Palo Alto Networks, a cybersecurity provider, has announced the availability of its new Identity Threat Detection and Response (ITDR) module for Cortex XSIAM.

According to the company, ITDR enables customers to ingest user identity and behavior data and deploy state of the art AI technology to detect identity-driven attacks within seconds. The module strengthens XSIAM’s ability to consolidate multiple security operations capabilities into a unified, AI-driven security operations center (SOC) platform.

“Today, customers who want to detect identity-related attacks must deploy multiple tools – UEBA, insider risk management, endpoint-based ITDR, etc. – each providing a partial view into user activities,” said Gonen Fink, Senior Vice President, Cortex Products at Palo Alto Networks. 

“Such disjointed approaches result in poor security outcomes, alert overload and time wasted on triage.  With the addition of ITDR, the XSIAM platform now integrates all identity data sources into a single security data foundation spanning endpoints, networks and cloud. This allows our customers to run  comprehensive AI-driven threat detection to protect against stealthy identity-driven attacks.”

The company highlights that the ITDR module ingests and integrates user behavior data, such as what times an employee typically works and which applications and data they usually access. It processes data from a variety of sources, including authentication services, endpoint logs, cloud identity data, email and HR data, as well as network, OS and custom sources.

The built-in AI models can then be trained to flag suspicious activity based on irregular user behavior, getting ahead of prominent insider risks such as configuration manipulation, file manipulation and modification of permissions. 

Palo Alto Networks says that in addition to yielding stronger security outcomes, the addition of ITDR to Cortex XSIAM further reduces complexity in the SOC by tightly integrating identity analytics into a unified SOC platform. 

Cortex XSIAM already natively integrates security information and event management (SIEM), endpoint detection and response (EDR), network detection and response (NDR), security, orchestration and response (SOAR), threat intelligence management (TIM) and attack surface management (ASM) capabilities, replacing the need for multiple point solutions, Palo Alto Networks says.