Flying with limited visibility
The airline needed to defend a fast-growing attack surface spanning nine airports in Azerbaijan; global flight operations; customer support; and 7,000 staff. The airline had relied on separate legacy security tools, but this was increasing complexity, allowing threats to more easily hide in the noise and attackers to succeed undetected. To address this, the airline needed to:
- Reduce attack surface: Digital airline connectivity created a rapidly growing attack surface and new vulnerabilities that were difficult to defend against attack.
- Connect siloed data: Separate, overlapping cybersecurity tools made it harder to spot, investigate, and respond to attacks in real time.
- Strengthen threat defence: Static correlation rules led to inaccurate detection and more false positives.
- Automate security processes: Labour-intensive analysis and lack of security orchestration, automation, and response (SOAR) capabilities delayed remediation and absorbed resources.
“As an airline, we are subject to almost every type of threat and attack you can imagine. Using XSIAM as part of a simple, integrated security strategy, we are stopping all those threats. Our customers can fly with confidence.”
Jeyhun (MirCeyhun) Musayev
IT Director, An airline in Azerbaijan
AI-driven security operations
The airline standardised on a platform approach to connect its SecOps capabilities; integrate data sources; and move to a machine-led, human-empowered SOC. After a year of strengthening endpoint security with Cortex XDR, the team was ready to consolidate all its SOC tools to the Cortex platform via an upgrade to XSIAM.
A connected suite of Palo Alto Networks technologies – Cortex XSIAM and Next-Generation Firewalls powered by Precision AI®– harmonises security, shares intelligence, and automates responses at unprecedented speed. Cortex XSIAM amplifies the power of the Next-Generation Firewalls by seamlessly integrating true Layer 7 network data, alerts, and insights to create a unified view of incidents. This allows consolidated root cause analysis, which enhances security operations and response efficiency, enabling the airline to proactively defend against sophisticated threats with precision and clarity.
-
Platform supports trusted 24/7 flight operations
![]()
By consolidating data and tools into a single, AI-driven platform, the airline has simplified security operations, accelerated incident remediation, and reduced operational risk. It can now operate 24/7 flight operations with confidence that data and devices are free from threats. For example, the six-person SOC team now has complete visibility across the entire infrastructure, allowing it to rapidly review incidents, investigate affected systems and users, and receive response suggestions from anywhere on the platform. “The native integration between XSIAM and the firewalls is very impressive. Everything works as one to accelerate SecOps,” explains Jeyhun (MirCeyhun) Musayev, the airline's IT Director.
-
Transforms security agility and posture
![]()
Simplified data onboarding and data health monitoring help optimise the AZAL’s SOC, helping to position security as a business growth enabler rather than a hindrance. Moreover, the continuous collection, stitching, and normalisation of raw data drives agile, trusted security analytics. These and other factors have led to a 70% faster MTTD and a 60% faster MTTR, improving the airline’s security posture and reducing risk. “Using XSIAM, we are now detecting incidents in minutes rather than hours,” says MirCeyhun. -
Increases analyst productivity by 50%
![]()
Automating security tasks reduces manual work - and accelerates incident response and remediation. XSIAM learns from response actions, and playbooks automate routine security tasks before SOC analysts review incidents. Continuous learning from manual actions and recommending future automations improves incident response. -
Faster time to value
![]()
The airline has experienced a 30% reduction in SecOps costs through using XSIAM. These savings are derived from the rationalisation of security platforms, reduced operational overheads, and streamlined security administration. In collaboration with Palo Alto Networks Professional Services, the airline successfully deployed XSIAM in just two months. “Palo Alto Networks Professional Services was instrumental in ensuring the airline maximised value from the platform. The team’s skills, knowledge transfer, and professionalism shone through at every step,” says MirCeyhun.
By consolidating data and tools into a single, AI-driven platform, the airline has simplified security operations, accelerated incident remediation, and reduced operational risk. It can now operate 24/7 flight operations with confidence that data and devices are free from threats. For example, the six-person SOC team now has complete visibility across the entire infrastructure, allowing it to rapidly review incidents, investigate affected systems and users, and receive response suggestions from anywhere on the platform. “The native integration between XSIAM and the firewalls is very impressive. Everything works as one to accelerate SecOps,” explains Jeyhun (MirCeyhun) Musayev, the airline's IT Director.
Simplified data onboarding and data health monitoring help optimise the AZAL’s SOC, helping to position security as a business growth enabler rather than a hindrance. Moreover, the continuous collection, stitching, and normalisation of raw data drives agile, trusted security analytics. These and other factors have led to a 70% faster MTTD and a 60% faster MTTR, improving the airline’s security posture and reducing risk. “Using XSIAM, we are now detecting incidents in minutes rather than hours,” says MirCeyhun.
Automating security tasks reduces manual work - and accelerates incident response and remediation. XSIAM learns from response actions, and playbooks automate routine security tasks before SOC analysts review incidents. Continuous learning from manual actions and recommending future automations improves incident response.
The airline has experienced a 30% reduction in SecOps costs through using XSIAM. These savings are derived from the rationalisation of security platforms, reduced operational overheads, and streamlined security administration. In collaboration with Palo Alto Networks Professional Services, the airline successfully deployed XSIAM in just two months. “Palo Alto Networks Professional Services was instrumental in ensuring the airline maximised value from the platform. The team’s skills, knowledge transfer, and professionalism shone through at every step,” says MirCeyhun.share this story
