Unit 42 DFIR Service is expanded by Palo Alto Networks.

With 60% of organizations taking more than four days to resolve cybersecurity issues, Unit 42’s Global Incident Response Service dramatically reduces time to remediate threats

The leader in global cybersecurity, Palo Alto Networks (NASDAQ: PANW), has today announced the expansion of its Unit 42 Digital Forensics and Incident Response Service. The Global Digital Forensics and Incident Response service combines a breadth of AI-powered solutions, such as Cortex® XDR® and XpanseTM, and Prisma® Cloud, with a depth of incident response expertise to give businesses the tools they need to respond right away and recover more quickly than almost any other digital forensics and incident response (DFIR) service on the market.

Unit 42 can conduct a thorough investigation with a prompt response thanks to Palo Alto Networks’ distinctive knowledge of security and thorough understanding of advanced attacker behaviour. No other security vendor in the industry can match Palo Alto Networks’ telemetry or our breadth of products to stop attacks in real-time, claims Wendi Whitmore, senior vice president of Palo Alto Networks Unit 42. We analyse data from tens of thousands of clients worldwide, producing more than 500 billion events every day. Responders can contextualise threats and respond effectively thanks to this vast dataset. This cutting-edge intelligence, when combined with our knowledge of network security, SOC automation, and cloud threats, enables businesses to recover and become more resilient than before.

Unit 42 is an expert in cyber DFIR and responds to tens of thousands of customer events every year, including ransomware incidents and evolving cloud attacks. Unit 42 has handled some of the biggest data breaches in history and is supported by a global team of incident responders, threat intelligence specialists, and consultants.

In contrast to threat actors, who typically take advantage of a misconfiguration or vulnerability within hours, more than 60% of organisations take longer than four days to resolve security issues, according to the most recent Unit 42 Cloud Threat report. After a zero-day vulnerability allowed an authentication bypass and remote code execution (RCE) exploit, Unit 42 recently got in touch with a large enterprise customer. On the client’s unpatched CRM system, which was housed on a well-known cloud service provider (CSP), the threat actor used the vulnerability to launch a crypto miner and drop web shells.The threat actor gained unauthorised access and took a CSP credential that gave them access to private databases, which they then posted online for everyone to see. Unit 42 used Prisma Cloud to evaluate the client’s CSP environment and Cortex XDR to quickly hunt down threats from the CSP CloudTrail logs as part of the investigation. Unit 42 helped the client during the incident, utilising Prisma Cloud, to remediate the CSP misconfigurations and implement security best practises in real-time, enhancing their overall security posture.

The Unit 42 Digital Forensics and Incident Response Service includes

  • Assessments: To evaluate and test controls against real-world threats proactively, Unit 42 offers many assessments, including compromise assessments, ransomware readiness assessments, attack surface assessments, and more.
  • IR Preparedness: Helping organizations pressure test technical controls, network security, response playbooks, and more. Services include Penetration Testing, Purple Teaming and Tabletop exercises.
  • Incident Response: Quickly jumpstart an intelligence-led investigation, deploying Palo Alto Networks tools within minutes to contain threats and gather the evidence needed to analyze an incident fully. Unit 42 IR services include cloud incident response, expert malware analysis, and ransomware investigation.
  • Managed Threat Hunting: Offers round-the-clock monitoring from Unit 42 experts to discover attacks anywhere in an organization. Threat hunters work on an organization’s behalf to discover advanced threats, such as state-sponsored attackers, cybercriminals, malicious insiders, and malware.
  • Managed Detection and ResponseCombines Cortex XDR with Unit 42’s industry-leading threat intelligence to offer continuous 24/7 threat detection, investigation and response.

Forrester stated that organisations “…seeking support in preparing for and responding to incidents in sprawling cloud environments should look at Palo Alto Networks” in the Forrester WaveTM: Cybersecurity Incident Response Services, Q1 2022.