CyberSecurity What is Cortex XSIAM? Palo Alto Networks' Unified SOC Platform Explained Cortex XSIAM explained: what it is, how it solves the SOC complexity problem, and why it delivers a 257% ROI. Written by a PAN Domain Consultant who presents it daily.
CyberSecurity EDR vs XDR vs SIEM: What's the Difference and Which Do You Need? EDR, XDR, and SIEM explained side by side -- how they differ, where they overlap, and which your organisation actually needs. With buying guidance from a Cortex Domain Consultant.
CyberSecurity What is Cortex XDR? Palo Alto Networks' XDR Platform Explained A practical breakdown of Cortex XDR — what it is, how the architecture works, Prevent vs Pro licensing, and who should be looking at it.
CyberSecurity What is XDR? Extended Detection & Response Explained XDR — eXtended Detection and Response — unifies telemetry across endpoints, network, cloud, and identity to detect and respond to threats faster. Here's what it is, how it works, and why it matters.
CyberSecurity Featured The AI Danger Window: How Autonomous Exploitation is Reshaping the SOC Anthropic's CEO warns of a 6–12 month 'danger window' before AI-driven autonomous exploitation reaches mass deployment. Here's what it means for the SOC — and what happened this week.
CyberSecurity Featured Mastering Policy Flexibility: Understanding Configuration Scope in Strata Cloud Manager (SCM) In today's dynamic security landscape, managing security policies across diverse environments – from physical firewalls in data centers to cloud-based instances and remote access users – demands a platform that offers both broad control and granular flexibility. Palo Alto Networks' Strata Cloud Manager (SCM) addresses this challenge with its
CyberSecurity Unlocking the Power of Palo Alto Networks Cloud-Delivered Security Services As cybersecurity threats become more advanced and pervasive, traditional on-premise defences are no longer sufficient. Organisations need scalable, intelligent, and adaptive security solutions that keep up with today’s dynamic threat landscape. This is where Palo Alto Networks Cloud-Delivered Security Services (CDSS) come into play. Whether you're securing
Palo Alto Networks Strata Cloud Manager Device Onboarding In my last blog, I discussed SCM licensing and accessing the SCM tenant. Now we have the basics under our belts, I'm going to talk about device associations using Common Services. But first, let me explain what Common Services is and how its used. Palo Alto Networks Common
Palo Alto Networks Strata Cloud Manager Basics In my previous blog, "Why should enterprises consider Palo Alto Networks Strata Cloud Manager?" I gave compelling reasons enterprises may want to adopt Palo Alto Networks' cloud-delivered unified management and operations platform. Before we get into the technical details, it's important to understand the licensing
CyberSecurity Featured Why should enterprises consider Palo Alto Networks Strata Cloud Manager? I’ve been working in the Network Security space for over 20 years now, and over that time I’ve worked with a plethora of different employers and customers, which means I’ve been exposed to a vast array of network security technologies. When I look back, I remember having
CyberSecurity Lets Gophish What Is Gophish? Gophish is a powerful, open-source phishing simulation tool that helps organisations strengthen their cybersecurity by testing how users respond to realistic phishing attacks. Designed to be user-friendly and highly customisable, Gophish is perfect for security teams looking to launch targeted phishing campaigns without relying on expensive commercial
CyberSecurity What Is DNS Hijacking? DNS hijacking, sometimes called DNS redirection, is a sneaky type of cyberattack where hackers mess with the Domain Name System (DNS) to secretly redirect your internet traffic. Instead of taking you to the website you intended to visit, they send you to a malicious site—often one that looks legitimate
CyberSecurity Featured DNS Security Attackers continue to innovative their techniques to evade security. For example Strategically Aged Domains are domains that are registered in advance. The domains are reserved and left dormant for months or even years before using them for attacking campaigns to bypass security vendor reputation checks. Sometimes, it will take longer
CyberSecurity Featured DNS Tunneling: A Hidden Pathway for Cyber Threats In the world of cybersecurity, attackers are always seeking creative ways to bypass traditional defenses. One such technique that often flies under the radar is DNS tunneling — a stealthy method of communication that leverages a fundamental part of the internet: the Domain Name System (DNS). While DNS is critical for
Networking 101 What is the OSI model? The Open Systems Interconnection model is a reference model that describes how applications interact with each other over a computer network. The OSI model has seven layers seen below. Physical Layer This is the lowest layer of the OSI model. This layer provides mechanical, and electrical functions by transmitting bits
Palo Alto Networks Panorama Templates and Template Stacks Templates and Template Stacks are used to configure firewalls using Panorama so that they can function on the network. If we look at the Panorama tabs, you can see that Templates encompass both the Network and Device tabs. The network tab is where we can define interfaces, Zones, Virtual Routers
How To Install Graylog On Ubuntu 20.04 Graylog [https://www.graylog.org/] is an open-source log management tool that helps you store and analyse machine logs centrally. Graylog set-up consists of three components Graylog server, Elasticsearch, and MongoDB. This is a fresh install of Ubuntu 20.04, as I'm installing Graylog in a demo lab
Palo Alto Networks Migrate a HA Pair of PAN-OS firewalls into Panorama When I deploy Panorama first time into the network, I always aim to have the least amount of local configuration on the firewalls as possible and allow Panorama to manage 99% of the configuration. However, in my lab, the firewalls do have some Security Policies and IPSec configuration which I
Panorama Best Practices Assessment. The Palo Alto Networks Best Practice Assessment (BPA) [https://www.paloaltonetworks.com/services/bpa] tool can be used to check the security posture of both Panorama and firewall deployments, by comparing the current configuration of the devices against the Palo Alto Network best practices. The BPA can be re-run at
The Lab My unexpected TrueNAS Build Over the last few weeks, I've been doing some spring cleaning in my home network. Whilst poking around in my datastores of my two ESXi hosts it was evident I had a case of virtual machine sprawl. It was time to be a bit ruthless and delete the
Upgrading Panorama PAN-OS Software Time to upgrade Panorama to a newer PAN-OS version! My EVE-NG lab Panorama has an internet connection that allows me to download software and content updates. And since I'm running in Panorama mode with an integrated log collector, I don't need to upgrade the log collector
Virtual Panorama Log Collector Setup At the heart of my EVE-NG lab, I have two virtual Panorama appliances deployed using a KVM image which I wrote about in my previous two blogs [https://www.mbtechtalker.com/tag/pan-os/]. I'm using the default Panorama mode, which operates as a management server with local log
Palo Alto Networks Panorama Baseline Configuration Now that I have successfully deployed a Panorama KVM image in EVE-NG, I can now boot up the two Panorama virtual appliances and configure IP connectivity through the console so that each Panorama can be managed via the WebUI and SSH. The aim of this lab task is to have
The Lab A very flexible lab switch Due to the fact that my Cisco UCS M4 [https://www.cisco.com/c/en/us/products/servers-unified-computing/ucs-c220-m4-rack-server/index.html] is such a beast of a server, it's mega loud! So I had no choice but to tuck it away in my workshop. I needed to come
The Lab How to enable VM Autostart on VMware ESXi 7.0 Now that my Cisco UCS labs server is purring away, I have been exploring ways to automate certain tasks, for instance, being able to power the server using Tapo P110 Wifi enabled power sockets [https://www.amazon.co.uk/TP-Link-Tapo-Monitoring-Required-P110/dp/B097YBXHTW/ref=sr_1_1?adgrpid=126376539782&gclid=
