Transcript
entities that are on your network, but you're now also protecting every citizen in the state because you're dealing with their data. So I lead, manage, and maintain the security operation for all seven branches of government. When I started in this role, I very clearly set out a mission. I had about 20,000 endpoints, and then what I had to try to do was grow that coverage to 250,000 endpoints. I needed to align all the cities, counties, schools, all use the same product and all use the same dashboards. We had a SIM over here, firewalls over here, data a little bit of everywhere, and trying to pull all that information together and make it make sense and find the issues inside of it and be able to automate was massive for us. The Cortex portfolio has really helped our SOC mature. With so many threads coming in, having that tool set has really been a big benefit for us. We've been along the journey 10 to 15 on the firewall level the last five years with XDR from the infancy. I remember when we first flipped on Cortex XDR, we had 16,000 incidents, and with the help of Palo Alto and the hard work of cyber analysis and response team, we were able to tune that down to less than 100 incidents open at all times. Our threat intelligence team has been starting to use Xpanse more and more as they find new APT groups that are targeting certain types of systems or they find new vulnerabilities that are out there. You know, just trying to double check and validate that the information that we have inside of our CMDBs and other systems matches up. Before we had Unit 42 managed threat hunting, we'd spend hours looking through incidents, no way to prioritize, but with managed threat hunting, you know, an incident would come in and help us prioritize on where to focus, even what types of attacks to look for. And now because of that, we've modeled our entire team off of how to look for a threat. We've done cyber ranges where they don't have Palo Alto tools and we're like, man, this is a lot harder. But then when you come back with Cortex XDR and with XSOAR, you're like, this is easy. We have about 60% of all of our total incidents in XSOAR are automatically closed via automation. It would be about anywhere between 8 to 10 analysts that we don't have to go and hire because XSOAR is able to do that for us. It's not only cut our cost, but it's allowed us to build a more efficient operation. But we operated about maybe half the cost of a similar size Fortune 30 company. And that's from that consolidation that we've been able to do and buying on scale and working together all as one whole estate. Going into the next year, the big thing that we're really looking at doing is the implementation of XIM. AI has lowered the bar as far as making it much easier for threat actors to gain access. So for us to really keep up with that and to meet that onslaught of attacks that we see, we need to move to what's next. And our mission was to build, manage, and maintain the best state cyber operation center in the United States. Working with Palo Alto, we've been able to help build that vision and bring that forth.