AppsFlyer extends SecOps scalability and agility via Cortex XSOAR 8 cloud migration

SUMMARY

AppsFlyer is the global leader in marketing measurement, analytics, and engagement. Headquartered in San Francisco and with 20 offices worldwide, the organisation enables over 15,000 businesses to optimise campaigns, enhance ROI, and fuel growth.

Faced with an increasing array of complex and malicious threats, AppsFlyer needed to reimagine the way its security operations team responded to alerts. Manual processes and repetitive tasks were eating into security analysts’ time – and opening the door to errors. In response, this global leader in mobile marketing analytics deployed Palo Alto Networks Cortex XSOAR to automate operations and provide a simple, secure platform for incident response. A recent migration to XSOAR 8 in the cloud is driving additional scalability, useability, and agility.

RESULTS

85%

of incidents now triaged automatically, freeing up 4 FTEs

Minutes

to create playbooks

3 weeks

to migrate from Cortex XSOAR 6 to XSOAR 8

5 hours

per day saved by automating phishing incident management
Challenge

Accelerate SOC incident response

AppsFlyer’s previous reliance on an assortment of siloed incident management tools and techniques resulted in the SecOps team needing to:

  • Reduce risk: Up to 2,000 security alerts per month were managed manually, exposing the organisation to errors and increased operational risk. The team struggled to distinguish ‘noise’ from real threats.
  • Decrease reliance on manual processes: This manual approach absorbed significant SecOps resources. For example, when a phishing email was reported, the team manually opened a case, performed the step-by-step forensic analysis, and reported the outcome to the initiator.
  • De-silo security: Incident response was scattered across three AppsFlyer business units – Governance, Security Engineering, and SecOps – making it harder to orchestrate enterprise-wide remediation.
  • Leverage a cloud solution: The existing on-premises Cortex XSOAR platform had already helped to simplify and automate operations, but the further efficiencies and reduced infrastructure maintenance requirements of a cloud solution were highly desirable.
SOLUTION

Cortex XSOAR 8 deployed in three weeks

AppsFlyer has now been using Cortex XSOAR on-premises for more than eight years to reduce alert noise, surface critical incidents, and eliminate repetitive manual tasks. The recent migration to the Cortex XSOAR 8 cloud-native SaaS solution has extended this operational capability, allowing SecOps to focus more on strategic security imperatives and less on routine maintenance.

Minutes to set up playbooks
Automates incident management

By automating incident response workflows and repetitive tasks, AppsFlyer has liberated analysts to focus on the most critical incidents. A large number of predefined playbooks extend this automation. Created in minutes, they automate multiple security use cases. For example, 100% of phishing investigations and responses are now automated, saving five hours per day of analysts’ time.

Optimises SecOps efficiency

AppsFlyer can now conduct security operations and incident response more efficiently by streamlining security processes, connecting disparate security tools, and maintaining the right balance of machine-powered security automation and human intervention.

Now, just 15% of all cases require manual intervention, equivalent to approximately 400 cases per month. If incidents were managed manually, AppsFlyer would need an additional four people working full time on triage.

30 minutes saved each day through XSOAR 8
Simplifies infrastructure

The XSOAR 8 cloud migration has eliminated the time previously spent on infrastructure management, liberating SecOps resources to focus on strategic tasks. Overall, XSOAR 8 saves the team 30 minutes per day on system maintenance.

Learn more about Cortex XSOAR or request a demo on our website.