Digital banking growth put the squeeze on security
Banco Inter’s digital banking services are booming, with 34 billion banking app activities every month. However, the bank’s security operations center (SOC) was struggling with this growth. As data sources and volumes increased by 30% each year, security teams became overwhelmed by the rising amount of information and manual tasks. This hindered their ability to maintain security visibility across the organization’s 8,000 endpoints. The bank needed to:
- Unify monitoring tools: The security team had been managing a collection of disparate products feeding into its security information and event management (SIEM), including separate tools for attack surface management, security orchestration, automation and response (SOAR), and threat intelligence. This fragmented solution made it difficult to triage threats effectively.
- Connect threat defense: Reliance on static correlation rules, detection engineering, and rising data volumes had led to inaccurate detections and more false positives.
- Increase automation: Some 70% of cases were being analyzed manually, delaying detection and absorbing resources.
“Our goal was to transform our Incident Response Team from reactively solving issues to anticipating and isolating them before they occurred.”
Lucas Bernardes
Director of Cybersecurity
Banco Inter
Upgrade from Splunk to XSIAM reimagined SecOps
Working with its long-term strategic consulting partner, PwC, Banco Inter standardized on Cortex XSIAM, consolidating different tools into one unified AI-driven platform. The outcome is significantly faster event resolution with less manual work.
“It took courage to change from our previous Splunk platform, but it was worthwhile. A modern, cloud-based digital bank demands a modern, cloud-based SOC,” says Lucas Bernardes, Banco Inter’s Director of Cybersecurity.
PwC played a vital role in architecting and deploying XSIAM, guiding the bank to unite expertise and technology. “PwC understands that cybersecurity isn’t just an IT issue — it’s a shared responsibility across every bank function. As our cyber landscape becomes more complex, PwC is a strategic ally that deeply understands both our challenges and the opportunities,” says Lucas.
Eduardo Batista, Cybersecurity and Privacy Leader, PwC, adds: “Cybersecurity is the foundation for Banco Inter’s trust, growth, and resilience. Our global reach and local expertise helped the bank maximize the value from the Palo Alto Networks platform and manage cyber risks holistically.”
-
Enables secure business growth
Cortex XSIAM is instrumental to helping Banco Inter securely manage its business growth, moving beyond the limitations of its previous SIEM to make the organization faster, smarter, and more efficient.
“Our digital services can only grow when the appropriate guardrails are in place. XSIAM empowers our security team to proactively address threats and align security efforts with the bank’s broader organizational goals,” says Lucas.
-
Transforms SOC productivity with automation
![]()
Automation is upending the way events and cases are managed, freeing up resources and increasing SOC productivity by 75%. “We’re now looking around and asking ourselves, ‘what else can we automate?’” says Lucas.
The strategy is also making it easier to recruit and retain cybersecurity professionals. Their duties have progressed from manual case administration to value-add security engineering, understanding why issues occur, and collaborating with the business to prevent future vulnerabilities.
-
Accelerates detection and response
![]()
Simplified security, native integration, and other factors have enabled Banco Inter to cut detection time by 95%. Case resolution is now 98% faster, empowering analysts to address threats before they escalate.
Moreover, XSIAM learns continuously from manual actions, recommending automations for improved case response. Now, 85% of cases are resolved automatically, without human intervention, compared with only 30% previously.
“We resolve faster because we see everything now,” says Lucas.
-
Provides flexibility to adapt to any situation
The automation-first, AI-powered platform transforms cybersecurity from reactive defense into a proactive, value-adding component of its business mission.
Lucas explains, “If someone downloads a malware phishing email, we can immediately lock the endpoint. But what if it’s a VP who is traveling and needs access to critical apps? We can identify the source of the issue but still allow that person access to the Web or Office apps. It’s flexibility like this that makes XSIAM such a powerful tool for business advantage.”
share this story
