North Dakota IT safeguards citizens with integrated, AI-driven security operations

By moving to the Palo Alto Networks platform, from the SOC down to the level of each state entity, NDIT was able to standardize everything from dashboards to policies and drive new automations. This made it possible to implement a statewide strategy for threat prevention and detection and response. The shift has not only streamlined the state’s approach to its security operations, it’s also yielded significant cost savings. NDIT CISO Michael Gregg notes, “While we’re about the size of a Fortune 30 company, we operate at half the cost.”

The Cortex platform helps NDIT comfortably manage security for over 250,000 endpoints while poised to scale to support the needs of the state’s future growth. With the reduced volume of alerts for analysts, NDIT teams can focus on highest-priority incidents in a timely manner, making a bigger impact on safeguarding the state’s digital resources. The streamlined workflow for SOC staff has allowed NDIT to achieve operational efficiencies equivalent to 8-10 SOC analysts.

Using AI and machine learning to automate many tasks that were previously manual has reduced analyst burnout, with NDIT staff experiencing improved job satisfaction. The state is seeing that translate to longer tenures: The average tenure for NDIT security operations staff has grown to three years, double the industry average of 18 months.

Cortex Xpanse provides NDIT’s red team greater visibility into North Dakota’s attack surface. Those insights allow the team to better map where to test for vulnerabilities across the state. Through Unit 42 Managed Threat Hunting (MTH) services, NDIT has a team dedicated to monitoring threats around the clock and pulling in information from other attacks so the state is better positioned to respond to similar activities. Before Unit 42 MTH, the NDIT team could spend months working through many false positives before they would find a true positive, whereas now they’re notified of incidents instantly. In addition, a Unit 42 Retainer gives NDIT peace of mind with incident response experts on call any hour of the day should an incident occur.

Modernizing security operations has allowed North Dakota to share threat intelligence more effectively with other U.S. states. After working with North Dakota’s elected officials to adapt state law allowing interstate IT communications, the CISO pitched leaders in other states on the vision of a joint-state SOC. Cortex XSOAR has made it possible to quickly integrate data from multiple states into a shared environment so participating states can compare threats and see how others are responding to them. Now, nearly 20% of states in the U.S. participate in the Joint-Cybersecurity Operations Command Center (J-CSOC) and achieve greater visibility and faster response to evolving threats.

Going forward, NDIT plans to continue building on its security transformation as AI and other technologies bring new challenges and threats. It recently adopted Cortex XSIAM as part of a strategy to fight threats with AI detection and response, which will enable greater levels of automation across its security operations.