Today’s post was written by Francesco Vigo, Principal Solutions Architect for Palo Alto Networks.

We are proud to bring together two of the most powerful APIs and data sharing ecosystems with the release of the Microsoft Graph Security app for Cortex by Palo Alto Networks. This compelling combination allows customers to share data between the Palo Alto Networks platform and Microsoft apps and services, providing unprecedented context, coordinated alerting, and simplified response workflows.

Get more from your data

With the Microsoft Graph Security app, customers can use combined data from Palo Alto Networks and Microsoft to unlock new security insights to protect their organization. Now, customers can aggregate and correlate their data through a joint API interface, enabling prevention workflows across multiple security vendors and products.

How the Microsoft Graph Security app works

  1. Centralize network, endpoint, and cloud alerts from the Cortex Data Lake and Microsoft through the Microsoft Graph Security API.
  2. Cross-reference alerts with third-party security tools through the Microsoft Graph for additional context.
  3. Automatically stop threats on Palo Alto Networks infrastructure.

Build a story around threats

Traditionally, each threat is seen as an individual action by attackers requiring manual correlation across an array of independent security tools. The process is overwhelming, with multiple data formats, different threat scoring, and constant pivoting between dashboards. The Microsoft Graph Security app allows security teams to share data in a common format to build a cohesive story around threats, correlating actions to user profiles and devices in a single place for investigation and response.

Correlation in action

Let’s take a look at an example. Imagine that a security organization sees the following alerts:

  • Azure Active Directory Identity Protection detects a sign-in from an unfamiliar location.
  • Palo Alto Networks next-generation firewall detects a visit to a malicious domain.
  • Windows Defender Advanced Threat Protection finds malicious code being executed on an endpoint.

Individually, none of these alerts are particularly critical. But together, they may indicate a bigger threat. With the Microsoft Graph Security app, unique alert context from Palo Alto Networks, Microsoft, and other vendors can be shared across the ecosystem and alert status can be updated with real-time intelligence to help analysts make quick decisions.

Now, with a clear and coherent story of what happened to the user available to the security team, the separate alerts are clearly a critical threat: An attacker compromised a user in the network, visited a malicious domain, and is actively executing malicious code. Palo Alto Networks next-generation firewalls can seamlessly extend containment policies to isolate and quarantine the infected user, stopping the attack in its tracks.

Better together

We are excited that Microsoft is an early-stage partner in the Cortex ecosystem of apps. As a member of the Microsoft Intelligent Security Association, Palo Alto Networks and Microsoft are enabled to work together to better protect our mutual customers. This app allows customers to leverage a combination of security tools from Palo Alto Networks, Microsoft, and other vendors with confidence that it will all work together. For more information about the Microsoft Graph Security app and others available for Cortex, visit the Cortex hub.

Author bio

Francesco is a Principal Solutions Architect on the Developer Relations team at Palo Alto Networks, where he is focused on Cortex integrations with partners and customers. Prior to joining Palo Alto Networks, Francesco was part of the Technical Product Management team at VMware, working on NSX. Francesco has been a speaker at several Palo Alto Networks and partner events and briefings including Palo Alto Networks Ignite, VMworld, Microsoft Ignite, and Google Cloud Next.

As a networking and security expert, Francesco has 10+ years of pre- and post-sales experience on data center and cloud infrastructures, automation, and virtualization. Before relocating to the Silicon Valley in 2015, he grew up in Italy, where he obtained a M.S. in Telecommunications Engineering from Politecnico di Milano.