See what your stack can't see.
A guided 25-minute workshop built around XDR Go Big — the joint Optiv + Palo Alto Networks initiative. Walk six acts. See your real detection gaps. Leave with a personalized readiness map grounded in Palo's 2026 platform: Cortex, CyberArk, Chronosphere, Koi / AES.
How it works
Core journey first.
Deeper scenarios when you're ready.
The Discovery Lab runs in two phases. Everyone walks the same 25-minute core arc first — five acts that land the landscape shift, expose the blind spots, and deliver a personalized next-step map. No menu, no guessing which challenge to pick.
After the map renders, a Continue to deeper scenarios option opens the full library — additional plays for teams that want to go further on identity, cloud, OT, agentic AI, or a specific vendor cut.
Scenarios route automatically to the vendors you run. Customers experience a teaching conversation, not a test. The goal is the moment they realize they have a problem they hadn't named yet — then leave with a plan.
The landscape just changed
Project Glasswing. A 24-hour exploit window. Agentic endpoints. One minute of context on why this session exists right now.
What your stack catches
Scenarios routed to your vendors — CrowdStrike, SentinelOne, Defender, Splunk. See your strengths and the handoffs where signal slips.
What your stack can't see
The Agentic Blind Spot. The 24-hour Patch Window. The 80-tool problem. The teach-them-something-new moment — most customers score near zero.
How Palo is building for it
The platform story. The Koi / AES reveal. Why Cortex was rebuilt rather than extended — and what that unlocks for your environment.
Your personalized map
Three columns — 90 days, 6 months, strategic. Personalized by your Palo footprint across Network Security, Identity (CyberArk), Cortex SecOps, and Observability (Chronosphere). No pitch, no pressure.
Continue to deeper scenarios
After the map, opt into the full library — specialized plays for identity, cloud, OT, agentic AI, and vendor-specific cuts. Run what matters to your environment, skip what doesn't.
What's in it
Built for the 2026 attack surface.
Every element of the Discovery Lab is designed to teach customers something they did not know — and leave them with a concrete plan for what to do about it.
Mythos-era urgency, built in
Every session opens with the April 2026 Project Glasswing announcement and the collapsed 24-hour exploit window. Customers walk out understanding why their current cadence was built for a world that already ended.
Agentic Endpoint Security coverage
The Koi acquisition ($400M, closed April 14, 2026) defined a brand-new category. Scenarios show what your current EDR cannot see — browser extensions, AI coding agents, MCPs — and how AES adds coverage alongside what you already run.
Five-act journey, not a menu
Every customer walks the same arc: the landscape shift → what your stack catches → what it can't see → how Palo is building for it → your personalized next-step map. No random challenge picking. One narrative, one destination.
Personalized readiness map
Session output is a three-column 90-day / 6-month / 18-month map, personalized by your existing Palo footprint. Forwardable to your team. Decisions on your clock, not ours.
Stack-aware, always
Tell us your security stack once. The detection engine recognizes ~80 vendors and aliases — CrowdStrike, SentinelOne, Defender, Splunk, QRadar, Azure AD, Intune. Scenarios route automatically to what you actually run.
XDR Go Big as the commercial path
No hard sell inside the workshop. The final map references the XDR Go Big initiative from Optiv + Palo Alto Networks as the commercial mechanism — your rep handles the specifics on the follow-up.
Built for
CISOs, COEs, Partner Architects, and the teams they work with.
A customer-first workshop that teaches, qualifies, and leaves a roadmap. Designed to be run directly with a customer, with a COE alongside, or sent ahead of a discovery call.
CISOs & Security Leaders
A 25-minute session surfaces what your current program catches, what it can't see at all, and what a realistic 18-month roadmap looks like. Take the output to your board, your team, or your next renewal conversation.
Security Engineers & Architects
Honest stack evaluation without a vendor pitch. Walk agentic endpoint, collapsed patch windows, cross-domain correlation — and see where AES, Cortex XDR, and XSIAM would slot into your architecture without requiring displacement.
COEs & Client Advisory Teams
Run the session alongside your customers instead of running a deck. The scenarios do the teaching, the output is personalized to the customer's Palo footprint, and the follow-up conversation is grounded in what they just saw.
Partner Architects & Channel SEs
Send Discovery Lab to customers before a discovery call. Their responses land in your inbox first, grounded in real 2026 threat context (Mythos / Glasswing / Koi). Skip the 'tell me about your environment' segment entirely.
XDR Go Big. Share it with your team.
Finished the workshop and want to bring it to your security lead, your team, or the rest of your stakeholders? Copy the message below and paste it into email, Slack, or Teams. No edits needed.
Wanted to share something worth a closer look. Optiv and Palo Alto Networks are running a joint initiative called XDR Go Big that makes it easier to consolidate endpoint, network, identity, and cloud detection into a single platform. One agent, one console, one correlated incident view — with predictable licensing and a path that doesn't require ripping out what already works. Before we go deeper, I ran the 25-minute Discovery Lab — a self-serve workshop that walks through real attack scenarios and shows where our current stack has visibility gaps: https://scalemysoc.com/discovery-lab Worth running it yourself before our next security planning conversation. Our Optiv representative can walk us through what XDR Go Big means for our environment and the commercial terms currently available to customers engaging on the program.
Forward the message
Paste it into email, Slack, or Teams and send it to your security lead or stakeholders. They get context without you rewriting anything.
They run the 25-minute workshop
Your team sees the same scenarios you did, and each person gets their own personalized report with findings and next steps.
Bring it to your Optiv rep
Walk into your next planning conversation with real findings in hand. Your Optiv rep can explain what XDR Go Big means for your environment and timeline.
Program details and commercial terms are discussed 1:1 with your Optiv representative.
From the workshop to real outcomes.
The scenarios above are only useful if you can act on them. Optiv delivers five service paths purpose-built to turn Discovery Lab findings into measurable results — pilot, deploy, remediate, mature, or baseline. Your report identifies which ones fit.
Prove value on a pilot group in weeks, not quarters.
Rapid deploy of Cortex to a defined subset of endpoints. Initial configuration, software staging, policy implementation, and knowledge transfer — a secure baseline before broader rollout.
Deploy Cortex across the full environment with confidence.
Full-environment rollout with discovery, design, pilot, deployment, and knowledge transfer. Go beyond the pilot group to realize value at scale.
Close the findings from your last audit, pentest, or assessment.
Evaluate findings, identify gaps and risks, validate compliance, remediate policy and configuration, test, document, and close out.
Keep Cortex tuned, current, and aligned to your business goals.
Structured, ongoing engagement covering capabilities, feature enablement, integrations, new content creation, and continuous tuning — so the platform gets better every quarter.
Baseline where your current endpoint platform actually stands.
Technical assessment of performance, security controls, and reporting, followed by gap analysis, documentation, and policy optimization recommendations.
Your report tells you which one fits.
Every Discovery Lab session ends with personalized service recommendations based on the scenarios you ran and the gaps you flagged. Your Optiv representative scopes the right engagement — no over-selling, no one-size-fits-all.
Start a workshopAll five service paths are available through your Optiv representative. Scoping conversations are 1:1 — no pricing published.
25 minutes. Five acts.
One map for what comes next.
Walk the landscape shift, see where your stack holds up and where it doesn't, and leave with a personalized 90-day, 6-month, and 18-month map. Forwardable to your team. Decisions on your clock.
No account required. No data collected that identifies you by default. Your Optiv team follows up only if you ask.