Palo Alto Networks’ largest customers get no-cost incident response - Cybersecurity Dive

DIVE BRIEF Palo Alto Networks’ largest customers get no-cost incident response Available through January, the response program comes at a time of heightened demand for rapid forensic services, particularly in light of the coming SEC incident response enforcement. Published Nov. 15, 2023 David Jones Reporter Share License Add us on Google Cybersecurity professionals assemble for a presentation at Palo Alto Networks’ booth on the show floor on April 27, 2023 at the RSA Conference in San Francisco. Matt Kapko/Cybersecurity Dive Dive Brief:  Palo Alto Networks’ Unit 42 team launched a no additional cost incident response program Tuesday designed to offer immediate security expertise to the company’s largest customers.  The company’s incident response retainer program will provide up to 250 hours of services from Unit 42, including a two-hour remote response time agreement and threat intelligence expertise at no additional cost. The offer is available until Jan. 31, 2024.  The program is available to qualified customers who meet certain conditions, including those that have spent at least $3 million on Palo Alto Networks’ products or services. Public agencies and individuals or organizations located in countries that are sanctioned or under a U.S. trade embargo are not eligible.  Dive Insight: The program comes at a time of heightened threat activity from nation-state actors and criminal threat groups as well as heightened scrutiny from federal and state regulators over data security.  “The threat landscape and evolving threat actors are causing massive amounts of disruption to global businesses,” Wendi Whitmore, SVP of Unit 42 at Palo Alto Networks, said via email.  Whitmore noted 96% of companies faced a security incident in 2022.  “While Palo Alto Networks is addressing this on the technology front with our platforms, having a reliable, capable and quick incident response partner is also critical should an attack occur,” Whitmore said. Demand from publicly traded companies for rapid incident response has risen to levels not seen in years. The Securities and Exchange Commission recently enacted rules that require publicly traded companies to report material attacks and data breaches within four business days of determination.  “For the SEC, at a minimum, companies need to be laser focused on the two main prongs of the disclosure requirements,” John Farley, managing director of Gallagher’s cyber liability practice, said via email in October.  The SEC rules took effect in September, but the agency will begin enforcing the cyber disclosure rules starting in mid-December. The SEC also filed charges against SolarWinds and CISO Tim Brown last month, alleging the company made misleading disclosures about its data security program to investors in the years leading up to the Sunburst supply-chain attack in December of 2020.  Add us on Google Share PURCHASE LICENSING RIGHTS Filed Under: Strategy