Reviews and Testimonials
Find out what third-party testers, analysts and customers have to say.
Security teams have plenty of challenges. Workflow automation shouldn’t be one of them. Cortex XSOAR puts automation in everyone’s hands, empowering security teams to free themselves from workflow complexity and do more, faster, with any use case.
The journey to automating your security operations starts with a single use case. Below are common use cases curated from our SOAR user community. All of these come packaged with automation content packs and pre-built integrations to get you started quickly.
Our Palo Alto Networks Security Operations Center (SOC) provides services with a lean in-house team of 10 SOC analysts. Our SOC operates in a single shift during standard business hours. To ensure we aren’t late to respond to an attack after hours, we also have a 24/7 on-call rotation. How do we do it?
Nori used to spend 45 minutes on each phishing incident. Now she spends 8 minutes. And with XSOAR, she also deals with 75% less incidents.”
A typical phishing response involves multiple, manual steps that are repetitive and take up a significant amount of a security engineer’s time. With automation, the security engineer only needs to step in when a decision is needed.
A Typical phishing response
Q: How many of the steps can be automated?
A: All. However, you can also choose to have a security analyst review the incident (Step 5) to determine if it’s malicious. The XSOAR phishing playbook can then execute a series of actions based on that decision.
When a breach happens, your team has to act fast. With Cortex XSOAR, you get a head start with best practices workflows and automated actions for isolating and remediating infected hosts.
Custom ransomware incident dashboard
When a ransomware attack is detected by Cortex XDR or other tool, a ransomware playbook is triggered to collect the required information from your environment, execute investigation steps, contain the incident, and present the data to you in a custom dashboard.
In 2020 we saw the average ransom demand increase to $847,000 and the average ransom paid was up to $312,000. And that’s almost double from the year before - Ryan Olson -VP of Threat Intelligence, Unit42”
Kris used to spend all day every Tuesday processing the latest threat intel data to make it useful for the rest of his security team. With Cortex XSOAR Threat Intel Management it now takes him less than 1 hour.”
When a malware alert comes in, a security incident responder has to chase down related events, check threat intel sources, notify the end user, open tickets to have the user’s host machine reimaged and password reset.
What used to take Kasey 90 minutes is now fully automated. Multiply that by an average of 350 incidents per month, and Kasey gets 13 days back in her month.”
Taking endpoint prevention to a whole new level, with our Cortex XDR integration, you also reduce the number of alerts you have to contend with by 98% with intelligent grouping and deduplication. Cortex XDR uses behavioral analytics and machine learning to continuously profile endpoint, network and user behavior to uncover the stealthiest attacks.
Through 2022, 99% of firewall breaches will be caused by firewall misconfigurations, not firewall flaws, according to Gartner research.”
While firewalls continue to be a critical part of enterprise security strategies, network security operations teams remain challenged by the lack of automation, network security complexity, and lack of overall visibility across siloed teams working on the same incidents.
Explore our Network Security automation content packs
When selecting a SOAR platform, you need to make sure it will serve your current automation needs as well as scale with you as you grow and evolve your security operations. Cortex XSOAR features:
The industry's first extended security orchestration, automation, and response platform
Cortex XSOAR allowed us to orchestrate all the activities we used to perform manually, resulting in the optimization of all the processes."
Let’s explore ways to reduce alert volumes, reduce MTTR and eliminate busywork