Cortex XSIAM: A Leader and Outperformer in GigaOm Radar on Autonomous SOC

Nov 08, 2023
4 minutes

The GigaOm Radar Report on Autonomous Security Operation Center (SOC) solutions published, and Cortex XSIAM has been recognized as both a Leader and Outperformer


Figure 1: Palo Alto Networks Cortex XSIAM is a Leader & Outperformer in the 2023 GigaOm Autonomous SOC Radar
Figure 1: Palo Alto Networks Cortex XSIAM is a Leader & Outperformer in the 2023 GigaOm Autonomous SOC Radar


XSIAM’s Journey to a Leading SOC Platform

When Cortex XSIAM was released in October 2022, we set out to solve the core problem that SOC’s are facing - it takes too long to detect and resolve security incidents. This problem is a symptom of how SOCs operate today, overwhelmed with too many tools to work in, too much data to process and analyze effectively, and too many manual tasks.

We believe that the solution to this problem is a converged security operations platform, that leads with AI-driven outcomes and an automation-first approach. These combined capabilities are often referred to in the market as autonomous security operations platforms.

To be clear, when the market refers to “autonomous security operations” or an “autonomous SOC”, this does not mean that SOCs will ever be fully autonomous and cut out humans altogether. Instead, it means that the security solutions we implement should handle a majority of the analysis and work before humans ever see the incident. Out-of-the-box security analytics should drive effective threat protection; embedded automation should take care of many of the repeatable tasks; and then present analysts with remaining incidents that require additional human judgment and reason. In short, a machine-led, human-empowered SOC.

Cortex XSIAM is an AI-driven platform that converges SOC capabilities, leverages AI for accurate threat protection and applies an automation-first approach to security operations. With Cortex XSIAM, we aim to simplify security operations, stop threats at scale and accelerate incident remediation - all within a single platform.

In just a year, we are redefining what ideal SOC operations should look like, and customers and industry analysts are validating this approach.

GigaOm Radar Evaluation Criteria & Metrics

GigaOm evaluated a number of vendor’s autonomous SOC solutions, measuring them against their ability to serve specific market segments, deployment options of their solution, and other key criteria for product capabilities and innovation.

  • Market Categories - Measures how well an autonomous SOC solution serves specific market segments (small-to-medium business, large enterprises, MSSPs, etc.)
  • Deployment Types - An evaluation of the deployment models available for the solution (physical appliance, virtual appliance, cloud, SaaS, etc.)
  • Key Criteria Comparison - A measurement of how the solution performed against criteria including:
    • Differentiated features and capabilities.
    • Non-functional evaluation metrics that factor into purchase decisions and impact on the business.
    • Emerging technologies that show how well each vendor takes advantage of technology that is not yet mainstream but expected to become more widespread in 12-18 months.

The GigaOm Radar then weighs all of these results to assess each vendor's execution, roadmap and ability to innovate, which ultimately determines the final position on the radar.

Cortex XSIAM’s Performance

Based on the analysis conducted by GigaOm, Cortex XSIAM was recognized as a leader in the GigaOm Radar Report on Autonomous Security Operations Center (SOC) solutions.

Additionally, Cortex XSIAM was recognized as an outperformer based on a strong strategy and pace of innovation, as demonstrated by the continuous innovation and features delivered over the last year, including the Identity Threat Detection & Response (ITDR) module.

Across all of the measured criteria, Cortex XSIAM received top rating of “exceptional” six of nine key criteria measured, and “capable” in the remaining three key criteria.

“As a solution built from the ground-up with lessons learned from a suite of leading security products, Cortex XSIAM delivers a comprehensive autonomous SOC solution that scores high on a wide range of key criteria", states GigaOm analyst Andrew Green.

All of these capabilities are meant to drive better security outcomes like detecting and remediating incidents faster. With this in mind, Cortex XSIAM received the top score for improving mean time to remediation (MTTR), a result that has been realized by many existing customers.

Transform Security Operations with Cortex XSIAM

At Palo Alto Networks, we’ve been on a journey to build the most comprehensive and effective SOC platform in the industry. We built Cortex XSIAM from the ground up with embedded AI and automation to solve SOC’s challenges of today and into the future.

If you want to learn more about how we are doing that, download the GigaOm Radar for Autonomous SOC today.


Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.