GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment (Updated 3/21)
Off the Beaten Path: Recent Unusual Malware
Investigating Scam Crypto Investment Platforms Using Pyramid Schemes to Defraud Victims
See all Unit 42 Threat Research

CBTS resolves incidents in seconds with platformization, featuring Cortex XSIAM

SUMMARY

CTBS is a visionary, flexible, and nimble technology services provider that combines deep technology experience with the expertise of professionals who bring a personal approach to IT transformation—from design and implementation to maintenance and optimization.

In 2024, when it spun off from its parent company, Altafiber, CBTS looked to quickly stand up a new security infrastructure with its lean team. Determined to strengthen security, reduce complexity and inefficiency, boost visibility, and embrace automation and AI by bringing together multiple functions and tools into a single modern platform, the team adopted a platform approach from Palo Alto Networks.

RESULTS

13 seconds

median time to resolution, reduced from days

100%

incident close-out rate, up from dozens unresolved each day previously

20

SOC tools consolidated to 1

80%

increase in visibility into network traffic
CHALLENGES

Facing high stakes, burdened by legacy.

  • The risk of exposing customer data was extremely high, given the organization’s role as a managed security service provider (MSSP).
  • A lack of automation and visibility from a complex mix of security products was reducing speed and effectiveness in detection and response.
  • A Zero Trust infrastructure was impossible to build with existing point security tools and would have required unattainable resources to become viable.

“We needed a cohesive, supported platform—essentially one place, one screen, one data source—and we needed an opportunity to truly automate within that platform.”

Chris DeBrunner

Vice President of Security Operations, CBTS

SOLUTION

A complete transformation of enterprise security.

When splitting from Altafiber in 2024, CBTS security leaders seized the opportunity to rebuild. “We had the chance to start over and really evaluate,” says Chris DeBrunner, Vice President of Security Operations. From network security to data protection, endpoint security, vulnerability management, identity management, and a SIEM, CBTS was determined to put the strongest possible infrastructure in place—and bring it all together in a single solution.

Platformization
Platformization

Achieving unparalleled visibility, automation, and efficiency

SOC modernization
SOC modernization

Enhancing security operations with AI-powered automation

Network security
Network security

Streamlining operations and elevating customer satisfaction

01 / 03

  • Unifying data, simplifying management

    In the previous infrastructure, multi-console complexity had been a constant headache. With disparate vendors, support agreements, data sources, and integration capabilities, the CBTS SOC had been overwhelmed by labor-intensive tasks, making the team more error-prone and less effective. To begin its transformation journey, CBTS chose Cortex XDR for endpoint security, XSOAR for incident response automation, and Xpanse for attack surface management. “Cortex was our number-one choice for XDR,” DeBrunner explains. “Looking at how it compares to competitors, it’s always been top-notch.”

    The next step was to unify the platform on XSIAM, bringing together all major security capabilities (including SIEM, EDR/XDR, SOAR, ASM, and many more) under one platform, with one frontend and one backend. XSIAM is comprehensive and therefore much easier to support, enabling DeBrunner’s team to spend less time chasing alerts and more time on strategic directives—and to accomplish more with a static headcount. XSIAM also unlocked CBTS’s ability to automate and integrate.

  • Advanced capabilities lead to improved security posture



    * # of alerts resolved by automation playbook (including those that just need a final approval from SOC analyst to close)
    † # of alerts investigated/closed (vs. remaining unresolved)
    ‡ MTTR = Median time to resolution (time from alert to case resolution)

  • Automation to the rescue

    Given the alert overwhelm in the CBTS SOC, automation was a must-have. With 108 playbooks and counting, the team has leveraged nearly every out-of-the-box option as well as built its own to automate many of the analysts’ day-to-day actions—resulting in a 25% increase in efficiency. Similarly, CBTS’s MSSP customers have seen huge gains in efficiency by using automations in Cortex.

"Every single incident gets touched by automation and it’s triaged and closed usually within 30 seconds.”

Chris DeBrunner,

VP of Security Operations, CBTS

  • A software approach to network security

    In CBTS’s own environment as well as its role as an MSSP, next-generation firewalls are critical for protection, including within hybrid clouds and on the public cloud. CBTS chose the VM-Series software firewall for several reasons: 1) Its flexibility and scalability are essential to cloud migrations; 2) It provides the high security efficacy necessary for protecting data and systems; and 3) Its unified management makes it easy to run on all of CBTS’s environments.

  • Global remote access, fast and secure

    For remote connectivity, Prisma Access has boosted efficiency and collaboration within the CBTS office. The organization added ADEM (Autonomous Digital Experience Management), which provides insights into user experience, app performance, and overall network health—enabling the organization to troubleshoot and even remediate issues across its entire network.

    With the Cloud-Delivered Security Services (CDSS) behind Prisma Access inspecting all traffic, “We now have more visibility—in the neighborhood of 80% more,” DeBrunner marvels. Protection has increased even more than that. “All of the incidents that come in are well articulated, and we’re able to respond very, very quickly.”

  • Serving customers—and learning from them

    As an MSSP, CBTS has unique challenges as each customer comes with a different security environment and tool set. “Having the multitenant ability within the Palo Alto Networks suite makes the work much more efficient,” DeBrunner says. The ease of deployment, including training and rollout, is another major benefit. To some extent, adoption of Palo Alto Networks products was actually driven by insistence from CBTS’s customers.

"On the MSSP side, we chose to go forward with Palo Alto Networks products because they’re a great suite. Our customer base demanded that we get to know the portfolio.”

Chris DeBrunner,

VP of Security Operations, CBTS

Embracing the automated future.

As a technology services organization, CBTS is responsible not only for staying at the forefront of developments in AI but also for guiding its customers through them. “We knew that AI would be a key differentiator within the Palo Alto Networks portfolio,” DeBrunner says, “and it has been.” In 2025 and beyond, his team plans to unlock the full potential of AI capabilities within XSIAM, adding telemetry and data sources and more fully automating triage and remediation. Additionally, CBTS recently added Prisma SD-WAN to help its customers deliver fast, secure, and reliable connectivity to their branches.

Learn more about Cortex and Network Security solutions on our website.

Download article

CUSTOMER DETAILS

High Technology

United States

3,000 employees

cbts.com

PRODUCTS & SERVICES USED

Cortex XDR

Cortex XSIAM

Cortex XSOAR

Cortex Xpanse

Prisma Access

Prisma SD-WAN

SaaS Security

Enterprise DLP

NGFW

Threat Prevention

URL Filtering

VM-Series

Download article

Join the Champions Program

Become an advocate for Palo Alto Networks and gain exposure for your organization.

Get the latest news, invites to events, and threat alerts