Security Product Integration Is Key to Stopping Unwanted Threats
See how NETSCOUT and Palo Alto Networks address the challenge together
There are many solutions in the network detection and response (NDR) space. These tools allow you to search through your current or past network traffic to look for anomalies in the behavior of systems on your network, and they do an adequate job of helping threat hunters find malicious behavior on their networks.
This is the detection part of NDR, and these tools help in determining the IP address of the attacking host and the attacked host. From that information, it is very easy to then start blocking the malicious actor via a firewall rule. This is the response part of NDR.
Solving the Coordination Challenge
Unfortunately, the problem with most of these solutions is that the response part is severely lacking and, at best, is a manual process. The solutions help you find the problem, but they do nothing to block the intruder or to help to remedy the situation. The threat hunter is left with a known bad actor but with no way to prevent that actor from continuing to cause problems on the network.
The best solution to this problem is to coordinate tools between vendors, allowing each of these vendor’s tools to do the task it is designed to do. Let the NDR appliance detect the malicious traffic on the network and coordinate with a firewall that can block the unwanted traffic.
This is where the integration between NETSCOUT and Palo Alto Networks comes in. By coordinating NETSCOUT’s Omnis Cyber Intelligence (OCI) with Palo Alto Networks’ Panorama management platform, you can block unwanted traffic with a single click. OCI is a great threat-hunting tool and allows threat hunters to find malicious activity on their network. But OCI goes one step beyond other NDR tools. From within OCI, if you see alerts from an unknown external IP address or URL, you can simply click the block icon, and a command is instantly sent to Panorama. This command will send the IP address or URL to Panorama and add it to a list that has already been created on this appliance. The list can be automatically sent to the Palo Alto Networks firewall or can be manually checked before being pushed out to the firewalls, all based on your Panorama policy. This not only makes blocking unwanted traffic more efficient but also makes it less error-prone.
The Benefits of Integrated Security Tools
This integration comes with many benefits. The first is ease of use. It takes just a few minutes to establish the connection between OCI and Panorama, and all future communication can be performed with a single click. The second is the reduction in errors when implementing a block. With a manual process, the end user can introduce errors by mistyping a URL or IP address, potentially blocking legitimate communication or causing an outage on the network. With the integration between OCI and Panorama, a block rule is created automatically, eliminating these potential errors.
By coordinating these two great tools, the threat hunter and security administrator can work together more easily to ensure that unwanted threats are stopped quickly and accurately.