According to the Ponemon Institute's 2014 Industry Report, 74% of security professionals claim incident investigation solutions lack integration with existing security products. UserInsight, our intruder analytics solution, now integrates with Palo Alto WildFire to provide user context and investigative tools to their advanced malware alerts.
What does user context mean? For incident alerts, monitoring solutions often provide the IP addresses or assets affected. However, as users connect to the corporate LAN, WiFi, and VPN, they are assigned many different IP addresses throughout a regular work day, and IP addresses are recycled regularly for other users. This means when investigating an advanced malware alert, security streams often struggle with which person in the organization to follow up with. When retracing a single day of network activity often takes four hours of concentrated, sometimes painful effort, cutting right to a user-centric viewport means a much happier security team.
Our investigation tools combine with WildFire malware detection to quickly visualize the attacker's steps on the network. This includes intruders switching user identities, password guessing attempts, and suspicious access to critical assets, cloud services, or applications.
If you have UserInsight and WildFire setup, head to the UserInsight Collector page. As WildFire is primarily a software add-on, click Firewall Sources and make sure Palo Alto Networks Firewall is configured. As long as you are forwarding everything from the firewall, we will automatically parse the WildFire data. In addition to the malware alerts provided by WildFire, UserInsight provides detection of compromised credentials, so you're armed with all-round incident detection. You're done!
This integration is available now. If you have Palo Alto WildFire and are interested in learning more, join us for a Guided Demo or contact us. In case you're at the Palo Alto Ignite conference this week, please find us in the vendor area for a demo.