Case Study

Monroe County, Georgia, stops ransomware at the door with unified enterprise-to-cloud cybersecurity and simplified security operations

In brief

Customer

Monroe County, Georgia

Industry

County Government

Country

United States of America

Featured products

Threat Prevention, URL Filtering (PAN-DB), WildFire®, Cortex XDR™, Strata Logging Service (formerly known as Cortex Data Lake), Prisma® SaaS, Prisma Access, Panorama™

PA-820 (2), PA-220 (4)

Organization Size

500

Challenge

Prevent ransomware and other cyberthreats from successfully exploiting the county network, end user devices, or SaaS applications as well as disrupting vital services.

Requirements

    • Automatically blocks external cyberthreats from successfully breaching the network
    • Protects against zero-day attacks in real time
    • Provides granular control of user access to applications and cloud services
    • Improves speed and efficiency in detecting and responding to security incidents

Solution

Palo Alto Networks Strata™, Prisma®, and Cortex™ suites offer comprehensive, unified cybersecurity spanning the enterprise, endpoints, and SaaS, with intelligent detection and response to simplify security operations.
Introduction

Customer overview

Monroe County is located in the north-central region of Georgia, with government offices run out of the county seat, Forsyth. Named for US President James Monroe, the county was established in 1821 and has a population of nearly 30,000. Monroe County is situated between the major cities of Atlanta and Macon, placing it in a corridor of scenic natural attractions among the coastal regions, the mountains, and Georgia’s cosmopolitan cities, rich in history and beauty.

Summary

With many of its neighboring communities hit by ransomware, the government of Monroe County was determined to avoid the same fate. This required transforming the county’s cybersecurity infrastructure from traditional firewalls and antivirus software to a modern, intelligence-driven approach that would consistently protect county assets, whether on-premises or in the cloud. The county chose a unified security platform from Palo Alto Networks that extends preventive security measures from the county’s network to its endpoints, remote users, and softwareas-aservice (SaaS) applications, all managed through an intuitive, centralized security operations platform. As a result, Monroe County is able to automatically prevent successful cyberattacks, such as phishing scams and ransomware, as well as granularly control internal traffic and user access to on-premises or SaaS applications based on job requirement.

Preventing Ransomware from Making Headlines

Monroe County is a modest-sized county in Georgia, but like any government organization, it has big responsibilities for the health, safety, and general welfare of its residents. From libraries, tourism, and recreation to firefighting, healthcare, law enforcement, and public works, the county relies on modern communications and data infrastructure to deliver vital services. A cyberattack on that infrastructure could have rippling effects, including exposing private citizen information, disrupting emergency response services, and hijacking financial systems.

Andra Howard, IT specialist with Monroe County, is responsible for keeping the county’s IT infrastructure secure and available. When he saw what was happening in neighboring counties with several high-profile cases of ransomware, Howard took a fresh look at Monroe County’s approach to cybersecurity.

“My ultimate goal is to stay out of the news,” Howard says. “We do not want to be the next county in Georgia hit by ransomware and making headlines.”

Monroe County’s previous SonicWall firewalls were outdated, and they didn’t provide the granular intelligence Howard needed to defend against today’s sophisticated cyberthreats. Traditional antivirus was no longer adequate to prevent ransomware from taking over the county’s end user devices. As the county prepared to adopt Microsoft 365™, Howard wanted SaaS security in place to seal that potential point of vulnerability.

"Palo Alto Networks offered a platform that gave me deep, granular information about what’s going on in our network. Rather than just get an alert that there’s a virus on our network, I want to know where it’s coming from and how I can better prevent it. Palo Alto Networks gives me all that. They look at my endpoints, my network, SaaS—it all comes along with the platform."

Andra Howard

IT Specialist, Monroe County, Georgia

Addressing all these needs was a tall order, requiring a comprehensive approach to cybersecurity. Howard reached out to a contact and learned about the Ultimate Test Drive program offered by Palo Alto Networks. By taking advantage of an Ultimate Test Drive, Howard was able to see what was possible with Palo Alto Networks technology before committing to an investment.

Howard notes, “Palo Alto Networks offered a platform that gave me deep, granular information about what’s going on in our network. Rather than just get an alert that there’s a virus on our network, I want to know where it’s coming from and how I can better prevent it. Palo Alto Networks gives me all that. They look at my endpoints, my network, SaaS—it all comes along with the platform.”

That broad range of capabilities, managed centrally through a single pane of glass, proved key in convincing Howard and the county commissioners that Palo Alto Networks was the right partner to secure Monroe County’s vital information assets. Howard is quick to point out that the level of service he received from Palo Alto Networks was also a decisive factor: “Palo Alto Networks engineers helped to lay out a security platform that fit exactly what we were looking for. That was instrumental in providing the necessary information I needed to gain approval from my commissioners. Any time we had a question, someone was available to answer it—to really explain the value of the technology in addressing our county’s needs.”

