Case Study: North American Freight Company achieves ~1-hour median incident resolution and 100% incident close rate with Palo Alto Networks Cortex XSIAM

Freight company reduces incident resolution to ~1 hour with Cortex XSIAM

A leading North American freight company faced an overwhelming backlog of security alerts and limited cloud visibility. A patchwork of point tools forced analysts to switch consoles and perform labor-intensive investigations, leaving more than 6,000 alerts unresolved, a closure rate of just 10–20%, and median time to resolution measured in days or weeks.

The company deployed Palo Alto Networks Cortex XSIAM to consolidate SIEM and SOAR, ingest far more telemetry (from ~500 GB to ~1.2 TB and from ~10 to ~20 sources), and rapidly implement automated playbooks. The result: retirements of multiple tools, elimination of most false positives, a 100% incident close rate for daily escalations, and a reduction in median time to resolution to about one hour, while raising overall SOC maturity.