Palo Alto Networks

Cortex XSOAR Sales Playbook

March 2020
Contents
SOC challenges
The solution –SOAR

SOAR benefits

SOAR market opportunity

Cortex XSOAR – theperfect

SOAR match
How does Cortex XSOARwork?

Benefits of CortexXSOAR

SOAR target market andidentifiers

Why sell Cortex XSOAR?

How can Westcon help you growyour

Cortex XSOAR business?
Resources & furtherinfo

How to get started

SOC challenges

Growing alerts Lack of skilledanalysts No consistent process

12k alerts per week 2 million analysts shortage. No metrics, fragmented
SOC analysts take 6 months to train documentation
and only stay for 18months

Limited visibility Disparate infrastructures Long MTTR

Expanded threat surface Coordination challenge across Increased business risk: weeks to
product consoles resolve incidents
 The solution - SOAR
Security Orchestration, Automation, and Response

Case Management Threat Intel Management

Ingest, search and query ALL Parse, manage and act on
security alerts threat intelligence
• Custom incident layouts • Threat feed aggregation
• Auto-documentation • Granular indicator view
• Dashboards and reports • Intel sharing and response
Security Orchestration Collaboration & Learning
Respond to incidents with Improve investigation quality
speed & scale by working together
• Hundreds of integrations • Virtual war room
• Thousands of automatable • Auto-Investigation canvas
actions • Machine learning
• Visual playbook editor
 SOAR benefits

Unify security infrastructures Accelerate incident response Standardise and scale processes
Coordinate enrichment and response By automating low-level manual tasks, Through playbooks, SOAR standardises
by gathering intelligence from multiple SOAR can reduce incident responsetimes incident enrichment and response
products on a singleconsole. and improve accuracy. processes to increases the baseline
quality and scalability of response.

Increase analyst productivity Leverage existing investments Improve overall security posture
SOAR frees up analysts’ time for more Through automation and minimised The sum of all aforementioned benefits
important decision-making, and proactive console-switching, SOAR enables is an overall improvement of the
tasks rather than getting mired in coordination across multiple products organisation’s security posture and a
grunt-work. and greater value from existing corresponding reduction in security
security investments. and business risk.
 SOAR market opportunity

30% 2020
Technology Convergence
The ideal SOAR solution is a convergence of

5
three previously distinct technology markets
%
2019 Security Ochestration
and Automation

Security Incident
Response Platforms
Increased Adoption
Organisations leveraging SOAR
(Security Orchestration, Automation, and Response)
solutions will rise from 5% now to 30% by 2022.

Threat Intelligence
Platforms
Cortex XSOAR -
the perfect
SOAR match
Cortex XSOAR is a game-
changer for security
operations. A significant Automation: Incident management
evolution of the well-known How to make machines and collaboration:
Demisto® platform, Cortex do task-orientated End-to-end
XSOAR integrates threat “human work” management of an
incident by people

SOAR
intelligence management
with playbook-driven
enforcement across your
enterprise so that customers
can act on threat feeds with
speed and confidence.

Orchestration: Dashboards and reporting:

How different technologies Visualisations and
(both security-specific and capabilities for collecting
non-security-specific) are and reporting on metrics
integrated to work together and other information
How does Cortex XSOARwork?

350+
Third-party P eople
tools SIEM Assets A PI

Playbook-driven automation

Automation & Real-time Case Threat Intel

Orchestration Collaboration Management Management

Alerts Threat Intel Feeds

C o r t ex X D R Mail 100s of o t h er
SIEM sources

Open Source Premium AutoFocus

 Benefits of CortexXSOAR

Accelerate Response Standardise Process

Respond to incidents with speed andscale Respond to incidents the sameway every time

Hundreds of Thousands of Cross Task-based Visual playbook SLA and

integrations security actions correlations workflows editor metric tracking

Collaborate and Learn Reduce Risk

Improve investigation quality by working together Reduce businessand security risk

Virtual war Investigation Machine Dashboards Auto Improved

room canvas learning and reports documentation ROI

Reduced weekly alerts from Reduced response times from Automated 30% of incidents for
1 0,0 0 0 t o 5 0 0 3 d ays to 25 m i n u te s 1 F T E time saved
SOAR target market & identifiers
Anyone with a SOC!

SOC identifiers:
• 500+ employee size
companies
• They will be SIEM users
• They will also be usingEDR
• They may have a SOC
Analyst or SecOps lead
listed on LinkedIn
A number of your existing
customers may already have
SOCs and are prime targets!!
Why sell CortexXSOAR?
What’s in it for you?

25-35%
margin (subject to a valid deal reg)
Fast sales cycle,
typically 3-6 months
SOAR is in demand Lock out your
and a growthmarket competitors
Annual license
You’ll be pushing on open recurring
doors and your sales teamwill
want to sell it revenue

Average deal is Vendor agnostic so you

$150k
can cross and upsellwith
nearly all customers
How can Westcon help yougrow
your Cortex XSOAR business?
Westcon value added services

Trained sales and technical Sales and technical Data profiling to help Marketing support
team with a deep training to skill up you identify target to help you roll
knowledge of SOAR and your team companies within your out a campaign
Cortex XSOAR existing customer base to generate
(in addition to the full opportunities
Palo Alto Networks
product portfolio)

Pre sales and BDM Dedicated Palo Alto Full range of services Palo Alto Networks Dedicated Palo
support to help you Networks team to including finance to Authorized Global Alto Networks Elite
close opportunities help you with deal support your deals Training Partner Authorised Support
regs and quotes offering extensive Center offering best
training for your team in class L1/L2 multi
and your end users lingual support
Resources & furtherinfo
The following resources are available to helpyou:

Demisto blog Demisto YouTube channel Demisto video case studies Demisto 30 day free trial

Online training

Technical course Pre-sales Sales - Cortex +Demisto Demisto 5.0

5 hours 10minutes 2 hours 1 hour 5 minutes

Demisto sales, marketing & technical content on the Partner Portal

Demisto ‘Journey to the Center of the SOC’ campaign assets
How to get started
Westcon is looking to work with a small number of
focus partners to help them establish and grow their
SOAR business with Palo Alto Networks.

To get started partners will needto:

• Have a valid Palo Alto Networks partnercertification
• Demonstrate a commitment to ensure their sales and pre sales engineers attend relevant
training organised for them by Westcon
• Supply current customer list so that Westcon can pull SOC indicator data to identify
companies likely to have a SOC that can be targeted
• Jointly fund an initial marketing campaign to create awareness, interest and desire for
Demisto within the target customers leveraging Palo Alto Networks campaign assets
• Provide regular updates on leads generated and work with the Westcon team to deal reg
these as soon as possible
• Ask Westcon for support if opportunities get stalled or become competitive
• Put all of the above into their Palo Alto Networks business plan

To get started please contact yourBDM

 About Westcon-Comstor
Westcon-Comstor (Westcon International) has been a leading global
technology distributor for over 30 years. Today, we continue to
lead the market through unrivalled channel support and expertise in
global deployment, digital distribution and services. Deep market
insight and vendor relationships coupled with a uniquely
collaborative approach enables our partners across the supply chain
to deliverthe
solutions they need to grow and thrive intoday’s digital world.

Start to explore the SOAR

opportunity now and
contactyour Westcon
Account Manager
Or contact theEMEAteam
PANWSupportCentral.emea@westcon.com

© 2020 Westcon-Comstor, All rights reserved