Vodafone builds SOAR and monitoring workflows with n8n, saving 5,000 person-days
As one of the most-targeted sectors for cyberattacks, Vodafone faced rising breach costs and new Telecom Security Act requirements to expand logging and monitoring coverage, while already processing billions of events and thousands of alerts a month through time-consuming manual processes that risked straining its engineering and CSOC teams.
Vodafone piloted traditional SOAR tools, including IBM Resilient and Tines, but found that despite being comprehensive, they couldn't address its overall workflow capability and issues.
Vodafone launched 33 workflows since August 2024 spanning SOAR, engineering, and CSOC use cases, saving 5,000 person-days, avoiding £2.2M in costs, and continuing to save roughly £300k per month in 2025, while also expanding its monitoring and logging capabilities to meet TSA compliance.
Show all 8 reported metrics
Frequently asked questions
What did this team achieve with this AI workflow?
Vodafone launched 33 workflows since August 2024 spanning SOAR, engineering, and CSOC use cases, saving 5,000 person-days, avoiding £2.2M in costs, and continuing to save roughly £300k per month in 2025, while also ex…
What tools did this team use?
n8n, IBM Resilient, Tines.
What results were reported?
Workflows launched: 33 workflows since August 2024; Person-days saved: 5,000 person-days; Costs avoided: £2.2M; Ongoing monthly savings: ~£300k per month in 2025 (source-reported, not independently verified).
What failed first in this deployment?
Vodafone piloted traditional SOAR tools, including IBM Resilient and Tines, but found that despite being comprehensive, they couldn't address its overall workflow capability and issues.
How is this compliance monitoring AI workflow structured?
Critical feed monitoring → Feed-loss detection → Basic triage → Ticket raised to correct team → Fraud detection workflow.