Discover what’s really driving the shift toward unified security
Discover how geopolitical tensions are fueling advanced cyber campaigns
Is the Quantum Threat Closer Than You Think?

AppsFlyer extends SecOps scalability and agility via Cortex XSOAR 8 cloud migration

SUMMARY

AppsFlyer is the global leader in marketing measurement, analytics, and engagement. Headquartered in San Francisco and with 20 offices worldwide, the organisation enables over 15,000 businesses to optimise campaigns, enhance ROI, and fuel growth.

Faced with an increasing array of complex and malicious threats, AppsFlyer needed to reimagine the way its security operations team responded to alerts. Manual processes and repetitive tasks were eating into security analysts’ time – and opening the door to errors. In response, this global leader in mobile marketing analytics deployed Palo Alto Networks Cortex XSOAR to automate operations and provide a simple, secure platform for incident response. A recent migration to XSOAR 8 in the cloud is driving additional scalability, useability, and agility.

RESULTS

85%

of incidents now triaged automatically, freeing up 4 FTEs

Minutes

to create playbooks

3 weeks

to migrate from Cortex XSOAR 6 to XSOAR 8

5 hours

per day saved by automating phishing incident management
Challenge

Accelerate SOC incident response

AppsFlyer’s previous reliance on an assortment of siloed incident management tools and techniques resulted in the SecOps team needing to:

  • Reduce risk: Up to 2,000 security alerts per month were managed manually, exposing the organisation to errors and increased operational risk. The team struggled to distinguish ‘noise’ from real threats.
  • Decrease reliance on manual processes: This manual approach absorbed significant SecOps resources. For example, when a phishing email was reported, the team manually opened a case, performed the step-by-step forensic analysis, and reported the outcome to the initiator.
  • De-silo security: Incident response was scattered across three AppsFlyer business units – Governance, Security Engineering, and SecOps – making it harder to orchestrate enterprise-wide remediation.
  • Leverage a cloud solution: The existing on-premises Cortex XSOAR platform had already helped to simplify and automate operations, but the further efficiencies and reduced infrastructure maintenance requirements of a cloud solution were highly desirable.
SOLUTION

Cortex XSOAR 8 deployed in three weeks

AppsFlyer has now been using Cortex XSOAR on-premises for more than eight years to reduce alert noise, surface critical incidents, and eliminate repetitive manual tasks. The recent migration to the Cortex XSOAR 8 cloud-native SaaS solution has extended this operational capability, allowing SecOps to focus more on strategic security imperatives and less on routine maintenance.

Minutes to set up playbooks
Automates incident management

By automating incident response workflows and repetitive tasks, AppsFlyer has liberated analysts to focus on the most critical incidents. A large number of predefined playbooks extend this automation. Created in minutes, they automate multiple security use cases. For example, 100% of phishing investigations and responses are now automated, saving five hours per day of analysts’ time.

Optimises SecOps efficiency

AppsFlyer can now conduct security operations and incident response more efficiently by streamlining security processes, connecting disparate security tools, and maintaining the right balance of machine-powered security automation and human intervention.

Now, just 15% of all cases require manual intervention, equivalent to approximately 400 cases per month. If incidents were managed manually, AppsFlyer would need an additional four people working full time on triage.

30 minutes saved each day through XSOAR 8
Simplifies infrastructure

The XSOAR 8 cloud migration has eliminated the time previously spent on infrastructure management, liberating SecOps resources to focus on strategic tasks. Overall, XSOAR 8 saves the team 30 minutes per day on system maintenance.

"We were tasked with manually sifting through a growing volume of sophisticated threats. Automating the alert and response process would transform AppsFlyer’s security posture across teams, tools, and networks."

Dikla Ramot

Chief Information Security Officer, AppsFlyer

"The migration to XSOAR 8 was fast and non-intrusive. We were live on the SaaS model in just three weeks, allowing us to almost immediately benefit from its scalability, flexibility, and maintenance-free capabilities."

Dikla Ramot

Chief Information Security Officer, AppsFlyer

"Migrating to Cortex XSOAR 8 SaaS is a no-brainer. Infrastructure maintenance, updates, and troubleshooting all absorb resources. And in the event of an outage, incidents can be missed. We live in a SaaS world – embracing XSOAR 8 just makes sense."

Dikla Ramot

Chief Information Security Officer, AppsFlyer

"Playbooks are so simple to create – the process is highly intuitive. We can also reuse sub-tasks from other playbooks and enrich existing information. It’s lightning quick."

Ofir Shuves

SecOps Manager, AppsFlyer

"The new XSOAR 8 console features some great new automation features. For example, more playbook tasks are automated, and we can fetch fields much faster."

Ofir Shuves

SecOps Manager, AppsFlyer

Learn more about Cortex XSOAR or request a demo on our website.

Download article

CUSTOMER DETAILS

Technology

20 locations worldwide

appsflyer.com

PRODUCTS USED

Cortex XSOAR

Download article

Get in touch

Speak with a Cortex XSOAR expert today for a deep dive into our products and capabilities.

Get the latest news, invites to events, and threat alerts