Sitecore achieves 90% SOC automation with Cortex XSOAR

Sitecore are a global leader in end-to-end digital experience software. Unifying data, content, commerce, and experiences, the company’s SaaS-enabled digital experience platform (DXP) empowers brands like L’Oréal, Microsoft, United Airlines – and 5,000 others – to deliver unforgettable interactions. Sitecore have 2,200 employees across 27 locations worldwide.

Sitecore’s DXP is at the cutting-edge of innovation, combining customer data, artificial intelligence (AI), and marketing automation to deliver the experiences customers crave. It’s a similar story with the company’s cybersecurity strategy. Sitecore are a security innovator, using modern, dynamic security platforms to safeguard the data, applications, and people underpinning the DXP.

“We are a true pioneer in security: from embedding security into our development lifecycle as part of a shiftleft strategy to optimising the way we manage security operations, we are continually breaking boundaries. I genuinely believe customers are drawn to Sitecore owing to our commitment to, and investment in, cybersecurity,” says Adam.

The challenge for Sitecore was to reimagine incident response in their SOC, which monitors security across six customer products spanning approximately 4,500 clients. However, it was no longer sustainable to put people at the frontline of incident response.

The SOC team needed to shift to an automation-first incident response approach. The requirements were to:

• Reduce alert noise and surface critical incidents.
• Eliminate repetitive manual tasks.
• Facilitate analyst investigation and collaboration.
• Map external threats to SOC incidents by leveraging threat intelligence.

Sitecore have deployed Cortex XSOAR to transform security orchestration, automation, and response. It unifies SOC automation, case management, collaboration, and threat intelligence management. The SOC sees up to 45,000 events per week, which are managed by just two Sitecore analysts.

Intelligent automation means the SOC can effectively manage alerts across all sources, standardise processes with playbooks, act on threat intelligence, and automate response options for almost any use case.

“Cortex XSOAR takes care of repetitive, time-consuming tasks so we can focus on improving our security posture. Every time we see a Zero Day attack, we write a playbook for it. We are constantly innovating and updating – to the point we can almost see things coming now,’ explains Adam.

The platform ingests aggregated alerts and indicators of compromise (IoCs) from multiple sources before executing automated playbooks to enrich cybersecurity data and respond to incidents. For example, insights from the Palo Alto Networks Prisma Cloud CNAPP are fed into XSOAR, with tickets from the cloud-native application protection platform automatically created to solve QA and test deficiencies. Likewise, external threat analytics from Recorded Future allow the team to look at CVE scores and write playbooks ahead of problems occurring. Inputs also include Veracode code scanning and a ServiceNow CMDB.

Sitecore are experiencing dramatic improvements in SOC operational management using Cortex XSOAR. These include:

• Accelerated incident investigations: Cortex XSOAR delivered 90% automation of security events with an average time to fix of only nine minutes. “This is unheard of in the industry,” says Adam. “We believe Sitecore to be among the first companies to achieve this degree of automation, and it elevates us to be a premier provider of security for our products.”
• Orchestrated, highly accurate incident response: Sitecore’s SOC is recording an exceptionally low error rate of only 10%.
• Maximised operational efficiency: The SOC is seeing up to 45,000 events per week. The SOC team – comprising just two engineers – handles less than 10% of these incidents manually.
• Improved investigation quality: Collaborative investigation enables Sitecore analysts to assist one another, learn from each incident, and take decisive action more quickly.
• Documented all actions: Adam explains, “We produce biweekly reports from the SOC for distribution to the business. We can evidence all the claims that we make regarding 90% automation.”
• Delivered holistic threat intelligence management: Cortex XSOAR monitors and acts upon multiple sources. In Sitecore’s case, this includes Palo Alto Networks Prisma Cloud CNAPP, external threat analytics from Recorded Future, Veracode code scanning, and other sources.

Learn more about Cortex XSOAR on the website, where you can also read many more customer stories.