Cortex XSIAM reshapes SecOps for Fortune 500 financial giant

Cortex XSIAM was tailored to efficiently meet the rigorous and diverse national and international regulations of the bank’s regulatory environment.

• Localized data storage: Cortex ensures compliance with regional data localization regulations by keeping sensitive data stored within each country where it does business. This aligns with the FSI requirements set by regulatory bodies such as the RBI, CERT-IN, NCIIPC, and DPDPA. Additionally, Cortex XSIAM is SOC 2 Type II certified, which facilitates adherence to various industry and geographical data retention regulations.

• Audit trails and compliance transparency: Cortex XSIAM facilitates comprehensive auditing capabilities, offering detailed and transparent audit trails. Financial institutions can access annual SOC2 Type II audit reports and have the option for onsite audits, ensuring ongoing compliance verification and transparency.
  

• Data retention and purging policies: The platform adheres to strict data retention policies, configurable to meet specific regulatory requirements. Data is retained for a default period of 30 days and can be extended if needed. Alerts are retained longer for detailed investigation, and a full deletion of data is ensured within 180 days post-termination, complying with data retention regulations.

Cortex can enable the bank to transition from relying on Google Keys to owning and managing its own encryption keys (BYOK), empowering the bank to maintain stringent control over its data security protocols and ensuring that sensitive information remains protected under its direct oversight.

Cortex XSIAM was rapidly deployed into the bank’s environment. In just three days, it successfully connected with 20 critical log sources and plan to increase data ingestion from 7 TB to 150 TB. This enhancement improved advanced threat detection, streamlined incident response, and provided comprehensive visibility across the bank’s entire attack surface.

Palo Alto Networks demonstrated how the bank could lower data storage costs with Cortex XSIAM’s capability to selectively ingest crucial telemetry data, reducing unnecessary data ingestion by 35-40%. Additionally, automation features reduce the need for manual interventions, enhancing SOC analyst productivity and allowing financial institutions to allocate resources more effectively.

Cortex XSIAM seamlessly integrated 9+ threat intelligence sources, with 21+ custom and out-of-the-box playbooks configured for automated response—immediately improving threat analysis and response times.

Analytic capabilities include cloud-based identity analytics, user and entity behavior analytics (the only solution to offer them in the cloud), and cloud analytics for O365 and related services to identify anomalies.

Cortex XSIAM enabled proactive security measures and customization with bring-your-own-machine-learning (BYOML) capabilities for hypothesis-driven threat hunting, significantly increasing efficiency by reducing false positives. The customization capability provides a flexible solution that can evolve with the institution.

Cortex consolidated approximately 19,000+ alerts into 17 actionable incidents—a 99.9% reduction—and employed automated scripts for rapid investigations, dramatically optimizing the process of managing and responding to security incidents.

Using AI-driven capabilities, Cortex successfully detected over 5,000 attack scenarios—many more than the competitor solutions—during live simulations of sophisticated cyber threats, giving the bank confidence that it could achieve an exceptionally strong security posture.

To respond to the bank’s question about Cortex XSIAM’s suitability for traditional SIEM use cases, our team developed 50+ custom correlation rules, aligned with MITRE, offering enhanced logic and capabilities over and above traditional solutions.