Reviews and Testimonials
Find out what third-party testers, analysts and customers have to say.
How Does Automation Help the SOC?
Cortex® XSOAR gives security teams of all sizes the best-in-class automation they need to respond rapidly to incidents, take action, and stay protected.
introduction
Automation that’s accessible for everyone
Security teams have plenty of challenges. Workflow automation shouldn’t be one of them. Cortex XSOAR puts automation in everyone’s hands, empowering security teams to free themselves from workflow complexity and do more, faster, with any use case.
Start your security automation journey
The journey to automating your security operations starts with a single use case. Below are common use cases curated from our SOAR user community. All of these come packaged with automation content packs and pre-built integrations to get you started quickly.
01
The Possibilities of Security Automation
Our Palo Alto Networks Security Operations Center (SOC) provides services with a lean in-house team of 10 SOC analysts. Our SOC operates in a single shift during standard business hours. To ensure we aren’t late to respond to an attack after hours, we also have a 24/7 on-call rotation. How do we do it?
50K
endpoints
Our SOC is tasked with protecting our 10K employees globally and a continuously expanding
network of endpoints.
75K
customers
Our SOC also monitors security services that are consumed by our data centers and customers
worldwide.
Automated Phishing Response
Nori used to spend 45 minutes on each phishing incident. Now she spends 8 minutes. And with XSOAR, she also deals with 75% less incidents.”
A typical phishing response involves multiple, manual steps that are repetitive and take up a significant amount of a security engineer’s time. With automation, the security engineer only needs to step in when a decision is needed.
A Typical phishing response
Q: How many of the steps can be automated?
A: All. However, you can also choose to have a security analyst review the incident (Step 5) to determine if it’s malicious. The XSOAR phishing playbook can then execute a series of actions based on that decision.
Automated Ransomware Response
When a breach happens, your team has to act fast. With Cortex XSOAR, you get a head start with best practices workflows and automated actions for isolating and remediating infected hosts.
Custom ransomware incident dashboard
When a ransomware attack is detected by Cortex XDR or other tool, a ransomware playbook is triggered to collect the required information from your environment, execute investigation steps, contain the incident, and present the data to you in a custom dashboard.
In 2020 we saw the average ransom demand increase to $847,000 and the average ransom paid was up to $312,000. And that’s almost double from the year before - Ryan Olson -VP of Threat Intelligence, Unit42”
04
Automated Threat Intelligence
Kris used to spend all day every Tuesday processing the latest threat intel data to make it useful for the rest of his security team. With Cortex XSOAR Threat Intel Management it now takes him less than 1 hour.”
Cortex XSOAR Threat Intel Management
- Provides a central threat intelligence library for your enterprise
- Automatically maps threat data to your incidents
- Operationalizes (parse, prioritize, distribute) your threat intelligence
Automated Malware Analysis
When a malware alert comes in, a security incident responder has to chase down related events, check threat intel sources, notify the end user, open tickets to have the user’s host machine reimaged and password reset.
What used to take Kasey 90 minutes is now fully automated. Multiply that by an average of 350 incidents per month, and Kasey gets 13 days back in her month.”
Taking endpoint prevention to a whole new level, with our Cortex XDR integration, you also reduce the number of alerts you have to contend with by 98% with intelligent grouping and deduplication. Cortex XDR uses behavioral analytics and machine learning to continuously profile endpoint, network and user behavior to uncover the stealthiest attacks.
Automated Network Security operations
Through 2022, 99% of firewall breaches will be caused by firewall misconfigurations, not firewall flaws, according to Gartner research.”
While firewalls continue to be a critical part of enterprise security strategies, network security operations teams remain challenged by the lack of automation, network security complexity, and lack of overall visibility across siloed teams working on the same incidents.
administration
more info
provisioning
more info
more info
Explore our Network Security automation content packs
07
Unparalleled Value and Return on Investment
When selecting a SOAR platform, you need to make sure it will serve your current automation needs as well as scale with you as you grow and evolve your security operations. Cortex XSOAR features:
- Easy deployment with minimal to no in-house DevOps skills. Our wide range of integrations and automation packs are easily customizable with visual editors.
- An open and extensible platform and SOAR ecosystem that scales and grows with your security operations.
- Fully integrated case management designed for your security team, so they can manage the entire incident lifecycle in one place.
- A central threat intel library integrated with your incidents so you get automatic mapping of external threat data as well as full visibility into external threats and – more importantly – context on how they impact your environment.
Request your Personal Cortex XSOAR Demo
The industry's first extended security orchestration, automation, and response platform
Cortex XSOAR allowed us to orchestrate all the activities we used to perform manually, resulting in the optimization of all the processes."
Schedule your Cortex XSOAR Demo
Let’s explore ways to reduce alert volumes, reduce MTTR and eliminate busywork