Jetzt Ausprobieren
Partners & Integrations

Lansweeper & Cortex XSOAR: Enrich Alerts for Faster Incident Remediation

5 min. read
24/02/2022
By Lucia Dochita
Cortex-XSOAR-Palo-Alto-Integration-2

As we head into 2022, one of the most pressing issues for security teams across industries and market sectors is security. Spurred on by digitalization and the adoption of hybrid working environments, cybercriminals are having a field day. Security incidents – everything from ransomware to phishing scams, data breaches, and other types of cybercrime – are increasing exponentially and costing organizations a lot of money. 

According to Palo Alto Networks’ Unity 42 security consulting group, ransomware payment amounts climbed 82% to reach $570,000 in the first half of 2021 alone, up from $312,000 in 2020. Think this type of extortion is uncommon? Think again. IDC reports that approximately 37% of organizations globally were victims of an attack last year – and the trend shows no sign of slowing down.

Security teams rely heavily on their Security Information and Event Management (SIEM) software to alert them of potential threats. But this is only the first step toward protecting organizations from an attack or breach. Once the alert comes through, the real work starts: gathering all the data needed to isolate the threat, identify impacted devices and take action to remediate the issue with their Security Orchestration and Remediation (SOAR) tool. Typically, finding all the information needed to inform decision-making and enable rapid corrective action is a long, tedious manual process that takes time and resources, and can significantly delay issue resolution. Worse yet, a team’s inability to pinpoint and address a potential threat can cost an organization thousands or even millions in losses, if the threat turns out to be serious.

The best way to accelerate incident remediation is to enrich alerts with granular data about the devices, software, and users that are impacted – or could be impacted – by a security event. To that end, Lansweeper integrates with multiple SIEM/SOAR solutions, including Palo Alto Networks’ Cortex XSOAR. As a leading global cybersecurity provider, Palo Alto Networks provides seamless integration with Lansweeper through the Lansweeper Cortex XSOAR Content Pack, available to XSOAR customers on the Cortex XSOAR Marketplace.

What Is the Lansweeper Cortex XSOAR Content Pack?

Cortex XSOAR is the industry’s only extended orchestration platform, unifying security automation, case management, real-time collaboration, and threat intelligence management.

Through the Cortex XSOAR Marketplace, customers can access more than 750 integrations to streamline, scale, identify and connect disparate security tools and data sources to maximize SOC efficiency. 

The Lansweeper Cortex XSOAR Content Pack was created to enable SOC teams to enrich incident alerts with accurate IT Asset data for the rapid isolation and remediation of security events. By installing the Content Pack, Palo Alto customers can now benefit from Lansweeper’s device discovery and recognition technology, which enables the collection of detailed information about all IT, OT and IoT connected to a network, along with contextual data that helps security teams make quick, well-informed decisions about security incidents.

Integration

Seamlessly Integrate Lansweeper & Cortex XSOAR

Enrich incident alerts, eliminate wasted time and navigate with speed across your data.

Learn More

Data at Your Fingertips When There’s No Time to Waste

While rapid incident resolution is always important, it’s absolutely essential when there’s a serious security threat. The information Lansweeper provides is invaluable when time is of the essence, and teams are scrambling to prevent an attack from spreading across machines and causing massive damage. Not only does Lansweeper data help teams investigate incidents and determine whether an event is a serious threat or not, but it also provides all the data necessary to isolate infected devices, alert users and managers, and apply the appropriate patches and fixes. In this way, teams can halt the lateral spread of an attack immediately, then take the appropriate steps to minimize damage.

The Cortex XSOAR Content Pack provides fast time-to-value for security teams. Installed with the click of a button, it helps to optimize workflows across security tools through automation. Users can search for assets and see detailed information right away, rather than making endless phone calls and sending emails, then waiting for others to supply the needed information.

SIEM-SOAR

Lansweeper’s deep scanning engine and credential-free device recognition (CDR) technology continuously scan the network, providing up-to-the-minute accurate data to feed into existing security tools and workflows. It detects and demystifies all connected hardware assets – workstations, servers, network devices, IoT devices, mobile devices, cloud assets, and more – even devices that aren’t properly encrypted and unprotected devices used in remote locations – a critical capability in today’s hybrid workplace. Lansweeper can even detect and recognize rogue devices that only touch your network briefly or operate behind a firewall, providing information about all installed software, including version number, publisher, and install date.

As a result of the integration, incident alerts from Cortex XSOAR are automatically enriched, eliminating hours of work, as well as the need to hire security specialists or additional staff, even as the number of security incidents increases.

The Lansweeper Cortex XSOAR Content Pack enables security teams to:

  • Automate the enrichment of incident alerts to discover accurate data on all connected IT devices. 
  • Rapidly identify and classify IT asset threats.
  • Eliminate time wasted with inaccurate or missing data, and navigate with speed across your workloads and unstructured data, reducing the time it takes to investigate and respond to threats.
  • Recover quickly from a security event by identifying and isolating vulnerable devices.
  • Increase resiliency against new attacks by rapidly deploying necessary updates and patches.
  • Demonstrate compliance with complete and detailed documentation to avoid costly fines and reputational damage.

Curious to learn more about this solution and see it in action? Watch our on-demand webinar for a deep dive into how the solution works – and how you can leverage it to remediate security events and incidents in your organizations.

Webinar

Webinar: Supercharge Cortex XSOAR with Lansweeper

Enrich incident alerts, eliminate wasted time and navigate with speed across your data.

Watch the Webinar

Lansweeper’s integration with Palo Alto Networks’ Cortex XSOAR is just one of the many ways the Lansweeper platform fits seamlessly into your existing technology stack. Learn more about our available integrations here.