Axitea disrupts the Italian SOC market with Cortex XSOAR

When Axitea tell prospects that their Security Operations Centre (SOC) uses Palo Alto Networks XSOAR, those prospects sit up and listen. The modern security orchestration, automation, and response platform is helping this leading Italian physical security and cybersecurity provider to win new business, scale their SOC operations, and deliver a rewarding analyst experience.

In brief



Organisation Size

20,000+ customers



Featured Products and Services

Physical security and cybersecurity services




SOC analysts were wasting time switching between systems, determining false positives, and performing repetitive manual tasks throughout an incident lifecycle.


  • Agile, resilient SOC monitoring and response.
  • Automated SOC processes, with fewer manual interventions.
  • Scalable monitoring to support business growth.
  • Universal integration to third-party security technologies.


Palo Alto Networks Cortex XSOAR

Download PDF Share

Keeping up with increasing SOC service demand

With demand for their SOC services soaring, Axitea needed scalable processes and a more productive means of keeping pace with an increasing volume of alerts and security tasks. The reliance on fragmented monitoring processes made it difficult to scale the SOC operation and grow the business – for example, analysts were often losing time changing between consoles.


Securing Italy’s future

Since 1914, Axitea have researched and developed new technologies and specialist services in response to changes in their industry, preserving the pioneering spirit that’s always made their approach stand out. Today, Axitea integrates surveillance services with innovative technologies and physical and cyber protection systems in a rapidly changing market.

The shift into cybersecurity was one of the smartest moves Axitea ever made. According to the European Investment Bank, there are about 4.3 million small and medium-sized enterprises (SMEs) in Italy, generating 67% of the country’s GDP – one of the highest proportions of SMEs anywhere in Europe. The vast majority are looking for agile, efficient cybersecurity services – and Axitea are fast becoming their vendor of choice.

Against this backdrop, Axitea established a SOC to unify and coordinate their customers’ cyberthreat detection and response capabilities. However, with their legacy monitoring systems, incident management required the focus of six analysts.


Using the previous monitoring platform, events were ingested into one ticketing system and managed directly inside the applicable technology. It simply wasn’t scalable.

— Cesare Di Lucchio,
SOC Manager, Axitea

Axitea’s second challenge was to find a security orchestration, automation, and response platform that would integrate with multiple customer sources – including Web gateways, Endpoint Detection and Response (EDR), firewalls, and data loss prevention – and different security technology vendors.

Their third was the end-user experience.


Analysts had to perform many tasks manually and switch between different monitoring tools. If an incident occurred, we couldn’t say we’d respond in one hour or two. We had to think more imaginatively about our SOAR strategy.

— Cesare Di Lucchio,
SOC Manager, Axitea


Automation, scalability, and visibility

The requirements for the next-generation SOAR platform included:

  • Providing customers with agile, resilient monitoring and response.
  • Automating SOC processes, eliminating manual interventions as much as possible.
  • Scaling monitoring to support Axitea’s business growth ambitions.
  • Deploying agnostic systems to integrate universally with different third-party security systems.


The definitive answer to almost every cybersecurity question

Axitea chose to transform their SOCs incident response with Palo Alto Networks Cortex XSOAR.


Palo Alto Networks is the definitive answer to almost every cybersecurity question. Their connected portfolio of products is proven the world over. It’s trusted and highly effective – and the Palo Alto Networks people are extremely knowledgeable. In terms of XSOAR, we particularly liked how quickly we could create playbooks.

— Cesare Di Lucchio,
SOC Manager, Axitea

Cortex XSOAR aggregates alerts from multiple detection sources – cloud and SaaS security, firewalls, EDR, Virtual Private Networks (VPNs), email security, and more – before executing automated playbooks to enrich and respond to these incidents. Playbooks coordinate across technologies, security teams, and external users for centralised data visibility and action.


We collect data from multiple customer systems – everything from Darktrace and Sophos to Trend Micro and Microsoft Defender. The single unified dashboard gives us complete visibility into everything we need. For example, we can view the volume of critical, medium, or low-severity incidents and their mean time to assignment. The dashboard also shows incidents by technology type and why the incident was closed.

— Cesare Di Lucchio,
SOC Manager, Axitea

A SOC-as-a-service model takes this solution into another dimension. Previously, customers’ EDR solutions were only managed by Axitea if they had been installed by Axitea. Now, it is open to all EDR solutions. Their customer SLA defines critical incident response time as 30 minutes, or an hour for high-level incidents. “Very few organisations can offer this depth of visibility and flexibility,” says Cesare.

Also, the Cortex XSOAR community is one of the most extensive SOAR communities in existence, with more than 900 integrations in the Cortex Marketplace and prebuilt playbooks available for common use cases.


The Marketplace integrations are a real bonus for Axitea. We can quickly onboard new SOC customers and scale our services.

— Cesare Di Lucchio,
SOC Manager, Axitea


XSOAR is a real business differentiator

Axitea are redefining security orchestration, automation, and response for more than 500 customers with Cortex XSOAR. The benefits include:

  • Supported business growth: The use of Cortex XSOAR is contributing significantly to Axitea’s revenue growth. “When we mention during customer presentations that we use Cortex XSOAR, people sit up and listen. It’s a real differentiator – especially among SMEs who see the value in an automated, managed SOC service,” says Cesare.
  • Enabled seamless scalability: The platform scales and standardises incident response processes. “As we grow, we have seen a significant increase in incidents. However, automated incident response workflows free our analysts to focus on the most critical incidents.”
  • Increased productivity: Prior to implementing XSOAR, the SOC had six dedicated analysts; now it only needs two – despite a sharp increase in the customer base.
  • Reduced requirement for additional analysts: Despite a 50% increase in SOC business over the last 12 months, the number of analysts needed in Axitea’s SOC has not increased.
  • Accelerated incident response: Analysts use instant search, query, and investigation to accelerate complex real-time investigations and incident response. “We can connect alerts, incidents, and indicators from any source on a single platform with Cortex XSOAR,” says Cesare.

Palo Alto Networks Professional Services have also played a vital role in this success.


The expert team automated our use cases and customers one by one. They have also helped us to structure the SOC as-a-service offering and implement playbooks.”

— Cesare Di Lucchio,
SOC Manager, Axitea

Learn more about Palo Alto Networks on the website where you can also read many more customer stories.

This customer story is also available in Italian.