Two security platforms meant double the risk
“It was like driving a car with two steering wheels.” That’s how Daniel Navas, Global CISO at Konecta, describes the company’s security operations (SecOps) following the acquisition of Digitex, a leading business process outsourcer. Both companies relied on different endpoint security platforms, which collectively spanned 140,000 endpoints: Digitex on Cortex XDR; Konecta on a legacy endpoint protection tool. Konecta needed to:
- Consolidate scattered data: Multiple endpoint security tools – and data stored in different silos – hindered real-time threat detection and response.
- Improve threat defence: Issues such as static correlation rules and high data volumes created unacceptably high volumes of alerts and false positives.
- Reduce manual intervention: Labour-intensive security tasks and manual analysis delayed mean time to detect (MTTD) and mean time to respond (MTTR).
"We needed to standardise on a single behaviour-driven security intelligence platform. One that would integrate any data source, automate everyday security processes, and transform our security posture."
Daniel Navas
Global CISO
Konecta
One intuitive console unites 17 data sources
As part of a broad-based security transformation strategy, Konecta deployed Cortex XSIAM to combine all major security capabilities (including SIEM, EDR/XDR, SOAR, ASM, and many more) into one unified platform.
XSIAM breaks from the traditional analyst-driven model of security, automatically collecting and stitching data from 17 different sources. Then, using AI, XSIAM’s alert grouping consolidates related security alerts into a single incident, significantly reducing alert fatigue and enabling security analysts to focus on critical threats more efficiently. The 24/7 SOC uses the enriched data for fast, intelligent detection.
“There’s nothing else like it in the market,” says Daniel. “Cortex XSIAM builds upon the proven threat detection and response capabilities of XDR – making it the centrepiece of our SOC strategy.”
-
One intuitive console unites 17 data sources
![]()
A comprehensive view of security events enables faster and more accurate threat analysis. By integrating all 17 data sources into XSIAM, Konecta has reduced both MTTD and MTTR by 90%.
Uniting previously separate security tools into a single platform streamlines Konecta’s security operations and reduces the need for console switching.
“The combination of SOC capabilities - such as EDR/XDR, SOAR, ASM, and SIEM - in one platform means we’re more agile, more alert, and better protected against cyberthreats,” says Daniel. -
Automates incident response
![]()
Cortex XSIAM automates routine SOC tasks in incident response, freeing up analysts to focus on higher-priority investigations and strategic decision-making. Playbooks are used in 90+ use cases, ensuring consistent and efficient incident response and management.
In just four months, Konecta automated 70% of incident responses, and that rate is expected to rise as the system matures. -
Stops threats at scale
Pre-built AI models connect events across all data sources, enabling Konecta to accurately detect and stop threats at massive scale.
Altogether, Cortex XSIAM allows a full 2 TB of data to be ingested into the SOC every day.
“We have an incredible amount of granular data coming in from 140,000 endpoints. We can use that intelligence to act faster and keep the business safe,” says Daniel.
Konecta is also using the Marketplace to discover and deploy turnkey security workflows.
share this story
