Accelerate SOC incident response
AppsFlyer’s previous reliance on an assortment of siloed incident management tools and techniques resulted in the SecOps team needing to:
- Reduce risk: Up to 2,000 security alerts per month were managed manually, exposing the organisation to errors and increased operational risk. The team struggled to distinguish ‘noise’ from real threats.
- Decrease reliance on manual processes: This manual approach absorbed significant SecOps resources. For example, when a phishing email was reported, the team manually opened a case, performed the step-by-step forensic analysis, and reported the outcome to the initiator.
- De-silo security: Incident response was scattered across three AppsFlyer business units – Governance, Security Engineering, and SecOps – making it harder to orchestrate enterprise-wide remediation.
- Leverage a cloud solution: The existing on-premises Cortex XSOAR platform had already helped to simplify and automate operations, but the further efficiencies and reduced infrastructure maintenance requirements of a cloud solution were highly desirable.
Cortex XSOAR 8 deployed in three weeks
AppsFlyer has now been using Cortex XSOAR on-premises for more than eight years to reduce alert noise, surface critical incidents, and eliminate repetitive manual tasks. The recent migration to the Cortex XSOAR 8 cloud-native SaaS solution has extended this operational capability, allowing SecOps to focus more on strategic security imperatives and less on routine maintenance.

Automates incident management
By automating incident response workflows and repetitive tasks, AppsFlyer has liberated analysts to focus on the most critical incidents. A large number of predefined playbooks extend this automation. Created in minutes, they automate multiple security use cases. For example, 100% of phishing investigations and responses are now automated, saving five hours per day of analysts’ time.

Optimises SecOps efficiency
AppsFlyer can now conduct security operations and incident response more efficiently by streamlining security processes, connecting disparate security tools, and maintaining the right balance of machine-powered security automation and human intervention.
Now, just 15% of all cases require manual intervention, equivalent to approximately 400 cases per month. If incidents were managed manually, AppsFlyer would need an additional four people working full time on triage.

Simplifies infrastructure
The XSOAR 8 cloud migration has eliminated the time previously spent on infrastructure management, liberating SecOps resources to focus on strategic tasks. Overall, XSOAR 8 saves the team 30 minutes per day on system maintenance.
Learn more about Cortex XSOAR or request a demo on our website.