[](https://www.paloaltonetworks.com/?ts=markdown) * CN * [USA (ENGLISH)](https://www.paloaltonetworks.com/) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * CHINA (简体中文) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [联系我们](https://www.paloaltonetworks.cn/contact?ts=markdown) * [资源](https://www.paloaltonetworks.cn/resources?ts=markdown) * [获得支持](https://support.paloaltonetworks.com/support) * [遭遇攻击?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * 产品 ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) 产品 [人工智能驱动的网络安全平台](https://www.paloaltonetworks.cn/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.cn/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.cn/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.cn/sase/ai-access-security?ts=markdown) * [云交付的安全服务](https://www.paloaltonetworks.cn/network-security/security-subscriptions?ts=markdown) * [高级威胁预防](https://www.paloaltonetworks.cn/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.cn/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.cn/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.cn/network-security/advanced-dns-security?ts=markdown) * [企业数据丢失防护](https://www.paloaltonetworks.cn/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.cn/network-security/enterprise-device-security?ts=markdown) * [医疗物联网安全](https://www.paloaltonetworks.cn/network-security/medical-iot-security?ts=markdown) * [工业 OT 安全](https://www.paloaltonetworks.cn/network-security/industrial-ot-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.cn/sase/saas-security?ts=markdown) * [新一代防火墙](https://www.paloaltonetworks.cn/network-security/next-generation-firewall?ts=markdown) * [硬件防火墙](https://www.paloaltonetworks.cn/network-security/hardware-firewall-innovations?ts=markdown) * [软件防火墙](https://www.paloaltonetworks.cn/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.cn/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.cn/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.cn/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.cn/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.cn/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.cn/sase?ts=markdown) * [应用加速](https://www.paloaltonetworks.cn/sase/app-acceleration?ts=markdown) * [自主数字体验管理](https://www.paloaltonetworks.cn/sase/adem?ts=markdown) * [企业 DLP](https://www.paloaltonetworks.cn/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.cn/sase/access?ts=markdown) * [Prisma 浏览器](https://www.paloaltonetworks.cn/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.cn/sase/sd-wan?ts=markdown) * [远程浏览器隔离](https://www.paloaltonetworks.cn/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.cn/sase/saas-security?ts=markdown) [基于 AI 的安全运营平台](https://www.paloaltonetworks.cn/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.cn/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.cn/cortex/cloud?ts=markdown) * [应用安全](https://www.paloaltonetworks.cn/cortex/cloud/application-security?ts=markdown) * [云态势安全](https://www.paloaltonetworks.cn/cortex/cloud/cloud-posture-security?ts=markdown) * [云运行时安全](https://www.paloaltonetworks.cn/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.cn/prisma/cloud?ts=markdown) * [Unit 42 托管检测和响应](https://www.paloaltonetworks.cn/cortex/managed-detection-and-response?ts=markdown) * [人工智能驱动的 SOC](https://www.paloaltonetworks.cn/cortex?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.cn/cortex/advanced-email-security?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.cn/cortex/exposure-management?