Until recently, the decentralised nature of VINCI’s organisation meant it had no standard global approach to endpoint protection across its different lines of business – construction, energy, and concessions. This led to increased overhead, complexity, and business risk. It was also difficult to detect malicious behaviour on the endpoints. If there was an alert, the team needed to physically investigate the endpoint on site. With operations in 120 countries, this was an almost impossible task. The team needed to:
- Reduce manual intervention
- Streamline SOC operations
- Reduce downtime
“We have multiple SecOps teams worldwide. One connected endpoint security platform worldwide would accelerate mean time to detect and respond, safeguarding the business from threats.”
Yann Sladek
Head of CyberDefense
VINCI
AI and behavioural analytics block malicious activity
VINCI was already a satisfied Palo Alto Networks network security customer and chose Cortex XDR because of its native technology integration and the collaborative nature of the Palo Alto Networks team.
Almost all of VINCI’s 200,000 endpoints are now supported by the Cortex security operations platform. With a single agent on each endpoint, Cortex XDR uses local AI and behavioural analytics to block malicious activity. Building on endpoint detection and response, Cortex XDR also analyses data from across the VINCI network to detect attacks before they result in a breach. VINCI now has complete, 360-degree visibility into malicious behaviour, allowing threats to be isolated and remediated before they can enter the network.
Endpoints can be remediated quickly and remotely, without the need for IT technicians to fly to site and investigate the endpoint. This saves on people’s time and travel costs. “Previously, if an endpoint was threatened, it could take weeks to check it – and even then we might only reach 80% of the threat scope. Now, using Cortex, we can remediate the entire incident in just a few hours,” says Yann Sladek, VINCI’s Head of CyberDefense.
Several of VINCI’s SOCs have already integrated Cortex XDR with Cortex XSOAR for orchestration and response automation. Prebuilt playbooks are at the heart of XSOAR, allowing the SOC teams to automate multiple security processes, such as handling investigations and managing tickets.
Learn more about Palo Alto Networks AI-driven Security Operations Platform or request a demo
share this story
