Palo Alto expands digital forensics and incident response service globally

Palo Alto Networks has expanded its Unit 42 digital forensics and incident response (DFIR) service.

The global DFIR service combines the depth of incident response experience with the breadth of AI-powered solutions to equip enterprises to respond immediately and recover faster than most DFIR services in the market.

“We analyse data from thousands of customers globally, generating over 500 billion daily events. This massive dataset enables responders to contextualise threats and respond effectively. Coupled with our expertise in cloud threats, SOC automation, and network security, this advanced intelligence helps companies recover and emerge stronger than before,” said Wendi Whitmore, Senior Vice President of Palo Alto Networks Unit 42.

According to a recent Unit 42 report, more than 60 percent of organisations take more than four days to resolve security issues, while threat actors typically exploit a misconfiguration or vulnerability within hours.

Unit 42 recently engaged with a large enterprise customer after a zero-day vulnerability allowed an authentication bypass and remote code execution (RCE) exploit. The threat actor leveraged the vulnerability to drop web shells and launch a crypto miner onto the client’s unpatched CRM system hosted on a popular cloud service provider (CSP).

Through unauthorised access, the threat actor stole a CSP credential that provided access to sensitive databases, which they made publicly available on the Internet. As part of the investigation, Unit 42 leveraged Cortex XDR to ingest the CSP CloudTrail logs for rapid threat hunting and analysis and Prisma Cloud to assess the client’s CSP environment. Using Prisma Cloud, Unit 42 assisted the client in remediating the CSP misconfigurations and implementing security best practices during the incident, in real-time, improving their security posture overall.

Unit 42 specialises in cyber DFIR and responds to thousands of customer events annually from ransomware incidents to the rising cloud attacks. Backed by a global team of incident responders, threat intelligence experts, and consultants, Unit 42 has handled some of the largest data breaches in history.

Photo: ar130405 from Pixabay