Why Net Friends Relies on Cortex XDR and Avanan Complete
For literally decades, the folks who sit behind the desks at Security Operations Centers around the world have looked for network attackers using something called Indicators of Compromise (IoC). An IoC is like a piece of evidence that a crime was committed – a broken window or a bloodstain. On a network, an IoC might be a new file that shouldn’t be there, or a log entry showing contact with a known-malicious IP address. But there’s one thing all IoCs have in common: they all capture information after the fact. The crime has already occurred. You’re just cleaning up afterward.
When Net Friends designed the security elements for our NetVisor and MDR services, we knew our customers wouldn’t be satisfied with getting calls to let them know their confidential data had already been breached. We needed to stop attacks while they were in progress.
That’s why we turned to Cortex XDR and Avanan Complete, two cutting-edge platforms from security firms recognized by Gartner as leaders in their field. Both use a new kind of IoC, sometimes called “behavioral IoC,” to block attacks in real time by detecting suspicious activity as it happens.
Avanan Complete secures our customers’ cloud-based communications, including email, chat, virtual meetings, and file sharing. It uses machine learning to build a map of how each company communicates: who talks to whom, who shares what files, where key users log in from. When it detects activity that departs from those patterns, Avanan Complete can shut that activity down instantly until a human can investigate.
Cortex XDR secures our customers’ laptops and workstations. It monitors the operating system and network, looking for patterns of activity that trip any of the hundreds of rules supplied to us in real time by a global network of security organizations. By recognizing suspicious computer behavior as it happens, Cortex XDR can block so-called “zero-day” attacks, which are so new they haven’t even been named.
Cortex XDR also goes beyond rules and definitions by testing suspicious files it identifies in a proprietary “sandbox.” This virtual environment is hosted in the cloud by Cortex’s developer, Palo Alto Networks. Like a cyber-bomb-squad, Palo Alto will attempt to “detonate” the file by executing it to see what it tries to do. If the file tries to trigger unauthorized events, Cortex XDR will create a new rule for that file on the fly to prevent any other workstation from running it.
This potent combination allows Net Friends to offer our small business customers enterprise-grade security without enterprise pricing. If you’re outsourcing your network security, find out what your vendor is doing for real-time detection and response to internet attacks – that is, unless you’re not in any hurry to find out.
WHAT TO READ NEXT IN OUR TECHNOLOGY STACK SERIES:
- How Our Passion for Cortex XDR Paid Off
- Net Friends Recognized by Palo Alto Networks as a NextWave MSSP Partner
- What Is A Technology Stack & Why Should I Care?