SecurityCorvil – Palo Alto Networks Integration

Streamlined Investigation and Response to Advanced Threats

Increasing Diversity and Volumes of Attacks And Alerts

Modern cyberattacks have become highly targeted and evasive. Attackers leverage an array of advanced tools and techniques to compromise enterprise networks. Determined and well-funded, attackers that infiltrate networks can move laterally and evade detection for months or longer.

Security teams are overburdened as they try to identify, assess and protect against a multitude of threats at the perimeter and within their networks -- leading to coverage and protection gaps which create risk. They face a constant flow of alerts, including many false positives, which trigger analysts to investigate if the alert is real, whether the attacker is still active within the environment, and what has been compromised.

The analyst workflows often revolve around manual data correlation or multi-tasking between fragmented systems which limits productivity, increases costs, and still leaves exposure to risk. These factors result in a high likelihood that many breaches may go undetected for an extended period of time, resulting in critical data loss.


  • Streamlined investigation of alerts
  • Faster response
  • Improved security analyst productivity
  • Reduced risk of loss from cyber attack

Ranked #1 for Network Analysis that Integrates Intelligently With Your Ecosystem

Info-Tech Research Group

Read the Report

"As networks become more agile and application driven, it is important that network security solutions provide new levels of visibility, threat prevention and policy enforcement. The integration between Corvil and Palo Alto Networks is a good example of the intelligence sharing needed to combat threats on modern networks."

451 Research

Solution Overview

Faster, More Comprehensive Investigation

and Response

The Corvil – Palo Alto Networks integration streamlines cyber-threat investigation and response time, ensuring that your Security Operations team is working on the critical alerts – which saves time, improves effectiveness and limits risk. This integration combines real-time threat detection, user tracking and the forensics capabilities of Corvil with the Palo Alto Networks Next Generation Security Platform.

Corvil and Palo Alto Networks bridge security coverage and protection gaps by combining network security and advanced threat intelligence with visibility and analysis of lateral movement and communications across the network. By providing seamless workflows that leverage intelligence from both platforms, Security Operations teams can be more efficient in how they detect, respond to and prevent attacks.

The solution leverages the Wildfire™ Threat Analysis Cloud, that enables, customers to have access to contribute to an ever-growing global community of intelligence.


  • Single-click response to block source or target of malicious activity
  • Lateral movement visibility and analysis
  • User activity tracking across devices
  • Correlated data for investigation at perimeter and across the network
  • Access to Wildfire™ Threat Analysis cloud for analysis of files and artifacts
  • Continuous and targeted packet analysis and capture
  • Seamless workflows

Corvil has again been named a Visionary in the 2018 Gartner MQ for NPMD Read the Report

"Deep network security intelligence like that provided by Corvil holds the promise of providing insight into behaviors, evasive threats, and patterns of attack and is an essential part of a robust cybersecurity strategy. Information sharing through seamless integration across the wider ecosystem of perimeter, endpoint, SIEM, orchestration, policy and analysis, and other technologies provides a best practice approach for organizations."

Enterprise Management Associates

Key Capabilities

Integrated Visibility And Context

Continuous, complete and real-time visibility across all perimeter, datacenter and hybrid-cloud traffic, automating analysis based on applications, users, content and devices.

Enhanced User Activity Tracking

Comprehensive, real-time and retrospective tracking of user activity across multiple endpoints, devices, network segments and cloud-based services for indicators of lateral movement (East/West traffic) and privilege escalation.

Minimize the manual effort of getting the required details and context through deep content inspection and added dimensions related to user, host, threat intelligence, and perimeter activities.

Expanded Threat Analysis & Prevention

Identify unknown malware, zero-day exploits, and advanced persistent threats (APTs) at the perimeter by using application whitelisting. Streamline internal threat hunting for suspicious files and artifacts with continuous and targeted packet analysis and capture.

Flexible Policy Enforcement

Next generation firewalls identify all network traffic based on applications, users, content and devices, and lets customers express business policies in the form of easy-to-understand security rules.

Immutable Data

Unlike system logs that may be altered by attackers, machine communications captured and analyzed from the network deliver an immutable record of what actually happened.