As we expand our integrations with industry leaders, we’re very excited to highlight a new Agari integration with Palo Alto Networks Cortex XSOAR that helps security teams improve email threat visibility and accelerate their ability to respond to phishing attacks.
This new integration is welcome news for security teams who are feeling pummeled by a never-ending onslaught of phishing attacks. According to a recent study from Palo Alto Networks, 86% of enterprise security teams report getting hit by phishing attacks during the past 12 months. Another 63% point to state-sponsored threat actors as the culprits. Meanwhile, Gartner notes that the velocity and creativity of new email attacks continue to grow–with threat actors exploiting a variety of new tools, tactics, and techniques to achieve a wider array of nefarious goals.
Keeping ahead of these bad actors is a daunting prospect for security operations centers (SOCs). Too many incident response workflows rely on manual processes—gathering forensics from relevant systems, taking action in others, reporting in yet some other tool. It’s an inefficient, tedious process. And too often, the disconnects mean SOC teams don’t even have the visibility to connect the dots. A lack of actionable email threat intel can create blind spots that limit analysts’ ability to ensure effective prioritization, forensic analysis, triage, remediation, and reporting.
Working Smarter Against a Costly Threat
Faced with an ever-growing challenge of mitigating cyberattacks, many SOC teams are deploying solutions such as Palo Alto Networks' Cortex XSOAR (formerly known as Demisto) to improve threat visibility and to manage incident response processes more efficiently and effectively.
Cortex XSOAR is a comprehensive Security Orchestration, Automation, and Response (SOAR) platform that unifies threat intelligence aggregation, scoring, and sharing with playbook-driven automation to accelerate incident response across cloud, hybrid, and on-premises environments.
Now, Agari has brought our industry-leading email threat data and defense to the Palo Alto Networks Cortex XSOAR ecosystem with a powerful and flexible anti-phishing integration. The Agari integration with Cortex XSOAR leverages the platform’s native mechanisms to provide additional data insight, enrichment, and automated incident response for phishing and other malicious emails directly within the XSOAR environment.
Integrated Email Threat Data
Cloud Email Protection has the proven ability to prevent phishing and advanced email threats from ever reaching employee inboxes by scoring every message flowing into and within the organization to defend against everything from large-scale phishing campaigns to low-volume, highly-targeted identity deception-based email attacks. And our cloud-first solutions are built with open APIs to deliver better security, reduce costs, and support a dynamic and agile environment.
Our product uses machine learning—combined with knowledge of an organization's email environment to assess inbound email traffic. Each message received by Agari is scored and plotted in terms of email senders’ and recipients’ identity characteristics, expected behavior, and personal, organizational, and industry-level relationships.
Now, with the Cloud Email Protection integration for Cortex XSOAR, teams easily gain a granular level of visibility into the email threats that can be incorporated into their analytical playbooks and dashboards to orchestrate protection processes and safeguard the entire infrastructure.
For the attack categorization analysis, we leverage anonymous aggregate scoring data that automatically breaks out identity deception-based attacks that bypass upstream Secure Email Gateways (SEGs) into distinct threat categories, including display name deception, compromised accounts, and more.
The integration of Cloud Email Protection with Cortex XSOAR enables security teams to leverage our unrivaled email threat intelligence faster and easier than ever before. Key capabilities include:
- Take Cloud Email Protection enforcement actions directly from within Cortex XSOAR
- Enable fast, active sharing of threat intelligence into Cortex XSOAR to identify related or unique events
- Operationalize threat data directly from Agari as part of an automation or playbook, without the need to transform syslog or STIX TAXXI feeds
- Create dashboards to enable quick visual inspection and identity policy hits on top attacks, attack recipients, partner domains spoofed, untrusted messages, and more
These scenarios are great examples of how the actionable data and playbooks available with this integration make it easy to connect Agari email threat data to Cortex XSOAR—improving visibility into email threats, accelerating incident response, and driving SOC efficiency.
Arming SOCs for the Threats Ahead
SOCs need all the help they can get. Phishing threats grow ever more serious, with multinational criminal organizations and even nation-state actors mounting extraordinarily sophisticated attacks. There are simply too many alerts to handle, too many threat feeds to monitor, and too many manual processes to manage.
Together, Cloud Email Protection and Cortex XSOAR are changing the balance of power, with more automation of incident response and more actionable threat intelligence to help SOC teams save time, speed up triage, and reduce the number of steps required for threat mitigation. Agari is proud to help Cortex XSOAR users optimize their strategic security and technology investment with a platform that is quickly becoming foundational in the fight against advanced email threats.
Learn more about the Agari integration with Palo Alto Networks Cortex XSOAR in our solution brief.