Palo Alto Networks released a cloud-based behavioral analytics application as part of its security platform. The new application, named Magnifier, analyzes data sent from next-generation firewalls to Palo Alto Networks Logging Service and uses this data to profile the behavior of users and devices. Magnifier is expected to be generally available in February.
Palo Alto Networks says attackers who gain access to a network can steal, modify, or destroy sensitive data while they blend in with legitimate users. Often, they can infiltrate organizations and dwell inside networks for months or even years without being detected.
According to Eric Schou, senior director of strategic alliances at Palo Alto Networks, Magnifier is able to track a number of behaviors. These include which users are associated with which device, the servers and Internet sites that each user accesses, the protocols used, and whether they are a normal or administrative user.
Next, Magnifier detects changes in behavior associated with an attacker attempting to control a compromised device, explore the network, take control of additional systems, and steal data.
“For example, if a regular user starts performing administrative functions for the first time, and that type of administrative activity is unexpected for that specific user and for other users in the network, Magnifier will generate an alert revealing that the user is conducting lateral movement,” wrote Schou in an email to SDxCentral. “Attackers cannot hide their behavior as they perform command and control, lateral movement, and exfiltration. Magnifier detects these attack behaviors to uncover attackers dwelling inside networks.”
The Magnifier application uses log-based detection algorithms and applies machine learning in order to generate more accurate and actionable alerts. It analyzes data from firewalls and endpoints to profile user and device behavior. Because its detection algorithms are tailored for the logs sent by Palo Alto Networks’ Next-Generation Security Platform, Magnifier can apply precise machine learning and attack detection algorithms compared to inspecting generic log files for threats.