Palo Alto Networks Ushers in the Next-Generation Security Operations Center

Early adopters reaping the benefits of improved SOC operations and efficiencies

Delivering on the promise to help organizations leverage massive scales of data for their defenses, Palo Alto Networks (NASDAQ: PANW) today announced the general availability of Cortex® XSIAM, a breakthrough autonomous security operations platform powering today’s modern secure operations center (SOC) and fundamentally changing the way data, analytics and automation are used across enterprise and cloud security operations. 

Earlier this year, Cortex XSIAM was made available to a number of top organizations through the XSIAM Design Partner Program. The design partners spanned healthcare, logistics, design and manufacturing, technology, public sector, and entertainment verticals. The common challenges these organizations face include overwhelming alert volumes accompanied by a high number of false positives, lack of visibility across all parts of the organization, including cloud environments, and excessive manual overhead associated with managing numerous siloed tools.

“The SOC is where some of the best cybersecurity professionals work, and it is time that they have the right platform to get their jobs done effectively. We want to give our customers a new approach to SOC operations with a focus on results, efficiency and productivity,” said Lee Klarich, chief product officer, Palo Alto Networks. “Cortex XSIAM establishes an autonomous SOC where organizations can respond to threats in a fraction of the time it takes today, and analysts can focus on the highest priority incidents. The SOC of the future will be built on AI and automation — any other approach is destined for failure.”

Palo Alto Networks operates its own SOC on Cortex XSIAM and has seen the benefits of intelligent data integration, machine learning-based threat models, extensive automation and proactive analysis of the IT environment to reduce the attack surface. The Palo Alto Networks SOC processes over one trillion events per month, with Cortex XSIAM automatically handling the vast majority of those events. On average, the Cortex-powered SOC detects threats in 10 seconds and responds to high priority threats in one minute, with an 80% reduction in alerts that SOC analysts need to analyze.

The feedback on XSIAM has been strong. Design partners consistently reported improved visibility, fewer incidents, reduced false positives and reduced mean time to response. Paul Alexander, director of IT operations at Imagination Technologies Group, an international leader in the creation and licensing of semiconductor System-on-Chip Intellectual Property, said, “XSIAM is already helping us to resolve and address threats way more quickly and efficiently, reduce risk and track metrics.”

“We see XSIAM as a platform that combines multiple capabilities into one unified ecosystem,” said David Norlin, CISO at Lumifi. “For us, that means empowering analysts to move quicker on multiple datasets, detect threats more comprehensively, and deliver an even better service to our clients.”

“From our first demo of XSIAM as part of the early access program, we were shocked and impressed with the maturity of the platform,” said Randy Watkins, chief technology officer at Critical Start. “This was not a beta product, but a solution that customers would immediately be able to build their entire security operations program around. The data models within XSIAM are some of the best approaches we’ve seen to solving the lack of consistency with log management.”

“XSIAM aims at much more than SIEM and provides the engine for the autonomous SOC,” said Bobby Brillhart, vice president of engineering at Norlem. “XSIAM creates unprecedented opportunities for us as an MDR provider to scale our services and significantly decrease our MTTR.”

Optimized for Cloud-Native Environments

By design, XSIAM operates across both cloud and enterprise security operations, providing true end-to-end management of threats, wherever they originate. Unlike most existing SIEM products, XSIAM comes with the ability to collect and integrate cloud telemetry that is unique to cloud-native systems. While companies born in the cloud benefit from the scale and automation of XSIAM and the ease of integration with public cloud and SaaS telemetry, organizations with legacy SIEM deployments can seamlessly transition to XSIAM as the next-generation autonomous SOC platform.


Cortex XSIAM is now available globally with full support across multiple cloud locations to comply with local regulations.