SOAR stands for security orchestration, automation and response. It is a software solution that enables security teams to integrate and coordinate separate tools into streamlined threat response workflows. SOAR systems allow for accelerated incident response through the execution of standardized and automated playbooks that work upon inputs from security technology and other data flows. SOAR systems can also help ensure consistency, reduce human errors, and improve efficiency and scalability of security operations. References:

• Security Operations Infrastructure from Palo Alto Networks
• What is SOAR (security orchestration, automation and response)? from IBM
• Security Operations Fundamentals (SOF) Flashcards from Quizlet

An evil twin is a type of Wi-Fi attack that involves setting up a fake malicious Wi-Fi hotspot with the same name as a legitimate network to trick users into connecting to it. The attacker can then intercept the user’s data, such as passwords, credit card numbers, or personal information. The victim initiates the connection by choosing the fake network from the list of available Wi-Fi networks, thinking it is the real one. The attacker can also use a deauthentication attack to disconnect the user from the legitimate network and force them to reconnect to the fake one. References:

• Types of Wi-Fi Attacks You Need to Guard Your Business Against - TechGenix
• Types of Wireless and Mobile Device Attacks - GeeksforGeeks
• The 5 most dangerous Wi-Fi attacks, and how to fight them
• What are Wi-Fi Attacks & How to Fight - Tech Resider

Dynamic analysis is a method of malware analysis that executes the malware in a controlled environment and observes its behavior and effects. Dynamic analysis can reveal the malware’s network activity, file system changes, registry modifications, and other indicators of compromise. Dynamic analysis is performed by Palo Alto Networks WildFire, a cloud-based service that analyzes unknown files and links from various sources, such as email attachments, web downloads, and firewall traffic. WildFire uses a custom-built, evasion-resistant virtual environment to detonate the submissions and generate detailed reports and verdicts. WildFire can also share the threat intelligence with other Palo Alto Networks products and partners to prevent future attacks. References: WildFire Overview, WildFire Features, WildFire Dynamic Analysis

Cortex XDR is a detection and response platform that natively integrates network, endpoint, and cloud data to stop sophisticated attacks. A key benefit of Cortex XDR is that it acts as a safety net during an attack while patches are developed. Cortex XDR uses machine learning and behavioral analytics to detect and validate threats, and automatically reveals the root cause of alerts to speed up investigations. Cortex XDR also enables flexible and rapid response actions to contain and remediate threats across the environment. References: Cortex XDR- Extended Detection and Response - Palo Alto Networks, What is Cortex XDR | Palo Alto Networks, Cortex XDR Datasheet - Palo Alto Networks

A worm is a type of malware that replicates itself to spread rapidly through a computer network. Unlike a virus, a worm does not need a host program or human interaction to infect other devices. A worm can consume network bandwidth, slow down the system performance, or deliver a malicious payload, such as ransomware or a backdoor123. References: Types of Malware & Malware Examples - Kaspersky, 10 types of malware + how to prevent malware from the start, Computer worm - Wikipedia

A worm replicates through the network while a virus replicates, not necessarily to spread through the network.

A Jasager attack is a type of wireless man-in-the-middle attack that exploits the way mobile devices search for known wireless networks. A Jasager device will respond to any beacon request from a mobile device by saying “Yes, I’m here”, pretending to be one of the preferred networks. This way, the Jasager device can trick the mobile device into connecting to it, without the user’s knowledge or consent. The Jasager device can then intercept, modify, or redirect the traffic of the victim. For this attack to work, the attacker needs to be within close proximity of the victim, and the victim must have at least one known network in their preferred list. The victim does not need to manually choose the attacker’s access point, nor does the attacker try to get victims to connect at random. References: Wireless Man in the Middle - Palo Alto Networks, Man-in-the-middle attacks with malicious & rogue Wi-Fi access points - Privacy Guides