Enterprise-to-Cloud Security on One Platform

To secure its enterprise infrastructure, Monroe County deployed the Palo Alto Networks Strata™ network security suite, including PA-820 and PA-220 Next-Generation Firewalls and subscriptions for Threat Prevention, URL Filtering, the WildFire® malware prevention service, and Panorama™ network security management. The county also implemented the Cortex XDR™ platform to bring together enterprise-wide prevention, detection, and response leveraging intelligence from the network, endpoints, and cloud. In addition, the county now uses Prisma® Access to extend the same security to its remote users and small sites, along with Prisma SaaS to secure access to Microsoft 365 and other SaaS applications as they are adopted. Howard has more than 200 assets to manage, with more being added every day, across dozens of facilities spread around the county. Impressively, he secures and monitors the entire infrastructure—on premises and in the cloud— on his own using Palo Alto Networks technology. “It’s a beautiful thing being able to go to one spot and analyze every part of the network, whether it’s the firewalls, endpoints, or SaaS,” Howard remarks. “Everything ties together nicely rather than trying to piece together information from several different applications and still not have a clear picture.”

Cortex XDR is the focal point for Howard’s security operations, providing the big picture of network activity across the county. “I felt it was very important to understand everything that’s happening on our network, what end users are receiving or sending out, and if there are any executables coming through that could be infected with a virus or malware. Cortex XDR allows me to get down to the granular details to understand, is this a normal pattern or something that needs to be investigated.”

With advanced endpoint protection integrated in Cortex XDR, Howard has extensive visibility and control over every end user device on the Monroe County network. He can delve into exactly which applications and services are running on each machine and quickly determine if there is anything abnormal or inappropriate. “I get a visual of how each machine is operating and if there’s anything that should not be running on it,” Howard says. “Cortex XDR is an awesome tool for quickly seeing which machine is affected. Then, I can update my policies right there rather than go into Active Directory. It saves a ton of time versus going from endpoint to endpoint, calling every end user. I can focus more on the bigger security picture.”

"Having the right security in place is like a locked door into the county. Without it, you can get people just walking in, copying information, and walking right back out the door. The Palo Alto Networks platform has been a tremendous help to me being a one-man band. It’s like having a virtual team working for me to help keep the county secure and prevent threats like ransomware from causing havoc."

Andra Howard

IT Specialist, Monroe County, Georgia

Granular Control over Incoming and Outgoing Traffic

The Strata network security suite also enabled Howard to gain tighter control over traffic entering and exiting the county network. He makes heavy use of User-ID™ and App-ID™ technology to determine which applications individual users are permitted to access based on their individual job requirements. In addition, Howard uses URL Filtering extensively to control the websites users can access.

“I do a lot of filtering because there are certain web and social media sites, like Facebook, that the county uses where we have to tighten down some portions of a department but allow other portions access. Palo Alto Networks gives me a lot of flexibility to selectively control access based on the needs of each department.”

The Strata platform also prevents external cyberthreats from infiltrating Monroe County’s network and disrupting services. Most known threats are blocked automatically by Threat Prevention on the Next-Generation Firewalls. With the added protection of WildFire, even unknown threats and zero-day attacks are stopped before they can cause harm.

“WildFire has caught a lot of executables coming in through phishing attacks,” Howard reports. “I can analyze that executable and see if it’s benign or a true threat, and then send a scan to the affected computer to wipe out any malware that may have been delivered. It allows us to get ahead of an attack instead of cleaning up after the fact.”

Consistent Security Policies Extended into the Cloud

With the county’s email and productivity applications now provided by Microsoft 365, leveraging the WildFire service and extending security policies into the cloud with Prisma SaaS has been critical for Monroe County. Prisma SaaS ensures that sensitive county and citizen data is protected consistently across SaaS applications, and that attacks like phishing scams are derailed before they can affect unsuspecting users.

Howard notes: “Email is a key entry point where exploits like phishing and ransomware can get through and take over. We educate our users to watch out when they reply to an email if it goes somewhere else other than where it came from. Having Prisma SaaS is like an extra set of eyes on everything to prevent that type of event from happening.”

Similarly, Howard ensures consistent security and policy enforcement with Prisma Access for remote users and smaller sites, like libraries, that are not domain-controlled. Any user on a county-issued device who attempts to log in to the enterprise network is automatically routed through the cloudbased Prisma Access infrastructure for security inspection and forwarded through a Next-Generation Firewall.

“Prisma Access provides assurance that remote users are going through the same security checks as anyone in the office,” Howard says. “It also provides a log where I can keep a running tab on when someone has logged in and logged out. Everything is captured using User-ID, which allows me to keep a close watch on who’s coming and going on our network. Most vulnerabilities occur in-house, so we need to keep a tight lid on all the network activity in-house.”

Ultimately, Howard has put all these measures in place to reassure county administrators, service personnel, and citizens that their sensitive information and operational assets are secured against internal and external cyberthreats.

Howard concludes: “Having the right security in place is like a locked door into the county. Without it, you can get people just walking in, copying information, and walking right back out the door. The Palo Alto Networks platform has been a tremendous help to me being a one-man band. It’s like having a virtual team working for me to help keep the county secure and prevent threats like ransomware from causing havoc.”