Palo Alto Networks Cortex XSOAR

Formerly Demisto

Users have found that the product greatly improves incident response efficiency by automating controls in response to detected incidents. This automation streamlines and expedites the incident response process, allowing analysts to focus on more critical tasks. Additionally, the product is used for documentation and escalation of sensitive cases within the team and the extended information security team, ensuring that all relevant information is properly documented and shared with the appropriate stakeholders.

Analysts have reported significant time savings and improved analysis capabilities thanks to the product's IOC enrichment feature. This feature allows for quick enrichment of indicators of compromise, saving analysts from manually searching for information and aiding in the analysis of cybersecurity incidents. Moreover, the product seamlessly enables SOC teams to triage and investigate malicious traffic, enhancing the organization's overall network security posture.

The playbooks provided by the product have been highly beneficial to security teams as they standardize and scale processes, increasing efficiencies across the board. By leveraging these playbooks, security analysts can automate thousands of actions across various security products, resulting in lower response times to security incidents. Additionally, the product allows for coordination of actions across different security products, providing a process-centric view for incident response.

The IT Security department primarily relies on the product for automation, secops, logging, compliance, and HiTrust certification reporting. By automating these crucial processes, the department can ensure compliance with regulatory requirements while also improving operational efficiency. Users have been using this product successfully for over a year to automate and orchestrate security processes, integrating various tools and systems to gain a complete view of their IT environment.

The automated phishing protection functionality offered by the product has proven highly effective in reducing security incidents via email. By automatically identifying and blocking phishing attempts, organizations can significantly enhance their email security posture. Moreover, the product excels at collecting and analyzing data in one centralized place, saving valuable time for security analysts and enabling comprehensive security analytics.

Integration capabilities are a key strength of the product, allowing users to consolidate cybersecurity incidents from various security products into a single platform. This centralized view simplifies incident management and enables more efficient collaboration between different teams. Finally, the product's IOC enrichment feature continues to be highly appreciated by cybersecurity professionals, as it provides valuable context and insights to aid in the analysis of cybersecurity incidents.

In summary, this product offers a range of valuable use cases for security teams. From automating controls and incident response to enabling documentation and escalation of sensitive cases, this product significantly improves efficiency and streamlines processes. Analysts benefit from the product's automation capabilities, IOC enrichment feature, playbooks for standardized processes, integration capabilities, and automated phishing protection functionality. Moreover, IT Security departments rely on the product for automation, secops, logging, compliance, and HiTrust certification reporting. With its comprehensive functionality and ease of use, this product proves to be an essential tool for enhancing network security posture and maintaining a proactive approach to cybersecurity.