Cortex XSOAR Application Developer Case Study

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.
L2 Linker
No ratings

Clearing Digital Battlefields

Cortex XSOAR in a Top Tech Company


Application Development



  • Cortex XSOAR
  • Endpoint monitoring
  • Network detection
  • Log collectors
  • User login tools


  • Growing alert numbers
  • Small IR team in a fast-growing company
  • Coordination among multiple security products
  • Increasing network sensors in remote locations

This tech company used Cortex XSOAR to:

  • Leverage playbooks as single source of truth for investigations
  • Employ playbook task-blocks to reduce pivoting between screens and systems
  • Handle repetitive task flows through automated computing power

Cortex XSOAR enabled the company to:

  • Reduce investigation times from as much as four hours to 10 minutes
  • Put richer incident context at analyst fingertips
  • Maintain leaner security operations



The Customer

This technology company has worldwide operations spread across multiple spheres of application development. Juggling multiple business units, the company must facilitate a high volume of users and maintain a security posture robust enough to guarantee the integrity of users’ personal and financial data.


The Situation

Fast business growth engendered a rise in security challenges. The incident response team faced a growing number of net- work sensors in remote locations, and coupled with limited personnel, security alerts were stacking up.


It was time-consuming for the analysts to repeat the same sequence of manual tasks for each incident, usually while straddling multiple screens and security products. These menial tasks kept the analysts from being able to focus on data interpretation and problem solving, which ultimately led to painfully long resolution times.


To overcome these challenges, the analysts needed a security operations toolkit in addition to traditional security information and event management (SIEM) logging and event correlation.


The Solution

The customer deployed CortexTM XSOAR as a connective security platform for its products and teams. Using Cortex XSOAR as a common layer across a host of tools, such as user login, endpoint monitoring, network detection, and log collection solutions, the analysts could harmonize actions across their platforms without needing to switch screens or chase fragmented information.


By creating formalized playbooks and automating quantity-heavy action blocks, the analysts ensured there was a single source of truth for security investigations in the security operations center (SOC). Automation also meant that previously laborious tasks—such as scouring log sources for relevant entries—could be distilled into sub-playbooks that analysts could chain together with a few values and clicks.


Outcomes with Cortex XSOAROutcomes with Cortex XSOAR


The Results

The most tangible benefit was an exponential decrease in investigation times. One common incident type that had previously taken four or more hours to get through before the deployment of Cortex XSOAR now took an average of 10 minutes—a 95% decrease in investigation time. This increased efficiency saw an increase in enrichment quality. By quickly gathering and cross-referencing data across a host of sources, Cortex XSOAR playbooks provided rich context analysts could take advantage of to rapidly resolve issues.


Cortex XSOAR also helped the SOC extract maximum value from the company’s existing security products. By coordinating actions across products and automating repetitive tasks, the analysts could leverage the product stack without a higher rate of error, stress, or dead time.


Ultimately, Cortex XSOAR freed up the analysts’ time to focus on more mission-critical objectives, benefited SOC managers through increased workforce productivity, and helped security leaders realize lower business risk and higher return on their security investments.

Rate this article:
Register or Sign-in
Article Dashboard
Version history
Last Updated:
‎05-20-2020 06:03 PM
Updated by:
Retired Member