Locking down sensitive data in an ever-shifting security landscape.
- Legacy firewall and antivirus solutions couldn't provide the needed visibility. protection, or application inspection.
- Strict regulations in financial services like the Gramm-Leach-Bliley Act (GLBA) drove a need for visibility and rapid reporting that prompted Glacier Bancorp to enhance its capabilities.
- Without a dedicated 24/7 incident response team, the company was at risk of delayed breach response, potentially impacting reputation, stock price, and customer loyalty.
- A lack of automation led to slow response times and a high level of rote labor, as the team had to manually search logs and alerts for threats.
Path to platformization
Network security
Next-Generation Firewalls
- Hardware Firewalls
- Software Firewalls
- Panorama
Endpoint security
Cortex XDR
Proactive and incident response services
Unit 42 Retainer
Unit 42 Incident Response
Unit 42 Proactive Services
- SOC Assessment
- vCISO Engagement
- Ransomware Readiness Assessment
A long-standing partnership that began with firewalls.
Fifteen years ago, cybersecurity at Glacier Bancorp was ready for an upgrade. Its firewalls were lagging behind emerging solutions, providing limited visibility into traffic (including SSL decryption and inspection) and lacking application inspection. The company adopted Palo Alto Networks Next-Generation Firewalls (NGFWs), immediately resolving both issues.
In the cloud, Glacier Bancorp also uses NGFWs, with VM-Series software firewalls in Azure. "We wanted the same level of security and benefits in the cloud as we had on-prem," explains Sam Mauch, CISO. Adopting software firewalls also allowed Mauch's team—already trained on Palo Alto Networks firewalls—to use their existing tool set, saving time and money. They save labor and achieve consistency, too, with a single console for managing both the on-prem and virtual firewalls by way of Panorama.
"Palo Alto Networks is on the ball monitoring zero-day attacks. Very often by the time I wake up, the company has already identified the zero day, updated our firewall, and is blocking the traffic. We're protected before we even know about it, and we're not scrambling to get it fixed."
Sam Mauch
CISO, Glacier Bancorp
-
Endpoint protection that cuts MTTR by 80%
![]()
Glacier Bancorp replaced its legacy antivirus solution with Cortex XDR, transforming visibility and protection and decreasing MTTR by 80%. The Al in XDR slashed false positives by 50% and clearly explains what threats are being detected. Visibility was complete out of the box, including deep forensic information. And protection was so comprehensive that penetration tests conducted by an external vendor failed. Initially, "Cortex XDR stomped on everything." Mauch says, blocking attacks and quarantining devices. Then, within a matter of minutes, Cortex updated the NGFWs so when testers attempted a second attack, it was stopped before it could reach their endpoints. Ultimately, additional third-party testing was canceled altogether—saving 20% of the testing budget for that year—and Unit 42 was brought in to validate Glacier Bancorp's security controls. -
Responsive capability becomes proactive insight
Because hiring an in-house IR team is cost prohibitive, it’s critical for Glacier Bancorp to have experts on call by way of a Unit 42 Retainer. "If it comes to a full-blown incident," Mauch says, "we need somebody who responds to hundreds of these a year to help us through it." Unit 42 is expert in Cortex XDR, which sets the stage for a rapid handoff. With Cortex XDR on every machine in the company's environment, it'll be a flip of a switch, saving hours at a crucial moment.
Glacier Bancorp replaced its legacy antivirus solution with Cortex XDR, transforming visibility and protection and decreasing MTTR by 80%. The Al in XDR slashed false positives by 50% and clearly explains what threats are being detected. Visibility was complete out of the box, including deep forensic information. And protection was so comprehensive that penetration tests conducted by an external vendor failed. Initially, "Cortex XDR stomped on everything." Mauch says, blocking attacks and quarantining devices. Then, within a matter of minutes, Cortex updated the NGFWs so when testers attempted a second attack, it was stopped before it could reach their endpoints. Ultimately, additional third-party testing was canceled altogether—saving 20% of the testing budget for that year—and Unit 42 was brought in to validate Glacier Bancorp's security controls. "If you're a Palo Alto Networks customer, you should be using Unit 42, especially if you already have Cortex. It's a no-brainer."
Sam Mauch
CISO, Glacier Bancorp
Thankfully, Glacier Bancorp hasn't needed to engage Unit 42 for incident response. Instead, for several years now, the company has been able to apply its retainer credits to proactive services that help mitigate cyber risk. These include:
-
SOC Assessment
Glacier Bancorp's security strategy includes regular proactive risk assessments. "Unit 42 finds the gaps we need to work on, and they give us excellent roadmaps to get to the next level," Mauch says. Having not performed a SOC Assessment in several years, he wanted a fresh look at the company's technology and processes to uplevel the SOC with a focus on AI and automation.
-
vCISO Engagement
This engagement helped Glacier Bancorp explore staffing and performance management, providing a clear picture of the ideal structure for the security function. The engagement also heightened the need to prioritize automation and Al within security, resulting in a new interview template that asks job candidates about their skills in those areas.
-
Ransomware Readiness Assessment
In this assessment, Glacier Bancorp was able to evaluate how its incident response capabilities performed when triaging ransomware breach scenarios from real cases. Mauch finds value in the fact that Unit 42 integrates threat intelligence gained through thousands of client engagements: "Looking at things through the eyes of incident responders helped us uncover gaps."
Having Unit 42 on retainer has made projects easier and less costly for Glacier Bancorp. In the banking industry, onboarding new vendors and shepherding projects through budget approval are both major lifts, and thanks to the retainer, Mauch has to do neither with Unit 42. He estimates 20–30% cost savings in total consulting services as a result.
"If I had to rank all of the vendors I work with and the value, Palo Alto Networks wins. Unit 42 is the best money I spend, period."
Sam Mauch
CISO, Glacier Bancorp
-
One partner-and platform-in unity
Platformization is an intentional strategy at Glacier Bancorp—with multiple benefits. First, the coordination among Palo Alto Networks solutions is useful not only for streamlining management but also because the platform automates actions from its own intelligence, as when Cortex XDR updated the NGFWs with intel from the endpoint. Second, thanks to platformization, annual costs have decreased every year for the past several years. Vendor management is simplified—the due diligence has already been done—and Glacier Bancorp enjoys both better pricing and service. Finally, the combination of a unified security platform, a team well trained on it, and a services provider intimate with it creates an exceptionally resilient organization.
Confidence in Al—and against it.
As it prepares for the future, Glacier Bancorp is actively seeking Al integration in all its tools, cybersecurity included. "We're looking at GenAl for ways to make our jobs more efficient, analyze data, make hiring easier, and strengthen security." Mauch says. At the same time, his executive suite is concerned about the dark side of Al, and the significant investment from Palo Alto Networks in research and development—$1.7B a year—is a selling point. Mauch explains: "I tell them, "We're selecting products that keep up with the bad guys, using Al to strengthen our defenses against them. That puts them at ease."
Share this story
