article Cortex XSOAR Esri Case Study in Cortex XSOAR Articles

article Cortex XSOAR Esri Case Study in Cortex XSOAR Articles https://live.paloaltonetworks.com/t5/cortex-xsoar-articles/cortex-xsoar-esri-case-study/ta-p/329087 <H2><STRONG>Navigating Rough Seas</STRONG></H2> <P>How Esri Reduced Its Alert Barrage with Cortex XSOAR</P> <P> </P> <TABLE> <TBODY> <TR> <TD width="524px"> <P><FONT color="#00CC66"><STRONG>Industry</STRONG></FONT><BR />Software/Geographic Information Systems</P> <P> </P> <P><FONT color="#00CC66"><STRONG>Integrations</STRONG></FONT></P> <UL> <LI><SPAN>Cortex XSOAR on-premises platform</SPAN></LI> <LI><SPAN>SIEM</SPAN></LI> <LI><SPAN>Network monitoring</SPAN></LI> </UL> <P><FONT color="#00CC66"><STRONG>Challenges</STRONG></FONT></P> <UL> <LI><SPAN>Alert fatigue (more than 10,000 per week)</SPAN></LI> <LI><SPAN>Shortage of skilled SOC analysts (only five)</SPAN></LI> <LI><SPAN>Detection of duplicates and related incidents</SPAN></LI> <LI><SPAN>Complex and distributed threat indicator management</SPAN></LI> </UL> </TD> <TD width="524px"> <P><FONT color="#00CC66"><STRONG>Solution</STRONG></FONT><BR />Esri used Cortex XSOAR to:</P> <UL> <LI><SPAN>Get faster closure and false positive detection with auto- mated playbooks</SPAN></LI> <LI><SPAN>Leverage historical cross-correlation for duplicate detection</SPAN></LI> <LI><SPAN>Combine analyst knowledge with a collaboration window for joint investigations</SPAN></LI> </UL> <P><FONT color="#00CC66"><STRONG>Results</STRONG></FONT><BR />Cortex XSOAR enabled Esri to:</P> <UL> <LI><SPAN>Cut weekly alert volume by 95%</SPAN></LI> <LI><SPAN>Increase analyst productivity</SPAN></LI> <LI><SPAN>Reduce organizational risk</SPAN></LI> </UL> </TD> </TR> </TBODY> </TABLE> <P> </P> <H3 class="lia-message-template-content-zone"><STRONG>The Customer</STRONG></H3> <DIV class="lia-message-template-content-zone"><SPAN>Esri is a global organization that helps more than 350,000 customers around the world solve tough problems through advanced geospatial technology. With more than 75% of Fortune 500 companies deploying its solutions to meet business goals, it was critical for Esri to maintain a security posture that would protect its diverse digital assets and those of its customers.</SPAN></DIV> <P class="lia-message-template-content-zone"> </P> <H3 class="lia-message-template-content-zone"><STRONG>The Situation</STRONG></H3> <DIV class="lia-message-template-content-zone"><SPAN>Esri’s vast customer base and digital nature led to multiple security challenges. Alerts in excess of 10,000 each week caused significant fatigue among the team of five security operations analysts. Detecting false positives and duplicate incidents amid a countless host of attacks was a specific concern that wasn’t being addressed. </SPAN></DIV> <DIV class="lia-message-template-content-zone"> </DIV> <DIV class="lia-message-template-content-zone"><SPAN>Esri was also looking to streamline threat indicator management processes, which were distributed, complex, and not conducive to lean threat hunting exercises. Suboptimal responses to these issues were increasing Esri’s business risk, wasting resources, and making the security operations center (SOC) more difficult to manage.</SPAN></DIV> <DIV class="lia-message-template-content-zone"> </DIV> <H3 class="lia-message-template-content-zone"><STRONG>The Solution</STRONG></H3> <DIV class="lia-message-template-content-zone"><SPAN>To meet its challenges head on, Esri deployed Cortex™ XSOAR for security orchestration, automation, and response in addition to its existing security information and event management (SIEM) and network monitoring solutions. To speed up incident triage and response, the team took advantage of custom playbooks that interweaved automated and manual tasks.