How SOAR plus threat intelligence empowers security operations teams

Greg OttoJun 08, 2021

Cortex XSOAR is updating its offerings with Threat Intelligence Management (Cortex XSOAR TIM 2.0) to simplify how users leverage threat insights across all their SecOps workflows.

Rishi Bhargava, VP of Product Strategy at Palo Alto shared, "We are proud to launch our TIM 2.0 solution with Intel 471, a key threat intelligence partner in the Cortex XSOAR Marketplace ecosystem. Bringing TIP and SOAR together creates a strong value proposition for security teams that need to simplify the overhead of their operations with orchestrated and automated workflows that leverage contextual insights from activated threat intel."

Now, users can unlock the power of Intel 471 threat intelligence with Cortex XSOAR TIM 2.0, which delivers unmatched visibility into the global threat landscape. Automatically map Intel 471's Cybercrime Intelligence and contextual data about incidents happening in your network and expose connections between threat actors and attack techniques that were previously unknown.

How does XSOAR Threat Intelligence Management 2.0 benefit SecOps teams?

With today's high volume of security alerts, tools, and data, security teams struggle to gain the visibility needed to quickly qualify threats and reduce workflows. Organizations require a solution that solves these challenges by consolidating the data and tools required for incident investigation and by orchestrating and automating common workflows across the security environment. On-demand threat intel provides critical context for the quick triage of alerts and expedited qualification of incidents. With this consolidated approach to threat intel enrichment, TIP management, and streamlined SOC workflows, analysts can handle more tickets in less time and focus on discovering emerging threats.

What makes the new TIM 2.0 solution different?

With Cortex XSOAR TIM 2.0, users not only have a central threat intelligence repository for storing and managing IOCs and other information related to actors and attack techniques, but now have the ability to build structured relationships between intelligence sources to gain an in-depth understanding of your external threat landscape. The ability to manage threat intelligence providers (TIPs) within Cortex XSOAR compounds the value of your threat intel and further reduces the operational overhead and costs of maintaining solutions.

When will Cortex XSOAR TIM 2.0 be available?

TIM 2.0 is available now. Updates to the offering will continue to be added in 2021 and beyond.

How do I enable Intel 471 Cybercrime Intelligence within Cortex XSOAR?

The Intel 471 threat intel content pack is available now with one-click installation from the Cortex XSOAR Marketplace. For more information on the Marketplace and content packs please visit Palo Alto's website.

'Time is of the essence' is a massive understatement in today's cybersecurity environment," said Jason Passwaters, COO and co-founder of Intel 471. "The time from initial infection to critical business impact is now measured in hours and possibly even minutes. Marrying timely threat intelligence with SOAR platforms is integral for companies to outpace the adversary. Our Cybercrime Intelligence offering provides near real-time insights that can be immediately operationalized via XSOAR. We're excited to see the launch of TIM 2.0 and the Intel 471 content pack available to all XSOAR customers at the click of a button."

Where can I find more information?

Learn more on how Cortex XSOAR and Intel 471 are working together to deliver the threat intel enterprises need today by visiting Palo Alto's website.