The Journey from Upgrading Endpoint Security to a Modern Autonomous SOC
While the initial plan was to update endpoint security, the result for a global financial services enterprise was much more—a single platform modern SOC, with automated and AI-enhanced security and the capability to expand in the future. Comport’s recommendation to evaluate Palo Alto Networks’ Cortex technology combined with Unit 42’s global threat detection and incident response expertise enabled the organization to achieve a unified, comprehensive security solution that effectively addresses current threats and future cyber challenges.
Background
A global financial services leader in the NYC metropolitan area recognized the need to minimize business risk by updating their 10-year-old endpoint security, which included desktops, laptops, mobile devices, and virtualized machines. With the increasing sophistication of cyber threats and the growing number of devices connected to their network, their existing security could be inadequate, potentially exposing sensitive financial data to breaches and cyber-attacks.
To address this issue the organization embarked on a program to modernize its endpoint security. Initially, a best-of-breed approach was considered. However, this required complex integrations of their existing and new solutions, as well as ongoing maintenance of these integrations. Comport and its partner Palo Alto Networks changed the conversation from an endpoint security tool to a single platform, unified vision with a roadmap to a comprehensive end-to-end security solution. This collaboration focused on Palo Alto Networks’ Cortex technology, known for advanced capabilities in threat detection and response.
Competitive Evaluation and POC
The organization undertook a rigorous six-month competitive evaluation of the industry-leading endpoint security vendors. Following this evaluation, a three-month Proof of Concept (POC) was conducted to test Palo Alto Networks’ Cortex technology. This POC sought to determine essential factors, including:
- How Cortex’s APIs integrate with their existing security ecosystem.
- How Cortex’s automation and orchestration could streamline operations.
- The quality, comprehensiveness, and usability of Cortex reports.
- The efficiency of deploying Cortex across various 100,000 endpoints.
- Scalability for future endpoint growth.
- Confidence in the reliability, robustness, and effectiveness of Cortex in their environment.
Results
The successful competitive evaluation and POC validated Comport’s recommendation to consider Palo Alto’s single platform, unified security solution. The client team was impressed with how Cortex XDR employs machine learning models to analyze telemetry data from endpoint, network, cloud, and third-party data, creating a comprehensive view that is scalable for growth. Behavioral analytics identify abnormal behaviors that may indicate a threat, such as unusual login times, unexpected file modifications, or atypical network traffic patterns.
The client also included Palo Alto’s Unit 42 to analyze global threat data and identify new attack techniques and trends. Unit 42 enables swift responses to security incidents by identifying the cause of breaches, executing threat containment, with strategies to prevent future incidents.
Some costs were offset by legacy applications such as Sophos, Trelix and several Microsoft services that were no longer necessary. The customer’s investment in an existing Palo Alto firewall was leveraged in the solution (although other firewalls will also integrate easily).
Conclusion
This case study underscores the importance of Comport’s role as an IT partner to bring forth the best technical solution and to facilitate leadership and executive team partnerships amongst all parties. This approach enabled a transition from a disparate set of tools to a cohesive security platform.
The combination of Cortex XDR’s telemetry and AI capabilities with Unit 42’s threat intelligence and incident response expertise provides a superior solution for detecting and preventing cyber-attacks. The client gained unified, automated and orchestrated cyber security leveraging advanced technologies, expert threat intelligence and incident response to reduce risk and safeguard their business. The financial services organization can now effectively mitigate advanced cyber threats, streamline security operations, and ensure the safety and integrity of sensitive financial data.
The impact of the Palo Alto solution was immediate and dramatic. Their operations were catapulted into next generation security, with consequential and positive benefits.” Joe Zinna, Vice President East, Comport