Palo Alto Networks, Inc.
CORRELATION-DRIVEN THREAT ASSESSMENT AND REMEDIATION

Abstract:

Introduced here are security management platforms configured to identify, assess, and monitor organizational vulnerability to security threats. By monitoring netflow data regarding the traffic traversing the Internet, a security management platform can identify security threats that would otherwise go undetected. Such action can be performed instead of, or in addition to, monitoring netflow data regarding the traffic traversing a local network (also referred to as an "internal network") associated with an organization under examination. Thus, rather than monitor the traffic leaving public-facing Internet Protocol (IP) addresses residing on the local network, the security management platform can instead monitor traffic traversing the Internet and then filter the traffic to identify flows originating from the local network, flows destined for the local network, or any combination thereof.