December 7, 2016 • Glenn Wong
Assemble and deliver actionable threat intelligence from Palo Alto Networks and Recorded Future.
This is part of a series of blog posts on useful “all-source analysis” research and collaborative approaches using Recorded Future and our OMNI Intelligence Partners.
Recorded Future has completed an integration with the Palo Alto Networks AutoFocus threat intelligence service and MineMeld application to streamline the sharing and enforcement of threat intelligence. The integration enables mutual customers to ingest AutoFocus threat intelligence into Recorded Future Intel Cards, which can be used to help create and enforce new prevention-focused controls for Palo Alto Networks next-generation firewalls.
Now, security operations analysts can quickly gain full context of threat actors, their TTPs (tactics, techniques, and procedures), malware, and other IOCs (indicators of compromise) to intercept threats before they impact the business.
Enterprise networks are under constant attack. Adversaries use both automation and sophisticated techniques to attack your network and security analysts need actionable threat intelligence with context to make fast and accurate security decisions.
Once a verdict has been reached, security analysts must also be able to take immediate action without having to incur the delays associated with having to manually manage block lists.
Security analysts can combine threat intelligence from Palo Alto Networks AutoFocus with Recorded Future Intel Cards to expand the context around incidents and malcode-derived threat intelligence. This combination adds global sources of threat intelligence completely outside defended networks in the open, deep, and dark web.
Once a threat is identified, organizations can automatically enforce new security controls for Palo Alto Networks next-generation firewalls with the MineMeld application.
Additionally, Palo Alto Networks customers can use the Recorded Future browser extension to look up these IOCs directly in AutoFocus: IP address, domain, vulnerability, and hash.
There are many ways analysts can use threat intelligence from Recorded Future and Palo Alto Networks AutoFocus together. First, analysts can access instant web context on artifacts and sandbox results in AutoFocus with just a right-click to pull up a Recorded Future Intel Card on IP addresses, domains, hashes, and vulnerabilities.
Conversely, analysts using Recorded Future can access AutoFocus content directly from within a Hash Intel Card. In the example below, an analyst researching a suspicious hash using Recorded Future finds a “malicious” risk score based on references in VirusTotal and Malwr.com; with a single click, additional data from AutoFocus can be appended to this context, including Unit 42’s assessment that this file hash is an example of the malware “Hancitor.”
Using the Palo Alto Networks MineMeld application, analysts can automate processes to block malicious IPs/domains/URLs with external dynamic lists, dynamic address groups, and content from a variety of sources including Recorded Future. This centralizes threat intelligence management and delivery, simplifies maintenance such as the automated timeout of expired indicators, and speeds your organization’s ability to counter emerging threats.
With the integration between Palo Alto Networks and Recorded Future, security analysts can:
In short, the integration enables security teams to consolidate threat intelligence easily and deliver protection rules faster with more confidence.
To see the Palo Alto Networks and Recorded Future integration in action, read the joint solution brief or watch a demo with Marc Benoit and Luigi Mori of Palo Alto Networks as they preview the MineMeld application, including native integration with Recorded Future, at Ignite 2016.
You can also directly contact the Palo Alto Networks sales team.
Palo Alto Networks
Palo Alto Networks is the next-generation security company, leading a new era in cyber security by safely enabling applications and preventing cyber breaches for thousands of organizations worldwide. Their game-changing security platform delivers security far superior to legacy or point products, safely enables daily business operations, and protects an organization’s most valuable assets.