CASE STUDYSupport for development of multi-tenant Cortex XSOAR for use in global-scale MSS

Company A is a global MSS (Managed Security Services) provider. The company provides a wide range of cyber security solutions to a large number of customers, and the company was faced with the challenge of improving operational efficiency and productivity in preparation for future business expansion. To solve this problem, Cortex XSOAR was deployed and the company planned to create a large number of PlayBooks in a short period of time.

Support for development of multi-tenant Cortex XSOAR for use in global-scale MSS

Issues

Customer Requests and Challenges

・The client required a person with professional Cortex XSOAR PlayBook creation skills to create a large number of PlayBooks. ・The client required someone with experience and knowledge of Cortex XSOAR implementation in order to utilize it for purposes other than automation and incident response.

Approach

  • Zscaler
  • CiscoFirePower
  • PAN-OS EDL
  • CheckPoint
  • CrowdStrike
  • FireEye
  • Tenable.io
  • PlayBook for multi-tenant distribution of threat intelligence lists

Result

We supported the development of PlayBooks for a total of 7 products, as well as QA support for XSOAR as a whole, improvement proposals for operational methods, functional verification, and vendor support.
As a result, we were able to speed up and lead to higher quality of the development process, and to secure sufficient time for verification and further PlayBook development.

img_xsoar-case_02.jpg

img_xsoar-case_03.jpg

Especially for Tenable.io, CortexXSOAR was used to manage vulnerabilities for all assets.

Not only did CortexXSOAR reduce the workload by automating the capture of scan result, but it also greatly improved productivity by creating a highly visible management screen.

■Support Items
・PlayBook creation
・Creation of custom fields and layouts
・Proposal of analysis methods linked to other solutions' PlayBooks

img_xsoar-case_04.jpg

We initially planned to provide support for a short period of time, but we decided to expand the scope of our work to provide long-term support since we have recieved customer satisfaction.

■Additional support items
・Improvement proposal of overall operations
・Proposal and verification of threat information acquisition and management

Contact us