Case Study

KHIPU transforms security operations with XMDR powered by Palo Alto Networks

Customers of any size, industry, and geography trust KHIPU Networks’ eXtended Managed Detection and Response (XMDR) service, powered by the Palo Alto Networks portfolio. Delivered through KHIPU’s proven security operation center (SOC), the managed security service efficiently predicts, detects, and prevents attacks 24/7 with dedicated threat hunting, triage, investigation, and response.

In brief


KHIPU Networks

Products and Services

Cybersecurity services



Organization Size

Offices in the UK, Mauritius, and South Africa


Fleet, UK

    KHIPU customers face a common, multilayer challenge: maintain security visibility across an increasingly complex, hybrid infrastructure and workforce. Moreover, due to the current skills gap, they struggle to hire and retain the security professionals they need.
  • Provide customers with 24/7/365 cyberthreat monitoring, alerting, protection, prevention, and recovery.
  • Stop advanced attacks; reduce alert fatigue and analyst burnout.
  • Empower security staff to focus on projects and development, to release them from everyday monitoring and investigation.
  • Introduce a proactive, communitywide holistic SOC service whose insights benefit all customers.
  • Ensure complete, unified SOC MDR coverage across network, endpoint, and cloud data.
  • Satisfy regulatory compliance to help customers pass their annual security audits.

KHIPU Networks’ XMDR service powered by Palo Alto Networks portfolio, including Cortex XDR, Cortex XSOAR, Cortex Data Lake, MLPowered NGFW, and WildFire.

Download PDF Share


Unravelling a knotty problem

South American Inca tribes coined the phrase ‘KHIPU.’ It refers to a piece of string with knots tied in different sequences to record information like finances or census records. Over the centuries, no one has cracked the code of the KHIPUs. The insights they hold are locked away in the thousands of knots, individually configured, and known only to Inca tribes. This is 15th-century cybersecurity in action.

It is also how KHIPU Networks derived its name. This privately owned, international cybersecurity company provides a wide range of network, wireless, and security solutions across multiple industry sectors. Their exemplary customer support is recognised by their customers, and it’s why they are By Royal Appointment To Her Majesty The Queen— Network Security Provider for providing services to the Royal Household since 2013.

Many organisations and IT leaders that KHIPU speaks to, regardless of sector, location, or size, are kept awake by the fear that a cyberattack could damage their organisation’s data or disrupt their digital strategy and ruin their reputation. Threats include malware, phishing attacks, data breaches, denial-of-service (DoS) attacks, and many other attack vectors.

What also causes great concern for these organisations is how they would cope if struck by an attack. Growing IT complexity, hybrid on-premises and cloud infrastructures, post-pandemic remote working, legacy systems, and much more make it harder than ever to maintain visibility and control across the threat landscape. Moreover, many of the organisations KHIPU engages with lack the physical resources to monitor their infrastructure 24/7/365, let alone take swift action when a vulnerability or breach emerges.

KHIPU launched its Managed Detection and Response (MDR) service in 2019 to help customers stop advanced attacks while reducing alert fatigue and analyst burnout. Additionally, as a managed service, customers would also avoid the painstaking process of building or refining their own SOC, which is very costly and takes significant time. They are in need of a SOC service that can be implemented quickly and cost-effectively.


When we talk to customers about the KHIPU XMDR Service, their common goals are to enhance security, minimise their attack surface and work with a trusted partner who will be an extension of their teams. However, such a service must be affordable and demonstrate true return on investment. They want to stay in front of security threats but either lack the in-house resources, become distracted addressing lowrisk alerts, or face threats which might elude their existing security controls. Some have looked at SIEM-based controls, but acknowledge they are expensive, can often overload their teams with too much information and sometimes fail to resolve the problem.

Guy Jermany, Chief Information Officer, KHIPU Networks


Provide immediate protection and improve SOC efficiencies

During the MDR development phase, a key question remained for KHIPU: which company should it partner with to provide the security portfolio to underpin the MDR? The requirements included:

  • A technology that accelerates protection for customers, not a logging type solution that requires extensive time, effort, and resources to be effective.
  • Implement a best-in-class security portfolio to stop the most advanced attacks while reducing alert fatigue and analyst burnout.
  • Release expensive, in-house security resources from everyday repetitive monitoring tasks to focus on strategy, improving cybersecurity services and adding value to customers.
  • Introduce proactive threat hunting, comprehensive alert management, and 24/7 incident response.
  • Create a community-wide service for threat intelligence, enabling rapid response to threats across all customers—not just individual organisations.
  • Ensure complete, unified MDR coverage and visibility across network, endpoint, cloud data and third-party systems—that is scalable and cost-effective.
  • Benefit from an experienced partner with a proven security toolset, qualified teams, and an innovative product roadmap for the future.


