Open-source case management left on the shelf
Strong retail-sales growth and the management of 120,000 retail assets were putting a huge strain on the SOC’s existing resources. Modernisation was needed urgently. The challenges were:
- Scalability: Retail systems, including in-store POS terminals, supply chain platforms, and mobile apps, were diverse and difficult to manage. This led to an almost overwhelming volume of issues and endless SOC security tasks.
- Reducing manual intervention: SOC analysts were losing time pivoting across different consoles collecting data, determining false positives, and performing repetitive, manual tasks.
- Improving case management: Carrefour was using TheHive open-source platform, which was heavily customised and resistant to change, making it difficult to adapt to fast-emerging threats and cybersecurity trends.
“When you look at the damage caused by cyberattacks at other retailers, you realise how important it is to outsmart the threat actors. We already had highly resilient security, but case management hadn’t kept pace with the changing world. It needed to be connected, agile, automated, and instantly ready to deny any threat.”
– David Charpagne
Head of SOC, Carrefour
Shopping for the best in class
Carrefour deployed Palo Alto Networks Cortex XSOAR to simplify security operations by unifying automation, case management, analyst collaboration, and threat intelligence management.
“We looked at various options, but only XSOAR offers deep personalisation capabilities and a wide, strong community. The user experience is excellent and, for a SOC team under pressure for resources, it’s transformational,” says Raphaël Garbarg, SOC Engineer, Carrefour.
-
Delivers rapid time-to-value
Cortex XSOAR was implemented in less than six months, and Carrefour’s global SOC now manages up to 120,000 assets across France and the other six countries of the Group – Belgium, Poland, Spain, Argentina, Romania, and Brazil.
The Palo Alto Networks Customer Success team has been instrumental in achieving this rapid time-to-value outcome, providing the knowledge and expert collaboration to jump from contract signing to go-live quickly and with less risk.
“Customer Success were relentlessly focused, and they understood the retail pressures we were facing,” says Raphaël.
-
Accelerates retail threat investigations
Everything the SOC team needs to remediate a case is integrated in one place, including incident data, indicators, and threat intelligence. This allows the team to collaborate in real time, manage tickets, and rapidly conduct post-incident analysis.
“We have reduced the volume of issues by about 30% already using XSOAR, because everything is centralised. For example, we can deduplicate and aggregate issues containing the same IoCs,” says Raphaël.
-
Standardises and automates manual processes
Using XSOAR, the team has automated incident response workflows and repetitive tasks, freeing analysts to focus on the most critical cases.
“Our priority is the most severe threats. The playbooks allow us to automate common SOC use cases – such as a phishing response or blocking a USB drive – and channel spare analyst capacity into threat intelligence and other forward-focused cybersecurity tasks,” comments Raphaël.
David Charpagne, Head of SOC, adds, “Because we’re all working together, we are improving investigation quality. We’re one of the most closely audited departments at Carrefour – and we excel on every score.”
-
Responds to cases at speed and scale
The SOC can efficiently conduct incident response, balancing machine-powered security automation and human intervention. For example, previously, it took one analyst several hours each day to manually process phishing reports or triage email issues. Now, however, this is all automated using playbooks, reducing the time spent per day from hours to minutes.
“The analysts love XSOAR. From a single pane of glass, they can quickly investigate every issue – where it originated from, why it was triggered, and whether other connected devices are at risk,” says Raphaël.
Carrefour’s XSOAR implementation showcases the future of SOC case management in retail. This forward-thinking strategy enables Carrefour to manage issues across 120,000 assets worldwide, standardise processes with playbooks, and automate response for almost any use case.
share this story
