Preserving loyalty: Puntos Colombia protects 8.7 million members with a unified platform

The implementation of Cortex XDR transformed Puntos Colombia’s ability to identify threats by correlating telemetry across endpoints, network, and cloud. Its Cyber Defense Center, monitored by partner Netdata and powered by the Cortex platform, integrates 15+ data sources into a unified view, eliminating the silos of information that previously led to delayed responses. “This has been key for the organization to move from reacting to events to early intervention in the attack chain,” explains Paulo Cadena, Director of Security and Risk Management. “It significantly reduces detection time and speeds up decision-making.” By providing a single, coherent incident narrative, the platform reduced the MTTR by 5x and MTTD to just four minutes—a stark contrast to the days or hours required under the previous legacy infrastructure. Analysts can now also detect anomalous behaviors, centralize investigations, and identify lateral movements with greater precision.

To combat the massive volume of incoming alerts, Puntos Colombia integrated Cortex XSOAR to orchestrate and automate incident response workflows. By using playbooks that integrate multiple tools and information sources for common tasks (such as phishing analysis and indicator blocking), the team leverages automation to handle 99% of the company’s 9,000 monthly security events. This dramatically optimized the team's operational workload, allowing them to transition from constant manual triaging to strategic oversight and high-priority security engineering projects.

As a cloud-first organization, Puntos Colombia uses Cortex Cloud to continuously maintain a unified view into its AWS infrastructure. The platform enables security analysts to identify misconfigurations and vulnerabilities before they become incidents and ensure that the rapid pace of DevOps doesn’t outpace security requirements. Cadena adds that having the context to prioritize findings that require immediate attention versus which have a lower impact will improve the speed and consistency of the response to cloud threats.

To secure its distributed IT environment, Puntos Colombia deployed Prisma Access with Next-Generation Hardware and Software Firewalls, transitioning from a traditional perimeter to a Zero Trust Network Access (ZTNA) model. Next Generation firewalls deliver deep traffic inspection, granular application control, and environment segmentation to reduce the attack surface through a risk-based segmentation model. At the same time, Prisma Access protects remote users with consistent, policy-driven access to corporate applications—independent of traditional network boundaries.

The combination of SaaS Security and Enterprise DLP has been fundamental in maintaining control over sensitive information residing in the cloud, ensuring compliance and data integrity. By integrating these capabilities, the IT team has successfully silenced alert noise and reduced false positives, enabling them to focus on high-value alerts rather than manual triaging. Centralized security policy enforcement across AWS cloud workloads and physical office locations ensures that every connection is verified and monitored in real time. This foundation significantly reduces the attack surface while providing the high-performance connectivity required for a secure and seamless user experience.

With the desire to address vulnerabilities where daily work for the team happens, Puntos Colombia adopted Prisma Browser. The secure browser gives the security team granular visibility and control over user activities in web, SaaS, GenAI and private applications that standard browsers can’t offer. With Prisma Browser, the organization can prevent unauthorized data exposure, such as pasting sensitive transactional data into risky websites or taking screenshots within internal applications. This “last-mile” protection ensures that users are protected from cyber threats and sensitive data is secure from data exposure risks.