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.cn/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.cn/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.cn/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.cn/cortex/cortex-xpanse?ts=markdown) * [托管 XSIAM](https://www.paloaltonetworks.cn/cortex/managed-xsiam?ts=markdown) * 解决方案 ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) 解决方案 AI 安全 * [安全的人工智能生态系统](https://www.paloaltonetworks.cn/prisma/prisma-ai-runtime-security?ts=markdown) * [安全使用 GenAI](https://www.paloaltonetworks.cn/sase/ai-access-security?ts=markdown) 网络安全 * [云网络安全](https://www.paloaltonetworks.cn/network-security/software-firewalls?ts=markdown) * [数据中心安全](https://www.paloaltonetworks.cn/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.cn/network-security/advanced-dns-security?ts=markdown) * [入侵检测和防御](https://www.paloaltonetworks.cn/network-security/advanced-threat-prevention?ts=markdown) * [IoT Security](https://www.paloaltonetworks.cn/network-security/enterprise-device-security?ts=markdown) * [5G 安全](https://www.paloaltonetworks.cn/network-security/5g-security?ts=markdown) * [确保所有应用、用户和位置的安全](https://www.paloaltonetworks.cn/sase/secure-users-data-apps-devices?ts=markdown) * [确保分支机构转型的安全](https://www.paloaltonetworks.cn/sase/secure-branch-transformation?ts=markdown) * [确保任何设备上的工作安全](https://www.paloaltonetworks.cn/sase/secure-work-on-any-device?ts=markdown) * [VPN 替代](https://www.paloaltonetworks.cn/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web 和网络钓鱼安全](https://www.paloaltonetworks.cn/network-security/advanced-url-filtering?ts=markdown) 云安全 * [应用安全态势管理 (ASPM)](https://www.paloaltonetworks.cn/cortex/cloud/application-security-posture-management?ts=markdown) * [软件供应链安全](https://www.paloaltonetworks.cn/cortex/cloud/software-supply-chain-security?ts=markdown) * [代码安全](https://www.paloaltonetworks.cn/cortex/cloud/code-security?ts=markdown) * [云安全态势管理 (CSPM)](https://www.paloaltonetworks.cn/cortex/cloud/cloud-security-posture-management?ts=markdown) * [云基础架构权限管理 (CIEM)](https://www.paloaltonetworks.cn/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [数据安全态势管理 (DSPM)](https://www.paloaltonetworks.cn/cortex/cloud/data-security-posture-management?ts=markdown) * [AI 安全态势管理 (AI-SPM)](https://www.paloaltonetworks.cn/cortex/cloud/ai-security-posture-management?ts=markdown) * [云检测与响应 (CDR)](https://www.paloaltonetworks.cn/cortex/cloud-detection-and-response?ts=markdown) * [云工作负载保护 (CWP)](https://www.paloaltonetworks.cn/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web 应用及 API 安全 (WAAS)](https://www.paloaltonetworks.cn/cortex/cloud/web-app-api-security?ts=markdown) 安全运营 * [云检测和响应](https://www.paloaltonetworks.cn/cortex/cloud-detection-and-response?ts=markdown) * [网络安全自动化](https://www.paloaltonetworks.cn/cortex/network-security-automation?ts=markdown) * [事件案例管理](https://www.paloaltonetworks.cn/cortex/incident-case-management?ts=markdown) * [SOC 自动化](https://www.paloaltonetworks.cn/cortex/security-operations-automation?ts=markdown) * [威胁情报管理](https://www.paloaltonetworks.cn/cortex/threat-intel-management?ts=markdown) * [托管的检测和响应](https://www.paloaltonetworks.cn/cortex/managed-detection-and-response?ts=markdown) * [攻击面管理](https://www.paloaltonetworks.cn/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [合规性管理](https://www.paloaltonetworks.cn/cortex/cortex-xpanse/compliance-management?ts=markdown) * [互联网运营管理](https://www.paloaltonetworks.cn/cortex/cortex-xpanse/internet-operations-management?ts=markdown) 