WASHINGTON: Palo Alto Networks has released AutoFocus device to give customers a clear advantage in the battle against cyber threats. In the brief press release it is described as: “cyber threat intelligence service, a new offering that provides prioritized, actionable intelligence designed to give customers a clear advantage in the battle against cyber threats.”
What makes this interesting is that it is a clear challenge to the very big security intelligence vendors such as IBM and HP. Palo Alto is claiming that the intelligence it is delivering is the result of information gathered from attacks on over 5,000 global enterprise, service providers and government organisations. It is not clear if all of these are Palo Alto customers or whether this is the first significant result of the Cyber Threat Alliance formed in February with Palo Alto as one of the founding members.
What is important for customers is that this is not just a list of threats but a context aware set of data that can be used to quickly identify patterns and the early stages of an attack. What will be important is that the context awareness of this intelligence is accurate enough to differentiate between reasonable user behaviour and not flag it as a false positive. For this to happen, there needs to be training for IT security teams rather than over reliance on the security intelligence service.
Palo Alto claims that there are four key things that the AutoFocus cyber intelligence service is able to deliver:
The press release also highlights three key features of the AutoFocus threat intelligence service:
AutoFocus is available to Palo Alto Networks customers now as part of a community access program. It will then be made publicly available in the second half of 2015 when pricing will also be announced. Between now and then it will be interesting to see how much more information Palo Alto Networks is prepared to disclose around how AutoFocus works and its successes.
