The legacy MDR solution revealed inadequate protection.
- The School needed to safeguard its large personally identifiable information (PII) repository of staff, student, parent, and alumni data.
- Within two months of onboarding the previous MDR solution in 2022, the team endured a poor user experience and a lack of effectiveness.
- The previous solution lacked integration capabilities, leaving the School unable to automatically collect, transit, and measure data from remote sources for data telemetry.
Winston Mattson, director of systems and infrastructure, has been with the School for over 25 years. He says, “To strengthen and augment our cybersecurity and monitoring capabilities, we decided to explore a suitable managed detection and response solution.”
“Much to our disappointment, our previous MDR solution was missing several events, putting our cybersecurity at risk. The product was essentially asleep at the wheel, and we knew we needed to look for an effective solution.”
- Winston Mattson
Director of Systems and Infrastructure,
Ivanhoe Grammar School
Path to Platformization
Network security
NGFWs
Threat detection, incident response and threat hunting
Unit 42 MDR
Endpoint security
Cortex XDR
The School gets high-level integration and improved visibility with Unit 42 and Cortex XDR.
Mattson wanted the School to partner with a reputable specialist and market leader in cybersecurity. The chosen solution had to enable high levels of integration between products for ease of management. It also had to enable network telemetry for real-time, high-speed network monitoring.
A truth-telling, side-by-side pentest
The School was already a Palo Alto Networks customer using machine learning (ML)–powered NGFWs. However, Mattson had not considered other solutions until the experience with the School’s previous MDR provider led them to evaluate Unit 42 MDR, delivered on Cortex XDR. For a fair comparison, a side-by-side pentest was conducted between the incumbent MDR vendor’s solution and Unit 42 MDR.
Almost immediately, Unit 42 MDR picked up threats. Mattson explains, “Logs were being sent to both vendors at the same time. Within 24–48 hours, we were receiving notifications from Palo Alto Networks Unit 42 MDR of genuine Kerberos user enumeration, indicating password spraying. Palo Alto Networks was alerting us to these threats while the incumbent vendor gave us nothing.”
The side-by-side penetration test was an objective comparison that, as Mattson quips, “was like removing a blindfold.” The test made it clear to Mattson that Ivanhoe Grammar School needed to find the right enterprise-level toolkit.
Results and confidence from Unit 42 MDR
After seeing the pentest’s results, Mattson chose Unit 42 MDR and Cortex XDR. Another key deciding factor was the MITRE ATT&CK results where Cortex XDR scored the highest across different attack scenarios, achieving 100% detection coverage with no delays or configuration changes. For Mattson to work with Palo Alto Networks, another deciding factor was having a single provider with integrated technologies.
Mattson shares, “It gives me immense confidence that the Palo Alto Networks Unit 42 team is highly responsive and that they are monitoring events to ensure that the environment remains secure. With this proactive approach, we can be certain that genuine damaging incidents are not missed.”
“We opted to replace all our firewalls with ML-powered NGFWs from Palo Alto Networks because they outshone the existing tools in terms of features and functionality, while providing a high level of integration. With Unit 42 MDR and Cortex XDR, we acquired the enterprise-level data integration that we sought, because the team could see all the MDR cases and all communication threads together in Cortex. Having [our] security tools in one toolkit was advantageous.”
- Winston Mattson
Director of Systems and Infrastructure,
Ivanhoe Grammar School
-
Reduced time to investigate and identify vulnerabilities
During the simultaneous pentest, it took less than 6 hours for Unit 42 MDR to respond to potential threats. After the full deployment of Cortex XDR and Unit 42 MDR, Mattson and his team have also seen more efficient and accurate detection of malicious events. The previous product was almost silent and proved to miss critical threats.
For Ivanhoe Grammar School, Cortex XDR ingests all the logs from the endpoints, servers, and firewalls, as well as correlates and analyzes them to determine what Unit 42 needs to escalate to Mattson. With this solution in place, Mattson and his team have restored confidence that insidious events will be detected. Now, with operational processes streamlined to realize improved productivity, the team can use their time to support the School’s curriculum and educational needs, instead of looking at a first-level event triage.
-
Increased productivity, better integration, and enhanced visibility
With Cortex XDR, Ivanhoe Grammar School can see all MDR cases and communication threads across the network, endpoint, and cloud environments. The previous solution did not integrate with third-party vendors, creating a lot of noise. With the use of ML and AI, that noise is filtered out. Having Unit 42 MDR deeply integrated into the school environment to analyze events across their infrastructure is a significant advantage. It strengthens the team’s ability to manage and detect events across the School’s fleet of devices.
Unit 42 MDR also gives network traffic visibility, without needing to invest additionally in monitoring devices. Now, the School’s IT team can proactively conduct their own queries on alerts—a level of visibility that Mattson and his team did not have earlier—which has helped increase investigation productivity by 30%.
-
Greater trust and confidence in security tools
Mattson and his team gained an almost immediate return on investment (ROI) now that they can trust and have confidence in their security tools. With the new solution, they can access information on incidents, such as people transferring data over set limits, or any other suspicious activity. Unit 42 MDR uses Cortex XDR to analyze data ingested from all the logs to detect and respond to cyberthreats, further assuring Ivanhoe Grammar School they have best-in-class security tools in place.
By leveraging Unit 42 MDR, Ivanhoe Grammar School has 24/7 coverage of their environment, providing the team with peace of mind and reducing their security risks.
Peace of mind against cyberattacks
The fact that the Unit 42 team immediately detected threats during the pentest and alerted the School demonstrated how Unit 42 MDR detects and responds to threats in real time. Now, Mattson has peace of mind knowing that any real cyberattacks will be flagged and brought to his attention.
Find out how Palo Alto Networks best-in-class solutions can improve networking and security for your organization. Find out about Next-Generation Firewalls, Cortex XDR and Unit 42.
“Since the Palo Alto Networks solution was introduced, the biggest impact on security operations has been efficiency and the reassurance that we are ahead of the game with a reliable, robust cybersecurity platform.”
- Winston Mattson
Director of Systems and Infrastructure,
Ivanhoe Grammar School
share this story