端点安全 * [端点防护](https://www.paloaltonetworks.cn/cortex/endpoint-protection?ts=markdown) * [扩展的检测和响应](https://www.paloaltonetworks.cn/cortex/detection-and-response?ts=markdown) * [勒索软件防护](https://www.paloaltonetworks.cn/cortex/ransomware-protection?ts=markdown) * [数字取证](https://www.paloaltonetworks.cn/cortex/digital-forensics?ts=markdown) [行业](https://www.paloaltonetworks.cn/industry?ts=markdown) * [公共部门](https://www.paloaltonetworks.com/industry/public-sector) * [金融服务](https://www.paloaltonetworks.com/industry/financial-services) * [制造](https://www.paloaltonetworks.com/industry/manufacturing) * [医疗保健](https://www.paloaltonetworks.com/industry/healthcare) * [中小型企业解决方案](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio) * 服务 ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) 服务 [威胁情报和事件响应服务](https://www.paloaltonetworks.cn/unit42?ts=markdown) * [评估](https://www.paloaltonetworks.cn/unit42/assess?ts=markdown) * [AI 安全评估](https://www.paloaltonetworks.cn/unit42/assess/ai-security-assessment?ts=markdown) * [攻击面评估](https://www.paloaltonetworks.cn/unit42/assess/attack-surface-assessment?ts=markdown) * [防泄露准备工作审核](https://www.paloaltonetworks.cn/unit42/assess/breach-readiness-review?ts=markdown) * [BEC 准备情况评估](https://www.paloaltonetworks.com/bec-readiness-assessment) * [云安全评估](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment) * [入侵评估](https://www.paloaltonetworks.cn/unit42/assess/compromise-assessment?ts=markdown) * [网络风险评估](https://www.paloaltonetworks.cn/unit42/assess/cyber-risk-assessment?ts=markdown) * [并购网络尽职调查](https://www.paloaltonetworks.cn/unit42/assess/mergers-acquisitions-cyber-due-dilligence?ts=markdown) * [渗透测试](https://www.paloaltonetworks.cn/unit42/assess/penetration-testing?ts=markdown) * [紫队演习](https://www.paloaltonetworks.cn/unit42/assess/purple-teaming?ts=markdown) * [勒索软件就绪评估](https://www.paloaltonetworks.cn/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC 评估](https://www.paloaltonetworks.com/unit42/assess/soc-assessment) * [供应链风险评估](https://www.paloaltonetworks.cn/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [桌面演习](https://www.paloaltonetworks.cn/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 顾问人员](https://www.paloaltonetworks.cn/unit42/retainer?ts=markdown) * [响应](https://www.paloaltonetworks.cn/unit42/respond?ts=markdown) * [云事故响应](https://www.paloaltonetworks.cn/unit42/respond/cloud-incident-response?ts=markdown) * [数字取证](https://www.paloaltonetworks.cn/unit42/respond/digital-forensics?ts=markdown) * [事件响应](https://www.paloaltonetworks.cn/unit42/respond/incident-response?ts=markdown) * [托管检测与响应](https://www.paloaltonetworks.cn/unit42/respond/managed-detection-response?ts=markdown) * [托管威胁追踪](https://www.paloaltonetworks.cn/unit42/respond/managed-threat-hunting?ts=markdown) * [托管 XSIAM](https://www.paloaltonetworks.cn/cortex/managed-xsiam?ts=markdown) * [Unit 42 顾问人员](https://www.paloaltonetworks.cn/unit42/retainer?ts=markdown) * [转型](https://www.paloaltonetworks.cn/unit42/transform?ts=markdown) * [事故响应计划制定与审核](https://www.paloaltonetworks.cn/unit42/transform/incident-response-plan-development-review?ts=markdown) * [安全计划设计](https://www.paloaltonetworks.cn/unit42/transform/security-program-design?ts=markdown) * [虚拟 CISO](https://www.paloaltonetworks.cn/unit42/transform/vciso?ts=markdown) * [零信任咨询](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory) [全球客户服务](https://www.paloaltonetworks.cn/services?ts=markdown) * [教育与培训](https://www.paloaltonetworks.com/services/education) * [专业服务](https://www.paloaltonetworks.com/services/consulting) * [成功工具](https://www.paloaltonetworks.com/services/customer-success-tools) * [支持服务](https://www.paloaltonetworks.com/services/solution-assurance) * [客户成功](https://www.paloaltonetworks.com/services/customer-success) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) Unit 42 顾问人员 为满足企业的需求而定制,您可以选择将顾问人员工时数分配给我们的任意产品,包括主动网络风险管理服务。