This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Cortex XSOAR Esri Case Study

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cortex XSOAR Esri Case Study

ELaufer
L2 Linker

on ‎05-20-2020 03:33 PM - edited on ‎05-20-2020 06:16 PM by Retired Member

No ratings

Navigating Rough Seas

How Esri Reduced Its Alert Barrage with Cortex XSOAR

 

Industry
Software/Geographic Information Systems

 

Integrations

  • Cortex XSOAR on-premises platform
  • SIEM
  • Network monitoring

Challenges

  • Alert fatigue (more than 10,000 per week)
  • Shortage of skilled SOC analysts (only five)
  • Detection of duplicates and related incidents
  • Complex and distributed threat indicator management

Solution
Esri used Cortex XSOAR to:

  • Get faster closure and false positive detection with auto- mated playbooks
  • Leverage historical cross-correlation for duplicate detection
  • Combine analyst knowledge with a collaboration window for joint investigations

Results
Cortex XSOAR enabled Esri to:

  • Cut weekly alert volume by 95%
  • Increase analyst productivity
  • Reduce organizational risk

 

The Customer

Esri is a global organization that helps more than 350,000 customers around the world solve tough problems through advanced geospatial technology. With more than 75% of Fortune 500 companies deploying its solutions to meet business goals, it was critical for Esri to maintain a security posture that would protect its diverse digital assets and those of its customers.

 

The Situation

Esri’s vast customer base and digital nature led to multiple security challenges. Alerts in excess of 10,000 each week caused significant fatigue among the team of five security operations analysts. Detecting false positives and duplicate incidents amid a countless host of attacks was a specific concern that wasn’t being addressed.
 
Esri was also looking to streamline threat indicator management processes, which were distributed, complex, and not conducive to lean threat hunting exercises. Suboptimal responses to these issues were increasing Esri’s business risk, wasting resources, and making the security operations center (SOC) more difficult to manage.
 

The Solution

To meet its challenges head on, Esri deployed Cortex™ XSOAR for security orchestration, automation, and response in addition to its existing security information and event management (SIEM) and network monitoring solutions. To speed up incident triage and response, the team took advantage of custom playbooks that interweaved automated and manual tasks.

These playbooks also codified analyst knowledge, ­facilitating a standardized response to specific attacks. For false positive and duplicate detection, Esri used historical cross-correlation capabilities in Cortex XSOAR. By quickly highlighting common artifacts and indicators across incidents, Esri analysts could spot and close duplicate attacks without spending too much time on redundant investigations.
 
To enhance analyst productivity and learning, Esri used the Cortex XSOAR War Room to conduct joint investigations and help cross-pollinate its analysts’ skill sets. Now able to work on complex incidents together, pull in security actions from other tools, and document results in the same window, Esri’s analysts could restructure their task loads to focus on the cerebral over the trivial.
Outcomes with Cortex XSOAROutcomes with Cortex XSOAR

 

The Results

Esri’s application of orchestration, automation, and collaboration led to both objective and subjective improvements. Alerts went from 10,000 per week to roughly 500—a staggering 95% reduction stemming largely from swift resolution of false positives and duplicate incidents, thanks to automated playbooks and historical cross-correlation. 
 
Moreover, Esri used Cortex XSOAR as the central hub to ingest all alerts, obviating the need for analysts to visit multiple systems to find relevant information. Including ticket management in the team’s incident response platform alongside automation and orchestration meant no alert could slip through the cracks at Esri to cause potential business risk. Automation freed up the analysts’ time, letting them focus on strategic tasks and continuous process improvements rather than being mired in day-to-day firefighting. Playbooks allowed them to scale their efforts effectively, enabling Esri to more effectively leverage the toughest resource to find and retain: skilled analysts. 
 
The Cortex XSOAR War Room led to increased analyst satisfaction. By automatically documenting all analyst actions, allowing them to improve each other’s skill sets, and giving machine learning-powered insights, the War Room lets analysts do more of what they do best—solve difficult problems—without drowning in documentation and menial tasks.
 
The automation infused into our security infrastructure by Cortex XSOAR complements our existing SIEM, allowing our SOC team to realize greater efficiencies. Automating these mundane tasks allows our analysts to focus on decision-making.
– Sean Kohlmeier, Security Operations Manager, Esri
Labels:
Rate this article:
  • 4589 Views
  • 0 comments
  • 1 Likes
Register or Sign-in
Contributors
Labels
Article Dashboard
Version history
Last Updated:
‎05-20-2020 06:16 PM
Updated by:
Retired Member
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks