Axitea disrupts the Italian SOC market with Cortex XSOAR

With demand for their SOC services soaring, Axitea needed scalable processes and a more productive means of keeping pace with an increasing volume of alerts and security tasks. The reliance on fragmented monitoring processes made it difficult to scale the SOC operation and grow the business – for example, analysts were often losing time changing between consoles.

Since 1914, Axitea have researched and developed new technologies and specialist services in response to changes in their industry, preserving the pioneering spirit that’s always made their approach stand out. Today, Axitea integrates surveillance services with innovative technologies and physical and cyber protection systems in a rapidly changing market.

The shift into cybersecurity was one of the smartest moves Axitea ever made. According to the European Investment Bank, there are about 4.3 million small and medium-sized enterprises (SMEs) in Italy, generating 67% of the country’s GDP – one of the highest proportions of SMEs anywhere in Europe. The vast majority are looking for agile, efficient cybersecurity services – and Axitea are fast becoming their vendor of choice.

Against this backdrop, Axitea established a SOC to unify and coordinate their customers’ cyberthreat detection and response capabilities. However, with their legacy monitoring systems, incident management required the focus of six analysts.

Axitea’s second challenge was to find a security orchestration, automation, and response platform that would integrate with multiple customer sources – including Web gateways, Endpoint Detection and Response (EDR), firewalls, and data loss prevention – and different security technology vendors.

Their third was the end-user experience.

The requirements for the next-generation SOAR platform included:

• Providing customers with agile, resilient monitoring and response.
• Automating SOC processes, eliminating manual interventions as much as possible.
• Scaling monitoring to support Axitea’s business growth ambitions.
• Deploying agnostic systems to integrate universally with different third-party security systems.

Axitea chose to transform their SOCs incident response with Palo Alto Networks Cortex XSOAR.

Cortex XSOAR aggregates alerts from multiple detection sources – cloud and SaaS security, firewalls, EDR, Virtual Private Networks (VPNs), email security, and more – before executing automated playbooks to enrich and respond to these incidents. Playbooks coordinate across technologies, security teams, and external users for centralised data visibility and action.

A SOC-as-a-service model takes this solution into another dimension. Previously, customers’ EDR solutions were only managed by Axitea if they had been installed by Axitea. Now, it is open to all EDR solutions. Their customer SLA defines critical incident response time as 30 minutes, or an hour for high-level incidents. “Very few organisations can offer this depth of visibility and flexibility,” says Cesare.

Also, the Cortex XSOAR community is one of the most extensive SOAR communities in existence, with more than 900 integrations in the Cortex Marketplace and prebuilt playbooks available for common use cases.

Axitea are redefining security orchestration, automation, and response for more than 500 customers with Cortex XSOAR. The benefits include:

• Supported business growth: The use of Cortex XSOAR is contributing significantly to Axitea’s revenue growth. “When we mention during customer presentations that we use Cortex XSOAR, people sit up and listen. It’s a real differentiator – especially among SMEs who see the value in an automated, managed SOC service,” says Cesare.
• Enabled seamless scalability: The platform scales and standardises incident response processes. “As we grow, we have seen a significant increase in incidents. However, automated incident response workflows free our analysts to focus on the most critical incidents.”
• Increased productivity: Prior to implementing XSOAR, the SOC had six dedicated analysts; now it only needs two – despite a sharp increase in the customer base.
• Reduced requirement for additional analysts: Despite a 50% increase in SOC business over the last 12 months, the number of analysts needed in Axitea’s SOC has not increased.
• Accelerated incident response: Analysts use instant search, query, and investigation to accelerate complex real-time investigations and incident response. “We can connect alerts, incidents, and indicators from any source on a single platform with Cortex XSOAR,” says Cesare.

Palo Alto Networks Professional Services have also played a vital role in this success.

Learn more about Palo Alto Networks on the website where you can also read many more customer stories.