了解如何一键呼叫世界一流的 Unit 42 事故响应团队。 了解更多](https://www.paloaltonetworks.cn/unit42/retainer?ts=markdown) * 合作伙伴 ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) 合作伙伴 NextWave 合作伙伴 * [NextWave 合作伙伴社区](https://www.paloaltonetworks.com/partners) * [云服务提供商](https://www.paloaltonetworks.com/partners/nextwave-for-csp) * [全球系统集成商](https://www.paloaltonetworks.com/partners/nextwave-for-gsi) * [技术合作伙伴](https://www.paloaltonetworks.com/partners/technology-partners) * [服务提供商](https://www.paloaltonetworks.com/partners/service-providers) * [解决方案提供商](https://www.paloaltonetworks.com/partners/nextwave-solution-providers) * [托管安全服务提供商](https://www.paloaltonetworks.com/partners/managed-security-service-providers) 采取行动 * [门户网站登录](https://www.paloaltonetworks.com/partners/nextwave-partner-portal) * [管理的服务计划](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program) * [成为合作伙伴](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [请求访问](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [查找合作伙伴](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE 代表了因其安全专业知识而值得信赖的前 1% 的合作伙伴工程师。 了解更多](https://www.paloaltonetworks.com/cyberforce) * 公司 ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) 公司 Palo Alto Networks * [关于我们](https://www.paloaltonetworks.cn/about-us?ts=markdown) * [管理团队](https://www.paloaltonetworks.com/about-us/management) * [投资者关系](https://investors.paloaltonetworks.com/) * [地点](https://www.paloaltonetworks.com/about-us/locations) * [道德与合规性](https://www.paloaltonetworks.com/company/ethics-and-compliance) * [企业责任](https://www.paloaltonetworks.com/about-us/corporate-responsibility) * [军人和退伍军人](https://jobs.paloaltonetworks.com/military) [为什么选择 Palo Alto Networks?](https://www.paloaltonetworks.cn/why-paloaltonetworks?ts=markdown) * [Precision AI 安全](https://www.paloaltonetworks.cn/precision-ai-security?ts=markdown) * [我们的平台方法](https://www.paloaltonetworks.cn/why-paloaltonetworks/platformization?ts=markdown) * [加速网络安全转型](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio) * [获得的奖项与表彰](https://www.paloaltonetworks.com/about-us/awards) * [客户案例](https://www.paloaltonetworks.cn/customers?ts=markdown) * [全球认证](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance) * [全方位信任计划](https://www.paloaltonetworks.com/resources/whitepapers/trust-360) 职业生涯 * [概述](https://jobs.paloaltonetworks.com/) * [文化与福利](https://jobs.paloaltonetworks.com/culture) [《新闻周刊》评选出的最受欢迎的工作场所 善待员工的企业 阅读更多](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021) * 更多内容 ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) 更多内容 资源 * [博客](https://www.paloaltonetworks.com/blog/?lang=zh-hans) * [Unit 42 威胁研究博客](https://unit42.paloaltonetworks.com/) * [社区](https://www.paloaltonetworks.com/communities) * [内容库](https://www.paloaltonetworks.cn/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.cn/cyberpedia?ts=markdown) * [技术内幕](https://techinsider.paloaltonetworks.com/) * [知识库](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks 频道](https://tv.paloaltonetworks.com/) * [领导者的视角](https://www.paloaltonetworks.com/perspectives/) * [《网络视角》杂志](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine) * [区域云位置](https://www.paloaltonetworks.cn/products/regional-cloud-locations?ts=markdown) * [技术文档](https://docs.paloaltonetworks.com/) * [安全态势评估](https://www.paloaltonetworks.cn/security-posture-assessment?ts=markdown) * [威胁载体播客](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) 联系 * [在线社区](https://live.paloaltonetworks.com/) * [活动资讯](https://events.paloaltonetworks.com/) * [高管简报中心](https://www.paloaltonetworks.com/about-us/executive-briefing-program) * [演示](https://www.paloaltonetworks.cn/demos?ts=markdown) * [联系我们](https://www.paloaltonetworks.cn/company/contact-sales?ts=markdown) [博客 了解行业趋势和全球最大网络安全公司的最新创新 了解更多](https://www.paloaltonetworks.com/blog/?lang=zh-hans) * CN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com/) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * CHINA (简体中文) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [联系我们](https://www.paloaltonetworks.cn/contact?ts=markdown) * [资源](https://www.paloaltonetworks.cn/resources?ts=markdown) * [获得支持](https://support.paloaltonetworks.com/support) * [遭遇攻击?](https://start.paloaltonetworks.com/contact-unit42.html) * [立即开始](https://www.paloaltonetworks.cn/get-started?ts=markdown) 搜索 Close search modal [](https://www.paloaltonetworks.com/?ts=markdown) ![Palo Alto Networks Logo](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/logos/customer/boyne-resorts.svg) 案例研究 # Boyne Resorts 借助 Cortex XSIAM 和 Unit 42 MDR 实现了颠覆传统的 SOC 改进 #### 结果 ### 70 倍 每天摄取到 SIEM 的数据量增加 70 倍 ### 95% 工具和控制面板减少 95%,从 20 多个减少到 1 个 ### 98% 解决问题的中位时间减少 98%,从 2-3 天减少到 1.7 小时 简介 ### 客户 Boyne Resorts ### 行业 酒店业 ### 国家/地区 美国和加拿大 *** ** * ** *** ### 挑战 由于成本和集成难度的原因,原有的安全信息和事件管理 (SIEM) 只能接收极少量的数据,产生了大量误报。这阻碍了内部安全团队获得真正的可视性或应对安全威胁的能力。 ### 解决方案 * 与 Palo Alto Networks^®^ * AI 驱动的安全运营平台: * Cortex XSIAM * 威胁检测和事故响应: * Unit 42^®^ 托管检测和响应 (MDR) * Unit 42^®^ Retainer ### 结果 * 由于数据源数量和摄取的数据量大幅增加,可视性也随之提高 * 一流的威胁情报 * 由自动化和托管服务支持的 24/7/365 SOC + 世界一流的事故响应,快速拨号处理重大事故 [下载 PDF](https://www.paloaltonetworks.com/content/dam/pan/zh_CN/assets/pdf/customers/boyne-resorts-achieves-game-changing-soc-improvements-with-cortex-xsiam-and-unit-42-mdr-zhcn.pdf?ts=markdown) 简介 Boyne Resorts 有一个传统的 SIEM,这个 SIEM 给其安全团队带来了过多的误报,同时也增加了整合数据源的难度和成本。公司需要获得对分布式环境的可视性并实现一流的威胁情报,因此采用了 Palo Alto Networks Cortex XSIAM 和 Unit 42 托管检测与响应 (MDR)。 ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/case-study/boyne-mountain-resorts.png) Boyne Resorts 成立于 1947 年,是跨越美国和加拿大的一系列山区和湖畔度假村、高尔夫度假村、滑雪场和景点。公司总部位于创业之初的密歇根州,目前拥有并经营着从不列颠哥伦比亚省到缅因州的 14 处地产。公司拥有一支超过 11,000 名员工的团队,在发展和创新方面成绩斐然,因此需要采取全面的网络安全措施。 挑战 ## SIEM 表现不理想,使蓬勃发展的公司面临风险 Boyne 的安全运营团队在一个中心位置工作,负责维护对公司分布式网络和设备群中潜在的威胁和暴露的可视性。 团队正在努力解决传统安全信息和事件管理 (SIEM) 系统带来的多方面挑战。尽管 SIEM 只摄取了少量数据,但它产生的误报率很高,而且几乎没有高质量的见解。此外,添加更多数据源的成本高到令人望而却步。 Boyne 的网络架构师 Mike Dembek 解释说:"日志收集是我们的一大弱点。我们的 SIEM 价格昂贵,而且很难整合数据源。"他补充道:"我们一直在追踪不准确的警报。这些都是杂乱无章、毫无关联的信息。" 第三方负责管理 SIEM,但即使有了这些额外的支持,警报量仍然非常巨大。虽然 Boyne 需要从更多数据点收集相关见解,但 Dembek 知道,简单地向 SIEM 添加更多来源会导致更高的价格和更多的噪音。 为了加强几千台公司设备和大量宝贵数据的安全性,Boyne 需要的不仅仅是 SIEM 所能提供的功能,因此,Boyne 选择向 Palo Alto Networks Cortex XSIAM 过渡。公司还与 Palo Alto Networks Unit 42^®^ 合作,持续提供 MDR 服务和 Unit 42 Retainer。 要求 ## 团队看到了 SOC 全面转型的潜力 Boyne 专门的小型安全团队旨在用一个能够提供业务所需的质量和严谨性的 SOC 来取代其原有的 SOC。团队不愿满足于微小的改进。达到一流水平才是目标。 为了实现这一目标,团队需要能够满足以下要求的解决方案: * 采集更多数据源,而无需高昂的价格 * 将误报率降至最低,减少警报疲劳和时间浪费 * 全面提供更多价值、洞察力和情报 * 有效控制风险,改善 Boyne 的安全态势 * 提供 24/7 全天候服务,延伸公司的内部团队 最终,团队希望在不增加人手的情况下,扩大可视性并深化分析能力。任务艰巨吗?当然。可行吗?有了 Cortex XSIAM 和 Unit 42 MDR,绝对没问题。 ## "有了 XSIAM,我们可以提高可视性并加快调查速度。