AI-Based, continuous 24/7/365 security

According to Matt Ashman, Chief Commercial Officer at KHIPU Networks, Palo Alto Networks met and exceeded all of those requirements. “The Palo Alto Networks portfolio gives us a single view of security across each customer’s estate. The breadth and depth of the portfolio is second to none. It’s an entire security ecosystem in one, connected suite.”

The KHIPU eXtended Managed Detection and Response (XMDR) service is centered around Palo Alto Networks Cortex XDR and XSOAR platforms, deployed as part of KHIPU’s 24/7, year-round SOC. Cortex XDR provides extended detection and response as it integrates, analyses, and stitches data together across endpoint, network, and cloud.

The consolidated Cortex XDR cybersecurity solution uses behavioural analytics to accurately detect threats and reveal the root cause to speed up investigations and improve the mean time to respond (MTTR). This allows SOC analysts to focus on the most critical alerts and be more productive. Tight integration with enforcement points accelerates containment and incident resolution.

The Khipu XMDR service is staffed by KHIPU’s SOC analyst/threat hunter staff who are now Cortex XDR certified and available 24/7. This XMDR specialization combines experienced analysts, mature operational processes and proven customer support with Palo Alto Networks market-leading security products.


The Palo Alto Networks portfolio stands out from other security operations solutions by nature of its simplicity, automation, and accuracy. We can offer customers complete visibility from a single data source and the ability to respond as a managed service across the whole environment. Managed threat hunting, investigation, and response are all connected in one unified solution—which is what our customers are asking us for.

Guy Jermany, Chief Information Officer, KHIPU Networks

XMDR customers also have the flexibility to choose between continuous alerting and notification only, through to root cause analysis, response, and mitigation. It’s all packaged around flexible cost models and complete services for endpoint, network, and cloud security.

The Cortex XDR and XSOAR platforms power KHIPU’s SOC and are seamlessly connected with other components of the Palo Alto Networks portfolio to deliver a comprehensive range of cybersecurity services and solutions.

The portfolio includes:

  • Cortex® XDR™: The world’s first detection and response app that natively integrates network, endpoint, and cloud data to stop sophisticated attacks. Cortex XDR accurately detects threats with behavioural analytics and reveals the root cause to speed up investigations. Tight integration with enforcement points accelerates containment, enabling you to stop attacks before the damage is done.
  • Cortex Data Lake: Efficient, scalable log storage enables KHIPU to cost-effectively store large volumes of data for long periods in support of investigations.
  • Cortex XSOAR: Security operations automation is provided by Cortex XSOAR, which ingests alerts across sources and executes automated workflows to speed up KHIPU’s incident investigation and response.
  • Cortex XSOAR: Security operations automation is provided by Cortex XSOAR, which ingests alerts across sources and executes automated workflows to speed up KHIPU’s incident investigation and response.


The synergy between the two companies is remarkable. Many of our team have worked with Palo Alto Networks for more than a decade. We and our customers trust the company. They have a proven track record for delivery. If I worked for an organisation facing a vulnerability or cyberattack, I would definitely want Palo Alto Networks on my side.

Matt Ashman, Chief Commercial Officer, KHIPU Networks


Eliminates and prevents threats in an AI heartbeat

KHIPU’s XMDR surfaces every step of an attack by applying ML to rich network, endpoint, and cloud data. Cortex XDR outsmarts attackers by detecting behavioural anomalies indicative of attacks. KHIPU customers can choose from a range of SOC services to meet their needs and priorities.

A ready-to-go SOC

XMDR customers can instantly migrate to a fully staffed, ready-to-go SOC as a service, liberating staff from manual security monitoring to focus on more strategic tasks. Certified KHIPU experts manage 24/7 alerts, proactively hunt threats, and respond in accordance with SLAs.

Reduces investigation time

By consolidating alerts into incidents, KHIPU’s XMDR dramatically reduces the number of alerts to review. Each incident provides a complete picture of an attack, with integrated threat intelligence and actionable details. Automated root cause analysis reveals the source and the sequence of events for any alert with a single click, simplifying triage and analysis

Adds agility and flexibility

The XMDR solution is tailored to KHIPU customers’ unique requirements, environments, and priorities. Services range from continuous alerting and notification only, all the way to root cause analysis, response, and mitigation.

Shares community insights

KHIPU uses the intelligent security insights harvested across customers around the world, in every industry, to steadily improve detection and response times. By natively integrating threat intelligence feeds with shared analyst experiences on a ‘community insight’ basis, every KHIPU customer is protected from today’s emerging threats.

The University of Derby is just one of the many multisector customers of the KHIPU SOC. James Eaglesfield, the university’s Head of IT Governance and Portfolio, comments “For a relatively small investment, the university benefits from world-class protection across its endpoint and network estate, gains a 24/7/365 SOC and has access to cybersecurity experts as an extension of his team. Their pre-built XMDR commercial offering frees up investments with a predictable opex model.”