Threats running faster than cybersecurity strategy
As HiBob’s business expanded globally, its security team sought a modern SIEM platform. The goal: to empower security operations centre (SOC) analysts to proactively manage the scale and sophistication of emerging threats, ensuring security became a driver, not a blocker, for the business’s rapid advancement.
To achieve this, HiBob needed to:
- Strengthen threat defence: HiBob struggled with security threat detection because the team had to create manual rules and couldn’t keep up with rising threats.
- Reduce reliance on manual work: The analyst team faced hundreds of alerts daily due to limited automation. Many of these alerts were false positives but still required attention, which prevented the team from focusing on strategic tasks.
- Increase security innovation: There had been minimal innovation and few new features added to the existing SIEM platform since its deployment, three years previously.
“Switching to XSIAM has given us a holistic view. We can now see the full picture of every incident, respond more quickly, and filter out a significant amount of noise. In practice that means we’re getting far fewer false positives, and when we do get an alert, it’s usually something that really matters.”
Tamir Ronen
CISO, HiBob
Migration from the existing SIEM to XSIAM in three months
HiBob was already a highly satisfied Cortex XDR customer, using the endpoint protection platform to connect data and eliminate threats from endpoints, cloud, and network. According to Tamir Ronen, Chief Information Security Officer (CISO) at HiBob, swapping its legacy SIEM for Cortex XSIAM was a logical step, enabling SIEM, EDR, SOAR, ASM, and more to be combined in a single platform.
Cortex XSIAM has since become a key component of HiBob’s modern SOC. It offers comprehensive automated data integration, analysis, and triage. The platform supports unified workflows that boost the efficiency of HiBob’s analysts – while incorporating intelligence and automating responses to block threats with minimal analyst input.
-
Rapid migration from existing SIEM to XSIAM
While the migration had to be completed in a maximum of six months, XSIAM was fully operational – with all data sources onboarded – within just three. By the six-month deadline, HiBob had already established a significant degree of automation.
-
Provides complete threat visibility
![]()
Cortex XSIAM stitches raw data from all HiBob’s data sources and groups alerts into incidents. This strengthens security against even the most sophisticated threats by providing complete visibility, faster investigations, and reduced alert fatigue.For example, during a simulated attack by the company’s Red Team, XSIAM identified 80% of the attack automatically without creating any custom correlation rules, thus demonstrating its advanced detection capabilities right out of the box.
-
Increases SecOps operational efficiency
![]()
By automating many common alerts and freeing the team to focus on real investigations, HiBob has saved the equivalent of 1.5 full-time employees’ (FTEs) time and increased team productivity by 50%.For example, the team uses playbooks that automatically enrich alerts with additional context, so by the time an analyst reviews an alert, most of the answers will be readily apparent. In some cases, alerts are even closed automatically based on predefined conditions.
Cortex XSIAM stitches raw data from all HiBob’s data sources and groups alerts into incidents. This strengthens security against even the most sophisticated threats by providing complete visibility, faster investigations, and reduced alert fatigue.
By automating many common alerts and freeing the team to focus on real investigations, HiBob has saved the equivalent of 1.5 full-time employees’ (FTEs) time and increased team productivity by 50%.share this story