无缝数据摄入和自动化设置改变了游戏规则。" Mike Dembek,Boyne Resorts 网络架构师 解决方案 ## 从沮丧到明确和安心 Boyne 采用 Cortex XSIAM 后,获得了强大的 SIEM 功能,还有更多。Cortex XSIAM 在一个平台上提供多种功能,包括 SIEM;端点检测和响应 (EDR);网络检测和响应 (NDR);身份威胁检测和响应 (ITDR);安全编排、自动化和响应 (SOAR);等等。 ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/case-study/data-ingested.png)由于成本高、工程难度大,安全团队对是否在之前的 SIEM 中添加数据源犹豫不决,而 Cortex XSIAM 使 Boyne 能够添加多个新数据源,并将摄取的数据量提高了 70 倍。 Cortex XSIAM 支持的原生解析功能使数据采集变得更容易。Boyne 现在能够在一个集中式平台上捕获跨设备、云、身份、web 应用、系统配置等的数据。 ## 更少的噪音带来更多的洞察力 ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/case-study/time-to-resolution.png) 在提高可视性的同时,误报数量也大幅下降。Cortex XSIAM 拥有一个关联引擎,可以将多个警报整合为一个事故,从而减少重复和返工。需要调查的事故从每天 80-100 起减少到 35 起,原因是误报率和发现的重复事故数量都有所减少。 Boyne 的控制和定制能力也达到了新的水平。首席安全工程师 Kenny Hicks 回忆说:"我们以前的 SIEM 没有任何警报调整或自定义警报功能。""开箱即用的关联警报是 XSIAM 的一大优势。如果需要,我们还可以创建自己的自定义警报。" 有了 Cortex XSIAM,团队在多个领域都看到了改进: * **数据摄取量**从以前 SIEM 的每天 5 GB 增加到 Cortex XSIAM 的每天 350 GB,提供了更强的可视性和保护。 * **数据源**从 1 个增加到 21 个,提供了跨各种数据源关联事件的能力。 * 于误报率和重复事故的减少,未决事故**减少了 65%**,从每天 80-100 起减少到 35 起。 * **解决问题的中位时间减少 98%**,从 2-3 天减少到 1.7 小时。 * **减少 95% 的供应商和工具**,从调查所需的 20 多个工具和控制面板减少到 1 个。 * **SIEM 不再需要联合管理**,因为公司能够在内部进行管理。 ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/case-study/analysing-xsiam-data.png) \*标记的事故 = 标记需要自动或手动调查的潜在安全事件 †MTTR = 中位解决时间(从警报到案件解决的时间) ‡实时调查结案 = 事故被发现后 60 分钟内得到补救 ## 确保安全永不停歇 Boyne 的安全领导者不仅希望加强公司的安全态势,还希望在不扩大团队的情况下拥有全天候的 SOC。 在实施 Cortex XSIAM 后,公司聘请 Palo Alto Networks Unit 42 提供 MDR 服务,补充团队的工作,提供全年全天候服务。通过与 Unit 42 MDR 合作,公司可以利用 Unit 42 世界一流的威胁情报以及在安全和 Cortex 产品方面的丰富专业知识。最终,这为分布式网络和系统提供了全面的可视性和更快的响应速度。 Hicks 说:"MDR 团队乐于助人的精神给我们留下了深刻印象。""与团队的合作非常成功,让我们提前接触到了 XSIAM 的新功能集,并提高了我们的效率。" Unit 42 MDR 服务与 Cortex XSIAM 集成在一起,为 Boyne 提供了一个单一的用户界面来审查调查情况并确定下一步措施,从而节省了这个小团队过去花在杂乱无章的系统上的时间,使团队能够专注于更具战略性的重点任务。 Hicks 解释说:"MDR 团队负责处理我们的调查,转发所有警报,并分享一份详细的报告,帮助我们对这些事故做出更快、更准确的决策。""这为我们的团队节省了大量时间。" 通过持续监控、主动威胁狩猎和 MDR 服务的其他功能,Boyne 安全分析师可以确信,即使自己没有亲眼监视环境,值得信赖的合作伙伴也会监视。 结果 ## 积极主动的姿态帮助公司迎接未来 新方法提供了更多的功能,减少了 Boyne 安全团队的工作量。Cortex XSIAM 是为实现高级自动化而构建的,它使团队能够以更少的投入完成更多的工作。 Dembek 表示:"有了 XSIAM,我们将网络和端点保护拼接在一起,看到了整个因果链。"Hicks 补充说:"XSIAM 让自动化变得简单。只需少量编码就能轻松摄取数据并创建剧本,这大大减少了设置自动化所需的工作量。" 通过使用 Cortex XSIAM 改造其 SOC 并聘请 Unit 42 MDR 服务,Boyne 现在拥有了: * \*\*对潜在威胁和问题更高的可视性。\*\*通过增加 Cortex XSIAM 的数据源数量和采集的总数据量,并借助 Unit 42 MDR 的主动威胁狩猎,Boyne 能够比以前看到更多的东西。 * \*\*高质量警报和改进的检测。\*\*通过 Cortex XSIAM 启用的自定义警报和警报调整,团队可以收到更高质量的信息。 * \*\*大幅提升的 AI 和分析能力。\*\*得益于 Cortex XSIAM 自带的自定义开箱即用分析功能,公司能够对网络和端点数据进行更多处理。 * \*\*整个安全团队更高的生产力和效率。\*\*有了高度成熟的自动化、多个剧本,再加上来自 Unit 42 MDR 的调查见解、专业知识和全天候持续监控,团队可以在更短的时间内完成更多工作。 * \*\*一流水平的威胁情报。\*\*通过向 Cortex XSIAM 提供多个信息源,丰富警报和分析内容,Boyne 可以深入洞察潜在的威胁行为体和风险。 ## 世界一流的事故响应随时待命 公司现在也为未来做好了更充分的准备。有了 Unit 42 Retainer,Boyne 将继续采取积极主动的保护措施,同时,精通其环境的专家将随时待命,以便在发生重大事故时迅速作出反应。下一步,Boyne 团队计划将自己的 Retainer 服务额度用于 Unit 42 沙盘推演,希望改进事故响应流程,围绕真实世界的安全场景和最新威胁提高自身的有效性。 安全团队对 Palo Alto Networks 的所有产品和服务在改善公司安全态势方面的协同效果非常满意。 通过与 Palo Alto Networks 合作,Boyne 现在能够更好地应对未来的任何挑战,并在不断创新和发展的过程中确保公司的安全。 ## "Unit 42 Retainer 与我们的 MDR 和 SIEM 服务配合得天衣无缝。MDR 团队可以在事故响应期间直接过渡到 Unit 42 团队,这正是我们想要的。" Kenny Hicks,Boyne Resorts 首席安全工程师 了解有关 [Cortex XSIAM](https://www.paloaltonetworks.cn/cortex/cortex-xsiam?ts=markdown), [Unit 42 MDR](https://www.paloaltonetworks.cn/unit42/respond/managed-detection-response?ts=markdown) 和 [Unit 42 Retainer](https://www.paloaltonetworks.cn/unit42/retainer?ts=markdown) 的更多信息,请访问我们的网站。 ## 分享这个故事 ![Share page by link](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/customersredesign/link-icon.svg) [![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/customersredesign/linkedin-icon.svg)](https://www.linkedin.com/sharing/share-offsite/?url=https%3A//www.paloaltonetworks.com/customers/boyne-resorts-achieves-game-changing-soc-improvements-with-cortex-xsiam-and-unit-42-mdr&title=Boyne%20Resorts%20借助%20Cortex%20XSIAM%20和%20Unit%2042%20MDR%20实现了颠覆传统的%20SOC%20改进) [![Share page on x](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/customersredesign/twitter-x-icon.svg)](https://www.x.com/compose/post?title=https%3A//www.paloaltonetworks.com/customers/boyne-resorts-achieves-game-changing-soc-improvements-with-cortex-xsiam-and-unit-42-mdr) [![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/customersredesign/facebook-icon.svg)](https://www.facebook.com/share.php?u=https%3A//www.paloaltonetworks.com/customers/boyne-resorts-achieves-game-changing-soc-improvements-with-cortex-xsiam-and-unit-42-mdr) \[![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/customersredesign/email-icon.svg)\](mailto:?subject=Sharing A Case Study I just read\&body=I thought you'd be interested in this case study: Boyne Resorts 借助 Cortex XSIAM 和 Unit 42 MDR 实现了颠覆传统的 SOC 改进 at https://www.paloaltonetworks.com/customers/boyne-resorts-achieves-game-changing-soc-improvements-with-cortex-xsiam-and-unit-42-mdr) *** ** * ** *** LIGHT MODE DARK MODE #### Products \& Services Used \[![Cortex XSIAM](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/icon-cortex.svg) ### Cortex XSIAM\](https://www.paloaltonetworks.cn/cortex/cortex-xsiam?ts=markdown) \[![Unit 42 Managed Services](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/icon-Unit42.svg) ### Unit 42 Managed Services\](https://www.paloaltonetworks.cn/unit42/respond/managed-detection-response?ts=markdown) \[![Unit 42 Retainer](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/icon-Unit42.svg) ### Unit 42 Retainer\](https://www.paloaltonetworks.cn/unit42/retainer?ts=markdown) {#footer} ## 产品和服务 * [实时人工智能驱动的网络安全](https://www.paloaltonetworks.cn/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.cn/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.cn/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.cn/sase/ai-access-security?ts=markdown) * [云交付的安全服务](https://www.paloaltonetworks.cn/network-security/security-subscriptions?ts=markdown) * [高级威胁预防](https://www.paloaltonetworks.cn/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.cn/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.cn/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.cn/network-security/advanced-dns-security?ts=markdown) * [企业数据丢失防护](https://www.paloaltonetworks.cn/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.cn/network-security/enterprise-iot-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.cn/network-security/medical-iot-security?ts=markdown) * [工业 OT 安全](https://www.paloaltonetworks.cn/network-security/industrial-ot-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.cn/sase/saas-security?ts=markdown) * [新一代防火墙](https://www.paloaltonetworks.cn/network-security/next-generation-firewall?ts=markdown) * [硬件防火墙](https://www.paloaltonetworks.cn/network-security/hardware-firewall-innovations?ts=markdown) * [软件防火墙](https://www.paloaltonetworks.cn/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.cn/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.cn/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.cn/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.cn/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