Case Study: a leading security company achieves faster investigations and fewer alerts with Cortex XDR

Improving detection and response in the Palo Alto Networks SOC

The customer, a leading security company, sought to improve its security operations center's efficiency and effectiveness while operating with a lean team. Its challenges included managing a high volume of low-fidelity alerts from its SIEM, conducting time-consuming investigations across siloed tools, and performing numerous manual, repetitive tasks.

The solution implemented was the vendor's own Cortex XDR and Demisto platforms. Cortex XDR provided complete visibility, stitched together data from different sources, and applied behavioral analytics to group alerts into high-fidelity incidents. This resulted in a 50x reduction in daily alerts and made investigations 8x faster. Demisto automated response processes, such as reducing the effort to remove malicious phishing emails from 30 minutes to just 10 seconds.