https://live.paloaltonetworks.com/t5/cortex-xsoar-articles/cortex-xsoar-telecom-case-study/ta-p/329083 <DIV class="lia-message-template-content-zone"> <H2><STRONG>Cutting Through the Noise</STRONG></H2> <P>Cortex XSOAR in Telecom</P> <P>&nbsp;</P> <P>A leading telecommunications company that provides cellular, internet, streaming TV services, and business infrastructure hosting services. With the data of more than 2.8 million subscribers at stake, this customer needed to protect its digital and infrastructure assets.</P> <P>&nbsp;</P> <P>&nbsp;</P> <TABLE> <TBODY> <TR> <TD width="494px" height="378px" align="left" valign="top"> <P><FONT color="#00CC66"><STRONG>Industry</STRONG></FONT><BR />Cellular/Telecommunications</P> <P>&nbsp;</P> <P><FONT color="#00CC66"><STRONG>Integrations</STRONG></FONT></P> <UL> <LI><SPAN>SIEM</SPAN></LI> <LI><SPAN>Threat intelligence</SPAN></LI> <LI><SPAN>Email listener</SPAN></LI> <LI><SPAN>Behavioral Analytics</SPAN></LI> </UL> <P><FONT color="#00CC66"><STRONG>Challenges</STRONG></FONT></P> <UL> <LI><SPAN>Lack of a defined SOC team</SPAN></LI> <LI><SPAN>High volume of weekly alerts</SPAN></LI> <LI><SPAN>Disparate teams (e.g., Production, Security, Development)</SPAN></LI> <LI><SPAN>Open tickets and long response times</SPAN></LI> </UL> </TD> <TD width="488px" height="378px" align="left" valign="top"> <P><FONT color="#00CC66"><STRONG>Solution</STRONG></FONT><BR />This telecom company used Cortex XSOAR to:</P> <UL> <LI><SPAN>Execute playbooks for automated malware analysis and response</SPAN></LI> <LI><SPAN>Ingest security intelligence across sources for centralized context</SPAN></LI> <LI><SPAN>Facilitate team collaboration and information visibility with the War Room</SPAN></LI> </UL> <P><FONT color="#00CC66"><STRONG>Results</STRONG></FONT><BR />Cortex XSOAR enabled the company to:</P> <UL> <LI><SPAN>Speed up response times by automating repeatable tasks</SPAN></LI> <LI><SPAN>Coordinate across teams and improve team accountability</SPAN></LI> <LI><SPAN>Improve response efficiency with single-console investigations</SPAN></LI> </UL> </TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <H3><STRONG>Story Summary</STRONG></H3> <P><SPAN>Because of the customer’s broad range of services, security was—and is—a multi-team effort. It had long been challenging to coordinate between security, development, and production teams for regular security operations and incident response. The lack of a defined security operations center (SOC) team exacerbated this, resulting in a high volume of daily alerts (around 100) and dead time during incident handoffs.</SPAN></P> <P>&nbsp;</P> <P><SPAN>The customer’s security teams also had multiple ingestion and detection sources to deal with. While they had a security information and event management (SIEM) system in place to aggregate logs and machine data into alerts, some incidents also flowed in via mailboxes, where employees forwarded suspected phishing emails. As a result, there was no single console from which to view alerts and execute incident response at scale.</SPAN></P> <P>&nbsp;</P> <H3><STRONG>The Solution</STRONG></H3> <P><SPAN>The customer solved these challenges by deploying Cortex™ XSOAR alongside the existing SIEM, threat intelligence, email, and behavioral analysis solutions. Now, the security teams can&nbsp;</SPAN><SPAN>take advantage of:</SPAN></P> <UL> <LI style="font-weight: 400;"><SPAN>Ingestion across sources: With Cortex XSOAR orchestration allowing for ingestion of alerts across sources, the customer can direct alerts from its SIEM and mailboxes into the Cortex XSOAR console for single-window visibility, triage, and response.</SPAN></LI> <LI style="font-weight: 400;"><SPAN>Malware enrichment and response playbook: A custom playbook coordinates a range of products for automated malware enrichment and response. It runs threat intelligence actions on SIEM alerts to establish reputation for indicators of compromise (IOCs). Then, it retrieves endpoint details through integration with relevant tools, runs behavioral analytics using one of the customer’s custom tools, and deploys the dissolvable Cortex XSOAR agent on infected endpoints. Once extracted, Cortex XSOAR presents this wealth of data, such as file details and memory dumps, for the security team’s perusal.</SPAN></LI> <LI style="font-weight: 400;"><SPAN>Team coordination: To address team coordination, the customer uses the Cortex XSOAR War Room to great effect. The War Room provides a platform through which cross-functional teams can view playbook task results, collaborate on plans of action, and run security commands in real time.</SPAN></LI> </UL> <P>&nbsp;</P> <BLOCKQUOTE><SPAN>“The platform has threaded together our security systems, enabled different teams to collaborate, and continuously onboarded new features to help us resolve incidents faster.<BR />—CSO, Telecom Customer</SPAN></BLOCKQUOTE> <P>&nbsp;</P> <P><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Extended capabilities with Cortex XSOAR" style="width: 512px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/25749iD7289825131EE4EA/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Cortex XSOAR War Room.png" alt="Extended capabilities with Cortex XSOAR" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Extended capabilities with Cortex XSOAR</span></span></SPAN></P> <P>&nbsp;</P> <H3><STRONG>The Results</STRONG></H3> <P><FONT color="#00CC66"><STRONG>No SOC Team, No Problem</STRONG></FONT></P> <P><SPAN>Playbooks—such as for malware enrichment—help automate previously time-consuming tasks and free up analyst time by providing rich information for problem-solving. Codifying a sequence of steps helps the entire team stick to a response quality benchmark and quickly onboard use cases.</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P><FONT color="#00CC66"><STRONG>Cross-Team Collaboration</STRONG></FONT></P> <P><SPAN>Using the War Room for incident investigations improves team coordination and productivity, preventing the need to maintain disparate threads of communication across emails, tickets, and so on. Moreover, since participants can work in a common window, it’s easy to impart visibility and assign accountability when required.</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P><FONT color="#00CC66"><STRONG>Faster Response</STRONG></FONT></P> <P><SPAN>Cortex XSOAR provides a central console, where incidents from multiple sources can be ingested. Multiple attacks belonging to common campaigns can be identified as related incidents within Cortex XSOAR, further sanitizing and enriching the alert queue so that security teams can respond to incidents more quickly.</SPAN></P> </DIV> Thu, 10 Apr 2025 17:46:28 GMT ELaufer 2025-04-10T17:46:28Z https://live.paloaltonetworks.com/t5/cortex-xsoar-articles/cortex-xsoar-telecom-case-study/ta-p/329083 <DIV class="page" title="Page 1"> <DIV class="section"> <DIV class="layoutArea"> <DIV class="column"> <P><SPAN>Cortex XSOAR in Telecom </SPAN></P> </DIV> </DIV> </DIV> </DIV> Thu, 10 Apr 2025 17:46:28 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-articles/cortex-xsoar-telecom-case-study/ta-p/329083 ELaufer 2025-04-10T17:46:28Z