.cn/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.cn/sase?ts=markdown) * [应用加速](https://www.paloaltonetworks.cn/sase/app-acceleration?ts=markdown) * [自主数字体验管理](https://www.paloaltonetworks.cn/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.cn/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.cn/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.cn/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.cn/sase/sd-wan?ts=markdown) * [远程浏览器隔离](https://www.paloaltonetworks.cn/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.cn/sase/saas-security?ts=markdown) * [基于 AI 的安全运营平台](https://www.paloaltonetworks.cn/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.cn/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.cn/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.cn/cortex/cloud/application-security?ts=markdown) * [云态势安全](https://www.paloaltonetworks.cn/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.cn/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.cn/prisma/cloud?ts=markdown) * [人工智能驱动的 SOC](https://www.paloaltonetworks.cn/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.cn/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.cn/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.cn/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.cn/cortex/cortex-xpanse?ts=markdown) * [Unit 42 托管检测和响应](https://www.paloaltonetworks.cn/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.cn/cortex/managed-xsiam?ts=markdown) * [威胁情报和事件响应服务](https://www.paloaltonetworks.cn/unit42?ts=markdown) * [主动评估](https://www.paloaltonetworks.cn/unit42/assess?ts=markdown) * [事故响应](https://www.paloaltonetworks.cn/unit42/respond?ts=markdown) * [安全策略转型](https://www.paloaltonetworks.cn/unit42/transform?ts=markdown) * [发现威胁情报](https://www.paloaltonetworks.cn/unit42/threat-intelligence-partners?ts=markdown) ## 公司 * [关于我们](https://www.paloaltonetworks.cn/about-us?ts=markdown) * [人才招聘](https://jobs.paloaltonetworks.com/en/) * [联系我们](https://www.paloaltonetworks.cn/company/contact-sales?ts=markdown) * [企业责任](https://www.paloaltonetworks.com/about-us/corporate-responsibility) * [客户](https://www.paloaltonetworks.cn/customers?ts=markdown) * [投资者关系](https://investors.paloaltonetworks.com/) * [位置](https://www.paloaltonetworks.com/about-us/locations) * [新闻资讯](https://www.paloaltonetworks.cn/company/newsroom?ts=markdown) ## 热门链接 * [博客](https://www.paloaltonetworks.com/blog/?lang=zh-hans) * [社区](https://www.paloaltonetworks.com/communities) * [内容库](https://www.paloaltonetworks.cn/resources?ts=markdown) * [网络百科](https://www.paloaltonetworks.com/cyberpedia) * [事件中心](https://events.paloaltonetworks.com/) * [管理电子邮件首选项](https://start.paloaltonetworks.com/preference-center) * [产品清单](https://www.paloaltonetworks.cn/products/products-a-z?ts=markdown) * [产品认证](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance) * [报告漏洞](https://www.paloaltonetworks.com/security-disclosure) * [网站地图](https://www.paloaltonetworks.cn/sitemap?ts=markdown) * [技术文档](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [请勿出售或分享我的个人信息](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [隐私](https://www.paloaltonetworks.com/legal-notices/privacy) * [信任中心](https://www.paloaltonetworks.com/legal-notices/trust-center) * [使用条款](https://www.paloaltonetworks.com/legal-notices/terms-of-use) * [文档](https://www.paloaltonetworks.com/legal) 版权所有 © 2025 Palo Alto Networks。保留所有权利 * [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * CN Select your language