Palo Alto Networks

Integration

Devo + Palo Alto Details

Integration of the Security Operating Platform with Devo enables analysts to unlock the true value of their security data. Security operations teams can now easily collect, store, enrich, analyze, and visualize all security-related data, including Palo Alto Networks next-generation firewalls, in one place—without overburdening the security budget.

Integrating best-in-class firewall data into Devo’s real-time platform enables rapid, contextual decisions with complete visibility of all security data and context at the speed and scale required for modern security operations. Devo ingests Palo Alto Networks data using Syslog or HTTP/HTTPS, including traffic, threat, system and config log formats, for rapid correlation and analysis. Together, Palo Alto Networks and Devo are empowering SOCs to more quickly detect and respond to modern threats before they do intractable damage to the business.

Devo + Palo Alto Networks Integration Use Cases

Use Case 1

Challenge: Real-time event triage and investigation are extremely difficult without the right tools or data.

Solution: Devo captures and correlates Palo Alto Networks NGFW data for complete visibility in investigative efforts. The Devo interface then enables filtering, pivoting, and iterating on all security events, improving analyst response time, accuracy, and efficiency.

Use Case 2

Challenge: Investigating petabyte-scale data, identifying Patient Zero, and isolating a compromise requires searching and correlating months of network data. However, legacy tools struggle to capture new forms of data or scale out while maintaining fast response times.

Solution: Retrospective investigation of potential malware incidents with a platform that scales to petabytes to search the vast quantity of raw, historical data and network context from Palo Alto Networks helps establish Patient Zero and limits the scope of compromise. Devo augments Palo Alto Networks extensive event details with alerts to gather historical context through orchestration. You can look back across your Palo Alto Networks data using API-driven network capture, amplifying your investigative signal.

About Palo Alto Networks

The Palo Alto Networks Security Operating Platform prevents successful cyber attacks through intelligent automation. It combines network and endpoint security with threat intelligence and accurate analytics to help streamline routine tasks, automate protection, and prevent cyber breaches. Tight integrations across the platform and with ecosystem partners deliver consistent security across clouds, networks, and mobile devices, natively providing the right capabilities at the right place across all stages of an attack lifecycle.

Need more information?

See how Devo can help you get more value from your Palo Alto Networks firewall logs.