Xerox saves $10.2M through Cortex AI-driven SOC automation

To maintain its mission of enabling strategic business initiatives while managing and reducing risk, Xerox had to overcome several critical hurdles:

• MSSP limitations: The company relied on an expensive external provider with insufficient agility to handle Xerox’s evolving needs, leading to a lack of direct control over security workflows.
• Widespread tool sprawl: Security operations were hindered by “shards of glass” across various siloed tools, creating visibility gaps and inconsistent telemetry that failed to align with a cloud-first strategy.
• Data constraints and costs: Legacy SIEM solutions often imposed data throughput limits, forcing the team to accept unnecessary risk by prioritizing only certain data sources that came with high maintenance costs.
• Massive acquisition complexity: The acquisition of Lexmark required the rapid integration of a security team and data volume significantly larger than Xerox’s existing footprint, posing a risk of tool sprawl and overhiring.

Since 2021, Xerox had been an avid user of Cortex^® XSOAR for automation, but a standalone tool could only go so far. When the company set out to unify its fragmented security functions in a cohesive platform, the native integration of SIEM, XDR, and SOAR in Cortex XSIAM made the choice clear. Cortex XSIAM allowed Xerox to move away from its reliance on an inflexible MSSP to an effective, cost-efficient in-house SOC.

By moving to Cortex XSIAM, Xerox gained full ownership of its data, free from the throughput limits and costs of its legacy solutions. In the process, it doubled its daily data ingestion to 5.8 TB across 134 data sources and eliminated the technical friction that had previously hindered cross-team visibility. When the Lexmark acquisition brought in a security team four times Xerox’s size, XSIAM’s unification of people, process, and technology—supported by Palo Alto Networks Professional Services—made a 90-day integration possible. The results resonated all the way to the top of the organization. “I shared the XSIAM dashboard with leadership,” recalls CSO Joey Rachid, “and their reaction was, ‘This is something out of a movie!’”

By deploying Cortex XSIAM to simplify operations and optimize costs, Xerox fundamentally transformed the human element of its SOC. Will Farmer, Head of Threat Detection and Response, notes AI-driven automation acted as a massive force multiplier, reducing false positives by 99% and high-critical investigations by 88%. By automating 82,000 hours annually—equivalent to 41 FTEs of virtual capacity—Xerox gained the operational leverage to confidently shift outsourced MSSP capabilities back to a newly empowered in-house SOC. This shift enabled Xerox to upskill its workforce, moving all Tier 1 analyst roles to Tier 2 and 3 positions focused on advanced detection engineering rather than repetitive triage. Combined with significant consolidation savings from reducing legacy tool spend, this strategic transition drove higher talent retention and $10.2 million in direct savings, giving security leadership a clear, compelling way to demonstrate bottom-line business impact.

Xerox’s next frontier is expanding its use of AgentiX within Cortex XSIAM to move from managing alert queues to managing intelligent autonomous agents. “We like that we can assign a role to the agent,” says Cyndi McLean, Head of Cybersecurity Technology Operations. “That will save SOC workload time and give us deeper knowledge of patterns.” The team intends to use that foundation to further reduce operational burden, surface tuning opportunities proactively, and stay ahead of the increasingly compressed timelines between vulnerability and exploit.

The partnership between Xerox and Palo Alto Networks has evolved into a strategic collaboration where the two teams work together to bring new ideas to life, including a purpose-built CISO dashboard. Having achieved in-house mastery of Cortex XSIAM, Xerox is now looking to offer the platform as its tool of choice to protect its clients’ SOCs through its TriShield 360 services offering. “The natural fit of the Palo Alto Networks team is one of the most meaningful relationships I’ve ever had with a vendor,” Farmer remarks, “and I’m not just saying that.” It’s a collaboration that will allow Xerox to scale its revenue and use cases by delivering the same high-speed, high-value outcomes to its global client base that the company has realized internally.