As NDIT looked to scale security from 20,000 endpoints to 250,000 with a fixed number of staff, it required a more centralized and efficient way to protect sensitive data across state entities. The state faced concerns of reigning in costs and retaining the team while fighting sprawl.
- Siloed security tools - No unified platform to bring data together across 600+ state entities.
- Incident overload - Without substantial automation, SecOps analysts had more alerts than they could detect and respond to each day.
- Lacked visibility - Unable to glean broad or granular insight into the threat landscape– statewide or at the level of a single entity.
Path to platformization
“The Cortex portfolio has really helped our SOC mature. With so many threats coming in, having that toolset has really been a big benefit for us.”
Michael Gregg
CISO, NDIT
-
Unification streamlines processes and lowers costs
By moving to the Palo Alto Networks platform, from the SOC down to the level of each state entity, NDIT was able to standardize everything from dashboards to policies and drive new automations. This made it possible to implement a statewide strategy for threat prevention and detection and response. The shift has not only streamlined the state’s approach to its security operations, it’s also yielded significant cost savings. NDIT CISO Michael Gregg notes, “While we’re about the size of a Fortune 30 company, we operate at half the cost.”
-
Automation dramatically reduces manual tasks
The Cortex platform helps NDIT comfortably manage security for over 250,000 endpoints while poised to scale to support the needs of the state’s future growth. With the reduced volume of alerts for analysts, NDIT teams can focus on highest-priority incidents in a timely manner, making a bigger impact on safeguarding the state’s digital resources. The streamlined workflow for SOC staff has allowed NDIT to achieve operational efficiencies equivalent to 8-10 SOC analysts.
-
Streamlined work makes for happier employees
Using AI and machine learning to automate many tasks that were previously manual has reduced analyst burnout, with NDIT staff experiencing improved job satisfaction. The state is seeing that translate to longer tenures: The average tenure for NDIT security operations staff has grown to three years, double the industry average of 18 months.
-
Shift to proactive threat defense
Cortex Xpanse provides NDIT’s red team greater visibility into North Dakota’s attack surface. Those insights allow the team to better map where to test for vulnerabilities across the state. Through Unit 42 Managed Threat Hunting (MTH) services, NDIT has a team dedicated to monitoring threats around the clock and pulling in information from other attacks so the state is better positioned to respond to similar activities. Before Unit 42 MTH, the NDIT team could spend months working through many false positives before they would find a true positive, whereas now they’re notified of incidents instantly. In addition, a Unit 42 Retainer gives NDIT peace of mind with incident response experts on call any hour of the day should an incident occur.
-
Interstate collaboration for greater security
Modernizing security operations has allowed North Dakota to share threat intelligence more effectively with other U.S. states. After working with North Dakota’s elected officials to adapt state law allowing interstate IT communications, the CISO pitched leaders in other states on the vision of a joint-state SOC. Cortex XSOAR has made it possible to quickly integrate data from multiple states into a shared environment so participating states can compare threats and see how others are responding to them. Now, nearly 20% of states in the U.S. participate in the Joint-Cybersecurity Operations Command Center (J-CSOC) and achieve greater visibility and faster response to evolving threats.
-
Modernization is an ongoing journey
Going forward, NDIT plans to continue building on its security transformation as AI and other technologies bring new challenges and threats. It recently adopted Cortex XSIAM as part of a strategy to fight threats with AI detection and response, which will enable greater levels of automation across its security operations.
North Dakota IT Safeguards Citizens with Palo Alto Networks
North Dakota IT Modernizes its SOC with Cortex and Unit 42
North Dakota IT Automates 60% of Incidents with Cortex XSOAR
From Weeks to Minutes: NDIT Transforms Threat Hunting with Unit 42
“We had a vision to build, manage and maintain the best state cyber operations center in the United States. Working with Palo Alto Networks, we’ve been able to bring that forward.”
Michael Gregg
CISO, NDIT