Given their size and industry, the customer understood security was essential to protect their hybrid work environment, network, cloud, email, endpoint, and identity from complex and evolving cyber threats. They had already established a strong security posture with a number of Cisco and Microsoft products prior to this project, including a traditional SIEM solution, but were interested in further expanding and improving their protection capabilities.

The customer partnered with Fortis by Sentinel to implement FortisX, a data lake-powered Cisco XDR solution. FortisX provides the customer with the following benefits:

• A large data lake of over 400B signals daily, enabling the customer to collect, store, and analyze data from multiple sources and domains, such as network, cloud, email, endpoint, and identity.
• Attack chain investigation powered by AI, enabling FortisX threat analysts to identify and prioritize critical incidents, trace the root cause and impact of an attack, and correlate events across the attack chain.
• SOC and IT assistance powered by AI, enabling FortisX analysts to automate tasks such as alert triage, investigation, and response, and to receive actionable recommendations and guidance from the AI assistant.
• Enrichment from over 10 threat intel sources, enabling the customer to augment their data with contextual and relevant information from external and internal sources, such as Cisco Talos, Cisco Umbrella, and Cisco Threat Grid. There are also multiple open third-party threat intelligence feeds with premium paid feeds available to augment the solution in the future should the customer choose to integrate even more threat intelligence into the environment.
• Cisco-powered protection for cloud, edge, email, endpoint, and identity, enabling the customer to leverage Cisco's high efficacy and integration capabilities to prevent, detect, and respond to threats across their environment.
• AI-powered response playbooks for faster and automated SOC response and remediation, enabling the customer to orchestrate and execute actions across their environment, such as isolating devices, blocking domains, and revoking access.

The customer chose to further enrich this solution with the addition of Sentinel APEX, a managed service that offers proactive enhancement and adjustment (OTS) for all key components of the solution, such as data collection, data accuracy, alert setup, medium and low alert evaluation and resolution, automation playbook development and response strategies. Sentinel APEX also gives the customer the opportunity to consult with Sentinel's specialists, who can help with incident handling, threat detection, isolation, correction, and best practices.

With FortisX and Cisco XDR, the customer has transformed their cybersecurity and achieved the following outcomes:

• Improved visibility and detection across their hybrid work environment, network, and cloud, enriched by Cisco's massive data lake, event chaining, and correlation.
• Reduced alert fatigue and false positives, thanks to Cisco XDR's patented ability to prioritize critical incidents and filter out noise.
• Enhanced response and remediation capabilities, driven by AI-powered automation playbooks and integration with Cisco's protection technologies.
• Increased efficiency and effectiveness of both FortisX ActiveDefense SOC analysts and the customer’s IT teams as a result of AI-powered assistance and guidance, along with Sentinel APEX's optimization and tuning (OTS).
• Reduced risk and improved security posture due to Sentinel FortisX and Cisco XDR's comprehensive and advanced solution that covers multiple domains and sources of data.

Instead of managing and optimizing their own security and identity technologies, the customer utilizes Fortis by Sentinel's APEX OTS to let Fortis experts regularly adjust and improve their security technologies, including their Cisco XDR solution. The customer’s IT team can now focus on business growth and innovation initiatives with the confidence FortisX by Sentinel is protecting them from threats.