Safeguarding tradition in the digital age: Oneida Nation's security transformation

Watch the videos

SUMMARY

The Oneida Nation is a sovereign tribal government in Wisconsin serving 17,000 members through services that span healthcare, K-12 education, public safety, hospitality, and gaming. With diverse operations and high-value data assets, the Nation’s security team seeks to defend its community and digital infrastructure.

As owners of a premier hotel for visitors to the national football draft—an event expected to draw over half a million visitors to Green Bay—Oneida looked to ensure the digital safety of all its guests. Partnering with Palo Alto Networks, the team modernized its security operations with 24/7 vigilance, automation, and support from experts.

RESULTS

>20%

lower costs while ingesting over 3X more data sources

43

second median time to resolution with Cortex XSIAM

200+

compromised credentials found on the dark web

143

Incidents per day fully resolved by automation

CHALLENGES

Small team. Complex environment. Rising threats.

With operations that span government, casino gaming, healthcare, education, and law enforcement, Oneida Nation is a high-value target.

The lean security staff lacked the resources to provide 24/7 monitoring and respond quickly to threats—especially in the event of a major breach.
Multiple siloed tools obscured visibility into the environment, limited the ability to gather crucial metrics, and made security operations fragmented and hard to manage.
A lack of automation meant the team had to handle every alert manually, slowing response times and compromising security.
Existing security controls were inadequate for handling the large influx of people to the casino and hotel during the football draft, and there was a tight timeline of six months to prepare.

Path to platformization

Network security

Hardware Firewalls

Learn more

Proactive and incident response services

Unit 42 Retainer
Unit 42 Incident Response
Unit 42 MDR
Unit 42 Proactive Services

Cyber Vigilance Program

Learn more

AI-powered SOC platform

Cortex XSIAM

Learn more

Unit 42

Cyber vigilance and 24/7 monitoring to protect high-stakes operations

Cortex XSIAM

Transforming security operations with AI-powered defense

01 / 02

SOLUTIONS

Simplified tools. Smarter protection.

Over 15 years ago, Oneida Nation was one of the first adopters of Palo Alto Networks Next-Generation Firewalls in the state of Wisconsin. But over time, independent of those firewalls, its security environment evolved into a patchwork of disparate tools, each with its own consoles, limitations, and overhead. Visibility was fragmented, incident response was largely manual, and the team lacked a clear picture of what was happening across its network. Adopting Cortex XSIAM changed all of that. Oneida dramatically enhanced its ability to detect and respond to threats by transitioning from a limited anti-virus tool to an all-in-one solution that provides robust SIEM, EDR, SOAR, ASM, and expanded security features.

The shift to XSIAM has delivered measurable gains. Raw data is now automatically stitched into alerts, and alerts are grouped into incidents, simplifying investigations and expediting resolutions. AI and automation have enabled and simplified mass response actions like isolating endpoints and resetting passwords—efforts that once required hands-on intervention. With seven times the data now being ingested at a 20% cost savings, the team has also seen operational efficiency soar. Most critically, incident resolution times have dropped—with a median of just 43 seconds—freeing the team to focus on strategic initiatives that protect the Nation’s people, systems, and culture. The visibility into these metrics and more have allowed Oneida to track continuous improvement.

"Having everything in one place with Cortex XSIAM gives us a single source of truth. We can see from the smallest asset all the way to the cloud and back."

Jason Doxtator

CIO, Oneida Nation

A trusted extension of the team

Staffing a 24/7 SOC wasn’t realistic for Oneida Nation’s lean internal operation. Instead, it turned to Unit 42 MDR for always-on monitoring, proactive threat hunting, expert threat detection, and immediate response. “It’s a lot like having another member of our team,” says Hill. “They manage our alerts and escalate the ones that matter.” Oneida Nation also receives weekly summary reports of threat activity and investigation status, along with non-technical reports to keep leadership informed of key risks and response actions. Because Unit 42 already had deep familiarity with Oneida’s tools and Cortex XSIAM, the onboarding was seamless. “They were good to go from day one,” says Doxtator, “and as we move further into automation, I expect the relationship to keep growing.”
Secured for the spotlight

As a sponsor of the 2025 football draft—an event that would draw more than 600,000 visitors to Green Bay, Wisconsin—Oneida Nation had only six months to ensure that its systems could withstand both the traffic and the exposure. With 24/7 operations across the community, any disruption could have wide-reaching consequences. To guide preparation and fortify defenses ahead of the event, the Nation opted for the Unit 42 Cyber Vigilance Program.

The Cyber Vigilance Program provided a one-stop shop for readiness: tabletop exercises, vulnerability scans, attack surface assessments, deep and dark web monitoring, and crisis training—along with an actionable roadmap for closing security gaps. “They helped us understand where we were falling short—technologically and procedurally,” says Doxtator. The result was not only confidence but measurable gains. Oneida identified and remediated over 200 compromised credentials found on the dark web, avoiding up to $32,000 in potential losses. The program also drove lasting change, including the formation of an information security steering committee and stronger top-down alignment on cyber priorities.