A Large Seafood Chain’s Security Team Saves Thousands of Hours with Secure Orchestration
Large Seafood Restaurant Chain
- Reduce the amount of time Security Analysts spend researching threats
- Simplify the research and remediation process
- Integrated Mimecast and Palo Alto Networks Cortex XSOAR to control research and remediation from one system
- Single platform to log into
- Saved 6,300 hours on research and remediation
- Improved their orchestration process
This large seafood restaurant chain employs over 58,000 employees in more than 700 international restaurants. They believe in innovation to help facilitate great seafood, great people, and great results. Their Security Team invested in technology solutions to help drive innovation and security for their global users, including Palo Alto Networks Cortex XSOAR for security orchestration and Mimecast for email security.
Given their size and reputation, the restaurant chain is highly targeted with phishing emails, so they deployed a comprehensive plan to help research and remediate threats.
When an end user was suspicious of an email, they would forward the message to a shared mailbox managed by the security analyst team. Next, a security analyst would grab the message to begin their investigation.
Each message took an analyst about 1-3 hours starting with an analyst grabbing the message information from Exchange and various other systems to researching the potential threat. If the message was then deemed malicious, the analyst would add the sender to their block list in Mimecast.
Given that the team received 10-15 potentially dangerous emails per day, they spent an average of 6,500 hours investigating and remediating threats per year.Given that the team received 10-15 potentially dangerous emails per day, they spent an average of 6,500 hours investigating and remediating threats per year.
Though the the restaurant chain team had a security research process in place, they knew it could be more efficient, so they reached out to Palo Alto Networks Cortex XSOAR, their SOAR, to understand their integrations with other solutions. The Palo Alto Networks Cortex XSOAR team helped them integrate into Mimecast to simplify and automate their processes where they could. The capabilities they integrated were:
- Message search capabilities
- URL decode
- Block sender
After integrating Mimecast and Palo Alto Networks Cortex XSOAR, the restaurant chain team adopted “Secure Orchestration,” a combination of system automation and analyst action. Their end-to-end process of receiving a message, researching, and remediating took only five minutes.
When a message came into the shared mailbox, Mimecast would retrieve message information and decode any URLs. Then Palo Alto Networks Cortex XSOAR would research the email and potential threat, spitting out a report of it’s findings.
The the restaurant chain security team would then review the Palo Alto Networks Cortex XSOAR report and if they needed to block the sender or URL, they could do so directly from Palo Alto Networks Cortex XSOAR, without having to log into the Mimecast administration console.
Prior to implementing the integration, the large seafood restaurant chain spent 6,500 hours per year researching and remediating threats. Now they spend 270 hours per year going through this process, ultimately freeing up 6,300 hours to focus on other security projects.