Story image

Palo Alto Networks takes security logs to the cloud

18 Oct 17

Palo Alto Networks has introduced a new cloud-based logging service for customers who wish to amass large amounts of their own data from the company’s security platform, in a move to push the limited hardware capacity of legacy logging systems to the sidelines.

The company launched the new service to work best with machine learning and advanced analytics – which the company claims can be used to correlate potential threats and prevent cyber breaches.

Palo Alto Networks Next-Generation Security Platform will feed the data to organisations in a way that delivers scalable logging infrastructure without operational overheads.

According to ZK Researcher founder and principal analyst Zeus Kerravala, large overhead costs prevent organisations from efficiently collecting large amounts of data and being able to action it.

He believes that the new technology will able to deploy information quicker and “Share information between different applications and sensors, and scale their capacity on a dime, empowering them with enhanced capabilities to spot and prevent successful cyberattacks.” 

Palo Alto says that large data logs are important for organisations to be able to store, process and analyse as much data as possible in order to improve threat visibility.

The company designed its Logging Service to allow data collection without local compute and storage limitations. The ‘cloud-based approach’ also changes the economics of log data collection, making it easier to collect as much data as required.

·         Central repository for events, traffic and security logs: Logging Service provides a cloud-based central repository for context-rich logs generated by the Palo Alto Networks Next-Generation Platform.

·         Simplified operations: Logging Service simplifies the procurement, deployment and ongoing management of storage and compute infrastructure for event, traffic and security logs, eliminating the complexity of planning and operating logging capacity.

·         Increased business responsiveness: Organizations can procure and deploy logging capacity quickly via a flexible model that allows organizations to become more responsive to changes in logging needs due to unforeseen business circumstances or new compliance requirements.

·         Actionable insights: As part of the Application Framework, customers can use log data within new security applications to apply machine learning and advanced analytics, and can take security enforcement actions in concert with Palo Alto Networks enforcement points to prevent advanced attacks.

Lee Klarich, Palo Alto Networks chief product officer, says the Logging Service is the foundation for the company’s forthcoming Palo Alto Networks Application Framework.

This new offering significantly reduces the complexity and economics of log management, enabling customers to make better correlations, and effectively respond to and prevent successful cyber attacks,” he says.

The Application Framework will be part of the company’s next stage of rolling a range of cloud-based security applications.

Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Spark Lab launches free cybersecurity tool for SMBs
Spark Lab has launched a new tool that it hopes will help New Zealand’s small businesses understand their cybersecurity risks.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t.