A modernized SOC revolutionizes Asante Health’s visibility and efficiency

• Failure to detect incidents: Legacy solutions didn’t provide adequate visibility, intelligence or integration, consequently leading to alert overwhelm.
• Lack of automation: Repetitive and manual tasks kept the team from working on strategic initiatives like security engineering to deploy biomedical devices.

In setting out to redesign its security control framework, Asante looked for a vendor that was well-established, named a leader by third-party analysts like Gartner^®, and had an ecosystem of integrated products for full core security controls. The journey began with network security, expanding to include SOC transformation and threat intelligence and incident response solutions.

A step change in visibility

With the ability of Cortex XDR to detect suspicious activity, the team was immediately able to surface previously undetected activity. “Any sort of unusual behavior, XDR lets us know,” says Asante CISO Alfonso Powers. And in the most recent penetration test, he marvels, “XDR was on fire.” It detected and stopped every single attack that the penetration team attempted. But given his small staff and large network with many daily incidents, Powers knew Asante needed automation to help prioritize what was most important.

Automation to the rescue

Before adopting Cortex XSOAR, the Asante team tested it against a competitive product, and XSOAR performed significantly better. The deployment was live within 90 days, and only a few years later, over 200 automations are in place. Among them are phishing automations, remediation actions like isolating hosts or users, a password reset playbook, and even HR onboarding tasks. While some CISOs might resist putting their trust in automation, Powers relays, “We’ve done the work to corroborate that the automation is pulling the right information and is performing as expected. So we are extremely confident we can just set it and forget it.”

A massive reduction in labor

Automation with Cortex XSOAR has substantially transformed the workload for Asante’s security team. “For incident investigation, automation versus manual intervention has been night and day for us from an efficiency standpoint,” says Powers. “And AI will make that even more powerful by going through the data to arrive at a determination of what’s gone on.” As a result, the team has offloaded much of the day-to-day incident management, manually investigating just a handful of incidents a week. That has freed their time to design security controls for new systems, engineer security for new biomedical systems, and beyond. According to Powers, automation has saved every member of his team 20 hours of work a week—literally half their time—which has improved work life balance, morale, and retention.

The multiplier effect of the platform

With multiple products from Palo Alto Networks, the Asante security team is building the one-stop shop it had envisioned. “It’s great to have a consistent ecosystem of products that all work together,” Powers reflects. “It makes for a highly efficient security control framework.” For example, all NGFW logging is consolidated into Cortex XDR, and there are Cortex XSOAR automations in place to halt NGFW data backup when threats are detected. The analysts appreciate having a centralized platform with all the information they need instead of having to go into multiple tools.

A team of experts on call

In planning for incident response, Powers wanted a trusted partner to help Asante react quickly, especially for help with forensics and in completing regulatory assessments. Thanks to the Unit 42 Retainer in combination with Cortex solutions, Asante’s cyber insurance premium has been kept at bay, unlike at peer organizations. Additionally, Powers is planning to use his retainer credits toward penetration testing and Purple Team Exercises to help upskill his team.

Taking the platform into the future.

In the coming year, Asante will continue to level up its SOC capabilities, with help from Cortex and Unit 42. Using XSOAR, the team is planning to build identity management workflows and automate certification management. Powers explains: “These are the types of tasks that often get done last minute, when there isn’t enough time to give them the attention they deserve. XSOAR will enable us to make sure they’re done right.”