With demand for their SOC services soaring, Axitea needed scalable processes and a more productive means of keeping pace with an increasing volume of alerts and security tasks. The reliance on fragmented monitoring processes made it difficult to scale the SOC operation and grow the business – for example, analysts were often losing time changing between consoles.
Since 1914, Axitea have researched and developed new technologies and specialist services in response to changes in their industry, preserving the pioneering spirit that’s always made their approach stand out. Today, Axitea integrates surveillance services with innovative technologies and physical and cyber protection systems in a rapidly changing market.
The shift into cybersecurity was one of the smartest moves Axitea ever made. According to the European Investment Bank, there are about 4.3 million small and medium-sized enterprises (SMEs) in Italy, generating 67% of the country’s GDP – one of the highest proportions of SMEs anywhere in Europe. The vast majority are looking for agile, efficient cybersecurity services – and Axitea are fast becoming their vendor of choice.
Against this backdrop, Axitea established a SOC to unify and coordinate their customers’ cyberthreat detection and response capabilities. However, with their legacy monitoring systems, incident management required the focus of six analysts.
Axitea’s second challenge was to find a security orchestration, automation, and response platform that would integrate with multiple customer sources – including Web gateways, Endpoint Detection and Response (EDR), firewalls, and data loss prevention – and different security technology vendors.
Their third was the end-user experience.
The requirements for the next-generation SOAR platform included:
Axitea chose to transform their SOCs incident response with Palo Alto Networks Cortex XSOAR.
Cortex XSOAR aggregates alerts from multiple detection sources – cloud and SaaS security, firewalls, EDR, Virtual Private Networks (VPNs), email security, and more – before executing automated playbooks to enrich and respond to these incidents. Playbooks coordinate across technologies, security teams, and external users for centralised data visibility and action.
A SOC-as-a-service model takes this solution into another dimension. Previously, customers’ EDR solutions were only managed by Axitea if they had been installed by Axitea. Now, it is open to all EDR solutions. Their customer SLA defines critical incident response time as 30 minutes, or an hour for high-level incidents. “Very few organisations can offer this depth of visibility and flexibility,” says Cesare.
Also, the Cortex XSOAR community is one of the most extensive SOAR communities in existence, with more than 900 integrations in the Cortex Marketplace and prebuilt playbooks available for common use cases.
Axitea are redefining security orchestration, automation, and response for more than 500 customers with Cortex XSOAR. The benefits include:
Palo Alto Networks Professional Services have also played a vital role in this success.