For years, Deloitte's Cybersecurity Center had leveraged Cortex XSOAR on-premises to drive automation across its portfolio. Building on this success, Deloitte Cybersecurity Center wanted to achieve even greater results by migrating its 24/7 cybersecurity center's XSOAR deployment to the cloud.
Deloitte’s Cybersecurity Center
Deloitte's Cybersecurity Center, located in Madrid, serves as the base of its managed security services across the EMEA region. The EMEA CyberSphere Center (ECC) operates around the clock, offering customers a comprehensive portfolio of security services that includes threat intelligence, vulnerability management, and cloud security. Backed by a diverse team of international experts and cutting-edge technologies, the ECC enables organizations to proactively address evolving cyberthreats, ensuring resilience and robust protection in the face of modern threats.
The Cloud Advantage
Deloitte has long leveraged Cortex XSOAR in an on-premise deployment to drive automation, enabling the ECC to streamline processes, automate repetitive tasks, and enhance the efficiency of incident response workflows. By integrating XSOAR with various tools and technologies, the team has successfully orchestrated complex security operations, reduced response times, and improved overall operational effectiveness.
Encouraged by its success with Cortex XSOAR, Deloitte decided to migrate the ECC’s XSOAR MSSP deployment to the cloud to allow the ECC team to focus on more strategic initiatives. By nature, a cloud-based solution reduces the need to schedule and manage software and hardware updates. By design, the cloud provides higher systems availability, which makes Deloitte’s operations more resilient.
"Moving to the XSOAR SaaS platform has enhanced our operational capabilities, allowing us to focus more on strategic security imperatives and less on routine maintenance."
- Gonzalo Arteaga Ruiz, Delivery Lead, Deloitte
Deloitte started reaping the benefits of the migration right away. Its cloud deployment of XSOAR improved environment maintenance by:
- Streamlining removal of old and outdated content.
- Enabling a development tenant for use case development and testing.
- Facilitating environment configuration based on current knowledge and best practices.
With the move to the XSOAR SaaS platform, the days of updating servers for the XSOAR console became a thing of the past. Palo Alto Networks ensures that any identified vulnerabilities were promptly addressed, providing a secure and resilient platform for incident response operations. This transition to the cloud not only simplified the upkeep of the system but also underscored Palo Alto Networks’ commitment to delivering a secure, reliable, and hassle-free experience for all customers.
Elevating the SOC with Cortex XSOAR MSSP Cloud
Migrating to the Cortex XSOAR cloud platform has dramatically transformed the SOC and daily operations for ECC’s security analysts. The move has led to significant improvements in:
User Experience: Cortex XSOAR MSSP SaaS has enhanced the user experience for ECC security analysts by improving response times and simplifying resource management. Additionally, the ECC team now has a development tenant, preventing direct changes to the production environment and providing a repository for necessary updates.
- Improved User Experience: 90% positive user feedback indicating improved ease of use from the Analyst Responders.
Faster Performance: One of the most noticeable improvements is faster performance. Cortex XSOAR SaaS significantly reduces response times, enabling the seamless execution of playbooks and scripts without delays. This enhanced speed ensures a smoother user experience.
- Scalability and Flexibility: Ability to scale resources to accommodate a 100% increase in customer traffic without affecting performance.
System Reliability: In terms of reliability, SaaS has resolved many of the issues that were common in the previous environment, such as task delays or occasional system slowdowns. The SaaS infrastructure offers high availability by design and ensures stable operations even when running multiple complex workflows simultaneously.
- Downtime Reduction: 100% reduction in unplanned and planned OS upgrade downtime.
Host Management: Cortex XSOAR SaaS has simplified host management by eliminating the need for manual oversight of operating systems, patches, version upgrades and resource monitoring. The cloud infrastructure now handles these tasks, allowing the team to focus on operational priorities and ensuring consistent performance across all tenants.
- Operational Efficiency: 15% faster provisioning of new use-cases from development to production
Storage Management: Disk space management has seen a major improvement. In the past, managing storage required manual intervention through tools to free up disk space regularly. With SaaS, this is no longer a concern, as Palo Alto Networks adheres to the disk capacity during data retention.
“The Cortex XSOAR SaaS platform has proven itself as one of the best platforms for managing incidents, automating processes, and enhancing security operations.”
— Gonzalo Arteaga Ruiz, Delivery Lead, Deloitte
Key Lessons for a Successful Migration
Any organization planning a cloud transition can achieve the same level of success. This is the playbook that helped Deloitte ensure a secure, value-additive migration to Cortex XSOAR SaaS:
- Develop a Comprehensive Migration Plan
Preparation is critical to ensure a seamless migration. Invest time upfront to outline a detailed plan, identifying potential risks, dependencies, and mitigation strategies to be ready to execute effectively. - Assess the Impact of Cloud Migration on Your Environment
Understand how the transition to SaaS will affect your existing infrastructure. For instance, evaluate whether firewall rules need to be modified to allow communication with the XSOAR SaaS environment. Also, review and adjust how user access and authentication mechanisms are managed to align with the cloud-based platform. - Plan for Adapting and Testing Changes
Account for how changes will be implemented and tested during the migration process. Consider implementing change freezes during critical phases to minimize disruptions. Ensure a robust testing strategy is in place to validate functionality and integration before going live. - Address API Differences and Dependencies
Be aware of potential differences in APIs when moving to XSOAR SaaS. For example, updates to URIs (Universal Resource Identifier), headers, or other API elements may require adjustments to existing integrations. Using tools such as Spotlight.io can help identify and address these differences effectively. - Migrate Remote Repositories Thoughtfully
Determine how remote repositories will be migrated to the SaaS environment. Consider whether you will leverage the built-in Git repository feature in XSOAR 8 Cloud or maintain an external repository. This decision should align with your organization's development and operational workflows.
By incorporating these lessons into its planning and execution, organizations can ensure a smoother migration process, minimize downtime, and quickly realize the benefits of the Cortex XSOAR SaaS platform.
Looking to the Future
Cloud-native security is increasingly important as enterprises move to distributed architectures. Security needs to go beyond perimeter defense to address modern threats targeting microservices, APIs, and serverless functions. The focus is not just on protecting data in transit but also securing ephemeral resources and maintaining compliance across multiple cloud providers.
As Deloitte embraces the cloud, Cortex XSOAR SaaS will continue to arm the security team with the tools and capabilities they need to pinpoint and remediate incidents with unparalleled precision. By drastically reducing the maintenance and administrative tasks, XSOAR gives them even more bandwidth to focus on security tasks that matter most. Meanwhile, the business can take full advantage of the cloud with confidence.
To learn more about how you can migrate to Cortex XSOAR in the cloud and see similar value to Deloitte’s, watch our webinar, check out Cortex customer stories, and visit the Cortex XSOAR webpage.