the first step to solving the problem. Once threats are detected, mitigation must be performed to prevent data loss and other undesirable outcomes. Unfortunately, mitigation and detection are functions best handled by tools tailored for each task and rarely do they work together. As a result, security teams are faced with the challenge of taking actionable decisions on one tool from threats reported by another. Until now, joint customers who utilize NETSCOUT Omnis Cyber Intelligence (OCI) to detect indicators of compromise (IoCs) and optimize their security posture and Palo Alto Networks Panorama for their perimeter protection had to manually copy IoC information from OCI to Panorama, a process that is time consuming and could be significantly hindered by user error.
What is Omnis Cyber Intelligence?
Omnis® Cyber Intelligence (OCI) is an enterprise-wide network threat and risk investigation solution designed to reduce the impact of cyberthreats on your business. Lever-aging multiform factor, scalable, and intelligent NETSCOUT InfiniStreamNG®, vSTREAM® with Cyber Adapter, and CyberStream instrumentation, Omnis Cyber Intelligence provides comprehensive end-to-end visibility—the foundational requirement for effective cybersecurity. Combining comprehensive security visibility with contextual, real-time analytics and NETSCOUT's ATLAS global threat intelligence, Omnis Cyber Intelligence provides the ability to promptly and efficiently detect, validate, investigate, and respond to cyberthreats, whether on-premises or in the cloud. Organizations will benefit from having a cost- effective and highly scalable cyberthreat analytics system at their fingertips that can easily integrate with other security enforcement and reporting platforms.
What is Panorama?
Panoramaâ„¢ is a security management solution that pro-vides consistent rules in an ever-changing network and threat landscape. Manage your network security with a single security rule base for firewalls, threat prevention, URL filtering, application awareness, user identification, sandboxing, file blocking, access control, and data filtering. This crucial simplification, along with App-IDâ„¢ technology-based rules, dynamic security updates, and rule usage analysis, reduces administrative workload and improves your overall security posture.
Omnis Cyber Intelligence Integration with Panorama
The NETSCOUT Omnis Cyber Intelligence integration with Palo Alto Networks Panorama takes threat detection and mitigation to a new level by combining threat intelligence, detection, investigation, and response, with the most comprehensive Next-Generation Firewall management platform that connects technology with people and processes. Security operations teams need to be able to take IoCs and incorporate them directly into enforcement tools for mitigation. This manual process has always been cumbersome, slow, and many times inaccurate, as threat data is rekeyed from the detection tool to the mitigation tool before any enforcement or mitigation can happen. NETSCOUT Omnis Cyber Intelligence utilizes Panorama's RESTful API, allowing it to communicate directly with the security policy. This enables security operations to send detected or investigated threats from Omnis Cyber Intelligence directly to Panorama with the click of a button, informing Panorama of known bad actors or URLs and populating related objects used for enforcement. Enforcement policies can then be sent out to appropriate Palo Alto Networks Next-Generation Firewalls for mitigation of discovered threats.