Palo Alto Cortex XSIAM

    The Autonomous Platform Powering the Modern SOC

    The needs of the SOC have changed but the design of the SIEM and SOC has not. Most other key pieces of the security architecture have been modernized. The endpoint moved from AV to EDR to XDR; the network moved from a “hard shell” perimeter to Zero Trust and SASE; and, runtime moved from the data center to the cloud. In contrast, too many SOCs are stuck in (or with) a 20-year-old model where the SIEM, and its rules, are the heart of the operation.

    The modern SOC must be built on a new architecture:

    • Broad and automated data integration, analysis, and triage
    • Unified workflows that enable analysts to be productive
    • Embedded intelligence and automated response that can block attacks
      with minimal analyst assistance


    Unlike legacy security operations, the modern SOC leads with massive datasets run by data science, rather than human judgment and rules designed to catch yesterday’s threats.

    Cortex® XSIAM™ (extended security intelligence and automation management) unifies best-in-class functions, including endpoint detection and response (EDR); extended detection and response (XDR); security orchestration, automation, and response (SOAR); attack surface management (ASM); user and entity behavior analytics (UEBA); threat intelligence platform (TIP); and security information and event management (SIEM). Using a securityspecific data model and applying machine learning, XSIAM automates data integration, analysis, and triage to respond to most alerts. This enables you to focus on the incidents that require human intervention.

    The data model is updated continuously with Palo Alto Networks threat intelligence gathered globally across tens of thousands of customers. XSIAM uses an ML-led design to integrate massive amounts of security data, aggregate alerts into incidents for automated analysis and triage, and respond to most incidents automatically. XSIAM is already proven in production, powering Palo Alto Networks own SOC and turning over a trillion events per month into a handful of analyst incidents per day.

    Palo Alto Cortex XDR

    The Infrastructure Access Platform

    Read More
    Palo Alto Networks Prisma Access

    Reduce costs, add flexibility and improve security

    Read More
    Palo Alto Prisma Cloud

    Say goodbye to security gaps with a comprehensive cloud security suite

    Read More
    Palo Alto Networks STRATA

    A proactive platform full of solutions for today’s security needs

    Read More

    Accessibility Toolbar