Palo Alto Networks and Cisco Aim for Real-Time Security with AI and XDR

Palo Alto Networks and Cisco are both targeting real-time security as a key focus area, leveraging AI-powered capabilities and technologies like extended detection and response (XDR) to enable faster threat detection. The arrival of these new technologies has the potential to significantly reduce the time between initial attack and breach, which has dropped to an average of about five days.

Palo Alto Networks is working towards delivering on the vision of “real-time security” with its recently introduced Precision AI, which includes both generative AI and machine learning functionality. By embedding Precision AI across its portfolio, Palo Alto Networks aims to achieve a 60X improvement in the speed of detecting new attacks. The company is also set to become a more prominent player in the security operations tools market with its planned acquisition of IBM’s QRadar SaaS business.

Cisco, on the other hand, is combining its XDR platform with Splunk’s SIEM technology to create a powerful solution for enabling real-time security. XDR provides a more focused, real-time solution for detecting threats, while Splunk brings broad context from various systems. By integrating Splunk’s context into XDR, the combined capabilities can become more effective at detecting and stopping threats in real time.

While the discovery and speed of threat detection have significantly improved, the challenge lies in minimizing false positives. Achieving true real-time security often requires better alignment between the client and the product than currently exists. However, industry experts believe that as AI and XDR technologies continue to evolve, the speed and accuracy of threat detection will further improve.

The rise of XDR as a newer and potentially higher-quality method for detecting cyberthreats compared to traditional SIEM is highlighted by Palo Alto Networks’ acquisition of IBM’s QRadar SaaS business. This deal underscores the growing importance of XDR in the security industry and its potential to challenge more established SIEM vendors.

Source – CRN