Data Security, Meet Remediation: Introducing the New Integration Between Pr...

Remediation has long been a sore spot in data security posture management (DSPM). Many of the currently available solutions are great at surfacing alerts but offer no real way for Security teams to take action without a separate effort to integrate with external remediation tools.

Today, we're happy to announce a new and ready-to-use integration between Prisma Cloud DSPM and Cortex XSOAR. This latest development allows organizations to automatically remediate data security risks (or initiate relevant remediation workflows) and to easily incorporate data security risks, policies and classifications into new and existing remediation playbooks. For Palo Alto Networks, this represents another step toward our vision of further platformization in cloud security.

Bridging the Gap Between Alert and Action

Mitigating data risk starts with visibility and prioritization of security and compliance issues, based on the full context of the data being protected (rather than a mechanistic view focused on the cloud resources storing or processing the data). Prisma Cloud DSPM - a leader in data-centric security that allows organizations to monitor, secure and govern diverse cloud environments without the use of agents - addresses this piece of the puzzle.

Visibility, however, is only the first step. The importance of efficient remediation can't be overstated. After all, there's little use in discovering a data breach after customer details have been exfiltrated. Organizations that wish to avoid reputational, financial and legal damage will aim to address data security issues swiftly and efficiently, before issues spiral out of control and become full-blown incidents.

But this is easier said than done. Operationalizing the insights generated by security posture tools requires coordination between multiple teams - including developers, DevOps and data owners. Successful remediation requires both timely security insights as well as effective ways for teams to communicate, align, and assign responsibilities for remediation actions.

Cortex XSOAR (Extended Security Orchestration, Automation and Response) by Palo Alto Networks plays a central role in addressing these challenges. It speeds up investigations by centralizing incident data and threat intelligence and orchestrates actions across the entire security stack. With over 900 prebuilt integration and automation packs, a visual playbook editor for code-free automation, and the ability to handle thousands of security actions, Cortex XSOAR enables security teams to respond faster and more effectively to threats.

By combining Prisma Cloud's advanced risk detection and data classification and the automated remediation tools available in Cortex XSOAR, organizations can achieve end-to-end data security that allows them to see when something has gone wrong - and quickly make it right. Both tools are offered by Palo Alto Networks and integrated out of the box, removing complexities around administration, integration, and procurement, which means more time and budget goes to improving security.

How Data Risk Remediation Works with Cortex + Prisma Cloud

The integration between Prisma Cloud DSPM and Cortex XSOAR enables a seamless approach to remediation through ready-made playbooks and building blocks specifically designed to effectively address data risk.

The integration includes playbooks designed to address common data security risks and will be continuously updated to address new scenarios and attack paths. Each playbook consists of a series of predefined steps that guide the remediation process, based on widely acknowledged industry best practices and standards.

An example of this process can be seen in figure 1.

In addition to these ready-made playbooks, the integration introduces a set of data-centric building blocks that will be available within Cortex XSOAR - including rules, policies and classifications imported from Prisma Cloud DSPM. For example, these could include Prisma Cloud's built-in data classifications (such as PII or developer secrets), as well as custom labels and classifications created within Prisma Cloud. Organizations can use these to tailor their remediation playbooks based on their internal workflows and procedures for dealing with specific types of risks.

What Are the Benefits of Unified DSPM and Remediation?

• Reduced time to remediation: By automating the process from alert to action, organizations can significantly reduce the time it takes to address potential security risks.
• Less manual effort: Ready-to-use building blocks (such as data classifications) make it easy to create or customize remediation workflows, without requiring additional engineering work to make these components available for security teams.
• More consistent responses to critical risks: Predefined playbooks ensure that remediation steps are consistently applied across the organization, reducing human error and improving security posture.
• Ecosystem integrations: Prisma Cloud DSPM can benefit from around a thousand integrations available via Cortex to more tightly integrate data security into their broader tooling ecosystem.
• Visibility: The integration provides a comprehensive view of data security risks and remediation efforts, allowing for better tracking and reporting.

See the Power of a Unified Platform in Action

Want to get started with DSPM-powered remediation? How about a guided tour of Prisma Cloud DSPM? Get in touch to start your free trial.

Public link

Please use the above public link if you want to share this noodl on another website.