But to harness the full potential of AI and automation in order to build a real-time SOC requires more than that. We need an integrated AI-driven architecture that reimagine the legacy 20 years old SOC architecture from the ground up. And this is what we brought to the market with XSIAM last year. So what happens is legacy SOC and how it has changed with XSIAM. Let’s look at that. In order to detect attacks, silent tools just get alerts. But we are living in a dynamic world, unfortunately, looking at anomalies or alert in isolation might be suspicious, but there are many of them. Each of them we’ll look at the world from a very narrow standpoint. And the result is that high volume of alerts that overwhelm the SOC. This means that SOC gives up on reviewing all of those alerts.
And eventually, the SOC is missing the important ones. With XSIAM customer no longer needs to review low confidence alert and try to connect the dots themselves. XSIAM collect a large amount of data and uses AI to analyze low confidence signals, stitch them together with raw data and get enough context to resolve most of them automatically, presenting the user only with all of an incident and with a full context for each of those incidents. By grouping this into incidents prioritize them, restoring them, XSIAM provides a full picture view to the analysts, and allow the analysts to respond very quickly to the events. How do we do this management? Let me use our new product UI to explain the key elements that differentiate XSIAM on the rest of the products in the market.
It starts with the data. We ingest normalized stitch together petabytes of data from dozens and hundreds of data sources to recreate the full story of each and every event in your environment. This stitched rich data set feed and sophisticated AI engine with over 3,000 models that produce high confidence alerts that groups those alerts into incidents, assigns a risk score to each and every incident, and then integrate natively built automation to resolve most of the incidents, leaving only a small number of incidents for human review and resolution. Like the copilots, you saw for both network security and cloud security, our new Cortex UI, we incorporate a copilot with an early alpha testing starting next month. We started working with Palo Alto Network SOC as our first partner as we design and build Cortex and XSIAM.
Palo Alto is the largest security vendor. And as such, we have a lot of assets that we need to protect. In order to do proper job, we collect a lot of data. Over 1 trillion events are collected every month or 75 terabytes every day. With Cortex, Palo Alto Network’s SOC can protect its network with a small team working on startup ships, resulting with less than one minute incident resolution. This is not heroic. This is relying on technology and AI and automation to achieve the right security outcomes. So when we launched XSIAM, we wanted to see how these plays with customers. And the early indications are remarkable. Our customers are able to ingest a lot more data than before, which provides them with broader coverage for their attack service.
Even though they ingest a lot more data, product generates a lot less false positive. And those true positive alerts are being grouped together prioritized by AI, delivering much, much superior security outcomes. Better coverage shifting the median time to response from day to hours. As we look forward, we see tremendous opportunity in drawing Cortex and XSIAM. We continue to win and gain market shares with our best of breed products, XDR, XSOAR, and Expanse, That’s not a basis to upsell our customers to the full XSIAM solution. Each of those customers is a candidate, is becoming a prospect to move to the full platform XSIAM. And we demonstrate this over the past 12 months in being able to convert a lot of the customer that use part of the platform to become a full platform users.
For the most exciting part, is when we look at where we can expand XSIAM. We believe the era of AI automation is just beginning, and XSIAM is quickly becoming the largest security data platforms. And the technology we build with AI automation could be the basis to expand what we can deliver with XSIAM to new modules within the SOC, and across the entire security landscape. Thank you all and back to you, Lee.
Lee Klarich: Awesome. Thank you Gonen going in. Clearly, an incredible opportunity in Cortex, and specifically with XSIAM as we think about the journey ahead where we are going to transform security operations in just absolutely incredible and amazing ways. And with that context across our three platforms. Let me now turn it over to BJ to share with you how we take all of this wonderful stuff to market. BJ?
BJ Jenkins: Thanks, Lee. And it’s great to be here with all of you. I couldn’t be more excited to talk about our go-to-market transformation that, will allow us to take full advantage of the product innovation you heard about. I just had my two-year anniversary of Palo Alto Networks, and the evolution of this go-to-market organization in step with our customer needs and product innovation has been incredible. To understand how we can best serve our customers, we need to understand how organizations are tackling cybersecurity challenges today. On average, large companies have 75 plus security solutions. This leads to fragmentation and growing complexity as customers try to stitch together all these individual products and data.