</SPAN></DIV> <DIV class="lia-message-template-content-zone"><BR /><SPAN>These playbooks also codified analyst knowledge, facilitating a standardized response to specific attacks. For false positive and duplicate detection, Esri used historical cross-correlation capabilities in Cortex XSOAR. By quickly highlighting common artifacts and indicators across incidents, Esri analysts could spot and close duplicate attacks without spending too much time on redundant investigations.</SPAN></DIV> <DIV class="lia-message-template-content-zone"> </DIV> <DIV class="lia-message-template-content-zone"><SPAN>To enhance analyst productivity and learning, Esri used the Cortex XSOAR War Room to conduct joint investigations and help cross-pollinate its analysts’ skill sets. Now able to work on complex incidents together, pull in security actions from other tools, and document results in the same window, Esri’s analysts could restructure their task loads to focus on the cerebral over the trivial.</SPAN><BR /><SPAN><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Outcomes with Cortex XSOAR" style="width: 512px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/25751i6CE77F6E913A9A8E/image-size/large/is-moderation-mode/true?v=v2&px=999" role="button" title="Cortex XSOAR Problem Solution Result Workflow.png" alt="Outcomes with Cortex XSOAR" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Outcomes with Cortex XSOAR</span></span></SPAN></SPAN> <P> </P> </DIV> <H3 class="lia-message-template-content-zone"><STRONG>The Results</STRONG></H3> <DIV class="lia-message-template-content-zone"><SPAN>Esri’s application of orchestration, automation, and collaboration led to both objective and subjective improvements. Alerts went from 10,000 per week to roughly 500—a staggering 95% reduction stemming largely from swift resolution of false positives and duplicate incidents, thanks to automated playbooks and historical cross-correlation.</SPAN><SPAN> </SPAN></DIV> <DIV class="lia-message-template-content-zone"> </DIV> <DIV class="lia-message-template-content-zone"><SPAN>Moreover, Esri used Cortex XSOAR as the central hub to ingest all alerts, obviating the need for analysts to visit multiple systems to find relevant information. Including ticket management in the team’s incident response platform alongside automation and orchestration meant no alert could slip through the cracks at Esri to cause potential business risk.</SPAN><SPAN> </SPAN><SPAN>Automation freed up the analysts’ time, letting them focus on strategic tasks and continuous process improvements rather than being mired in day-to-day firefighting. Playbooks allowed them to scale their efforts effectively, enabling Esri to more effectively leverage the toughest resource to find and retain: skilled analysts.</SPAN><SPAN> </SPAN></DIV> <DIV class="lia-message-template-content-zone"> </DIV> <DIV class="lia-message-template-content-zone"><SPAN>The Cortex XSOAR War Room led to increased analyst satisfaction. By automatically documenting all analyst actions, allowing them to improve each other’s skill sets, and giving machine learning-powered insights, the War Room lets analysts do more of what they do best—solve difficult problems—without drowning in documentation and menial tasks.</SPAN></DIV> <DIV class="lia-message-template-content-zone"> </DIV> <BLOCKQUOTE><SPAN>The automation infused into our security infrastructure by Cortex XSOAR complements our existing SIEM, allowing our SOC team to realize greater efficiencies. Automating these mundane tasks allows our analysts to focus on decision-making.<BR />– Sean Kohlmeier, Security Operations Manager, Esri</SPAN></BLOCKQUOTE> Thu, 10 Apr 2025 17:23:07 GMT ELaufer 2025-04-10T17:23:07Z Cortex XSOAR Esri Case Study https://live.paloaltonetworks.com/t5/cortex-xsoar-articles/cortex-xsoar-esri-case-study/ta-p/329087 <P><SPAN>How Esri Reduced Its Alert Barrage with Cortex XSOAR</SPAN></P> Thu, 10 Apr 2025 17:23:07 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-articles/cortex-xsoar-esri-case-study/ta-p/329087 ELaufer 2025-04-10T17:23:07Z