on 05-20-2020 01:27 PM - edited on 05-20-2020 06:03 PM by Retired Member
Cortex XSOAR in a Top Tech Company
This technology company has worldwide operations spread across multiple spheres of application development. Juggling multiple business units, the company must facilitate a high volume of users and maintain a security posture robust enough to guarantee the integrity of users’ personal and financial data.
Fast business growth engendered a rise in security challenges. The incident response team faced a growing number of net- work sensors in remote locations, and coupled with limited personnel, security alerts were stacking up.
It was time-consuming for the analysts to repeat the same sequence of manual tasks for each incident, usually while straddling multiple screens and security products. These menial tasks kept the analysts from being able to focus on data interpretation and problem solving, which ultimately led to painfully long resolution times.
To overcome these challenges, the analysts needed a security operations toolkit in addition to traditional security information and event management (SIEM) logging and event correlation.
The customer deployed CortexTM XSOAR as a connective security platform for its products and teams. Using Cortex XSOAR as a common layer across a host of tools, such as user login, endpoint monitoring, network detection, and log collection solutions, the analysts could harmonize actions across their platforms without needing to switch screens or chase fragmented information.
By creating formalized playbooks and automating quantity-heavy action blocks, the analysts ensured there was a single source of truth for security investigations in the security operations center (SOC). Automation also meant that previously laborious tasks—such as scouring log sources for relevant entries—could be distilled into sub-playbooks that analysts could chain together with a few values and clicks.
The most tangible benefit was an exponential decrease in investigation times. One common incident type that had previously taken four or more hours to get through before the deployment of Cortex XSOAR now took an average of 10 minutes—a 95% decrease in investigation time. This increased efficiency saw an increase in enrichment quality. By quickly gathering and cross-referencing data across a host of sources, Cortex XSOAR playbooks provided rich context analysts could take advantage of to rapidly resolve issues.
Cortex XSOAR also helped the SOC extract maximum value from the company’s existing security products. By coordinating actions across products and automating repetitive tasks, the analysts could leverage the product stack without a higher rate of error, stress, or dead time.
Ultimately, Cortex XSOAR freed up the analysts’ time to focus on more mission-critical objectives, benefited SOC managers through increased workforce productivity, and helped security leaders realize lower business risk and higher return on their security investments.