Echostar unifies satellite and AI security on one unified platform

EchoStar evolved its perimeter strategy by deploying Next-Generation Firewalls (hardware and software) as high-fidelity “sensors” across its enterprise providing security and deep network context for faster remediation using the Cortex platform. The high-quality telemetry feeds into the AI models used by Cortex XSIAM, enabling the detection of sophisticated threats down to the Layer 7 level before they can propagate through the hybrid infrastructure. Using Strata Cloud Manager, EchoStar has replaced the siloed operations of the past with single-pane-of-glass visibility.

EchoStar replaced its traditional SIEM with Cortex XSIAM to create an AI-driven data lake that centralizes telemetry from across the EchoStar portfolio. By bringing capabilities that once required standalone tools for EDR, NTA, SOAR, and ASM into a single platform, EchoStar significantly reduced its total cost of ownership (TCO) while giving its security team a unified operational foundation. This foundation has fundamentally changed how the SOC operates at EchoStar. The machine learning and AI capabilities within XSIAM correlate siloed telemetry into actionable cases, reducing issue fatigue and allowing analysts to focus on what matters most. “Cortex XSIAM has transformed the automation of our SOC team,” reflects Jim Adkins, Vice President of Information Security Engineering. “With a 95% automation rate as our goal for this year and 91% as of February, we’re truly enabling the system to solve most of our security challenges.” To further scale operations, EchoStar is integrating Cortex AgentiX, enabling analysts to use natural language to carry out complex agentic workflows for 24/7 adaptive defense.

By migrating from Prisma Cloud to Cortex Cloud, EchoStar’s security team will achieve full visibility in one platform for real-time cloud defense. Rohit Reddy, Staff Security Engineering Lead at EchoStar, notes that this unified perspective is a major advantage. “Having that single view from code to cloud to SOC is a big differentiator. We’re able to see the entire attack path vector from where the incident starts to where the infrastructure is deployed to who’s using it,” says Reddy. This transparency enables much faster response times and greater accuracy by providing the exact context of an incident across both Google Cloud and AWS.

To bolster its in-house team and maintain 24/7 access to world-class experts, EchoStar has a Unit 42 Retainer. Tailored threat intelligence from Unit 42 is ingested directly into the Cortex platform, enabling the SOC to prioritize vulnerabilities based on real-world adversary behavior. Additionally, by conducting proactive assessments like penetration testing, Unit 42 helps EchoStar validate its defenses and strengthen its posture quickly. This collaboration ensures EchoStar is protected from emerging threats in the market before they can impact the digital core.

As EchoStar scales AI agents and applications to enhance and improve customer experiences, it uses Prisma AIRS to establish a “secure-by-design” framework. Prisma AIRS AI security capabilities integrate directly into the software development lifecycle, providing automated model scanning and red teaming to stress-test RAG architectures, and secure the AI supply- chain before it reaches production. This approach allows developers to innovate with AI while maintaining inline runtime protection against prompt injections and data leakage. EchoStar’s approach to standardize on the Palo Alto Networks platform meant Prisma AIRS was simply a feature activation, integrating immediately into established workflows and avoiding the operational overhead of managing disparate point solutions.