Deploy Bravely — Secure your AI transformation with Prisma AIRS

Conseil Départemental de la Vendée powers simple, AI-driven SecOps with Cortex XSIAM

SUMMARY

Conseil Départemental de la Vendée needed a core operational shift in its security operations (SecOps) strategy: escalating alert noise and demanding manual workloads had to be addressed. A local council, Conseil Départmental de la Vendée oversees more than 30 schools and manages over 9,000 endpoints – an environment that’s complex to defend. Having already used Palo Alto Networks network and endpoint security solutions, when the Council needed further support with managing its environment and protecting data, Palo Alto Networks were the obvious choice.

The Council’s adoption of Cortex XSIAM has not only provided the specific technology required for transformation – it’s also enabled it to harness the power of AI and automation, accelerating incident remediation and simplifying SecOps.

RESULTS

Minutes

to remediate cases, versus weeks previously

50%

of one FTE’s time reallocated to more value-add tasks

80%

of case remediations automated
CHALLENGE

Shield against expanding threat landscape

Cyberattacks pose a significant threat to the uninterrupted delivery of essential public services, such as healthcare, social care, and education. In response to this ongoing risk, public service organisations need to streamline their security operations. However, the Council’s outdated security information and event management (SIEM) solution had integration gaps and was complex to manage.

As a result, its security teams were having to handle the majority of cases manually, delaying remediation and increasing operational risk significantly. Manual processes, however, are fundamentally incompatible with the fast-paced nature of modern threats – especially as attackers enhance their techniques.

The organisation’s specific SecOps challenges included:

  • Responding to rising alert volumes despite limited budgets.
  • Hiring and retaining qualified SecOps analysts.
  • Preventing sophisticated ransomware and phishing attacks.
  • Securing attack vectors expanding due to remote work and BYOD.

"Before Cortex XSIAM, it was difficult to fix the threats facing our public services. We were blind to many of the issues, and the delayed remediation threatened services and absorbed precious resources."

Grégory Refe

Head of IT Infrastructure, Conseil Départemental de la Vendée

SOLUTION

Transforming SecOps from reactive to proactive

The Council had previously renewed its perimeter network security with PA-Series hardware firewalls, later adding Cortex XDR to provide extended detection and response across 9,000 endpoints. Based on this success, Cortex XSIAM was implemented to unify security functions such as XDR and SIEM into a single platform. Palo Alto Networks seamlessly stitches together network data from the Strata Network Security solution with endpoint activity from Cortex XDR to create the most complete, accurate security dataset. This fusion of visibility eliminates blind spots, empowering the Council’s security team to see the full attack narrative and automate complex detection.

“Cortex XSIAM was the missing link in our cybersecurity strategy,” says Richard Michalowicz, the council’s CISO. “It transforms security operations from reactive to proactive, so we can focus more resources on complex threats.

“Cortex XSIAM was the missing link in our cybersecurity strategy. It transforms security operations from reactive to proactive, so we can focus more resources on complex threats.”

Richard Michalowicz

CISO, Conseil Départemental de la Vendée

“Previously, the MTTD could be days – or never if we missed the threat. Now, we can detect issues in seconds.”

Richard Michalowicz

CISO, Conseil Départemental de la Vendée

“We’ve quickly built playbooks that coordinate multiple actions in a workflow. We now have the confidence that we are taking the correct action if a breach occurs.”

Grégory Refe

Head of IT Infrastructure, Conseil Départemental de la Vendée

“Recruiting and keeping cybersecurity experts is difficult for any public organisation. Cortex XSIAM bridges that gap, ensuring resilience and faster incident response.”

Richard Michalowicz

CISO, Conseil Départemental de la Vendée

“We are saving 50% of one analyst’s time – and for the first time, we’re monitoring our entire environment.”

Richard Michalowicz

CISO, Conseil Départemental de la Vendée

“Our strategy is to stay compliant and be proactive. The single, integrated Palo Alto Networks platform simplifies our approach to security, liberating people to tasks that add value to the local community.”

Richard Michalowicz

CISO, Conseil Départemental de la Vendée

“Relying on a traditional SIEM approach exposes you to risks. You often only receive alerts, sometimes when it is already too late. A unified solution such as Cortex XSIAM is a practical and effective way to detect threats and respond immediately to them.”

Richard Michalowicz

CISO, Conseil Départemental de la Vendée

  • Transforms SecOps

    The Council uses Cortex XSIAM through a managed SOC in partnership with Orange. The converged SOC capabilities – XDR, SOAR, and SIEM – simplify SecOps while also enabling new data sources to be onboarded quickly. So far, 20+ data sources have been added to the platform, streamlining investigations.

    “Previously, the MTTD could be days – or never if we missed the threat. Now, we can detect issues in seconds,” says Richard.

  • AI-powered security accelerates response

    The team has reduced the median time to resolution – from days, or even weeks, to minutes. For example, a vulnerable endpoint that might previously have gone unchecked over a weekend will now be isolated immediately.

    Playbooks, triggered automatically, ensure tasks are executed even before an analyst is involved. “We’ve quickly built playbooks that coordinate multiple actions in a workflow. We now have the confidence that we are taking the correct action if a breach occurs,” says Grégory Refe, the Council’s Head of IT Infrastructure.

  • Saves time and resources

    By automating manual efforts such as incident enrichment and threat analysis, the Council can redeploy resources to other, more strategic security tasks.

    For example, the Council has gone from automating none of its case remediations to automating 80% of them – and that number is expected to rise as the platform matures.

    “We are saving 50% of one analyst’s time – and for the first time, we’re monitoring our entire environment,” says Richard.

  • Safeguards council services delivery with platformization

    Cortex XSIAM provides a unified view across network, identity, cloud, and endpoints, making it easier for the Council to confidently protect the public services and schools under its control.

    “Our strategy is to stay compliant and be proactive. The single, integrated Palo Alto Networks platform simplifies our approach to security, liberating people to tasks that add value to the local community,” says Richard.

Speak with an expert today for a deep dive into our Cortex products and capabilities. Request demo

Download article

CUSTOMER DETAILS

Local Government

France

vendee.fr

Products USED

Cortex XDR

Cortex XSIAM

Hardware Firewalls

Download article

Be a thought leader

Become an advocate for Prisma SASE and gain exposure for your organization.

Get the latest news, invites to events, and threat alerts